Privacy Policy
This Privacy Policy was last updated on March 15, 2021
Introductions
Paul Walsh Co and https://www.paulwalsh.co (the/this ‘Website’) provides development services such as coaching, consulting or facilitating support in achieving a specific personal or professional goal by providing training and guidance (the ‘Service’). The website is operated by Annexus Ltd (hereinafter - ‘we’, ‘us’, ‘our’, ‘Annexus’), a company registered under the laws of the United Kingdom.
We at Annexus Ltd have created a Privacy Policy for this Website that aims to inform you of our policies regarding the collection, use, and disclosure of data about a living individual who can be identified from those data (the ‘Personal Data’) when you use our Service and the choices you have associated with that data.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms of Use, accessible from [link].
Also our Website does not sell your Personal Data to third parties. A ‘sale’ of Personal Data under the GDPR is defined broadly to include the ‘selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means’ the Personal Data of a consumer to another business or third party ‘for monetary or other valuable consideration.’ If we decide to sell our Website or our business, we will inform you about this, so you can forbid us to transfer your Personal Data together with our business. If so, we will delete your data from the databases prior to a business transfer.
For the purposes of this policy, we define the term ‘User’ as an individual, using the Website and filling our contact form.
We adhere to the following principles in order to protect Your privacy:
- Principle of purposefulness - we process Personal Data fairly and in a transparent manner only for the achievement of determined and lawful objectives, and they shall not be processed in a manner not conforming to the objectives of data processing;
- Principle of minimalism - we collect Personal Data only to the extent necessary for the achievement of determined purposes and do not keep Personal Data if it is no longer needed;
- Principle of restricted use - we use Personal Data for other purposes only with the consent of the data subject or with the permission of a competent authority;
- Principle of data quality - we update Personal Data shall be up-to-date, complete and necessary for the achievement of the purpose of data processing;
- Principle of security - security measures shall be applied in order to protect Personal Data from unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures;
- Principle of individual participation - the persons shall be notified of data collected concerning him or her, the persons shall be granted access to the data concerning him or her and the persons have the right to demand the correction of inaccurate or misleading data.
For the purposes of this policy, we define the term “Customer” as an individual or business entity, who uses the Website to order an item in our Online-store and the term “User” as an individual, who uses the Website to view an item in our Online-store and / or an individual who subscribes to the Online Store newsletter.
1
Data we collect
1.1
Usage data
1.1.1
We may collect, record and analyse Your information on our Website.
1.1.2
Where our Website is accessed purely to gain information, i.e. where you do not provide us information in any way, we only collect the personal data provided by your browser to our server. Where you want to view our website, we collect the following data necessary for technical purposes to be able to demonstrate our Website to you and to ensure adequate access stability and security (therefore, the legal basis for is the legitimate interest of Annexus):
- IP address;
- Enquiry date and time;
- Time zone difference to Greenwich Mean Time (GMT);
- Enquiry content (the exact web page accessed);
- Access status/HTTP status code;
- Data volume transmitted in each case;
- Website generating the enquiry;
- OS and its interface;
- Browser language and version.
1.1.3
We use this information in aggregate to assess the popularity of the web pages on our Website and how we perform in providing content to You. When combined with other information we know about You from previous visits, the data could possibly be used to identify personal information, even if You did not provide any information to us. Information collected this way is stored for no longer than one year.
1.1.4
Processing of Usage Data relies on our legitimate interests. It is necessary for managing and running our business efficiently and effectively, providing quality services including website support, developing and improving products, determining who may be interested in them.
Processing of Usage Data relies on our legitimate interests. It is necessary for managing and running our business efficiently and effectively, providing quality services including website support, developing and improving products, determining who may be interested in them.
1.1.5
Our Website allows you to contact us by using the contact form. To do so, you need to provide your name, email address, as well as the text of your inquiry. We use the collected Personal Data only to communicate with you, as you reasonably expect us to answer you, and we may also record your request and our reply in order to increase the efficiency of the organisation of our support service.
