Privacy Policy
Version 1.0. – 03.01.2023
Introduction
Take That Limited, (“we”; “us”), is committed to protecting and respecting your privacy. This Privacy Policy (“policy”) forms part of and is incorporated by reference into the Take That Limited standard Terms and Conditions. This policy governs the data which we collect from users and other third parties in the course of our business and the way in which we protect and process such information. Please read this policy carefully to understand how we will treat your personal data.
Take That Limited respects your privacy and is committed to protecting your personal data and processing it in compliance with applicable laws – notably:
- The Data Protection Act 2018 (DPA 2018), and the UK General Data Protection Regulation (UK GDPR).
- The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) – the ‘GDPR’.
This Privacy Policy will inform you as to how we process your personal data when you visit our website and/or use our services and tell you about your privacy rights and how the law protects you.
CONTENTS OF THIS PRIVACY POLICY:
1. DATA CONTROLLER
- Scope of this Privacy Policy
- Controller
- Contact Details
- Changes to the Privacy Policy
2. THE DATA WE COLLECT ABOUT YOU
- Personal Data
- Data Disclosed by You
- Special Categories of Personal Data
- If You Fail to Provide Data
3. PURPOSES AND LEGAL BASIS
- General Purposes
- Purposes and Legal Basis
4. RETENTION PERIOD
5. DATA PROCESSORS
- Authorised Disclosures
6. INTERNATIONAL TRANSFERS
7. SECURITY
8. YOUR RIGHTS UNDER DATA PROTECTION LAWS
- Right of Access
- Right to Rectification
- Right to Erasure (The Right to be Forgotten)
- Right to Data Restriction
- Right to Data Portability
- Right to Object
- Right to Lodge a Complaint
- Identification
- Time Limit to Respond to Your Requests
9. COOKIES
1. DATA CONTROLLER
1.1. SCOPE OF THIS PRIVACY POLICY
This privacy policy aims to give you information on how We collect and process your personal data through or in conjunction with your use of this website and Our Services.
This Privacy Policy stipulates details and conditions of collecting and processing your Personal Details and provides you with information in terms of articles 12 and 13 of the and 20 of General Data Protection Regulation (GDPR).
This website is not intended for children and we do not knowingly collect data relating to children.
1.2. CONTROLLER
Take That Limited is the controller and responsible for your personal data (referred to as "We", “we”, "us" or "our" in this Privacy Policy).
We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise rights please contact Us or the DPO using the details set out below.
1.3. CONTACT DETAILS
Although Our goal is to always be as clear and transparent as possible, We strongly encourage You to contact Us for any clarification You may need.
Our full details are:
Email address: dpo@takethat.co.uk Postal address: The London Office, 85 Great Portland Street, First Floor, London W1W 7LT
1.4. CHANGES TO THE PRIVACY POLICY
Any changes we may make to our Privacy Policy in the future will be posted on this page and on our website. Please check this page occasionally to ensure you are happy with any changes.
If you have any questions about our privacy policy, or if you want to request information about our privacy policy, please contact us at dpo@takethat.co.uk or in writing at the address set out on the Contact Us page of the website.
2. THE DATA WE COLLECT ABOUT YOU
2.1. Personal Data: means any information that identifies You as an individual or that relates to an identifiable individual.
Whenever it is not possible or feasible for Us to make use of anonymous and/or anonymised data (in a manner that does not identify any Users of the Site or customers of Our services), We are nevertheless committed to protecting Your privacy and the security of Your Personal Data at all times.
2.2. Data Disclosed by You: We collect from You, through interaction with You or through Your interaction with Us or our Services different kinds of personal data about you which we have grouped together follows:
a. Registration Data provided by you when you register on the Website including display name (chosen by you).
b. Contact Data includes your email address and residential address.
c. Log in Data includes internet protocol (IP) address, your logins, browser and operating system on the devices you use to access our Services.
d. Analytics data include various data provided by you or observed with respect to your use of our Website and Services such as your browser data, referring site URLs, time or usage information, Website preferences and settings. Certain information is collected using cookies and/or similar tracking technology – please see further section “Cookies”.
2.3. Special categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, we may not exclude that You send us such data in communication with Us.
2.4. If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Our Services).
3. PURPOSES AND LEGAL BASIS
3.1. General Purposes
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- To allow You access and use of the Website
- For identification and verification proposes
- for analytics purposes
3.2. Purposes and Legal Basis
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please Contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose | Data Category | Legal Basis |
---|---|---|
To register you as a new user of the website | Registration Data | Legitimate Interest (to offer you access to certain content and functionality on our website, such as posting comments on our forum) |
To enable you to make use of the forum and other functionality of our website | Registration Data | Legitimate Interest (to offer you access to certain content and functions on our website, such as posting on our forum) |
Commercial business analyses for the creation of standard, periodical as well as ad hoc reports | Log In Data, Analytics Data, (data are pseudonymised) | Legitimate interest (to develop our products/services and grow our business) |
Web Analytics | Log In Data, Analytics Data, (data are pseudonymised) | Legitimate interest (to develop our products/services and grow our business) |
To eliminate spam from our forum | Registration data, Analytics Data, Login Data | Legitimate Interest (to improve our website) |
4. RETENTION PERIOD
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
The criteria We use to determine what is ‘necessary’ depends on the nature of the particular personal data in question.
For the avoidance of doubt we will normally keep your data for a period no longer than five (5) years, unless required to hold your data for a longer period for regulatory purposes.
Where Your personal data is no longer required by Us, We will either securely delete or anonymise the personal data in question.
