2. What is personal data
Personal Data is information that can be used directly or indirectly to identify you. Personal data also includes anonymous information that is linked to information that can be used to directly or indirectly identify you. Personal Data does not include information that has been irreversibly anonymised or aggregated so that it can no longer enable us, whether in combination with other information or otherwise, to identify you.
3. Why we collect personal data
Our legal grounds for collecting your Personal Data is because either you provided your express consent (written, verbal or online) to the processing of your Personal Data, it is necessary for our contractual relationship (“contractual necessity”), the processing is necessary for us to comply with our legal or regulatory obligations or we have a legitimate interest in carrying out the processing for the purpose of managing, operating or promoting our business.
4. Personal data we collect
We collect the minimum amount of data we need to be able to deliver our Services to you in the best possible way, to maintain Our Websites, to protect the privacy of all our Customers, to keep you informed, to process transactions for you and respond to correspondence. We do not gather sensitive Personal Data about you without your prior, informed, consent. We may collect Personal Data either directly from you, automatically from your devices that interact with our Services, or from Third Party Service Provider sources as described below. Information provided directly and voluntarily by you may include: • Your name, email addresses, telephone numbers, postal, delivery and contact addresses; • Gender, date of birth, language and title; • Payment type or method, username and encrypted password; • Any consents, communications and feedback; • Personal interests; • Work-related information such as company name and contact details; • Gift purchase information such as the recipient’s name, delivery addresses, telephone numbers and email addresses; and • Other personal information collected on the basis of your prior, express, voluntary consent (including public social media profiles and website content). As part of our Service to registered account holders of Our Websites, you may publish various website content that is considered Personal Data such as profile images. As copyright owner of all the content you publish, you may choose to include information that is personal to you. While we are fully committed to storing, publishing and protecting all the content you create, this Policy does not apply to any private information you choose to include in your content. Refer to Section 11 regarding “Exclusions”.
Additional information collected when you use our websites may include:
• Your user account identity (username, name, email address) and registration date; • Your browser, operating system, device model, IP-address, time of access and duration of access; • Location data such as GPS coordinates or similar measures; • Web pages through which Our Websites were accessed, the pages browsed by you, any other activities you undertook during your visit to Our Websites such as interactions, clicked referral links and search key words you used; • Cookies and other identification tags; • Your participation in our promotions, surveys or competitions; and • Other information collected based on your consent.
Additional information related to the purchase of our paid services and any other business with us by you:
Information collected from other sources associated with your interaction with us:
• If you have connected to any Indexer Index website, service or social media channel using your social media profile(s), we may collect the public information available on your social media profile(s); • We may collect information from public registers maintained by authorities, if such registers are available in your country; and • Updated delivery and contact information from delivery agents.
5. Cookies and similar technologies
6. How we use your personal data
As well as using the information to provide our Services as set out above, we use the private information we have collected for the following purposes:
We may process your Personal Data for the purposes of detecting, investigating and preventing unlawful or fraudulent activities. We may provide your information to law enforcement authorities based on their request or on a legal basis defined in any applicable law for prevention and investigation of fraud and other unlawful activities. We may disclose your Personal Data to any party in response to an order from a court of competent jurisdiction.
If you have ordered paid Services from us, we may collect your Personal Data for the purposes of processing your order(s) and to fulfil any contractual obligations we have with you. Payment details are not stored in our systems. Instead, payment data is provided by you directly to Third Party Service Providers. Refer to Section 11 regarding “Exclusions”.
Marketing and communications
We will retain your Private Data in order to respond effectively to your correspondence with us (written or verbal). If you have registered on Our Websites or subscribed to any of our various marketing and communication channels, we will keep you informed of Indexer Index news, information published on Our Websites as part of our Services. Such marketing and communications may be carried out via mail, telephone, electronic messages (emails and other electronic messages), digital online displays, web-based notifications and search engine marketing.
We may need to identify you for the purposes of ensuring your privacy and the privacy of all our Customers is protected. We may also identify you to provide you with better, more personalised and customised Services. For example, Our Websites use “cookies” to enhance your experience when browsing. Refer to Section 5 regarding “Cookies”.
We use anonymised data to help us maintain and develop Our Websites, troubleshoot problems, research general user interests, to keep Our Websites safe and secure and to monitor actual or suspected fraudulent activity. This information is delivered to us by Third Party Service Providers in an aggregated format. Data in an aggregated format cannot be used to identify you and is not considered Personal Data. Refer to Section 11 regarding “Exclusions”.
Services development and delivery
7. Retention period
Your Personal Data is stored for as long as it is absolutely necessary to deliver our contracted Services.
We may retain your data for a longer period if we are legally required to do so in compliance with applicable law including the resolution of legal claims and disputes, to establish, exercise or defend our legal rights and any other additional periods required or permitted under applicable law. Remember to update your information if any material changes occur.
