2. Information we may collect and process
We may process the following categories of Personal Information about you:
- Personal details: your name, or log in details and password.
- Demographic information: age/date of birth.
- Contact details: delivery address(es), telephone and/or mobile number and email address.
- Consent records: records of any consents you may have given, together with the date and time, means of consent and any related information (e.g., the subject matter of the consent).
- Purchase and payment details: records of purchases and prices, subscription details, invoice records, payment records, billing address, payment method, cardholder or accountholder name, payment amount, and payment date.
We also collect other kinds of information from you or other sources, which we refer to as “Other Information” in this Policy, which may include but is not limited to:
- Information about your use of the websites, such as usage data and statistical information, which may be aggregated.
- Browsing history including the websites or other services you visited before and after interacting with the website.
- Non-precise information about the approximate physical location (for example, at the city level) of a user’s computer or device derived from the IP address of such computer or device (“GeoIP Data”).
- Internet Protocol (“IP”) address, which is a unique string of numbers automatically assigned to your device whenever you access the Internet.
- Device type, settings and software used.
- Log files, which may include IP addresses, browser type, ISP referring/exit pages, operating system, date/time stamps and/or clickstream data, including any clicks on customized links.
- Web Beacons, which are electronic files that allow a website to count users who have visited that page or to access certain cookies.
- Pixel Tags, also known as clear GIFs, beacons, spotlight tags or web bugs, which are a method for passing information from the user’s computer to a third party website.
- Local Shared Objects, and Local Storage, such as HTML5.
- Embedded Scripts which are programming codes designed to collect information about your interactions with the website by temporarily downloading onto your device from our web server or a third party with whom we work. Embedded scripts are only active while you are connected to the Service and are deleted or deactivated thereafter.
3. Purposes for which we may process your information
The purposes for which we may process personal information, subject to applicable law, include:
- Provision of the services to you: providing the services to you from Castle Heaters or its partners including (a) processing of your payment information for your purchases, (b) management of your account, (c) offering promotional and marketing information to you, and (d) customer support and relationship management.
- Offering and improving the services: operating and managing the services for you; providing personalized content to you; identifying issues with the services and planning improvements to or creating new services; and notifying you of changes to any of our services.
- Communications: communicating with you via any means (including via email or telephone) regarding information in which you may be interested, subject to ensuring that such communications are provided to you in compliance with applicable law; maintaining and updating your contact information where appropriate; and obtaining your prior, opt-in consent where required.
- Audience Engagement: identification and development of audience engagement, advertising and promotional strategies on various platforms and channels.
- User Engagement and Purchases: tracking purchase traffic and activity across the website, including review of your browsing history (if available); provision of analytics and measurement of cost of traffic against money being made.
- Fraud Prevention: Our Service uses third party fraud prevention software designed to prevent your credit or debit card and other Personal Information from being used in a fraudulent purchase through the website. This offering works by analyzing user behavior and detecting patterns that indicate fraud; these third parties may also track your activity over time and over a network of sites.
- Marketing to Customers: We may market to current and prospective customers and their employees who have indicated an interest in doing business with, or have previously conducted business with Equipmart in order to further generate and promote our business.
- Security: electronic security measures (including monitoring of login records and access details) to help mitigate the risk of and provide the ability to identify and rectify a security incident.
- Financial Management: general business and financial management purposes, including: economic, financial and administrative management; planning and reporting; personnel development; sales; accounting; finance; corporate audit; and compliance with legal requirements.
- Investigations: detecting, investigating and preventing breaches of policy, and criminal offences, in accordance with applicable law.
- Legal Proceedings: establishing, exercising and defending legal rights.
- Legal Compliance: Subject to applicable law, we reserve the right to release information concerning any user of services when we have grounds to believe that the user is in violation of our Terms and Conditions or other published guidelines or has engaged in (or we have grounds to believe is engaging in) any illegal activity, and to release information in response to court and governmental orders, other requests from government entities, civil subpoenas, discovery requests and otherwise as required by law or regulatory obligations. We also may release information about users when we believe in good faith that such release is in the interest of protecting the rights, property, safety or security of Humble Bundle, any of our users or the public, or to respond to an emergency.
We may Process your user information to contact you via email or other methods of communication to provide you with information regarding the products and/or services that may be of interest to you. We may send information to you regarding the products and/or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us and always in compliance with applicable law. You may unsubscribe from our newsletter lists at any time by following the unsubscribe instructions included in every email we send. We will not send you any emails from a list you have selected to be unsubscribed from, but we may continue to contact you to the extent necessary for the purposes of any other services you have requested or for additional emails you have signed up for.
