Privacy Policy

INTRODUCTION

We are ROAR Limited (Registered in England & Wales No. 12353852) of Unit 14, Falcon Business Park, Hogwood Ind. Est., Wokingham, RG40 4QQ, United Kingdom. This Privacy Notice sets out the basis on which we use personal data in the course of our business activities.

As a business which relies upon having access to information about Individuals to meet our Clients’ requirements, data is essential to our business. Our systems and processes are designed to ensure that we can provide the best possible service to our clients while operating within the law at all times and protecting individuals’ data privacy rights. 

We reserve the right to update this Privacy Notice from time to time. You should also refer to our website periodically so that you may access and view our updated Privacy Notice. This will ensure that you understand (i) how we are using your personal data and (ii) your legal rights around our usage of such personal data. Where appropriate, we shall contact you directly to inform you of any material changes to the Privacy Notice.

For an explanation of the definitions which are used in this Privacy Notice, please refer to the definitions section at the end of the document.

WHO SHOULD READ THIS PRIVACY NOTICE?

This Privacy Notice applies to any living, identifiable individuals about whom we may process personal data in the course of our business activities. 

Where We Obtain Your Personal Data

We obtain personal data directly from you in the course of any communications between us.

Types of Personal Data We Hold

We collect, store, and use the following categories of personal data about you:

  • Personal contact details such as name, title, addresses, telephone numbers, and email addresses
  • Any background information which you may provide to us in the course of your dealings with us.

We do not collect, store or use any “special” or sensitive personal data.

How We Use Your Personal Data

We use your personal data to:

  • Comply with our legal obligations, defend or bring any legal proceedings and prevent fraud or any other crime.
Our Lawful Basis for Processing Your Personal Data

We have determined that we have a legitimate interest to process your personal data, on the basis that we are generally required to obtain references to comply with our contractual obligations to third parties and, in some instances, we are under a legal obligation to do so. It is therefore necessary and reasonable for us to process personal data relating to you strictly for compliance with these obligations. 

Parties with Whom We May Share Your Personal Data

We will share with our Clients the details of any reference which you give. We will usually provide your name and membership information when doing so. In some circumstances and only when you have agreed to such disclosure, we will provide your contact details so that our Client may verify against their records. We will also share your personal data with Suppliers for legitimate business purposes.

WHERE WE PROCESS PERSONAL DATA

Your personal data is held and processed by us in the United Kingdom. 

We have put in place appropriate safeguards to ensure that your data is only transferred to jurisdictions with enforceable data subject rights and effective legal remedies in respect of data privacy breaches. We will therefore only transfer your personal data to jurisdictions outside of the UK & EEA where:

  • The European Commission has made an adequacy decision in respect of such jurisdiction. This means that the European Commission has pre-approved the data privacy regime in the relevant non-EEA country. At present, the European Commission-approved jurisdictions are Andorra, Argentina, Canada (commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the US (limited to the Privacy Shield framework).
  • The transfer of data is subject to the model contractual clauses adopted by the European Commission. This means that we have a data-sharing agreement in place which complies with the requirements set out by the European Commission; 
  • You have expressly given informed consent to the transfer of such data. This means that you have not only agreed to the transfer but have done so in the knowledge that your data may be transferred to a jurisdiction which does not give you the same degree of protection as you have within the EEA. Or
  • Otherwise permitted by UK data protection legislation. This means that the UK data protection regime is currently based upon the GDPR and is likely to mirror EU legislation post-Brexit. However, the UK government may introduce additional measures to regulate the transfer of personal data outside of the UK & EEA.

OUR WEBSITE

If you interact with our website at https://www.roar.vip/, we may record your IP address and process statistical information relating to your usage of the website. For information on the cookies which we use, you should refer to our Cookie Policy which is shown on our website at www.roar.vip/cookies.

AUTOMATED DECISION MAKING

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. 

All decisions which are made in the course of our business processes involve human intervention. We do not make any decisions using automated means. 

DATA SECURITY

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from the Managing Director.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

DATA RETENTION

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

Our standard data retention period is three years from the last date on which we are in actual contact with you i.e. where we actually speak with you or exchange correspondence. After this time, we will delete your personal data from our records unless there is a legal reason why we should hold it for a longer period. If we have placed you in a permanent or temporary position, we will usually hold your data for the period set out below.

Where we are required to keep any information (i) for auditing or compliance purposes (ii) to comply with our contractual obligations to third parties or (iii) in respect of any potential or actual legal proceedings, we shall keep your data for as long as is strictly necessary for these purposes, which is typically for seven years. This ensures that we can (i) produce audit data for HRMC and (ii) effectively defend any claim which may arise in the standard contractual limitation period.

In some circumstances we may completely anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

RIGHTS OF ACCESS, CORRECTION, ERASURE & RESTRICTION 

Your duty to inform us of changes. 

It is important that the personal information we hold about you is accurate and current. You must therefore keep us informed if your personal information changes during your working relationship with us. 

Your rights in connection with personal information. 

Under certain circumstances, you have the right to:

  • Request access to your personal information (a Subject Access Request). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it. You will not usually have to pay a fee to access your personal information but we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed or you have objected to the processing and there is no overriding legitimate interest for continuing the processing.
  • Object to processing of your personal information where we are relying on a legitimate interest and you object on “grounds relating to your particular situation.” 
  • Request the restriction of processing of your personal information. This enables you to ask us to block or suppress the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it or if you have also objected to the processing as above.
  • Request the transfer of your personal information to another party when the processing is based on consent and carried out by automated means. This right is not usually applicable to any data processing carried out by us.

If you want to exercise any of the above rights, please contact the Managing Director in writing. We will consider your request and confirm the actions which we have taken in response to such request.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is an appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Managing Director. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. We will confirm the actions which we have taken in respect of any such request.

If you are unhappy with any aspect of the manner in which we have processed your personal data or dealt with your decision to exercise any of the rights set out in this section, you have the right to complain to the Information Commissioners Office in the United Kingdom. Their details are:

Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745

Email: casework@ico.org.uk


DEFINITIONS

This Privacy Notice uses the following defined terms:

Individual means a person who is recorded in our records as a fan engaging with our Client. Client means a business which has engaged us to provide services or which we have identified as a business for which we wish to perform services.


CONTACTING US

If you have any questions about this Privacy Notice, you can write to the Managing Director at ROAR Limited, Unit 14, Falcon Business Park, Hogwood Ind. Est., Wokingham, RG40 4QQ, United Kingdom. Alternatively, you may email us at accounts@roar.vip.