General Privacy Notice

We are Sideburn Panda Limited. We’re a company registered in England and Wales with company number 1179593, whose registered address is at 10 Bartletts Road, Bristol BS3 3PL. In this privacy notice, we will refer to ourselves as ‘we’, ‘us’ or ‘our’. We are the Data Controller of the personal information we collect, hold and use about you, as explained in this notice.

You can get hold of us in any of the following ways:

We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.

We may update this privacy notice from time to time. This version was last updated on March 12, 2019.

1. Key definitions

1.1. The key terms that we use throughout this privacy notice are defined below, for ease:

1.2. Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.

1.3. Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email marketing service that facilitates mass distribution of marketing material to a Data Controller’s customer base.)

1.4. Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information that has been anonymised.

1.5. Special Information – certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.

2. Details of personal information that we collect and hold about you

2.1. Set out below are the general categories and details of retention periods in relation to those categories (see section 8 below for more details about retention) and in each case the types of personal information that we collect, use and hold about you:

General Category Types of Personal Data in that category Retention Periods
Identity information This is information relating to your identity such as your name (including any previous names and any titles that you use), gender, marital status and date of birth Six years unless we have no ongoing legitimate business need to hold your information.
Contact information This is information relating to your contact details such as email address, addresses, telephone numbers Six years unless we have no ongoing legitimate business need to hold your information.  
Payment information This is information relating to the methods by which you provide payment to us such as bank account details, credit or debit card details and details of any payments (including amounts and dates) that are made between us. Six years unless we have no ongoing legitimate business need to hold your information.
Transaction information This is information relating to transactions between us such as details of the goods, services and/or digital content provided to you and any returns details Six years unless we have no ongoing legitimate business need to hold your information.

2.2. The types of personal data we collect about you may differ from person to person, depending on who you are and the relationship between us.

3. Details of special information that we collect and hold about you

3.1. Special information is explained in section 1 above.

We do not collect or hold any special information about you.

3.2. We do not collect information from you relating to criminal convictions or offences.

4. Details of how and why we use personal information

4.1. We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below; but, in most cases, we will use your personal information for the following legal reasons:

4.2. So that we are able to provide you with service, we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the services to you.

4.3. It is important that you keep your personal information up to date. If any of your personal information changes, please contact us as soon as possible to let us know. If you do not do this, then we may be prevented from supplying the services to you.

4.4. Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information – in which case, we will confirm that reason to you.

4.5. We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s) allowing us to use your personal information. Please also note the following:

To manage general communication with you Legitimate Interests Reason – In order to offer you services and/or digital content opportunities where relevant.

Legal Obligation Reason – The Limitation Act 1980 (Section 5) states that all business contracts, agreements and other arrangements need to be safely stored for the length of the contract and for six years afterwards.
To manage our contract with you and to notify you of any changes Contract Reason – To undertake necessary correspondence and action as a result of a contractual agreement.

Legal Obligation Reason – The Limitation Act 1980 (Section 5) states that all business contracts, agreements and other arrangements need to be safely stored for the length of the contract and for six years afterwards.
To fulfil and comply with audit and accounting matters Legal Obligation Reason – The Limitation Act 1980 (Section 5) states that all business contracts, agreements and other arrangements need to be safely stored for the length of the contract and for six years afterwards.

Legal Obligation Reason – To fulfil requirements of keeping company records including financial and accounting records for at least six years from the end of a tax tear

4.6. Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes. In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this.

4.7. Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.

5. Details of how we collect personal information and special information

5.1. We usually collect Identity Information, Contact Information, Payment Information and Transaction Information directly from you when you contact us by email, telephone, in writing or otherwise.

5.2. We may receive some of your personal information from third parties or publicly available sources. This includes:

6. Details about who personal Information may be shared with

6.1. We may need to share your personal information with other organisations or people. These organisations include:

6.2. Depending on the circumstances, the organisations or people who we share your personal information with will be acting as either Data Processors or Data Controllers. Where we share your personal information with a Data Processor, we will ensure that we have in place contracts that set out the responsibilities and obligations of us and them, including in respect of security of personal information.

6.3. We do not sell or trade any of the personal information that you have provided to us.

7. Details about transfers to countries outside of the EEA

7.1. We do not transfer your personal information outside of the EEA.

8. Details about how long we will hold your personal information

8.1. We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 4 above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons). We may also need to keep personal information in case of any legal claims, including in relation to any guarantees or warranties that we have provided with the services we provide.

8.2. We have set out above the details of our retention periods for different types of data. You can find them in section 2.

9. Your rights under data protection law

9.1. Under data protection laws, you have certain rights in relation to your personal information, as follows:

9.2. In addition to the rights set out in section 10.1, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in section 4.5.

9.3. If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request, then please note:

10. Complaints

10.1. If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.