The data controller in respect of our website is Goodnick, a limited liability partnership registered in England and Wales (the registered office of which is at 82 Wandsworth Bridge Road, London, England, SW6 2TF
Information we collect
We collect and use information from website visitors in accordance with the below:
Web server log information
We use a third party server to host our website. Our website server automatically logs the IP address you use to access our website as well as other information about your visit such as the pages accessed, information requested, the date and time of the request, the source of your access to our website (e.g. the website or URL (link) which referred you to our website), and your browser version and operating system.
Our server is located in the United Kingdom.
Use of website server log information for IT security purposes
Our third party hosting provider stores server logs to ensure network and IT security and so that the server and website remain uncompromised. This includes analysing log files to help identify and prevent unauthorised access to the network, the distribution of malicious code, denial of services attacks and other cyber attacks, by detecting unusual or suspicious activity.
Unless we are investigating suspicious or potential criminal activity, we do not make, nor do we allow our website server provider to make any attempt to identify you from the information collected via server logs.
Cookies are data files which are sent from a website to a browser to record information about users for various purposes.
You can reject some or all of the cookies we use on or via our website by changing your browser settings.
We collect and use information from individuals who contact us in accordance with this section:
When you send an email to the email address displayed on our website, we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).
We use a third party email provider to store emails you send us. Our third party email provider is based in the United States of America.
When you contact us using our contact form, we collect the following information: your name, email address and any information you include in the message field. We also collect your company name if you provide it.
Transfer and storage of your information
Messages you send us via our contact form will be stored on our web servers in the UK and also transferred to our email provider’s servers outside the European Economic Area.
When you contact us by phone, we collect your phone number and any information provide to us during your conversation with us. We do not record phone calls.
If you contact us by post, we will collect any information you provide to us in any postal communications you send us.
Information we collect when you interact with our website
We collect and use information from individuals who interact with particular features of our website:
Enewsletter: When you sign up for our e-newsletter to receive information news and offers about our products and services on our website we collect your email address.
Consent: you give your consent to us sending you our e-newsletter by signing up to receive it using the steps described above.
Registering on our website
When you register and create an account on our website (at checkout), we collect the following information: your name, your address (including country, street address, town/city and postcode), phone number, email address, age and password (we do not view your password).
Information we collect when you place an order on our website
We collect and use information from individuals who place an order on our website in accordance with the below:
Information we collect when you place an order
When you place an order for goods or services on our website, we collect the following mandatory information: name, email address, phone number, billing address, age and account password (if you create an account).
Legal obligation: other than phone number and password, we have a legal obligation to issue you with an invoice for the goods and services you purchased from us where you are VAT registered and we require the mandatory information collected by our checkout form for this purpose.
At checkout you will have the option of receiving marketing communications from us.
Offers relating to our goods and services
You can opt in to receiving marketing communications from us in relation to our goods and services by email by ticking the box ‘I would like to receive offers about products and services by email’.
We will send you marketing communications in relation to our goods and services only if you opt-in to receive them.
Processing your payments
After you place an order on our website you will need to make payment for the goods or services you have ordered. In order to process your payment we use a number of third party payment processors, including Stripe. Your payment will be processed by the payment provider Stripe via a payment gateway.
Third party payment processors
The third party payment processors we use all collect, use and process your information, including payment information, in accordance with their privacy policies. You can access their privacy policies visiting the stripe homepage.
We use Kajabi as the ecommerce platform and stripe for processing orders on our website. When you place orders on our website, your information will be processed by stripe.
Disclosure and additional uses of your information
This section sets out the circumstances in which will disclose information about you to third parties and any additional purposes for which we use your information.
Disclosure of your information to service providers
We use a number of third parties to provide us with services which are necessary to run our business or to assist us with running our business and who process your information
for us on our behalf. These include the following:
● Telephone providers (UK),
● Email and hosting provider (USA),
● IT service providers (UK),
● Web developers (UK),
● Hosting provider (UK).
Your information will be shared with these service providers only where necessary to enable us to run our business.
For ongoing compliance with laws, regulations and other legal requirements
We will use and process your information in order to comply with legal obligations to which we are subject. For example, we may need to disclose your information pursuant to a court order or subpoena if we receive one or to the National Crime Agency in connection with suspected or potential money laundering matters.
