Identifying customer fraud based on ticket purchase and address location
Who is my data controller?
The data controller responsible for your personal data is Team Technologies Ltd ("We"). We are registered in England and Wales under company number 02711340 and have our registered office at 6 Turnpike Road, Newbury, Berkshire, RG14 2NA. Our main trading address is 1st Floor, 78 Bartholomew Street, Newbury, RG14 7AB.
How do I get in touch with you?
We hope that we can satisfy queries you may have about the way we process your data. We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy notice.
If you have any questions about this privacy notice or our privacy practices, including any requests to exercise your legal rights or would like to opt out of direct marketing, you should contact our data protection officer via email at email@example.com.
What does this notice cover?
This notice describes how we will make use of and process your personal data.
It also describes your data protection rights, including a right to object to some of the processing which we carry out. More information about your rights, and how to exercise them, is set out in the “What rights do I have?” section.
Summary of how we use your data
We use your personal data to manage your relationship with us, allow you to purchase services from us, deal with invoicing and ensure that we can communicate with you efficiently.
Data is not shared with any other organisations except when required to do so by law or where we use the services of a subcontractor such as for the delivery of marketing communications.
Where we rely on your consent, such as for direct marketing, you can withdraw this consent at any time.
What information do we collect?
We use different methods to collect and process personal data from and about you when you interact with us and our website, and when you purchase services from us. This includes:·
- Identity Data includes first name, last name, username or similar identifier and title.
- Contact Data includes billing address, delivery address, email address and telephone numbers.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Profile Data includes your username and password, purchases or orders made by your preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
- Occasionally we may ask for Performance Feedback on the service that we deliver as a company, and our individual staff.
How do we use this information, and what is the legal basis for this use?
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Data Processing Table
|Purpose / Activity
|Type of Data
|Lawful Basis for Processing
|To register your company as a new customer
|Performance of a contract with you
To fulfil a contract or take steps linked to a contract.
|To manage our relationship with you which will include:
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
(d) Based on consent
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
(e) Based on consent
|To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|To make suggestions and recommendations to you about goods or services that may be of interest to you
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
(f) Based on consent
|To manage our relationship with you which will include Performance Feedback for continuous improvement.
|Necessary for our legitimate interests (to improve service)
Withdrawing consent or otherwise objecting to direct marketing
Wherever we rely on your consent, you will always be able to withdraw that consent, although we may have other legal grounds for processing your data for other purposes, such as those set out above. In some cases, we are able to send you direct marketing without your consent, where we rely on our legitimate interests. You have an absolute right to opt-out of direct marketing, or profiling we carry out for direct marketing, at any time. You can do this by following the instructions in the communication where this is an electronic message, or by contacting us using the details set out below.
What rights do I have?
You have the right to:
- ask us for a copy of your personal data to check we are lawfully processing it;
- ask us to correct the personal data we hold about you if anything is inaccurate or incomplete;
- ask us to delete your personal data, where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request;
- object to processing of your personal data if you feel it impacts on your fundamental rights and freedoms or where we are using the data for direct marketing. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
- ask us to restrict (stop any active) processing of your personal data for example if you want to establish the data’s accuracy;
- request the transfer of your personal data to you or a third party in a structured, machine readable format; and
- withdraw consent at any time where we are relying on your consent to process the data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw consent.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which is required to support our contractual obligations or which we are required by law to keep or have compelling legitimate interests in keeping.
We aim to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you and keep you updated.
To exercise any of these rights, you can get in touch with us using the details set out above.
You can find out more information about your rights here https://ico.org.uk/your-data-matters/.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Which other organisations might my data be shared with?
Your personal data may be shared with certain third party data processors where necessary to perform our obligations, or to communicate effectively with you. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in line with our instructions.
How long will you retain my data?
Where we process registration data, we do this for as long as you are an active user of our services and for up to one year after this.
Where we process personal data for marketing purposes or with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to send you direct marketing or to process your data so that we can respect your request in future.
Where we process personal data in connection with performing a contract, we keep the transactional data for six years from your last interaction with us (or such longer period as may be required by law).
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
This notice is written in English. In the event of any conflict in interpreting or construing the terms of this notice, the English version shall prevail.
If you would like any further information about your rights or any of the terms used in this document please visit the Information Commissioner’s Office Website https://ico.org.uk/your-data-matters/.