5. DATA PROCESSORS
5.1. As Take That Ltd business partners, suppliers or service providers are responsible for certain parts of the overall functioning or operation of the Website, Personal Data are processed also by them for the abovementioned purposes on behalf of Take That Ltd.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
5.2. Authorised Disclosure: If You are suspected to have breached our Terms and Conditions or any applicable laws (for example when we suspect that a crime may have been committed), or for the purpose of preventing, detecting or surpassing fraud Take That Ltd has a right to:
- forward Your Personal Data to the government authorities;
- share Your Personal Data with relevant law enforcement and/or crime investigation bodies and assist the same with any type of investigation into Your actions.
- Use your Personal Data for the purpose of response to any Court subpoena or order or similar official request for Personal Data; or
6. INTERNATIONAL TRANSFERS
We will only transfer your personal data to countries which are considered as providing an adequate level of legal protection or where alternative arrangements are in place to protect your rights.
We may transfer your personal data outside the EEA in the unlikely event that we receive a legal request from a foreign law enforcement body. All requests for information we receive from these bodies will be carefully checked before personal data is transferred.
We may use remote website server hosts to provide and maintain some aspects of our service and website, which may be based outside the EEA (in “the cloud”). Your personal data may also be processed by staff operating outside the EEA or one of our service providers located in a country outside of the EEA. Transfers to service providers outside of the EEA will be protected by contractual commitments and, where appropriate, further assurances, such as certification schemes (including the EU-US Privacy Shield for the protection of personal data transferred from the EU to the US and accessed in the US where we believe it is appropriate to do so from time to time). In all cases we will take steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this privacy policy and in accordance with the GDPR and other applicable laws.
You have the right to ask for more information about the safeguards we have put in place as mentioned above.
7. SECURITY
We have put in place appropriate technical and organizational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. YOUR RIGHTS UNDER THE DATA PROTECTION LAWS
8.1. Your Right of Access
You may, at any time, with reasonable intervals, request Us to confirm whether or not We are processing personal data that concerns You and, if We are, you shall have the right to access that personal data and to the following information:
- what personal data We have,
- why We process them,
- who We disclose them to,
- how long We intend on keeping them for (where possible),
- whether We transfer them abroad and the safeguards We take to protect them,
- what Your rights are,
- how You can make a complaint,
- where We got Your personal data from and
- whether We have carried out any automated decision-making (including profiling) as well as related information.
Upon request, We shall (without adversely affecting the rights and freedoms of others including Our own) provide You with a copy of the personal data undergoing processing within one month of receipt of the request, which period may be extended by two months where necessary, taking into account the complexity and number of the requests. We shall inform You of any such extension within one month of receipt of the request, together with the reasons for the delay.
8.2. The Right to Rectification
Although all reasonable efforts will be made to keep Your Personal Data updated, you are kindly requested to inform Us promptly. With respect to your residential address and phone number, you can notify us of the change by amending Your profile of any changes to Your Personal Data. If the change pertains to data that cannot be amended by changing your profile, please contact us. To this end You have the right to ask Us to rectify inaccurate personal data and to complete incomplete personal data concerning You. We may seek to verify the accuracy of the data before rectifying it.
8.3. The Right to Erasure (The Right to be Forgotten)
You have the right to ask Us to delete Your personal data and We shall comply without undue delay but only where:
- The personal data are no longer necessary for the purposes for which they were collected; or
- You have withdrawn Your consent (in those instances where We process on the basis of Your consent) and We have no other legal ground to process Your personal data; or
- You shall have successfully exercised Your right to object (as explained below); or
- Your personal data shall have been processed unlawfully; or
- There exists a legal obligation to which We are subject; or
- Special circumstances exist in connection with certain children’s rights.
In any case, We shall not be legally bound to comply with Your erasure request if the processing of Your personal data is necessary:
- for compliance with a legal obligation to which We are subject (including but not limited to Our data retention obligations); or
- for the establishment, exercise or defence of legal claims.
8.4. The Right to Data Restriction
You have the right to ask Us to restrict (that is, store but not further process) Your personal data but only where:
- The accuracy of Your personal data is contested (see the right to data rectification above), for a period enabling Us to verify the accuracy of the personal data; or
- The processing is unlawful, and You oppose the erasure of Your personal data; or
- We no longer need the personal data for the purposes for which they were collected but You need the personal data for the establishment, exercise or defence of legal claims; or
- You exercised Your right to object and verification of Our legitimate grounds to override Your objection is pending.
Following Your request for restriction, except for storing Your personal data, We may only process Your personal data:
- Where We have Your consent; or
- For the establishment, exercise or defence of legal claims; or
- For the protection of the rights of another natural or legal person; or
- For reasons of important public interest.
You may request the restriction by contacting us.
8.5. The Right to Data
With effect from May 25, 2018, you have the right, in certain circumstances, to obtain personal data you have provided us with, in a structured, commonly used and machine-readable format, and to reuse it elsewhere or ask us to transfer this to a third party of your choice.
8.6. The Right to Object
When the processing is necessary for the purposes of the legitimate interests pursued by Us or by a third party You shall have the right to object to processing of Your personal data by Us.
When Your data is processed for direct marketing purposes, You have the right to object at any time to the processing of Your personal data, which includes profiling to the extent that it is related to such direct marketing.
8.7. The Right to Lodge a Complaint
You also have the right to lodge complaints with the appropriate Data Protection Supervisory Authority. The competent authority in the United Kingdom is the Information Commissioner’s Office (ICO). We kindly ask that You please attempt to resolve any issues You may have with Us first (even though, as stated above, You have a right to contact the competent authority at any time).
8.8. Identification
When exercising your rights by contacting us, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
8.9. Time Limit to Respond to Your Requests
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. COOKIES
Our site uses cookies, for further information on what cookies are and which cookies we use, please read our Cookies Policy.