1.1.6
We collect email address and data of User’s profile in instant messaging applications (e.g. name, nickname, phone number) only when User wants to contact us and writes us on our email address that is available on the Website or communicates with us via instant messaging applications, that are listed on our Website. We use the collected Personal Data only to communicate with you, as you reasonably expect us to answer you.
1.1.7
While processing Personal Data of our Users, we rely on your consent to the processing of your Personal Data for the purpose of communicating with you. We use such Personal Data in ways you would reasonably expect and which have a minimal privacy impact. You can withdraw your consent at any time by sending us an email to privacy@paulwalsh.co with your withdrawal request and your Personal Data will be deleted within seventy-two (72) hours.
1.1.8
Wherever possible, we aim to obtain your explicit consent to process your Personal Data, for example, by asking you to agree to use Cookies.
1.1.9
Processing of Personal Data for marketing purposes also relies on the consent obtained from you. We use data in ways you would reasonably expect and which have a minimal privacy impact.
1.1.10
Users can control the use of Cookies at the individual browser level. If you reject Cookies, you may still use our Website, but your ability to use some features or areas of our website may be limited. To learn more and for a detailed Cookie notice, Users may refer to our Cookie Policy.
1.2
Personal data
1.2.1
In order to provide Services to our Users we collect its personally identifiable information.
1.2.2
When the User uses our Services by submitting an online order form on the Website, a contract is formed between the User and us. In order to carry out our obligations under that contract we must process the information that the User gives to us.
1.2.3
During the submission of an online order form on the Website, the User provides us with its first and last name. This information is used by us to identify our Users and provide them with services and to meet other contractual obligations.
1.2.4
Also, User provides us with the following information about the Addressee during the submission of an online order form on the Website:
- Email address.
- Phone number.
- Any question that relates to the provision of Services.
- Cookies and Usage Data.
1.2.5
This information is used by us to identify you, to personalise the User and to provide you needed Service in full.
1.2.6
We may obtain Users’ Personal Data from third parties such as payment service providers, whose services we use.
1.2.7
We process this information on the basis there is a contract between us and the User, we use the information before we enter into a legal contract.
1.3
Communication data
1.3.1
We collect any data that you share to us whether that be through the contact form on our website, through email, text, social media messaging, social media posting or any other communication that You send us. We process this data for the purposes of communicating with You, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
1.4
Marketing data
1.4.1
We collect data about your preferences in receiving marketing from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-always, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this case are to study how Users use our products/services, to develop them, to grow our business and to decide our marketing strategy.
1.4.2
Processing of Personal Data for marketing purposes also relies on the consent obtained from you. This processing has appropriate safeguards and a minimal privacy impact. You can object to the processing by following the “unsubscribe” link you will find on all the email marketing messages we send you. Alternatively, you can contact us at privacy@paulwalsh.co.
1.4.3
If you no longer wish to receive promotional emails, you may opt out of them by replying to one of such emails or send us an email with a request.
1.5
Additional terms of processing
1.5.1
We do not collect any sensitive data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
1.5.2
Where we are required to collect Personal Data by law, which you do not provide us with, we may not be able to perform the contract (for example, to deliver Services to you). If you don’t provide us with the requested data, we may have to cancel a product or Service you have ordered but if we do, we will notify you at the time. We will only use your Personal Data for a purpose it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at privacy@paulwalsh.co.
1.5.3
In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing. We may process your Personal Data without your knowledge or consent where this is required or permitted by law.
1.5.4
We do not carry out automated decision making or any type of automated profiling.
2
Compliance with the applicable law
2.1
For Customers and Users located in the United Kingdom all processing of Personal Data is performed in accordance with regulations and rules following the Data Protection Act 2018.
2.2
For Customers and Users located in the European Economic Area (EEA) privacy rights are granted and all processing of Personal Data is performed in accordance with regulations and rules following the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, known as the General Data Protection Regulation (GDPR).
