GET BIRDING LTD PRIVACY POLICY

Employees, workers, contractors, contributors

What is the purpose of this privacy notice and to whom does it apply?
GB (Get Birding Ltd) Limited (“GB, “we” or “us”) is committed to protecting the privacy and
security of your personal data. References to your “personal data” include any or all of
your personal data, as the context requires, including “special categories of personal
data”, which involves more sensitive information about you. This is most likely to include
information about your racial or ethnic origin or health data. There are other categories of
“special categories of personal data” which are less likely to be processed, but for a full
definition, see Article 9 of the General Data Protection Regulation (“GDPR”).

This privacy notice describes how we are or will be processing personal data about you
during and after your working relationship with us. By “processing”, we mean such actions
as collecting, using, storing, disclosing, erasing or destroying your personal data.

This notice applies to all employees, workers, contractors and contributors. It does not
form part of any contract of employment or other contract to provide services. We may
update this notice at any time and without notifying you before we do so.

Identity and contact details of the data controller and the data protection manager GB is
a “data controller”. This means that we are responsible for deciding how we hold and use
personal data about you.

GB is not obliged to appoint a statutory data protection officer, but your point of contact
about any data protection issues is Viki Carter who has a new additional responsibility as
our Data Protection Officer (“DPO”).

Viki Carter, Head of Production / Data Protection Officer
Email: viki@peanutandcrumb.com

The DPO is responsible for overseeing compliance with this privacy notice and for handling
any data protection queries or issues involving GB. You should contact the DPO in the first
instance about any issue involving data protection, whether it involves your data or
anyone else’s.

What type of personal data do we process about you?
We may process the following categories of personal data about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and
    personal email addresses and skype address.
  • Your date of birth, gender, marital status, nationality and details of dependants.
    Next of kin and emergency contact information.
  • Photographs and video footage.
  • Your national Insurance number.
  • Your bank account details, payroll records and tax status information.
  • Salary, annual leave, pension and benefits information (which may include
    information about family life and dependants).
  • Copy of driving licence (if applicable).
  • Recruitment information (including copies of right to work documentation,
    references and other information included in a CV or cover letter or as part of the
    application process).
  • Employment records (including job titles, work history, working hours, place of work,
    start date, training records, qualifications and professional memberships).
  • History of pay, bonus, other benefits, including any payments made on termination.
  • Details of work travel and expenses.
  • Details of performance and appraisals, including all notes of performance-related
    meetings and associated correspondence and reports.
  • Where applicable, disciplinary and grievance information, including interview notes
    or recordings and correspondence.
  • Work attendance/absence details (including leave records).
  • CCTV footage and other information obtained through electronic means such as
    swipe card records. • Information about your use of our information and
    communications systems, including personal as well as business use.
  • Reason for leaving and confidential references provided by us, alongside
    information required in order for us to provide reference information.
    We may also process the following “special categories” of more sensitive personal data:
  • Information about your gender, race or ethnicity, religious beliefs and sexual
    orientation. • Information about your health or disabilities, including any medical
    condition, health and sickness absence records.
  • Information about criminal convictions and offences.
  • Information about political party membership or political affiliations.

How do we collect your personal data?
We typically collect personal data about employees, workers, contractors and
contributors through the application and recruitment process, either directly from
candidates or sometimes from an employment agency. We may sometimes collect
additional information from third parties including former employers (in the form of
references). For those contributors who we are filming with, the personal data that we
collect will be less focused on employment status and history and may not include
financial data unless there is a payment involved for the on camera contribution.

We will collect additional personal data in the course of job or contract-related activities
throughout the period you work for us.

What are the legal bases and the purposes for which we process your personal data?
We will only use your personal data as permitted by law. We may use your personal data
in any of the following circumstances (see section below for details of the situations in
which we may process your data):

  1. Where we have your consent to do so.
  2. Where we need to perform the contract we have entered into with you.
  3. Where we need to comply with a legal obligation.
  4. Where the processing is necessary to protect anybody’s vital interests (used
    rarely).
  5. Where the processing is necessary to perform a task in the public interest
  6. Where it is necessary for our legitimate interests (or those of a third party) and
    your interests and fundamental rights do not override those interests. We are
    required to specify what the legitimate interests are (see below for further details).

