Unicursal Group (“we”) and its subsidiary Akero are committed to protecting and respecting your privacy.

This notice (together with any other documents referred to in this notice) sets out the basis on which any personal data we collect from you, that you provide to us, or that we obtain about you from other sources, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting any of our websites you agree to the matters set out in this notice – if you do not wish to agree to them, please do not visit the site.

For the purpose of [the Data Protection Act 1998 until 24 May 2018 and thereafter] the General Data Protection Regulation (Regulation (EU 2016/679) as amended or replaced from time to time (“Data Protection Law”), each operating undertaking in the Akero Group (that is to say, each subsidiary undertaking of Unicursal Group (English company number 10855914), but not Unicursal Group itself, which is a non-operating company) may be a joint data controller in respect of data processed by each other operating undertaking. References to “we” in this notice are therefore references to the relevant member of the Akero Group.

According to Data Protection Law an individual may exercise his or her rights against each or any joint data controllers. However, in the first instance, you should email privacy@unicursal.group in the event that you have any issues related to data protection or this notice.

Where we are processing data on behalf of a customer of ours, we will be doing so as a “processor” for the purposes of Data Protection Law, and the customer will be the “controller”.

1. Information we collect from you

We may collect and process the following data about you:

1.1. Information you give us

This is information about you that you give us by filling in forms on our websites, applications or other media (“our sites”) or by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you register to use our sites, subscribe to any services we may offer from time to time, place an order on our sites, participate in discussion boards or other social media functions on our sites, enter a competition, promotion or survey, sign up to a broadcast, download a report and when you report a problem with our sites or services. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph, as necessary for us to do what we need to do.

1.2. Information we collect about you

We use our sites to facilitate the provision of information about us or our customers to you. With regard to each of your visits to our sites we may automatically collect the following information:

a) technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information for using the site/application, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

b) information about your visit, including the full Uniform Resource Locators (URL) clickstreamed to, through and from the site/application (including date and time); page response times, download errors, timing of your responses, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

1.3. Information we receive from other sources

This is information we receive about you from sources other than directly from yourself, which may include our clients. We work closely with third parties (including, for example, educational institutions and businesses working in the education sector, from whom we may receive information about you.

2. Cookies

Our sites use cookies for the purposes of site/application functionality. Cookies are very small text files that are stored on your computer when you visit some sites or use some applications. They are used by most websites to tailor information and marketing messages to better suit your needs, as well as to store login or personal information for your convenience. Most web browsers allow some control over most cookies through the browser settings. For detailed information on cookies, and how to manage them, we suggest that you visit www.allaboutcookies.org.

Types of cookie used on our sites:

2.1. Analytics and Tracking

We use these to understand how the site/application is being used in order to improve the user experience. User data is anonymous.

2.2. Remarketing

We use these cookies to show relevant adverts to users who have previously visited our site/application, as they browse other websites. We also use these cookies to generate profile information in order to allow us to market to people with similar profiles. Remarketing services we use include both Google and Facebook. To opt-out from Google’s remarketing program, pleaseedit your Google Ad Settings.

Note that we do not use cookies to collect Personal Data unless you have opted in to receive more personalised marketing from us. The information that we do collect may be aggregated and passed to our marketing and other partners.

3. Purposes for which we may process the information

We may use information held about you in the following ways:

3.1. Information you give to us

We may use this information:

• to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services, or those of our customers, that you request from us;
• helping to manage our sites (whether for information, any position or otherwise) that you may make to us or our customers; and
• market research, by creating anonymous profiles which match one or more of your characteristics;
• to provide you with information about other services we offer that are similar to those that you have already purchased or enquired about with us;
• to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer in a personal capacity, we will only contact you by electronic means (e.g. e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are not yet a customer in a personal capacity, and where we permit selected third parties to use your data in a personal capacity, we (or they) will contact you by electronic means only if you have consented to this. If the information relates to you in a professional capacity (eg as an employee, director or contractor of a customer or potential customer), those restrictions do not apply. If you do not want us to use your data in any of the ways referred to above, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (eg on the order form or registration form);
• to notify you about changes to our sites or services;
• to ensure that content from our sites is presented in the most effective manner for you and for your computer.

