Ectlana Mage

Privacy Notice

1. Table of Contents………………………………………………...........................1
2. Introduction……..………………………………………………...........................2
3. What is Personal Data?……………………………….......................................3
4. What are your rights?……………………………………………........................4
5. What personal data does the company collect and how?…….......................5
6. How does the company use my personal data?……………….......................6
7. How does the company secure your data?……………………........................7
8. How long will the company keep your personal data?……….........................8
9. How and where does the company store or transfer my personal data?........9
10. Does the company share your personal data?.............................................10
11. How can you access your personal data?…...………………........................11
12. What are your responsibilities?.......................……......................................12
13. How do you contact the company?.......................………….........................13
14. Changes to this privacy notice………………..……………….........................14
15. Implementation of Privacy notice……..…………….......................................15



1
PRIVACY POLICY


1. Introduction

1.1. This Privacy Notice sets out the obligations of Ectlana Mage, hereinafter known as the “Company”; regarding Data protection and the rights of every person, “data subjects”; in respect of their personal data under Data Protection Law, all legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, EU Regulation 2016/679 General Data Protection Regulation, “GDPR”, the Data Protection Act 2018, and any successor legislation or other directly applicable EU regulation Relating to data protection and privacy for as long as, and to the extent that, EU law has legal effect in the UK.

1.2. The company understands that your privacy is important to you and that you care about how your personal data is used.

1.3. We respect and value the privacy of all our customers and contacts; and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

1.4. This Privacy Information explains how we use your personal data, how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.


2. What is, Personal Data?

2.1. Personal data is defined by the General Data Protection Regulation, EU Regulation 2016/679, the “GDPR” and the Data Protection Act 2018, collectively, “the Data Protection Legislation”, as’ any information relating to an identifiable person who can be directly or indirectly identified, by reference to an identifier ‘.

2. Personal data is, in simpler terms, any information about you that enables you to be identified.Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

2.3. The personal data that we use is set out in Part 4, below.


3. What Are Your Rights?

3.1. Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:

3.1.1. The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 12.

3.1.2. The right to access the personal data we hold about you. Part 10 will tell you how to do this.

3.1.3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 12 to find out more.

3.1.4. The right to be forgotten, ie the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the details in Part 12 to find out more.

3.1.5. The right to restrict, i.e. prevent, the processing of your personal data.

3.1.6. The right to object to us using your personal data for a purpose or purposes.

3.1.7. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.

3.1.8. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to reuse with another service or business in many cases.

3.2. Rights relating to automated decision-making and profiling. Part 5 explains more about how we use your personal data, including any automated decision-making and profiling if performed.

3.3. For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 12.

3.4. It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.

3.5. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

3.6. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. However, we would welcome the opportunity to resolve your concerns ourselves, so please contact us first, using the details in Part 12.


4. What Personal Data Does the Company Collect and How?

4.1. Depending upon your use of our website, we may collect and hold some or all, the personal. and non-personal data set out in the table below, using the methods also set out in the table

4.2. We do not knowingly collect any ‘special category’, ‘sensitive’ personal data, personal data relating to children or data relating to criminal convictions and offenses. Type of Data Prospecting Information Data Collected is Information such as your first name, last name, business email address, and telephone numbers. How we collect the data - This information may be collected via the internet, phone, email or via authorized third parties.


Type of Data Account Information

Data Collected Information such as your first name, last name, email address, and date of birth are needed for account creation.

How we collect the data - This information may be collected via Phone, email or via authorized third parties.

Type of Data Payment and Financial Information - Data Collected We may require you to provide certain financial information. like your bank account or credit card information. This is to facilitate the processing of payments and dependents on the booking process used.

How we collect the data - This information may be collected via Phone, email or via authorized third parties


Type of Data Other information

Data Collected You may otherwise choose to provide us information when you fill in a form, update or add information to your account, respond to surveys, post to community forums, participate in promotions, communicate with our customer care team or share your experience with us.

How we collect the data This information may be collected via Phone, email or via authorized third parties


5. How Does the Company Use My Personal Data?

5.1. Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following statements describe how we may use your personal data, and our lawful bases for doing so:

What We Do - Prospecting

What Data We Use - Prospecting Information

Our Lawful Basis - Shared Legitimate business interests: the processing is necessary for your legitimate business interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. This cannot apply if you are a public authority processing data to perform your official tasks.

What We Do - Account creation

What Data We Use - Account Information

Our Lawful Basis - Contract: The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering a contract.

What We Do - Fulfilment of contractual obligations for providing and maintaining any products and services provided.

What Data We Use - Account information

Our Lawful Basis - Contract: The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering a contract. What We Do Business communication to provide information about product and service currently provided.

What Data We Use Account Information Profile and Listing Information

Our Lawful Basis Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. This cannot apply if you are a public authority processing data to perform your official tasks.