2.3
For Customers and Users located in California all processing of Personal Data is performed in accordance with regulations and rules following the California Consumer Privacy Act, Cal. Civ. Code § 1798.100 et seq. (“CCPA”)
2.4
For Customers and Users located in Brazilia, all processing of Personal Data is performed in accordance with regulations and rules following the Lei Geral de Proteção de Dados (“LGPD”).
2.5
We may need to share your Personal Data with the third parties that provide the Services. Where your Personal Data is transferred outside of the European Economic Area (‘EEA’), we require that appropriate safeguards are in place.
2.6
We may need to share your Personal Data with the third parties that provide the Services. Where your Personal Data is transferred outside of the European Economic Area (‘EEA’), we require that appropriate safeguards are in place.
2.7
For more detailed information about the international information transfers to our business partners, service providers and developers outside of the EU/EEA, please contact us at privacy@paulwalsh.co.
3
Your legal rights
3.1
You can review, correct, update, delete or transfer Your personally identifiable information. For that, contact us directly at privacy@paulwalsh.co. We will acknowledge Your request within seventy-two (72) hours and handle it promptly and as required by law.
3.2
Right to access. You may contact us to get confirmation as to whether or not we are processing Your Personal Data. Where we process Your Personal Data, we will inform You of what categories of Personal Data we process regarding You, the processing purposes, the categories of recipients to whom Personal Data have been or will be disclosed and the envisaged storage period or criteria to determine that period.
3.3
Right to withdraw consent. In case our processing is based on a consent granted by You, You may withdraw the consent at any time by contacting us or by using the functionalities of our Services.
3.4
Right to object. In case our processing is based on our legitimate interest to run, maintain and develop our business, You have the right to object at any time to our processing. We shall then no longer process Your Personal Data unless for the provision of our Services or if we demonstrate other compelling legitimate grounds for our processing that override Your interests, rights and freedoms or for legal claims. Notwithstanding any consent granted beforehand for direct marketing purposes, You have the right to prohibit us from using his/her Personal Data for direct marketing purposes, by contacting us or by using the functionalities of the Services or unsubscribe possibilities in connection with our direct marketing messages.
3.5
Right to restriction of processing. You have the right to obtain from us restriction of processing of Your Personal Data, as foreseen by applicable data protection law, e.g. to allow our verification of accuracy of Personal Data after Your contesting of accuracy or to prevent us from erasing Personal Data when Personal Data is no longer necessary for the purposes but still is required for Your legal claims or when our processing is unlawful. Restriction of processing may lead to fewer possibilities to use our Services.
3.6
Right to data portability. You have the right to receive Your Personal Data from us in a structured, commonly used and machine-readable format and to independently transmit that data to a third party, in case our processing is based on Your consent and carried out by automated means.
3.7
To exercise any of the above mentioned rights, You should primarily use the Website or/and place an order in the Online-store. If such functions are however not sufficient for exercising such rights, Customer and/or User shall send us a letter or email to the address set out below under Contact, including the following information: name, address, phone number, email address and a copy of a valid proof of identity. We may request additional information necessary to confirm Your identity. We may reject requests that are unreasonably repetitive, excessive or manifestly unfounded.
3.8
If You are from the United Kingdom and You object to Your data processing, You can complain to the Information Commissioner’s Office at casework@ico.org.uk.
3.9
If You are from California and dissatisfied with how we have used Your Personal Data, You can complain to the California Department of Justice. Also You have the right to lodge a complaint with a supervisory authority if You think that we violate Your rights. You could contact The California Department of Justice (Department) via their website.If You are from Brazil, You can also file a complaint with Brazil’s National Data Protection Authority (ANPD) through its official channels.
4
Data retention
4.1
We will retain Personal Data for as long as You use our Website, or continue to communicate with our support team. Your information will be deleted if You did not communicate with the support team for more than 12 months.
4.2
When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
4.3
For tax purposes the law requires us to keep basic information about You (including contact, identity, financial and transaction data) for 12 months after You stop being Customers.
4.4
In some circumstances we may anonymise Your Personal Data for research or statistical purposes in which case we may use this information indefinitely without further notice to You.
