How we protect your privacy
At Neatebox Ltd trading as WelcoMe we pride ourselves on our commitment to protecting your privacy.
We want you to know how we will collect, use and disclose the personal data you provide to us. We respect the privacy of everyone who visits this website (www.wel-co.me) (“this website” or “our site”) and will only collect and use personal data in a way that is described here, and in a way that is consistent with our obligations and your rights under the law.
This website is not intended for children under the age of 16 and we do not knowingly collect data relating to children.
This website is owned and operated by Neatebox Ltd trading as WelcoMe, a company registered in Scotland with Company Registration Number SC409943 and having its registered address at 65 Haymarket Terrace, Edinburgh, United Kingdom, EH12 5HD (the “Company”).
Our Data Protection Officer is Allan Hutcheon
If you have any questions about our cookies or this policy, please contact us by email to email@example.com.
Headings are included in this Policy for convenience only and shall not affect the construction or interpretation of this Policy.
What does this policy cover?
What is personal data
Personal data is defined by the General Data Protection Regulations (EU Regulation 2016/679) (the “GDPR”) as “any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier”. The California Consumer Privacy Act (CCPA) also known as AAB-375, defines “Personal information” as “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household”. When referring to Personal data in this policy we are referencing both definitions.
Personal data is, in simpler terms, any information that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
What are your rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
The right to access the personal data we hold about you. Please see the section entitled “How Can You Access Your Personal Data” below.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details provided in the About Us section above.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details provided in the About Us section above to find out more.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to our using of your personal data for a particular purpose or purposes.
The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling.
Under CCPA, you have the following rights, which we will uphold:
The right to opt out. Please note WelcoMe does not sell any personal information to third parties.
The right disclosure. Please see the sections entitled “How Can You Access Your Personal Data” and “Data Portability”.
The right to deletion. Please see the section entitled “Data Portability”.
The right to equal services and prices. Please see the section entitled “Using Your Data”.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in the About Us section above.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Collecting your data
As noted above, personal data is any data that can be used to identify you as an individual. Depending upon your use of our site, the Company may collect some or all of the following personal and non-personal data.
This information may be gathered by us in connection with the following
A product or service purchase.
A booking placed via our booking tools.
Registration of a purchased product or service.
A request for information.
A request for any trial products or services that the Company may offer.
For the purposes of CCPA the information we collect falls into the following enumerated categories; (a) identifiers, (b) customer records information, (c) commercial information, (d) internet or other electronic network activity information and (e) geolocation data. Categories (a) and (b) are sourced from an individual submitting the information. Categories (c),(d) and (e) are sourced from business observation and recording the information. The purpose for collecting this information is as described above.
If you require further information on your rights under the Data Protection Act please contact the Information Commissioner. Further details can be found by visiting https://ico.org.uk.
Using your data
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you or because you have consented to our use of your personal data.
It is the Company’s policy that you should know exactly what personal data we collect from you and how we will use it. We operate in accordance with the WelcoMe Data Protection Policy. We collect personal data from you for the purpose of processing your order or enquiry. We may use your personal data to supply products and services to you that you have requested, carry out any agreement with you or take any steps that you have requested. In particular, we may:
update you as to the status of your order or booking;
alert you to important product revisions or updates;
inform you about upgrades to your purchases, bookings or Company offerings;
facilitate your transactions with third parties providing goods and services though our site;
ensure that you are properly registered to receive technical support.
personalise and tailor our services to you.
communicate with you, which may include email or phone calls.
analyse your use of our site and gather feedback to enable us to continually improve our site and your user experience.
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email and text message with information, news, and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out and you will not be discriminated against if you choose to do so.
Where you have given us appropriate permission or where we are permitted by law, we may use your personal data for the following purposes and direct marketing (‘Additional Purposes’):
To tell you about special discounts on additional Company products and services;
To tell you about new Company products and services;
To tell you about new products from other carefully screened companies that the Company feels may be of interest to you (we carefully screen and then select such companies only when we are satisfied that their products and/or services are likely to be of interest to you).
In the event that you wish to be removed from this process you can opt out from the footer of all marketing emails or please contact our team on firstname.lastname@example.org .