Please note that, where you are asked to provide information to us which is of a sort that is necessary to enable us to perform a contract or fulfil a request that you make (eg contact, delivery or payment information) it is a requirement for us to enter and perform such a contract or fulfil your request that you provide that information – if you do not do so, we may not be able to perform your contract or fulfil your request.

3.2. Information we collect about you

We may use this information:

• to administer our sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
• to improve our sites to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our sites or services, when you choose to do so;
• as part of our efforts to keep our sites safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
• to make suggestions and recommendations to you and other users of our sites about goods or services that may interest you or them.

3.3. Information we receive from other sources.

We may combine this information with information you give to us and information we collect about you. We will use this information and the combined information for the purposes set out at sections 3.1 and/or 3.2 above (depending on the types of information we receive).

4. Disclosure of your information

4.1. You agree that we have the right to share your personal information:

4.1.1. With any other member of the Akero Group, provided that:

• they are joint controllers for the purposes of Data Protection Law or are processing the data purely for administrative purposes; and
• they are either (i) within the European Economic Area, or (ii) are in a country that the European Union has decided has adequate data protection laws in place, or (iii) have provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.

Other members of the Akero Group may process your personal data in accordance with this notice as the data controller, subject to all the requirements of Data Protection Law.

4.1.2. In the case of information that you provide to our National Clearing Survey, to educational institutions.

4.1.3. Selected third parties where reasonably necessary for the purpose of carrying out our business, including:

• [advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. [We do not disclose information about identifiable individuals to our advertisers, but we will provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience];]
• [analytics and search engine providers that assist us in the improvement and optimisation of our sites;]
• [credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.]

4.2. Third parties

Additionally, we may disclose your personal information to third parties:

4.2.1. If we outsource any aspect of our business or systems, then we may disclose your personal data to our service provider(s).

4.2.2. In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

4.2.3. If we or a substantial part of our assets are acquired by a third party, in which case personal data held by us about our customers may be one of the transferred assets.

4.2.4. If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any terms of use and other agreements relating to our sites, or to protect the rights, property, or safety of the Unicursal Group, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

4.3. Disclosing your data

We will not otherwise disclose your data to third parties other than as set out above or to our processors.

5. Legal basis of processing

5.1. Data protection law

Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are as follows.

5.1.1. Data Protection Law requires us to meet at least one “legal ground” for processing, currently set out in Article 6 of the General Data Protection Regulation. The grounds applicable to the personal data to which this notice relates are as follows.

5.1.2. Where the processing is necessary for compliance with a legal obligation to which we are subject, that is the ground on which we are processing that data;

5.1.3. Where processing is necessary for the purposes of our legitimate interests or the legitimate interests of a third party, that is the ground on which we are processing that data, provided that your interests or fundamental rights and freedoms which require protection of your data do not override those legitimate interests (our legitimate interests comprise the management, marketing and promotion of our business and services);

5.1.4. If you have given your consent to our processing the data, that is the basis on which we are processing that data.

If more than one of the above grounds apply to the processing of data in question, the applicable ground will be the one that is set out first above. If one of the above grounds ceases to apply to the processing of data in question, but other grounds continue to apply, we will be entitled to continue processing pursuant to the next applicable ground.

5.2. Special categories of personal data

If you provide us with any special categories of personal data (that is to say information as to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sex life or sexual orientation or genetic or biometric data) or personal data relating to criminal convictions and offences, it is a condition of us receiving that information that you expressly consent (and you hereby do) to us processing that personal data for the purposes set out in clause 3. Accordingly, if you do not want us to process any such categories of personal data, please do not provide it to us.

6. Where we store your personal data

6.1. Data we collect from you

The data that we collect from you will be stored on our servers or those of our service providers. It will not be transferred to, and stored at, a destination outside the European Economic Area (“EEA”) unless

6.1.1. To a member of the Akero Group to which section 4.1.1 applies;

6.1.2. To a processor acting on our behalf which is either (i) within the European Economic Area, or (ii) in a country that the European Union has decided has adequate data protection laws in place, or (iii) has provided appropriate data protection safeguards of the sort approved by the European Union and provide effective rights and remedies for you.