Please note that there is a separate section below that covers additional legal bases for
processing more sensitive information about you

Consent
You are asked to consent to the use of your photograph or where your image appears in
any video content, if provided, for internal records (eg the intranet) and, external of our
work (eg for use on the GB website or for GB publication through digital, print and social
media channels and/or for a third-party client who has commissioned video work from
us). You may withdraw your consent for the use of your photograph/images for these
purposes at any time, in which case all reasonable efforts to erase from our systems any
photographs of you or pixelate your image from videos of you will be made.

Necessary for the performance of a contract with you
The following purposes come under this category:

  • Ensuring you are paid and that you have the correct tax and NICs and any other
    appropriate deductions (childcare vouchers, pension payment etc.) deducted
    from any payments. • Management and planning, including accounting and
    auditing.
  • Administering your contract
  • Making decisions about salary and other payment reviews.
  • Assessing your suitability for the role, including decisions about promotions or
    other role changes. • Where applicable, providing you with benefits including
    holiday, pension (including liaising with and providing information to your pension
    provider/administrator), and other benefits which we may offer currently or in the
    future.
  • Ensuring your wellbeing at work, including monitoring absences/reasons for
    absence. • Managing your performance at work including learning and
    development.

Necessary to comply with a legal obligation
The following purposes come under this category:

  • Checking that you are legally entitled to work in the UK. – your nationality and
    immigration status and information from related documents, such as your
    passport and other identification and immigration documentation.
  • Compliance with the Equality Act 2010.
  • Handling any legal disputes involving you or third parties, including accidents at
    work. • To prevent fraud.
  • To comply with HMRC requirements regarding retention of documents.
  • To ensure the health and safety of our employees, workers, contractors and
    contributors.
    Necessary to perform public interest task
  • The completion of equality and diversity monitoring forms in order to redress
    diversity imbalance in the workplace. Equality and diversity information helps us
    consider strategies to manage, recruit and retain the best possible talent required
    and be an inclusive employer.
    Necessary for our legitimate interests or those of a third party
  • Personal data provided by you as part of your application form or CV, including
    your name, title, addresses, telephone numbers and personal email addresses
    and skype addresses – the legitimate interest is to make and maintain contact
    with you throughout the recruitment process and through employment.
  • Personal data provided by you on your CV and application form and obtained
    during interviews and/or selection testing – the legitimate interests are: to
    ascertain your suitability for employment/engagement.
  • Personal data provided by you for any applications for training – the legitimate
    interest is to ensure your continuing learning and development needs are
    addressed and documented.
  • Personal data obtained through external referees or background screening
    providers (which may include address history, employment history, education
    background, criminal records information (see below for more details), credit
    history and employment history – the legitimate interests are: for verifying the
    information provided by you on your CV, to verify the relevant
    ○ qualifications/requirements for the role and to ensure that there are no
    issues that could place unnecessary risks on us or third parties.
  • Personal data obtained in relation to grievance and disciplinary issues – the
    legitimate interest is to address issues and concerns from either side in the
    employment relationship.
  • Personal data obtained in relation to performance and appraisal processes – the
    legitimate interest is to ensure your performance is assessed so that if there are
    improvements required they can be addressed and high performance can be
    identified and rewarded.
  • Personal data obtained in relation to the monitoring of our IT systems – the
    legitimate interest is to ensure the integrity of our IT systems, to ensure network
    and information security, including preventing unauthorised access to our
    computer and electronic communications systems and preventing malicious
    software distribution.
  • Personal data obtained through CCTV – the legitimate interest is the protection of
    health and safety (including the identification of individuals on premises in the
    event of a fire or other serious incident) and the prevention and detection of
    criminal acts.
  • Personal data obtained through swipe card technology – the legitimate interest is
    to ensure only authorised members of staff or authorised visitors are on site,
    thereby safeguarding systems and property from unauthorised access,
    destruction or theft. This information may also be used to provide evidence in
    relation to any issues regarding timekeeping and attendance.
  • Reference information – it is our normal policy to provide only basic factual
    information about ex employees (or departing employees) to prospective new
    employers. However, where we have legitimate concerns which, if not disclosed to
    a prospective new employer, could place us in breach of our duty of care to that
    prospective new employer, such information as we reasonably consider necessary
    will be disclosed in order to satisfy that duty.
  • Such personal data may be necessary to defend against potential legal claims
    brought by you or on your behalf – our legitimate interest is to be able to defend
    such claims and otherwise exercise legal rights and obtain legal advice.

