- when you interact with www.serpentcards.co.uk (the “Site”) operated by SerpentCards of Dumers Lane, Manchester, M26 2GF;
- when we communicate with you as part of our activities.
We collect and process your personal data in accordance with all applicable data protection laws and regulations, including, without limitation, the General Data Protection Regulation (EU) 2016/679 of 27 April 2016 (“GDPR”) and supplementing national provisions applicable as of 25 May 2018 (the “Data Protection Laws”).
Who controls the processing of my personal data? Who is accountable for it?
The controller of the personal data (i) that are collected when you use this Site, is SerpentCards of Dumers Lane, Manchester, M26 2GF.
What personal data are processed?
Automatic Information Collection on this Site
The processing of your personal data when you merely visit and consult the Site is limited to the so-named surfing data, namely the data whose transmission to the Site is implicit in the functioning of the systems in charge of the managing of the Site and in the communications protocols peculiar to the Internet. Surfing data are, for example, the IP addresses of the devices you use to connect to the Site and other parameters relating to your device and operating system.
In principle, surfing data, such as these above specified, and for example the number of visits and the time spent on the Site, are collected and processed by us exclusively for statistical purposes and in aggregated form for purposes of measuring and enhancing the functioning of the Site. Due to the nature itself of surfing data, these data may lead to identification of users if they are associated with data held by third parties; however, we do not collect surfing data in order to associate them with identified users, except where said data may be used for purposes of assessing possible responsibilities in case of information crimes realized against the Site or through the Site to the extent permitted by law.
Information you provide voluntarily to us:
We collect and process:
personal data that you provide when you interact with the Site functionalities, for example, when you comment on a blog post or upload user-generated content on the Site. This personal data may include:
your name, e-mail address, telephone number
For what purposes are my personal data processed?
We collect and process your Personal Data for the following purposes:
a) to operate and manage the Site, including:
to provide you with the services or functionalities that you request on the Site;
to create your account and manage your subscription on the Site;
to improve your browsing experience and ameliorate the Site;
b) for other purposes:
for fraud prevention purposes ; and
to comply with our obligations under applicable laws, regulations and Community legislation, and to assess and defend a legal right.
What are the legal bases for the processing of my personal data as described herein?
The processing of your personal data is necessary for performance of a contract with you or in order to take steps prior to entering into a contract with you at your request (Article 6, 1., (b) of the GDPR, as of 25 May 2018);
The processing is necessary for the purposes of our legitimate interests or our affiliates’ or other third parties’ legitimate interests, and such interests are not overridden by your interests or fundamental rights and freedoms (Article 6, 1., (f) of the GDPR, as of 25 May 2018);
The legitimate interests that we pursue notably include our interest to manage and maintain the contractual relationship with you, to answer to your specific requests, to ask your feedback in order to improve our Site or to pursue other general marketing activities.
Where your specific consent is required to the processing of your personal data as described herein, your personal data will be processed based on such consent (Article 6, 1., (a) of the GDPR, as of 25 May 2018);
How long will my personal data be processed?
Personal data are not kept for longer than the time necessary to achieve the specific data processing purposes described herein, unless shorter or longer retention periods apply under applicable Laws.
Are my personal data safe?
We are committed to protect the security and confidentiality of your personal data. We take – and require that any service provider and/or third party processor processing personal data on our behalf and on our instructions takes – appropriate technical and organizational measures to prevent loss and destruction, even accidental, of data, unauthorized access to data, unlawful or unfair use of data. Moreover, information systems and software programs are configured so that personal and identification data are used only when necessary to achieve the specific processing purpose from time to time sought.
Moreover, for the transmission of some data through the Internet are deployed encryption techniques such as the Secure Socket Layer (SSL) protocol.
However, please note that no electronic transmission or storage of information is 100% secure. Therefore, despite the security measures that we have put in place to protect your personal data, we cannot guarantee that loss, misuse, or alteration of data will never occur.
Where do my personal data go? Who are the recipients, where is it transferred and for what purposes?
Your personal data will be accessible within our organization by the internal and external personnel that need to access it because of their duties in relation to the processing purposes herein specified. We ensure that these persons are held by appropriate security and confidentiality duties.
Your personal data may also be shared with institutions, authorities, public entities, banks and financial institutions, professionals, independent consultants, also in associate form, business partners or other legitimate recipients as permitted by applicable laws and regulations, for example in case of judicial processes, request by competent courts and authorities or other legal obligation, to protect and defend our rights and property and the Site.
Lastly, we may also communicate your personal data to third parties in case of mergers, acquisitions, transfers of any of our assets, products, websites or operations.