What We Do Various accounting activities for invoicing, debit collection and general accounting and financial management.

What Data We Use Account information payment and financial information

Our Lawful Basis Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering a contract.

What We Do Marketing of products and services not yet provided.

What Data We Use Account Information Prospect Information

Our Lawful Basis Consent – the individual has given clear consent for you to process their personal data for a specific purpose.

What We Do Complying with the law, including regulatory requirements.

What Data We Use Account Information Profile and Listing Information Identity Verification Information Payment and Financial Information Property Management Other Information Our Lawful Basis Legal obligation: the processing is necessary for you to comply with the law. Not including contractual obligations.

5.2. With your permission and where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email, telephone, text message or post with information, news, and offers on our products and services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications, EC Directive, Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.

5.3. We will only use your personal data for the purposes for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purposes and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us using the details in Part 12.

5.4. If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purposes for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

5.5. In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.


6. How Does the Company Secure Your Data?

6.1. To protect your data, we will take appropriate measures that are consistent with applicable data protection and data security laws and regulations, including requiring our service providers to use appropriate measures to protect the confidentiality and security of your data as outline in our Data Protection Policy.

6.2. Depending on the state of the art, the costs of the implementation and the nature of the data to be protected, we put in place technical and organizational measures to prevent risks such as unauthorized destruction, loss, alteration disclosure of or access to, your data .


7. How Long Will the Company Keep Your Personal Data?

7.1. We will not keep your personal data for any longer than is necessary considering the reasons for which it was first collected. Our Retention and Disposal Policy sets out the obligations we adhere to, regarding retention of personal data collected, held, and processed by the company in accordance with Eu regulation 2016/679 General Data Protection Regulation, “GDPR”.

7.2. The primary aim of the Retention and Disposal Policy is to set out limits for the retention of personal data and to ensure that those limits, as well as further data subject rights to erasure, are complied with. By extension, the Retention and Disposal Policy aims to ensure that the Company complies fully with its obligations and the rights of data subjects under the Data Protection Legislation.

7.3. Where there is no specific fixed period indicated in the Retention and Disposal Policy, the following factors will be used to determine how long it is kept:

Type of Data Prospecting Information

How Long We Keep It 6 Years from point of account inactivity. Request for account deletion will be actioned per request and confirmed when completed.

Type of Data Account Information

How Long We Keep It 3 Years from point of account inactivity. Request for account deletion will be actioned per request and confirmed when completed.

Type of Data Payment and Financial Information

How Long We Keep It 4 Years, Section 388 of the Companies Act 2006 requires that accounting records, once made, must be preserved for at least 3 years for private companies.

Type of Data Other Information

How Long We Keep It 3 Years from point of account inactivity. Requests for account deletion will be actioned per request and confirmed when completed.


8. How and Where Does the Company Store or Transfer My Personal Data?

8.1. We may store or transfer your personal data within the UK. This means that it will be full protected under the Data Protection Legislation.

8.2. We may store or transfer some of your personal data within the European Economic Area, the “EEA”. The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, GDPR, and to equivalent standards by law.

8.3. The security of your personal data is essential to us, and to protect your data, we take several important measures, including the following:

8.3.1. limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; and

8.3.2. procedures for dealing with data breaches, the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, your personal data, including notifying you and the Information Commissioner’s Office where we are legally required to do so; and

8.3.3. Information sent via email will be enclosed in an attachment and encrypted using an appropriate strength. Minimum standard for encryption is AES 256 bit; there

8.3.4. passwords used will be complex, with at least 8 characters, consisting of alpha and numeric characters with at least one uppercase letter; any

8.3.6. e-mail message will contain clear instructions on the recipient’s responsibilities and instructions on what to do if they are not the correct recipient; the

8.3.7. accompanying message and the filename will not reveal the contents of the encrypted file; we will

8.3.8. check with the recipient that their e-mail system will not filter out or quarantine the transferred file; and

8.3.9. we will check at an appropriate time that the transfer has been successful.

8.4. Further details of how we may store or transfer your personal data, can be found in our Data Handling Policy.

8.5. We may share your data within the group of companies of which we are a part. Where this involves the transfer of personal data outside the EEA, our group ensures that personal data is protected by requiring all companies within the group to follow the same rules with respect to personal data usage. These are known as “binding corporate rules”.

8.5.1. More information on binding corporate rules is available from the European Commission

8.5.2. https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outsideeu / binding-corporate-rules_en


9. Does the Company Share Your Personal Data?

9.1. We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:

9.1.1. If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same ways that we have used it, as specified in this

9.1.2. In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

9.1.3. We may share your data with other parties including professional advisors, such as banks, insurance companies, auditors, lawyers, accountants and other professional advisors.

9.1.4. We may outsource certain data processing activities to trusted third party service providers to perform functions and provide services to us, such as ICT service providers, consulting providers and shipping providers.