4.5
Any data collected for the purpose of analytics will be deleted in 12 months after being collected.
5
Information Security
5.1
We care to ensure the security of Personal Data. We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain technical, physical, and administrative security measures to provide reasonable protection for Your Personal Data. When we or our Service Providers process Your information, we also make sure that Your information is protected from unauthorized access, loss, manipulation, falsification, destruction or unauthorized disclosure. This is done through appropriate administrative, technical and physical measures.
5.2
We always use pseudonymisation as a method of securing the Personal Data we process as the Processor.
5.3
There is no 100% secure method of transmission over the Internet or method of electronic storage. Therefore, we cannot guarantee its absolute security. But we make our best efforts to make the transmission as secure as possible.
5.4
We never process any kind of sensitive data and criminal offence data not as a Controller nor as a Processor. Also we never undertake profiling of Personal Data.
6
Service Providers
6.1
We may employ third party companies and individuals to facilitate our Service (‘Service Providers’), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.
6.2
These third parties have access to Your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
6.3
Analytics. We may use third-party Service Providers to monitor and analyse the use of our Website.
6.3.1
Google Analytics. Google Analytics is a web analytics service offered by Google that tracks and reports Website traffic. Google uses the data collected to track and monitor the use of our Website. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network. You can opt-out of having made Your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en. Your data will be stored in Google's network of data centres. Google maintains a number of geographically distributed data centres.
6.4
Behavioural Remarketing. We may use remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Service.
6.4.1
Google AdWords. Google AdWords remarketing service is provided by Google Inc. You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads. Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for Your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en. Your data will be stored in Google's network of data centres. Google maintains a number of geographically distributed data centres. Privacy Policy. Opt Out.
6.4.2
Facebook. Facebook remarketing service is provided by Facebook Inc. You can learn more about interest-based advertising from Facebook by visiting this page: Facebook Page. To opt-out from Facebook's interest-based ads follow these instructions from Facebook: Facebook. Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt-out from Facebook and other participating companies through the Digital Advertising Alliance in the USA http://www.aboutads.info/choices/, the Digital Advertising Alliance of Canada in Canada http://youradchoices.ca/ or the European Interactive Digital Advertising Alliance in Europe http://www.youronlinechoices.eu/, or opt-out using your mobile device settings. For more information on the privacy practices of Facebook, please visit Facebook's Data Policy: Data Policy. Your data will be stored in Facebook data centres, located in Sweden, Denmark, and Ireland.
Facebook pixel. We use Facebook pixel to monitor and analyse web traffic. Facebook pixel is a web analysis service provided by Facebook Ireland Ltd ("Facebook"). Facebook utilises the Data collected to track and examine the use of our Website, to prepare reports on its activities and share them with other Facebook services. Facebook may use the Personal Data collected to contextualise and personalise the ads of its own advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: the Republic of Ireland.
Facebook pixel. We use Facebook pixel to monitor and analyse web traffic. Facebook pixel is a web analysis service provided by Facebook Ireland Ltd ("Facebook"). Facebook utilises the Data collected to track and examine the use of our Website, to prepare reports on its activities and share them with other Facebook services. Facebook may use the Personal Data collected to contextualise and personalise the ads of its own advertising network. Personal Data collected: Cookies and Usage Data. Place of processing: the Republic of Ireland.
6.4.3
Active Campaign LLC is a marketing automation platform and email marketing service. It is heavily focused on GDPR, SOC 2, and HIPAA compliance. We constantly improve our security to go above and beyond compliance standards. You can learn more about this service from by visiting this page. For more information on the privacy practices of ActiveCampaign, please visit its Privacy Policy. ActiveCampaign uses data centres worldwide. View this page for more information on it's data centres.