If you fail to provide personal data
If you fail to provide certain information when requested, and we are unable to obtain it
from a third party or publicly available source, we may not be able to perform the
contract we have entered into with you (such as paying you or providing a benefit), or we
may be prevented from complying with our legal obligations (such as to ensure the
health and safety of our workers). It may be possible to amend the contract as required in
order to accommodate your wishes with regard to the processing of your personal data.
However, depending on the nature and importance of the information requested, we may
either have to cease employing or engaging you or withdraw an offer of employment or
engagement.

Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we
reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If we need to use your personal data for an
unrelated purpose, we will notify you and we will explain the legal basis which allows us to
do so, before we start using it for that unrelated purpose. For instance, it is not our
intention to share your personal data with any third parties for marketing purposes, but if
we were planning on doing so, we would first seek your consent and only share your
personal data for marketing purposes where your clear and unambiguous consent could
be evidenced in writing. Other new processing activities may not require consent, if we
can show a different lawful basis applies.

Please note that we may process your personal data without your knowledge or consent,
in compliance with the above rules, where this is permitted by law.

How we use special categories of personal data
”Special categories” of personal data require higher levels of protection. We need to have
further justification for collecting, storing and using this type of personal data. We may
process special categories of personal data in the following circumstances:

  1. In limited circumstances, with your explicit written consent.
  2. Where we need to carry out our legal obligations including obligations under
    employment and social security law and in line with our policies.
  3. Where it is needed to assess your working capacity on health grounds, subject to
    appropriate confidentiality safeguards.
  4. Sometimes we may process this type of information where it is needed to protect
    your interests (or someone else’s interests) and you are not capable of giving your
    consent, or where you have already made the information public.

Purposes for processing special categories of personal data
We will use your special categories of personal data in the following ways:

  1. We will use information relating to leaves of absence, which may include sickness
    absence or family related leaves, to comply with employment and other laws.
  2. We will use information about your physical or mental health, or disability status, to
    ensure your health and safety in the workplace and to assess your fitness to work,
    to provide appropriate workplace adjustments, to monitor and manage sickness
    and other absence and to administer benefits.
  3. We may use this information where it is needed in relation to legal claims.

Do we need your consent?
We do not need your consent if we use special categories of your personal data to carry
out our legal obligations or exercise specific rights in the field of employment law. In
limited circumstances, we may approach you for your written consent to allow us to
process certain particularly sensitive data or to use data for purposes not related to those
for which we have collected it. If we do so, we will provide you with full details of the
information that we would like and the reason we need it, so that you can carefully
consider whether you wish to consent. You should be aware that it is not a condition of
your contract with us that you agree to any request for consent from us. We will at the
same time inform you of the consequences of not consenting and you are also reminded
of your right to withdraw your consent at any time, in any cases where your consent has
been sought.

Information about criminal convictions
We may only use information relating to criminal convictions where the law allows us to
do so. This will usually be where such processing is necessary to carry out our obligations
and provided we do so in line with our data protection policy and related policies.

Sometimes we may use information relating to criminal convictions where it is necessary
in relation to legal claims, where it is necessary to protect your interests (or someone
else’s interests) and you are not capable of giving your consent, or where you have
already made the information public.

We may also process such information about members or former members of staff in the
course of legitimate business activities with the appropriate safeguards.

We will only collect information about criminal convictions if it is appropriate given the
nature of the role and where we are legally able to do so.

With whom might we share your personal data?
We may have to share your data with third parties, including third-party service providers
and any subcontractors of those service providers. See below for further details.

We require third parties to respect the security of your data and to treat it in accordance
with the law.

We do not envisage having to transfer your personal data outside the EU but will let you
know if the position changes and will ensure that any such transfer will be made in
accordance with data protection legislation.

Why might we share your personal data with third parties?
We may share your personal data with third parties where required by law, where it is
necessary to administer the working relationship with you or where we have another
legitimate interest in doing so. For instance, if GB were to be acquired by another legal
entity, we would need to disclose certain employee information (subject to confidentiality
controls) to the potential new acquirer.