5. Cookies and similar technologies
Tracking technologies on the website may be deployed by Equipmart and/or by our service providers or partners. Certain tracking technologies enable us to assign a unique identifier to yo, and relate information about your use of the Services to other information about you, including your User Information. We may match information collected from you through different means or at different times and use such information along with offline and online information obtained from other sources (including from third parties), including, but not limited to, demographic information and updated contact information, for the purposes of learning more about you so we can provide you with relevant content and advertising.
We and our partners (including but not limited to e-commerce partners, affiliates, and analytics providers) also may use technologies such as pixel tags, IP addresses, and Local Storage such as HTML5 to analyze trends; administer the Services; collect and store information such as user settings and anonymous browser identifiers; supplement our server logs and other methods of traffic and response measurement; track users’ location and movements around the Services; gather demographic information about our user base; and to improve our understanding of traffic on the Services and visitor behavior. We may receive reports based on the use of these technologies by these third party companies on an individual and aggregated basis. Various browsers may offer their own management tools for removing Local Storage.
We may use mobile analytics software to collect data and to better understand the functionality of our mobile software, devices and applications on your phone and other devices. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We may link this information to User Information.
6. Lawful Basis for processing Personal Information
Consent: We may process your user information where we have obtained your prior, express consent to the processing (this legal basis is only used in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way).
Contractual necessity: We may process your user information where the processing is necessary in connection with any contract that you may enter into with us.
Compliance with applicable law: We may process your user information where the processing is required by applicable law.
Vital interests: We may process your user information where the processing is necessary to protect the vital interests of any individual; or
Legitimate interests: We may process your user information where we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights, or freedoms.
7. Disclosing information to third parties
We may disclose your user information to other entities within the company group, for legitimate business purposes (including operating the services and providing services to you) in accordance with applicable law. In addition, we may disclose your user information to:
- Legal and regulatory authorities, upon request or for the purposes of reporting any actual or suspected breach of applicable law or regulation.
- Outside professional advisors (such as accountants, auditors, or lawyers) subject to binding contractual obligations of confidentiality.
- Third party processors (such as analytic providers, data centers, etc.) located anywhere in the world, subject to the requirements noted.
- Any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights.
- Any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security.
- Any relevant third party provider, where our channels use third party advertising, plugins or content. If you choose to interact with any such advertising, plugins or content, information about your activities on the channels to provide you targeted advertising based upon your interests may be shared with the relevant third party provider. If you click or tap on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
We may engage third party providers to assist with the collection, storage and segmentation of online data and the providers are required to maintain the confidentiality of this information. These third party providers may collect user Information from our Services for their own purposes, such as to monitor fraud around the web. If we engage a third-party processor to process your user information, the processor will be subject to binding contractual obligations to: (a) only process the user information in accordance with our prior written instructions and (b) use measures to protect the confidentiality and security of the user information together with any additional requirements under applicable law.
8. Data security
We have implemented appropriate technical and organizational security measures designed to protect your user information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, unauthorized access, and other unlawful or unauthorized forms of processing, in accordance with applicable law. In certain instances we may use SSL (Secure Sockets Layer) encryption and/or transfer certain user information in a non-human readable format to provide protection. However, we cannot guarantee there will not be a breach and we are not responsible for any breach of security or for the actions of any third parties. Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement reasonable measures to protect your information, we cannot guarantee the security of your data transmitted to us using the internet. Any such transmission is at your own risk and you are responsible for ensuring that any personal information that you send to us are sent securely.
9. Data accuracy
We take every reasonable step to ensure that your user information that we process is accurate and, where necessary, kept up to date, and any of your user information that we process that you inform us is inaccurate (having regard to the purposes for which they are processed) is erased or rectified.
10. Data retention
We take every reasonable step to ensure that your user information is only processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will keep your user information are as follows: we will retain copies of your user information in a form that permits identification only for as long as is necessary in connection with the purposes set out in this policy, unless applicable law requires a longer retention period. Unless there is a specific legal requirement for us to keep the information, we plan to retain it for no longer than is necessary to fulfill a legitimate business need.
11. Updating information
We will use reasonable endeavours to ensure that your personal information is accurate. In order to assist us with this, you should notify us of any changes to the personal information that you have provided to us by contacting us, you can contact our Data Protection Officer at firstname.lastname@example.org.
We use Klarna as the provider of our checkout. This means that we might transfer your personal data in the form of contact and order details to Klarna when the checkout is loaded, in order for Klarna to manage your purchase. Your personal data transferred is processed in line with Klarna’s own privacy notice.