9.1.5. We may share your personal data with other companies in our group, including any subsidiaries, holding company and its subsidiaries, for the purposes of:

9.1.6. acting on our behalf, in connection with managing services; and

9.1.7. data analytics; and support

9.1.8 finance, accounting or other administrative services and information technology support.

9.2. We may sometimes contract with the following third parties to supply products and services. Recipient Activity Carried Out Standard Industrial Classification or Sector Location Recipient
FACEBOOK UK LTD
Company number
06331310
10 Brock Street, Regent’s
Place, London, England,
NW1 3FG
Activity Carried Out - Marketing and Advertising
Standard Industrial Classification or Sector - 73110 – Advertising agencies
82990 – Other business support service activities not elsewhere classified
Location - United kingdom

Recipient - TWITTER UK LTD
Company number
07653064
Twitter Uk Ltd, 1st Floor,
20 Air Street, London, W1B 5AN
Activity Carried Out Marketing and Advertising
Standard Industrial Classification or Sector 62090 – Other information technology service
activities Location United kingdom

Recipient - LINKEDIN TECHNOLOGY
UK LIMITED
Company number
06441873
The Ray, 123 Farringdon
Road, London, England,
EC1R 3DA
Activity Carried Out Marketing and Advertising
Standard Industrial Classification or Sector 82990 – Other business support service activities
not elsewhere classified Location United kingdom

Recipient - GOOGLE UK LIMITED
Company number
03977902
Belgrave House, 76
Buckingham Palace Road,
London, SW1W 9TQ
Activity Carried Out Marketing and Advertising
Standard Industrial Classification or Sector 82990 – Other business support service activities
not elsewhere classified
Location United kingdom

Recipient - WHISTON ENTERPRISES LIMITED
Company number
11243343
ADDRESS
Activity Carried Out Technical Support and Consultancy
Standard Industrial Classification or Sector 62020 – Information technology consultancy
activities Location United kingdom

Recipient - PROGRESS HACKERS LIMITED
Company number
10871550
Top Floor Claridon House,
London Road, Stanford Le
Hope, Essex, SS17 0JU
Activity Carried Out Marketing and Development
Standard Industrial Classification or Sector 62020 – Information technology consultancy activities

Recipient - XEROX LIMITED
Company number
00575914
Building 4 Uxbridge
Business Park, Sanderson
Road, Uxbridge, Middlesex,
England, UB8 1DH
Activity Carried Out Accounting and related customer relationship management
Standard Industrial Classification or Sector 46660 – Wholesale of other office machinery and Equipment Location United kingdom
Recipient - Mailjet SAS
Company number
524536992
13-13 bis, rue de l’Aubrac
75012 Paris, France
Activity Carried Out Email Marketing Service Marketing
Location France

9.3. If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above in Part 8.

9.4. If any personal data is transferred outside of the EEA, we will take suitable steps to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation, as explained above in Part 8.

9.5. If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same ways that we have used it, as specified in this Privacy Notice.

9.6. In some limited circumstances, we may be legally required to share certain personal data, which might include yours. For example, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.


10. How Can You Access Your Personal Data?

10.1. If you want to know what personal data, we have about you, you can ask us for details of that personal data and for a copy of it, where any such personal data is held. This is known as a “subject access request”.

10.2. All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 12. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.

10.3. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’, for example, if you make repetitive requests, a fee may be charged to cover our administrative costs in responding.

10.4. We will endeavor to respond to your subject access request within one week and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response,including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.


11. What Are Your Responsibilities?

11.1. We would like to remind you that it is your responsibility to ensure, to the best of your knowledge, that the data you provide us with, is accurate, complete and up to date.

11.2. Furthermore, if you share with us data of other people, it is your responsibility to collect such data in compliance with local legal requirements. For instance, you should inform such other people, whose data you provide to us, about the content of this Privacy Notice and obtain their consent.


12. How Do You Contact the Company?

12.1. To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details and mark for the attention of the contact name listed below:

12.1.1. Contact Name: Sarah Jayne Lee

12.1.2. Position in Company: Director

12.1.3. Email Address: info@Ectlana Mage.com

12.1.4. Telephone Number: N / A

12.1.5. Postal Address: Covid Protection Ltd Hawke House Old Station Road Loughton, IG10 4PL, United Kingdom

13. Changes to this Privacy Notice

13.1. We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

13.2. Any changes will be made available via our website, www.EctlanaMage.com

14. Implementation of Privacy Notice

14.1. This Privacy Notice shall be deemed effective as of the review and implementation date documented below. No part of this Privacy Notice shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

14.2. This Privacy Notice has been approved and authorized by:

14.2.1. Approver Name: Sarah Jayne Lee

14.2.2. Position in Company: Managing Director

14.2.3. Privacy Notice Review and Implementation Date: Thursday, May 14, 2020