Which third party service providers process your personal data?
”Third parties” includes third party service providers (including contractors and
sub-contractors). The following activities are carried out by third party service providers:
payroll providers (currently Entertainment Payroll Services Ltd, who process salaries,
benefits and expenses), pension provision (currently administered by Now: Pensions).

How secure is your information with third party service providers?
All our third party service providers are required to take appropriate security measures to
protect your personal data in line with our policies. We do not allow our third party service
providers to use your personal data for their own purposes unless they are data
controllers in their own right in relation to your personal data. Where they operate as our
“data processors” (ie they process your personal data on our behalf and acting only on
our instructions), we only permit them to process your personal data for specified
purposes and in accordance with our instructions.

What about disclosure to other third parties?
We may share your personal data with other third parties, for example to external legal or
other professional advisers, or to otherwise comply with the law. We currently use Mint &
Co to provide external business affairs and legal services to GB.

What safeguards are in place in relation to the transfer of your personal data outside of
the EU?
Neither we nor our third party suppliers envisage transferring your personal data outside
the EU. If the position changes, we will let you know and also let you know of the
safeguards we will be putting in place to keep your personal data secure.

How long will we retain your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we
collected it for, including for the purposes of satisfying any legal, accounting, or reporting
requirements. Details of retention periods for different aspects of your personal data are
available from the DPO. To determine the appropriate retention period for personal data,
we consider the amount, nature, and sensitivity of the personal data, the potential risk of
harm from unauthorised use or disclosure of your personal data, the purposes for which
we process your personal data and whether we can achieve those purposes through
other means, and the applicable legal requirements.

Once you are no longer an employee, worker or contractor of GB we will retain and
securely destroy your personal data in accordance with our Records Management Policy.

What are your rights and obligations as a data subject?
Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please
keep us informed if your personal data changes during your working relationship with us
(such as a change in bank details, or if you move house). We will update your records
promptly upon being notified of such changes.

Your rights in connection with personal data
Under certain circumstances, by law you have the right to:

  • Request access to your personal data (commonly known as a “data subject
    access request”). This enables you to receive a copy of the personal data we hold
    about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you
    to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or
    remove personal data where there is no good reason for us continuing to process
    it. Please note that there will normally be an overriding legitimate reason for
    retaining employee/contractor data for a period of time, but we will consider each
    request. You also have the right to ask us to delete or remove your personal data
    where you have exercised your right to object to processing (see below).
  • Object to processing of your personal data where we are relying on a legitimate
    interest (or those of a third party) and there is something about your particular
    situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal data. This enables you to ask
    us to suspend the processing of personal data about you, for example if you want
    us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • If you want to review, verify, correct or request erasure of your personal data, object
    to the processing of your personal data, or request that we transfer a copy of your
    personal data to another party, please contact the DPO in writing.

No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request for access is clearly
unfounded or excessive. Alternatively, we may refuse to comply with the request in such
circumstances, as permitted by the GDPR.

What we may need from you
We may need to request specific information from you to help us confirm your identity
and ensure your right to access the information (or to exercise any of your other rights).
This is another appropriate security measure to ensure that personal data is not
disclosed to any person who has no right to receive it.

What are your rights to withdraw consent to processing?
You may withdraw your consent to allow us to continue processing your personal data,
but only where consent was sought as a lawful means of processing your personal data.

In the limited circumstances where you may have provided your consent to the
processing of your personal data for a specific purpose, you have the right to withdraw
your consent for that specific processing at any time. To withdraw your consent, please
contact the DPO. Once we have received notification that you have withdrawn your
consent, we will no longer process your information for the purpose or purposes you
originally agreed to, unless we have another legitimate basis for doing so in law.

What are your rights to lodge a complaint about the way in which your personal data are
being processed? Firstly we would urge you to contact the DPO in writing so that we can
try to resolve your complaint to your satisfaction. If you are not satisfied with the DPO’s
response, you may contact the Information Commissioner’s

Office (“ICO”) on 0303 123 1113. You are free to contact the ICO at any time. However, the
DPO may be able to answer your concerns or questions more quickly.

