Client Privacy Notice

Introduction

Rebel Kindly Ltd (“We”) are committed to protecting and respecting your privacy.

This policy (together with our website terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).

1. Definitions

Data controller – A controller determines the purposes and means of processing personal data.

Data processor – A processor is responsible for processing personal data on behalf of a controller.

Data subject – Natural person

Categories of data: Personal data and special categories of personal data

Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.

Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.

Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2. Who are we?

Rebel Kindly Ltd is the data controller. This means we decide how your personal data is processed and for what purposes. Our contact details are: our Registered Address at Suite 131, 41 Oxford St, Leamington Spa, Warks CV32 4RB, UK or Email us at AdminRebel@RebelKindly.com. For all data matters contact FAO Data Protection Officer on the addresses above.

3. The purpose(s) of processing your personal data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • a. Where we need to perform a contract we are about to enter into or have entered into with you;
  • b. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
  • c. Where we need to comply with a legal obligation;
  • d. Where we have received your informed and specific consent to do so.

4. The categories of personal data concerned

With reference to the categories of personal data described in the definitions section, we may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:

  • Identity data (including your first name, last name, marital status, title, gender and multi-media images);
  • Contact data (including your billing address, delivery address, email address, telephone contact numbers and social media contact information);
  • Transaction Data (including details about payments to and from you and other details of products and services you have purchased from us).
  • Technical Data (including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website).
  • Profile data (includes your username and password, purchase history, preferences, feedback and survey responses);
  • Usage Data (including information about how you use our website, products and services].
  • Marketing and Communications data (including your preferences in receiving marketing from us and your communications preferences);
  • Special Category Data (including dietary or access requirements when booking and attending events, information about your health or beliefs or opinions, race or ethnicity, sexual orientation).

We use different methods to collect data from and about you including through:

Direct interactions: You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you

  • Schedule a chat to explore how we can help;
  • Purchase a service from us;
  • Begin 1 to 1 Mentoring/Coaching sessions with us;
  • Subscribe to newsletter and email communication;
  • Create an account on our website;
  • Request information about Rebel Kindly services;
  • Enter a competition, promotion or survey: or give us feedback or contact us.

Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. Please see our cookie policy for further details.

Third parties or publicly available sources: We will receive personal data about you from various third parties and public sources as set out below:

  • Technical Data from the following parties:
    • analytics providers, such as Google based outside the EU; 
    • search information providers, such as Google based outside the EU;
    • Contact, Financial and Transaction Data from providers of technical, payment and delivery services.

5. What is our legal basis for processing your personal data?

We have set out below, in a table format, a description of all the ways we plan to use your personal data, with the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/ActivityType of dataLawful basis for processing.
To register you as a 1 to 1 client, or subscriber to a course or newsletter(a) Identity data (b) Contact data(a) Performance of a contract with you
As a 1 to 1 client, to provide you with (a) tailored personalised support between mentoring/coaching sessions, (b) newsletter, emails and events(a) Identity data (b) Contact data (c) Marketing and Communications data(a) Performance of a contract with you (b) Necessary for our legitimate interests (to ensure that we can support you between mentoring/coaching client sessions and provide a personalised high-value service)
As a newsletter subscriber, to provide you (a) Newsletters and emails with our information and inspiration, (b) news and offers on our services(a) Identity data (b) Contact data (c) Marketing and Communications data(a) Consent
As a 1 to 1 client, to process and deliver your services including: (a) Manage payments, fees and charges (b) Process your Service contract(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications (f) Special category data(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) (c) Explicit Consent (where special category data has been discussed in sessions)
As a course subscriber, to process and deliver your services including: (a) Manage payments, fees and charges (b) Process your Course contract(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey(a) Identity (b) Contact (c) Profile (d) Marketing and Communications(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer events and register you as an attendee or applicant(a) Identity data (b) Contact data (c) Special category data(a) Performance of a contract with you (b) Consent (where dietary and access requirements have been collected)
To enable you to partake in or complete a survey(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how members use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity (b) Contact (c) Technical(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical(a) Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, events, customer relationships and experiences(a) Technical(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

More information on lawful processing can be found on the ICO website

6. Sharing your personal data

Your personal data will be treated as strictly confidential. We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 4 above.

We may disclose your personal information to third parties in the following circumstances:

  • When a specific service is being provided on our behalf. We will ensure that your personal information is handled as if we were processing it ourselves and under the same terms as this privacy notice. We will only share the minimum information that they need to undertake the service and we will ensure that they keep your information secure.
  • When you have requested information about a service or product provided by an affiliated partner and only with your specific consent.
  • As required by HM Revenue & Customs, regulators and other authorities based in the United Kingdom.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

7. How long do we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic information about our customers (including contact, identity, financial and transaction data) for seven years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see Your legal rights below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you

8. Providing us with your personal data

Where we need to collect your personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time

9. Your legal rights and your personal data

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of the personal data which we hold about you;
  • The right to request that we correct any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary to retain such data;
  • The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;
  • The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable (i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).

10. Transfer of Data Abroad

In general personal data collected from you will be stored at a destination within the UK or European Economic Area (EEA). However we may also transfer your data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We will only transfer your personal data to countries or organisations which have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. 

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

11. Automated Decision Making

We do not use any form of automated decision making in our business.

12. Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.

13. Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

14. How to make a complaint

To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer at our registered address or via email AdminRebel@rebelkindly.com.

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.