6.5
Form constructors and hosting providers
6.5.1
JotForm. JotForm is provided by JotForm Inc. This is an online form builder that helps You in creating forms, surveys, order forms, etc. Creating a form using JotForm is easy with its intuitive drag and drop method. You can learn more about this service from JotForm by visiting this page: JotForm. For more information on the privacy practices of JotForm, please visit JotForm's Privacy Policy: JotForm's Privacy Policy. JotForm servers are co-located in a cloud based architecture with Google Cloud and Amazon Web Services (AWS). Google Cloud data centres are hosted in Iowa (US). AWS data centres are located both in Germany, Frankfurt (EU) and US, Virginia (US).
6.5.2
Cultrix Ltd. Cultrix cloud is provided by Cultrix LTD. Cultrix hosted virtual desktops provide a completely comprehensible cloud computing service, such as desktops and data availability from anywhere, maintenance, support, backups and the latest version of Microsoft Office, software consistency. You can learn more about this service from Cultrix LTD by visiting this page: Cultrix LTD. For more information on the privacy practices of Cultrix cloud, please visit their Cultrix Privacy Policy page. The servers of Cultrix are hosted and operated in various countries around the world in which it conducts business. Thus, Your Personal Data associated with Cultrix may be transferred to and/or processed in a country other than that from which it was collected. If You are a resident of the EU, any such transfers will be made in accordance with applicable laws.
6.5.3
Webflow. Webflow is provided by Webflow, Inc., a Delaware corporation. Webflow empowers to build professional, custom websites in a completely visual canvas with no code. You can learn more about this service from Webflow by visiting this page: Webflow. For more information on the privacy practices of Webflow, please visit Privacy Policy: Webflow Privacy Policy .
6.5.4
Calendly. Calendly is an online scheduler that sends out text message reminders before events booked on the site. They process customer data automatically when details are submitted via any of the scheduling links. You can see Calendly's privacy policy for information about how they process data or see their terms and conditions.
6.6
Payments. We use third-party services for payment processing (e.g. payment processors). We will not store or collect Your payment card details. That information is provided directly to our third-party payment processors whose use of Your Personal Data is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
6.7
The payment processors we work or sometimes work with are:
6.7.1
Shopify Payments
6.7.2
Stripe. Their Privacy Policy can be viewed at https://stripe.com/privacy.
6.7.3
Paypal. Their Privacy Statements can be found here.
6.7.4
Google Pay. Their Privacy notice can be viewed on the google payments site.
6.8
For a complete list of Service Providers - contact us.
7
Children's Privacy
7.1
We do not provide Services to children. Users declare themselves to be adults according to their applicable legislation.
7.2
Our Website and Services are not directed to persons under the age of 13. Minors may use our Website only with the assistance of a parent or guardian. Under no circumstances persons under the age of 13 may use the Website.
7.3
We collect data about all Users without verification of their age. We do not anticipate that some of those Users will be children.
7.4
Users shall not provide us with any Personal Data of children.
8
Applicability
8.1
This Privacy Policy is applicable to our Website. Our Website contains links to other Websites. Once redirected to another Website, this Policy is no longer applicable.
9
Acceptance of the terms
9.1
We assume that all Users have carefully read this document and agree to its content. If one does not agree with this Privacy policy, they should refrain from using our Website.
10
Permitted Disclosure
10.1
We may have to share Your Personal Data with the parties set out below:
- Other companies in our group who provide services to us.
- Service Providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers
- Government bodies that require us to report processing activities.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
10.2
We require all third parties to whom we transfer Your data to respect the security of Your Personal Data and to treat it in accordance with the law. We only allow such third parties to process Your Personal Data for specified purposes and in accordance with our instructions.
11
Changes
11.1
From time to time, we may update this Privacy Policy. We will notify You about material changes via email. We encourage You to periodically check back and review this Policy so that You always will know what information we collect, how we use it, and with whom we share it. The date it was last updated is always displayed at the top of this page
12
Contact us
12.1
If you have any questions, the practices of this Site, or your dealings with this website, please contact us at privacy@paulwalsh.co.
Annexus Ltd
Registered address: Beechwood, Park Drive, Doncaster, DN5 7LP
Company number: 07525885
Registered address: Beechwood, Park Drive, Doncaster, DN5 7LP
Company number: 07525885