Aggregate data is general data about groups of customers and does not identify individual customers. The Company may combine your data with that of other individuals to create aggregate data that we will use to improve our products & services and develop new ones. For example, we may tell a third party how many people purchased a certain product, but not that you personally purchased a specific item.
How long will we keep your data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Disclosing and sharing your data
The Company may also transfer personal data to the Company-affiliated companies in other countries. These may be outside the European Economic Area (“EEA”). By supplying personal data to the Company, you consent to any such transfer.
Many of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is adhered to by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers. We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
For the purposes of CCPA a list of categories of personal information disclosed to our external third parties in the last twelve months is included below. This information was disclosed to perform services on behalf of the business, i.e. to provide you with online booking services. Categories disclosed include: (a) identifiers, (b) customer records information, (c) commercial information and (d) internet or other electronic network activity information.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
It is the Company’s policy that you are kept in control of the ways in which we use your personal data for the Additional Purposes. All the Company communications, in whatever medium, that involve the recording of personal data for these Additional Purposes include a short section that allows you to indicate your preferences with respect to the use of that personal data. You can choose whether or not you wish to receive additional information or promotional offers from the Company.
Security of your data
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How can you access your personal data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”
All subject access requests should be made in writing and sent to firstname.lastname@example.org.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months (90 days) from the date we receive your request. You will be kept fully informed of our progress. Under the CCPA a consumer can make this request twice in a 12 month period.
How can you contact us?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: email@example.com
Address: Neatebox Ltd trading as WelcoMe, 65 Haymarket Terrace, Edinburgh, United Kingdom, EH12 5HD
EU – Ireland Representative
The Company has appointed and authorised Instant EU GDPR Representative Ltd. to represent us in the EU.
EU GDPR Representative Ltd.
Name: Adam Brogden
Tel: +353 015 549 700
Address: INSTANT EU GDPR REPRESENTATIVE LTD, Office 2, 12A Lower Main Street, Lucan, Co. Dublin, K78 X5P8, Rep. of Ireland.
Data collected by telephone
In the event that you submit your personal details by telephone, please note that the Company may monitor or record your call for one or more of the following purposes:
To provide evidence of your order or transaction with us
To ensure that we comply with relevant regulatory procedures
To see that quality standards or targets are being met
In the interests of national security to prevent or detect crime or to investigate the unauthorised use of a telecommunications system
To secure the effective operation of our telecommunications system
Any information that you choose to provide us with will be used to personalise and improve our customer service operations. All information is collected and stored in a secure manner and is used strictly in relation to this policy and your stated preference. The Company shall not be responsible or liable for loss of privacy, disclosure of information, harm, damage or loss that may result from your transmission of any information to us. In addition, under the law, we must cooperate fully with any law enforcement agency should a situation arise where our information about customers could be of assistance.
From time to time, the Company may introduce new products and services to our customers that may require modifications to this policy. We reserve the right to modify this policy at any time by notifying our customers, via the Company website, of a new or revised policy. These modifications will only apply to personal data that you then provide to us after the date of the modification.
In the event that you decide to terminate your WelcoMe account or otherwise wish to obtain the personal data we hold about you, we provide the facility to export all information in the form of a CSV file.
Further information regarding your right to Data Portability is contained in our Data Protection Policy. If you require assistance in exporting data please contact our customer service team firstname.lastname@example.org.
In the event that our clients request their information to be deleted, we endeavour to do so within 6 months. All cancelled accounts will have personal information deleted no more than 6 months, as routine, after the last date of billing. Account information is then stored for a further 30 days as a backup. This information is encrypted with access granted to a limited number of authorised personnel.
As a Company customer, we may also use your contact information to inform you of other products or services we think might interest you. However, if you do not wish to be contacted for promotional purposes, you can “opt out” when the Company collects your information. Alternatively, you can update or correct your personal or business information relating to your Company account by contacting us by post or e-mail.
Please note that your contact preferences only apply to the Company contacting you for marketing purposes. We may still need to communicate with you regarding the usability of your product or critical messages relating to your service or software. These communications may include service messages, subscription renewal notices, critical notices or legally mandated notices.
Contact us for more Information
Please be sure to include your mailing address if you would like us to send you any written materials. The Company reserves the right to take reasonable steps to verify any requests for personal information it receives. We endeavour to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Last modified date