Disclosure of your information to other third parties
We disclose your information to other third parties in specific circumstances, as set out below.
Providing information to Google Inc.
Sharing your information with third parties, which are either related to or associated with the running of our business, where it is necessary for us to do so. These third parties include our accountants, advisors, affiliates, business partners, independent contractors, and insurers
We share information with our accountants for tax purposes. For example, we share invoices we issue and receive with our accountants for the purpose of completing tax returns and our end of year accounts.
Our accountants are located in the United Kingdom.
Occasionally, we obtain advice from advisors, such as accountants, financial advisors, lawyers and other specialists. We will share your information with these third parties only where it is necessary to enable these third parties to be able to provide us with the relevant advice.
Our advisors are located in the United Kingdom.
Business partners are businesses we work with which provide goods and services which are complementary to our own or which allow us to provide goods or services which we could not provide on our own. We share information with our business partners where you have requested services which they provide whether independently from, or in connection with or own services.
Our business partners are located in the United Kingdom.
How long we retain your information
This section sets out how long we retain your information. We have set out specific retention periods where possible..
Specific retentions periods
Order information: when you place an order for goods and services, we retain that information for a minimum period of six years following the end of the financial year in which you placed your order, in accordance with our legal obligation to keep records for tax purposes under paragraph 6, Schedule 11 of the Value Added Tax Act 1994.
Correspondence and enquiries: when you make an enquiry or contact us by email or via our contact form, we will retain your information for as long as it takes to respond to and resolve your enquiry, and for 6 further month(s), after which point we will delete your information.
Mailing list: we retain the information you used to sign up for our newsletter for as long as you remain subscribed (i.e. you do not unsubscribe) or if we decide to cancel our newsletter service, whichever occurs first.
How we secure your information
Measures taken to secure your information
We take appropriate technical and organisational measures to secure your information and to protect it against unauthorised or unlawful use and accidental loss or destruction, including:
● only sharing and providing access to your information to the minimum extent necessary, subject to confidentiality restrictions where appropriate, and on an anonymised basis wherever possible;
● using secure servers to store your information;
● verifying the identity of any individual who requests access to information prior to granting them access to information; and
● using Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website.
Transmission of information to use by email
Transmission of information over the internet is not entirely secure, and if you submit any information to us over the internet (whether by email, via our website or any other means), you do so entirely at your own risk.
We cannot be responsible for any costs, expenses, loss of profits, harm to reputation, damages, liabilities or any other form of loss or damage suffered by you as a result of your decision to transmit information to us by such means.
Subject to certain limitations on certain rights, you have the following rights in relation to your information:
● to request access to your information and information related to our use and processing of your information;
● to request the correction or deletion of your information;
● to request that we restrict our use of your information;
● to receive information which you have provided to us in a structured, commonly used and machine-readable format (e.g. a CSV file) and the right to have that information transferred to another data controller (including a third party data controller);
● to object to the processing of your information for certain purposes (for further information, see the section below entitled Your right to object to the processing of your information); and
● to withdraw your consent to our use of your information at any time where we rely on your consent to use or process that information. Please note that if you withdraw your consent, this will not affect the lawfulness of our use and processing of your information on the basis of your consent before the point in time when you withdraw your consent.
Verifying your identity
Where you request access to your information, we are required by law to use all reasonable measures to verify your identity before doing so.
These measures are designed to protect your information and to reduce the risk of identity fraud, identity theft or general unauthorised access to your information.
How we verify your identity
Where we possess appropriate information about you on file, we will attempt to verify your identity using that information.
If it is not possible to identity you from such information, or if we have insufficient information about you, we may require original or certified copies of certain documentation in order to be able to verify your identity before we are able to provide you with access to your information.
We will be able to confirm the precise information we require to verify your identity in your specific circumstances if and when you make such a request.
Sensitive Personal Information
What is sensitive personal information
‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
Our policy on Sensitive Personal Information
We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.
If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.
Because we care about the safety and privacy of children online, we comply with the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA and its accompanying regulations protect the privacy of children using the internet. We do not knowingly contact or collect information from persons under the age of 18. The website is not intended to solicit information of any kind from persons under the age of 18.