Personal data received from someone other than you
If we obtain personal data from someone other than you (such as a referee), we will
provide you with information as to the source of such personal data and, if applicable,
whether it came from publicly available sources.

What data security measures are in place to protect your personal data?
We have put in place measures to protect the security of your information. Details of these
measures are available upon request but in brief, GB uses secure encrypted systems. You
are required to help with this by ensuring that your personal data and that of your
colleagues and third parties are kept secure. You should not share your personal data, or
that of others, unless there is a genuine business reason for doing so. There are locked
cupboards with some paper files containing employee / contractor / candidate personal
data which is held securely within the premises. Electronic data of this nature is held
securely on our systems to which access is restricted to those with a legitimate need to
access that information.

We have put in place appropriate security measures to prevent your personal data from
being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In
addition, we limit access to your personal data to those employees, agents, contractors
and other third parties who have a business need to know. They will only process your
personal data on our instructions (or subject to their own data protection/confidentiality
obligations if they are acting as data controllers in their own right) and they are subject to
a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will
notify you and any applicable regulator of a suspected breach where we are legally
required to do so.

Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with
a new privacy notice when we make any substantial updates. We may also notify you in
other ways from time to time about the processing of your personal data.

If you have any questions about this privacy notice, please contact the DPO.

Directors: Katie Derham & Jane Gerber
18 Bond Street, Brighton BN1 1RD
Company Number: 09381802
VAT Registration Number: 205 2535 44

GET BIRDING Website Privacy Notice

Introduction

Get Birding Limited (Get Birding) respects your privacy and is committed to protecting your personal data. This privacy notice informs you as to how we look after your personal data and tells you about your privacy rights and how the law protects you.

• Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how we collect and process your personal data through your use of this website (www.getbird.ing.com), our paid subscription service (getbirding.supportingcast.fm) or otherwise when you engage with us.  This website is not intended for children and we do not knowingly collect data relating to children.

Controller

Get Birding Limited is the controller of the data we collect and hold about you and we are responsible for holding your personal data in accordance with the relevant data protection laws.  Our registered office is at 18 Bond Street, Brighton BN1 1RD.

Get Birding is responsible for the collection of your data through this website, our paid subscription service and otherwise in your interactions with us. 

If you have any questions about this privacy notice or with respect to your rights, please contact hello@getbird.ing

We hope that we can deal with any concerns you have directly when you email us, but if you live in the UK, you have the right to make a complaint to the UK ICO (www.ico.org.uk).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

Collected directly from you via our website, (if you choose to provide it or you choose to become a paid subscriber):

• Contact Data including name, email address, written communications.

• Verification Data including password, username, account settings and details

Collected through third party functions  via our website (where you consent or we have other lawful ground to do so):

• Payment Data collected via our Stripe account including payment details and records if you choose to become a paid subscriber.

• Log and Device Data collected via third party cookies, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

• Usage Data collected information about how you use our website, products and services.

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

How we use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you (e.g. to provide our podcast to you or communicate about that).

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

• Where we need to comply with a legal or regulatory obligation.

• Where you have provided specific consent. 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where.

Marketing

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by emailing us. 

Purpose of processing your personal data

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.  Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your personal data

We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 3 above.

• Third party service providers: As most businesses do, we use a number of third party service providers who act as “data processors” and may have access to your personal data, simply because of the service they provide to us.  For example, we use reputable established third party companies for podcast subscription and distribution services (e.g. Supporting Cast) payment processing (Stripe) cloud storage, and to support our work streams and email services.

• Other third parties: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We don’t typically transfer your personal data outside the UK/EEA.  Should we need to do so, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We may use specific contracts approved by the ICO which require any recipient of your data to give it the same protection it has in UK.

• Where we use third party service providers based in the US, we may transfer data to them if they are part of the US-UK Data Bridge which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see https://www.gov.uk/government/publications/uk-us-data-bridge-supporting-documents/uk-us-data-bridge-factsheet-for-uk-organisations.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Some of the safeguards we employ are data encryption, and information access controls. We will continue to enhance our security procedures as new technology becomes available. While we make every effort to ensure that your information is secure on our system, no data transmission over the internet can be guaranteed to be 100% secure.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data as follows:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please email hello@getbird.ing