If you have created an account on Our Websites, your Personal Data will be retained until such time as you either terminate the account and request that your data be deleted.
We do not, and will never, procure, sell, lease or rent your Personal Data.
Automated profiling and decision making
We do not use any Personal Data for automated decision making or profiling nor is such data subject to automated decision making or profiling.
We may disclose your Personal Data if required to do so by law in order to, for example, respond to a request from law enforcement, a court or a government agency, including in response to public authorities to meet national security or law enforcement requirements, or in the belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with our Services, (d) act in urgent circumstances to protect the personal safety of our Customers or the public, or (e) protect against legal liability.
Mergers and acquisitions
In the event of any sale, consolidation or reorganisation of our businesses (for example mergers and acquisitions), we may disclose your Personal Data to prospective or actual purchasers or their advisers, where appropriate.
Third party service providers
We may pass limited information to some Third Party Service Providers who we have engaged for the purpose of providing you with our Services and any other contractual obligations we have established with you. Such disclosures may include transferring your Personal Data to payment processors, companies that facilitate your orders, delivery companies and customer service teams. We also share information with analytics providers that assist us in the improvement and optimisation of Our Websites. This analysis data is aggregated and does not identify you. We have verified that these Third Party Service Providers are GDPR compliant and are certified under the EU-US Privacy Shield Framework where these organisations are based outside of the European Union.
We take security very seriously and have created and implemented both technical and organisational safety measures, systems and processes to protect your Personal Data. Such security measures are designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of processing, in accordance with applicable law. A copy of our internal Data Security Policy is available on request.
Staff training and accountability
All personnel authorised to access and process Personal Data are trusted and accredited or are authorised personnel of Third Party Service Providers operating on our behalf. All Indexer Index personnel who are granted access to your Personal Data are required to keep such data strictly confidential.
We hold only the data that is absolutely necessary to deliver our Services.
Website account and credentials
Website account holders are required to hold a secure password in order to access and make use of some Services. As an account holder on Our Websites or authorized Third Party Service Providers, your password/s are additionally encrypted and therefore strictly private to you alone. You are responsible for keeping your password/s confidential and we ask you not to share them with anyone.
10. Your legal rights
You have certain rights concerning the information we hold about you, as defined under the General Data Protection Regulation (“GDPR”). If you have any difficulty in accessing and/or managing your options please contact us by email in the first instance at firstname.lastname@example.org. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Choose to decline
You may choose not to provide your Personal Data to us. Note that some features of our Services may not be fully available to you if you choose not to provide us with your Personal Data. For example, we may not be able to process your orders without the necessary details.
Choose to opt in
By choosing to contract business with us, subscribe to any of our marketing and communication Services and register an account on Our Websites you will be given prior informed opportunity to provide the minimum Personal Data required and consent to our retention of same.
Access, view, edit and update
You have the right to request access to your Personal Data, together with information regarding the nature, processing and disclosure of that data, at any time. We hope to ensure that the Personal Data we possess is accurate at all times and therefore we encourage you to update us should any changes have occurred. As a registered and logged in account holder on Our Websites or authorised Third Party Service Providers websites, you can view and manage the information held on your account at any time. If you have additionally opted in to any of our marketing and communications Services you will find the links to update your information at the bottom of every communication you have previously received or displayed prominently on the relevant website where you signed up.
You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
You may request a copy of any data we hold about you. Expect our response within and up to 40 days of the date of your request. Upon request, we will provide you with an electronic file containing the Personal Data we hold on record about you. Please contact us by email in the first instance at email@example.com. Note that there is a small fee for this service.
Choose to opt out and be forgotten
You may at any time decide to withdraw your consent to the processing of your Personal Data. If your consent is withdrawn, we will update our database promptly, however, it does not prevent us from processing your Personal Data based on other legal premises, such as fulfilling your orders and storing your order data as required by applicable law. You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Please note that withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal. We include an unsubscribe link in all electronic marketing messages we send to you and options to cancel your account on Our Websites. Please contact us by email in the first instance at firstname.lastname@example.org. Should you request that your Personal Data is deleted we will respond within 40 days.
You may have the right to object, on legitimate grounds, to the processing of your Personal Data. Should you believe that our processing of your Personal Data is inaccurate or illegal, we are not processing your data in accordance with the processing purpose or you want to oppose the processing, please contact us by email in the first instance at email@example.com. We will investigate your request promptly before deciding what action to take. Should you believe that our processing of your Personal Data infringes your legal rights, you may lodge a claim with your local supervisory authority – National Data Protection Authorities
You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Children and age limitation
Our Services are not directed at persons under the age of 18 years. Therefore, we do not seek to collect Personal Data of children. If you learn that a person under the age of 18 years has provided us with Personal Data without consent, please contact us by email in the first instance at firstname.lastname@example.org.
Personal data provided to others