Except for the foregoing, personal data will not be shared with third parties, natural persons or legal entities, that are unrelated to, or that do not perform a business, professional or technical function for us.
Personal data will not be communicated to third parties for their own marketing purposes.
In case any of the above recipient is established in a country outside the EEA that is not covered by an adequacy decision of the European Commission and therefore does not provide the same level of protection for your personal as in the EEA, we shall implement appropriate safeguards, including, but not limited to relevant data transfer agreements based on the EU Commission Standard Contractual Clauses for the transfer of data to third countries (Article 46, 2., (c) of the GDPR, as of 25 May 2018) or binding corporate rules (Article 47 of the GDPR as of 25 May 2018.
Am I obliged to provide my personal data? What are the consequences if I refuse to provide them?
Except in relation to the surfing data, providing your personal data may be a requirement necessary to enter into or to perform a contract, including for the performance of certain services and functionalities offered by the Site, such as replying to and managing of request of information, questions, communication or feedback. In the above referenced circumstances, refusal to provide your personal data would make it impossible for us to perform the requested services or information as above specified.
Does the site contain elements controlled by third parties? Who is responsible and liable for these elements?
The Site may contain links to other sites, as well as objects or elements controlled by third parties.
An example is plug-ins that may connect our Site to social networks like Facebook, Twitwer, Instagram, Pintrest, Youtube or Tumbler (“social plug-in”) and that are usually identified by the relevant social network’s logo. If you interact with a social plug-in on our Site, your browser may send such social network certain data relating to you, such as your user ID, information on the Site, date and time, and other browser-related information. Such information will be processed by the social networks, owned and operated by third parties, according to their privacy policies.
What are my rights in relation to the processing of my personal data and how can I exercise them?
You are entitled at any moment to enforce the rights available to you under applicable Data Protection Laws, including but not limited to the right of access, rectification, restriction, erasure, opposition (including objecting, at any time and for free, to the processing of your personal data for direct marketing purposes), right to portability as well as the right to withdraw your consent. You also have the right to lodge a complaint with the competent supervisory authority.
In more details the following briefly summarizes your rights.
Data Subject’s Rights
Right of access
Subject to applicable law, you have the right to obtain confirmation from us as to whether or not personal data that concerns you is processed, and, if so, to request access to such personal data including, without limitation, the categories of personal data concerned, the purposes of the processing and the recipients or categories of recipients. However, we do have to take into account the rights and freedoms of others, so this is not an absolute right. If you request more than one copy of the personal data undergoing processing, we may charge a reasonable fee based on administrative costs.
Right to rectification
You have the right to request from us the rectification of inaccurate personal data concerning you. Depending on the purposes of the processing, you also have the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.
Right to erasure (‘right to be forgotten’)
You have the right to request from us the erasure of personal data concerning you in certain circumstances as defined under applicable law. When your request falls within one of those circumstances, we will erase your personal data without undue delay. If, for technical and organisational reasons, we were not able to erase your personal data, we will ensure that it is fully and irreversibly anonymized so that we will not longer be holding such personal data about you.
Right to restriction of processing
In certain circumstances as defined under applicable law, you have the right to request the restriction of processing of your personal data. In such case, your personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to data portability
In certain circumstances as defined under applicable law, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another controller or to have such personal data transmitted directly from us to another controller, where technically feasible.
Right to object
In certain circumstances as defined under applicable law, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data by us and we can be required to no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. This notably applies in case of processing of your personal data based on our legitimate interests or for statistical purposes.
Right to object to direct marketing
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing for such direct marketing (including profiling related to such direct marketing).
Right not to be subject to a decision based solely on automated processing,
Subject to certain restrictions, you have the right not to be subject to a decision based solely on automated processed, including profiling, which produces legal effects on you similarly significantly affects you.
Right to withdraw consent
If you wish to access such personal data or exercise any of the rights listed above, you should apply in writing, providing evidence of your identity to us.
Any communication from us in relation to your rights as detailed above will be provided free of charge. However, in case of requests that are manifestly unfounded or excessive, in particular because of their repetitive character, we may charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or refuse to act on the request.
In case you have a complaint about the processing of your personal data, you have the right to lodge a complaint with a competent supervisory authority.
The Supervisory Authority
The Information Commissioner’s Office (ICO) in the UK is the for us relevant authority in matters of data protection. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Queries and Complaints
Any comments or queries on this policy should be directed to us using the following contact details.
Dumers Lane, Manchester, M26 2GF
07446 978 328
If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us. You can also make a referral to, or lodge a complaint with, the ICO.