Created: September 25, 2023
Last updated: November 28, 2023
Under Data Protection Regulations, personal data can be defined as follows:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
1. Definitions and Interpretation
In this notice, we use definitions from the GDPR unless otherwise stated.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘Employees’ for this notice means employees, directors, officers and workers.
‘GDPR’ means the UK GDPR.
‘Processing’ means ‘any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’.
‘Processor’ is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller. This means that a Processor acts as an agent for the Controller, carrying out the processing of personal data in accordance with the Controller’s instructions. This helps to ensure that the Controller is compliant with data protection laws.
‘Special Categories’ of Personal Data includes information that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, and the processing of genetic data, biometric data used to uniquely identify an individual, data related to health, and data related to sex life or sexual orientation. Processing such data requires extra attention and care to ensure that the privacy of individuals is protected.
Transfers of personal data to locations outside the UK and European Union (‘third countries’) or to international organisations (such as those which are governed by public international law, or set up by an agreement between two or more countries) are referred to as ‘transfers’. These transfers are subject to specific rules and regulations so as to ensure the protection of personal data.
2. Information About Us
2.1 Our Site, www.ayima.com, is owned and operated by Ayima Limited, a limited company registered in England under 04886539, whose registered address is 19 Clifftown Road, Southend on Sea, Essex SS1 1AB. Our VAT number is GB 839 9834 58. ICO Registration reference: ZA566156.
3. Scope – What Does This Notice Cover?
This Privacy Notice applies only to your use of our site. It does not extend to any websites that are linked to from our site (whether we provide those links or whether they are shared by other users). We have no control over how your data is collected, stored or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
4. What Data Do We Collect?
Some data will be collected automatically by our site (for further details, please see our Cookie Notice), other data will only be collected if you voluntarily submit it, for example, when signing up for our newsletter or our contact form, we may collect some or all of the following data:
4.2 business/company name;
4.3 job title;
4.4 contact information such as email addresses and telephone numbers;
4.5 IP address (automatically collected);
4.6 web browser type and version (automatically collected);
4.7 operating system (automatically collected);
4.8 a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to (automatically collected)
5. How Do We Use Your Data?
5.1 All personal data is stored securely in accordance with the principles of the UK Data Protection Legislation. For more details on security, see section 7 below.
5.2 We use your data to provide the best possible services to you. This includes:
5.2.1 Providing and managing your information;
5.2.2 Providing and managing your access to our site;
5.2.3 Supplying our services to you;
5.2.4 Personalising and tailoring our services for you;
5.2.5 Responding to communications from you;
5.2.6 Supplying you with email newsletters, emails and other transactional messages that you have subscribed to (you may unsubscribe or opt-out at any time);
5.2.7 Analysing your use of our site to enable us to continually improve our site and your user experience.
5.3 With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email with information, news and offers on our services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the Data Protection Legislation.
6. Your Rights as a Data Subject
Under data protection law, you have rights including:
- Your right of access – You have the right to ask us for copies of your personal information.
- Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. which you have directly provided, to another organization or to yourself, provided that this data was processed through automated means
- Automated individual decision-making we make no decisions based solely on automated processes without human involvement
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us email@example.com if you wish to make a request.
7. How and Where Do We Store Your Data?
7.1 We only keep your data for as long as we need to in order to use it as described above in section 5, and/or for as long as we have your permission to keep it.
7.2 Some or all of your data may be stored or transferred outside of the UK and European Economic Area (“the EEA”). The EEA consists of all EU member states, plus Norway, Iceland and Liechtenstein. You are deemed to accept and agree to this by using our site and submitting information to us. If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the UK Data Protection Act 2018 and UK GDPR. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage and the use of the UK IDTA (International Data Transfer Addendum) EU-approved Standard Contractual Arrangements. If we intend at any time to transfer any of your data outside the UK or EEA, we will always obtain your consent beforehand.
7.3 Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our site.Ayima’s certification in ISO 27001, the international standard for information security management, underscores our commitment to robust and comprehensive data security practices, proactive risk management, and secure data handling, enhancing data privacy and security.
7.4 Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.
7.5 For data submitted by you for the purpose of recruitment, we have put in place suitable electronic 3rd parties to store, safeguard and secure this information for our records in the hiring process. You can request access to the information we hold on you at any point during and after the process of your application. To request your information, please email firstname.lastname@example.org.
8. Do We Share Your Data?
8.1 We may share your data with other companies in our group. This includes our subsidiaries and our holding company and its subsidiaries.
8.2 We may sometimes contract with third parties to supply services to you on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.
8.3 We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information. We may from time to time share such data with third parties such as prospective investors, affiliates, partners and advertisers. Data will only be shared and used within the bounds of the law.
8.4 In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.
9. Our Legal Basis for Processing Personal Data
Our legal basis for processing personal data can be one of the following:
- Consent: you, the data subject, has given clear consent for us to process your personal data for a specific purpose.
- Contract: the processing is necessary for a contract you have with Ayima Ltd, or because you have asked us to take specific steps before entering into a contract.
- Legal obligation: the processing is necessary for us to comply with the law (this excludes contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
10. Third-Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf as described below:
“Digital Marketing Service Providers
We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:
11. The Existence of Automated Decision Making, Including Profiling and Information About How Decisions Are Made, the Significance and the Consequences
No automated decision making is made at Ayima Ltd.
12. The Right to Withdraw Consent at Any Time, Where Relevant
You always have the right to withdraw any consent you have provided and to object to the processing of your personal data for direct marketing purposes. You also have the right to request that your data is not used for direct marketing.
13. Retention Period
We will only retain your personal information for as long as it is necessary for the purposes set out in this Notice and in line with legal obligations in our Retention Policy.
14. What Happens if Our Business Changes Hands?
12.1 We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Data provided by users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use the data for the purposes for which it was originally collected by us.
12.2 In the event that any of your data is to be transferred in such a manner, you will not be contacted in advance and informed of the changes.
15. How Can You Control Your Data?
13.1 When you submit information via our site, you may be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from us which you may do by unsubscribing using the links provided in our emails and at the point of providing your details).
16. How Can You Access Your Data?
You have the legal right to ask for a copy of any of your personal data held by us (where such data is held). Please contact us for more details at email@example.com.
In the event that you wish to make a complaint about how your personal data is being processed, please contact our Data Protection Officer by email at firstname.lastname@example.org. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to the supervisory authority in the UK, which is the ICO (Information Commissioner’s Office), https://ico.org.uk/make-a-complaint/ or telephone number 0303 123 111.
18. Contacting Us
If you have any questions about our site or this Privacy Notice, please contact us by email at email@example.com, by telephone on +44 207 148 5970, or by post at PO Box 76187, London, N5 9EE, United Kingdom.
19. Changes to Our Privacy Notice
This Notice may be updated from time to time, and these changes will be posted on the website with an effective date. Where appropriate, we will also send you an email to confirm the updates. We encourage you to check this policy regularly to ensure you are up to date with any changes.