6.2. Information you provide to us

All information you provide to us is stored on our secure servers or those of our service providers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our sites or services, you are responsible for keeping this password confidential, and for all use made of your account with such password. We ask you not to share a password with anyone.

6.3. Transmission of data

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

7. Length of data storage

Our policy is to ensure that personal data is only stored for as long as is necessary for the purposes set out at section 3 above. This may vary according to the type of information and the specific applicable purpose(s). In general, however, we keep personal data for up to 24 months after its collection. [We have a detailed data retention and destruction policy which governs the length of time for which we hold your data in personally identifiable form. The timing of our retention, anonymisation and/or destruction of your personal data is determined according to the criteria set out in that policy. We can provide you with relevant details applicable to your data on request – please see section 8.2 below as to how to request this information.

8. Your rights

8.1. Data protection rights

You have various rights under Data Protection Law. These include:

8.1.1. The right to ask us not to process your personal data for direct marketing purposes, even if you have given consent;

8.1.2. If our processing is based on your consent, the right to withdraw any consent you may have given for our processing of your data – if you exercise this right, we will be required to stop such processing if consent is the sole lawful ground on which we are processing that data;

8.1.3. The right to ask us for access to the data we hold about you (see section 9 below for further details);

8.1.4. The right to ask us to rectify any data that we hold about you that is inaccurate or incomplete;

8.1.5. The right to ask us to delete your data in certain circumstances;

8.1.6. The right to ask us to restrict our processing of your data in certain circumstances;

8.1.7. The right to object to our processing of your data in certain circumstances, including in respect of certain of the activities mentioned at section 3.2 above;

8.1.8. In certain circumstances, the right to require us to give you the data we hold about you in a structured, commonly used and machine-readable format so that you can provide the data to another data controller.

8.2. Exercising your rights

You can exercise any of the rights set out above, free of charge, by using any applicable methods set out in our communications with you, or by contacting us at hello@netnatives.com]. In respect of certain of the rights referred to above, your right may be qualified by the GDPR (which we will discuss with you following your request) or we may need more information from you, which we will ask you for following your request. We may ask you to provide further information in order to confirm your identity. Please also note that if you submit unfounded or excessive (for example repetitive) requests to exercise any of these rights, we reserve the right to make a reasonable charge for providing the requested information or taking the requested action, or to decline your request.

8.3. Right to complaint

You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are concerned that we are not respecting your rights under Data Protection Law. The Information Commissioner’s Office is the authority in the UK which is responsible for overseeing the application of, and enforcing, Data Protection Law.

9. Accessing your data

To expand on the right to access your data referred to at section 8.1.3 above, you have the right to obtain from us:

9.1. Confirmation

Confirmation as to whether we are processing (including holding) personal data about you; and

9.2. Processing personal data

If we are processing personal data about you, you are entitled to be provided with:

9.2.1. Information as to the purposes for which we process the data;

9.2.2. Information as to the categories of the data that we are processing;

9.2.3. Information as to the recipients or categories of recipients to whom the data has or will be disclosed;

9.2.4. Information as to the envisaged period for which we will store the data, or if the basis on which that period will be determined;

9.2.5. A copy of the data (further copies are available at a reasonable charge, which we will inform you of should you request further copies). Please note that this right is subject to the rights of others in relation to their own personal data, meaning that we may not be able to disclose data to you if it would involve disclosing data about someone else.

9.3. Please see section 8.2 above as to how to exercise your rights under this section 9. Section 8.2 applies in full to the exercise of these rights.

10. Other websites

Our sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

11. Changes to our privacy policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

12. Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to [hello@netnatives.com].

13. Third party processors

Our carefully selected partners and service providers may process personal information about you on our behalf as described below: 

“Digital Marketing Service Providers. We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.  Our appointed data processors include:
(i)Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io.  Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.”