Who is responsible for your dataHooked LTD (parent company of Flaming Licks) is responsible for your data. Our registered address is 20-22 Wenlock Road, London N1 7GU. We are registered as a company in England and Wales under company number 09370919. We are the data controller of the data which we collect from you, and as such we control the ways your personal data are collected and the purposes for which your personal data are used.
Personal Data we collect about you
How we use your personal dataWe can only use your personal data if we have a proper reason for doing so. According to the law, we can only use your data for one or more of these reasons:
• To fulfil a contract we have with you, or
• If we have a legal duty to use your data for a particular reason, or
• When you consent to it, or
• When it is in our legitimate interests.
Legitimate interests are our business or commercial reasons for using your data, but even so, we will not unfairly put our legitimate interests above what is best for you.
In the table below, we have set out the different ways in which we use your personal data and the reasons we rely on for using that data.
If we rely on our legitimate interests for using your personal data, we will explain that to you.
Countries take a different approach to the use by companies of legitimate interests as a reason for processing personal data. We are aware of those different approaches in the countries in which we operate and we take that into account and respect those differences when we process your personal data.
• to help us communicate with you. We use information about where you are, for example, to provide content in the most appropriate language
• to identify you when you access our websites from different devices
• to identify your likes and dislike. We look at which of our website pages you visit most or which destinations you visit most frequently to understand what you are most interested in
• to understand more about your preferences and your purchasing habits – our data analytics tools and segmentation tools allow us to match you with customers who are like you. Sometimes we use data and/or systems provided by third parties as part of this process. We know that similar customers are interested in similar products and services, so we group similar customers together in ‘segments’. We use segment information to improve our communications with you and recommend to you those services we think will be most interesting to you, including new products and services offered by our partners. We also use it to make sure that we show you adverts which we think will be of most interest to you when you visit through our online advertising space
For more information about cookies and how you can manage cookies and remove them, please refer to our Cookies Policy, and our Privacy Interface. We are still finalising our Privacy Interface which will be available on or before 25 May 2018.
Marketing: How we manage the marketing messages you receiveWe may send you marketing communications by email if you have indicated that you are happy to receive such emails [or if you have made bought a subscription from us and you have not told us that you no longer wish to receive marketing emails]. Our marketing communications include information about our new and existing services, special offers we think you might like and other travel services and products which we think might be useful to you when planning your travel.
If you have previously opted-in to receiving emails from us, use the preference centre to tell us specifically what you are interested in hearing about, or to opt out of receiving marketing emails from us at all. You can update your preferences at any time. You can also opt out of receiving marketing emails by clicking on the unsubscribe link which we include in all our marketing emails.
Please note that if you tell us that you do not wish to receive marketing emails, you will still receive service emails which are necessary for example to notify you when your box has been shipped.
Please note that if you ask us to stop sending marketing emails, we will keep a note of your personal information and your request so that we can make sure you are excluded from the emails when they are sent out.
How long we keep your data
We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.
We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
How we protect your dataWe protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our booking information is held.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
Sharing your dataWe share some of your personal data with, or obtain personal data from, the following categories of third parties:
• Data analytics companies and advertisers: Depending on the cookies settings you have selected through our Privacy Interface tool (which will be available on or before 25 May 2018), we may use your data in our data management platform. This platform helps us to understand more about you and your interests. We may share a limited and pseudonymised (or partially anonymised) version of your data with other advertisers, or add to your data other information which we have received from third party advertisers. We may use such data to make the connection between you and the devices you use. For more information about this process, please see our Cookies Policy.
• Your credit and debit card information: In order to process payments and prevent and detect fraud, we process payment card data through our payment card and fraud management services providers.
Sending data outside the European Economic AreaWe will only send data outside of the European Economic Area (‘EEA’) to work with our agents and advisers who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:
• Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA
• Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA, or
• Transfer it to organisations which are part of the Privacy Shield. The Privacy Shield is a framework which sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data is protected to the same standards as used within the EEA.
Your RightsYou are entitled to see copies of all personal data held by us and to amend, correct or delete such data. You can also limit, restrict or object to the processing of your data. You can use our Preference Centre and Privacy Interface tool, as described above. You can also log in to your Flaming Licks account to update the details held there.
If you gave us your consent to use your data, e.g. so that we can send you marketing emails, you can withdraw your consent. Information about how to stop receiving marketing communications is set out above under the heading ‘Marketing: How to manage the marketing messages you receive’. Please note that even if you withdraw your consent, we can still rely on the consent you gave as the lawful basis for processing your data before you withdrew your consent.
You can object to our use of your data where we rely on our legitimate interests to do so. We explained the legitimate interests we rely in the table above under the heading ‘How we use your personal data’.
To raise any objections or to exercise any of your rights, you can send an email to us at firstname.lastname@example.org
When you get in touch, we will come back to you as soon as possible and where possible within one month. If your request is more complicated, it may take a little longer to come back to you but we will come back to you within two months of your request. There is no charge for most requests, but if you ask us to provide a significant about of data for example we may ask you to pay a reasonable admin fee. We may also ask you to verify your identity before we provide any information to you.