Privacy Policy

This website (the “Website“) is operated by Goldenjoy.

We take your privacy very seriously, and we ask that you read this Privacy Policy carefully as it contains important information on:

– the personal information we collect about you,
– what we do with your information, and
– who your information might be shared with.

Who We Are
Goldenjoy are a “data controller” for the purposes of the General Data Protection Regulation EU 2016/679 (the “GDPR”), (i.e. we are responsible for and control the processing of your personal information).

What information do we collect?

Personal information provided by you

We may collect personal information about you (such as your name, address, telephone number, payment card details, etc.) when you use our Website, register with us or purchase services from us. We may also collect personal information when you contact us, send us feedback or post material to the Website.

We may also collect information your browser sends us whenever you visit our Website. This data may include information such as your computer’s IP address, browser type, browser version, the pages of our Website that you visit, and other statistics relating to your use of the Website. This information may be collected in conjunction with third-party services such as Google Analytics.

Personal information provided by third parties

The nature of the Services we offer means that we may receive information about you from a third-party source, such as one of our clients. We will only accept that information if we have evidence that you have consented to the personal information being passed to us or it is passed pursuant to another legal basis under the GDPR.

Personal information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

– give consent on his/her behalf to the processing of his/her personal data;
– receive on his/her behalf any data protection notices; and
– give consent to the transfer of his/her personal data abroad.

Sensitive personal information
It is very unlikely that we will ask you to provide sensitive personal information. If we do, we will explain why we are requesting it and how we intend to use it.

Sensitive personal information includes information relating to your ethnic origin, your political opinions, your religious beliefs, whether you belong to a trade union, your physical or mental health or condition, your sexual life, and whether you have committed a criminal offence.

We will only collect your sensitive personal information with your explicit consent.

Monitoring and recording communications

We may monitor and record communications with you (such as telephone conversations and emails) to perform the Services we offer to our clients, quality assurance, training, fraud prevention, and regulatory compliance.

Sensitive personal information

A cookie is a small text file that is placed on your computer (or other electronic device) when you access our website. We use cookies on this Website to:

– keep track of any services you may wish to purchase;
– recognise you whenever you visit this Website (this speeds up your access to the Website as you do not have to log in each time);
– obtain information about your preferences, online movements and use of the internet;
– carry out research and statistical analysis to help improve our content and services and to help us better understand our visitor and customer requirements and interests;
– target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests; and
– make your online experience more efficient and enjoyable.

The information we obtain from our use of cookies will not usually contain your personal data. Although we may obtain information about your computer or other electronic device, such as your IP address, your browser and/or other internet log information, this will not usually identify you personally. In certain circumstances, we may collect personal information about you—but only where you voluntarily provide it (e.g. by completing an online form) or where you purchase services from us.

In most cases, we will need your consent to use cookies on this Website. The exception is where the cookie is essential for us to provide you with a requested service (e.g., to enable you to purchase services from us).

A notice on our home page describes how we use cookies and provides a link to this Privacy Policy. If you use our Website after this notification has been displayed, we will assume that you consent to our use of cookies for the purposes described in this Privacy Policy.

We may work with third-party suppliers who may also set cookies on our Website. These third-party suppliers are responsible for the cookies they set on our Website. If you want further information, please go to the relevant third party’s website.

If you do not want to accept cookies, you can change your browser settings so cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this Website. For further information about cookies and how to disable them, please go to the Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/.

How will we use the information about you?
We collect information about you so that we can:

– identify you and manage any accounts you hold with us;
– process your order or carry out obligations arising from any contract(s) entered into between you and us;
– conduct research, statistical analysis and behavioural analysis;
– carry out customer profiling and analyse your purchasing preferences;
– if you agree, let you know about other products or services that may be of interest to you—see ‘Marketing’ section below;
detect and prevent fraud;
– customise our Website and its content to your particular preferences;
– notify you of any changes to our Website or to our services that may affect you;
– carry out security vetting; and
– improve our services and notify you about changes to these services.

Marketing
Only where you have provided us with specific, informed and unambiguous consent shall we provide you with marketing materials by the mechanism(s) you have consented to (e.g. email). We will only provide you with marketing materials relating to features you have explicitly consented to.

If you have consented to receive marketing from us, you can opt out at any time. See ‘What rights do you have?’ below for further information.

Who your information might be shared with

We may disclose your personal data to:

– our clients as part of the service offered, but only with your explicit consent or pursuant to another legal basis under the GDPR;
– our service providers, pursuant to strict data processing agreements that protect your personal data to the same or higher standards than we treat it;
– law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
a court of law or regulator where we are obliged to disclose or share your personal data to comply with a legal or regulatory obligation.

Rest assured that we will never pass your information to a third party outside of the categories above without your explicit consent.

Keeping your data secure
We will use technical and organisational measures to safeguard your personal data, for example:

– access to your account is controlled by a password and username that are unique to you;
– we store your personal data on secure servers; and
– payment details are encrypted using SSL technology (typically you will see a lock icon or green address bar (or both) in your browser when we use this technology).

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the Internet is not entirely secure. For this reason, we cannot guarantee the security or integrity of any personal data transferred from or to you via the Internet. Please contact us if you have any particular concerns about your information (see ‘How can you contact us?’ below).

Our Website may contain links to other websites of our partners, suppliers, advertisers or other approved third parties. If you follow a link to any of these websites, please note that these websites have (or should have) their own privacy policies. We do not accept any responsibility or liability for these policies or the way in which your personal data may be treated by these third parties. We recommend you check the privacy policy of any third party before you submit any personal data to their website.

Transfers of your information out of the EEA

We may need to transfer your personal data to countries located outside the European Economic Area (“EEA”) for the purpose of providing the services to you. You may be located in a country outside of the EEA and therefore we may have no choice but to transfer your data outside of the EEA. Rest assured that any transfer of your personal data outside of the EEA will be subject to a GDPR-compliant guarantee (such as the EU-US Privacy Shield or a Model Contract Clause approved by the European Commission) that will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.

How long do we hold your data for?
We only keep your personal data as long as necessary for the purpose for which it was obtained. After that period, we either: (1) anonymise the data if we still wish to use it for analytical purposes, or (2) pseudonymise the data if believe in good faith that we may need to process the data in the future for a legitimate purpose, or in all other cases (3) delete it completely from our servers.

What rights do you have?

Right to request a copy of your information
You can request a copy of your information that we hold (this is known as a subject access request). If you would like a copy of some or it, please:

– email, call or write to us (see ‘How can you contact us?’ below),
– let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
– let us know the information you want a copy of, including any account or reference numbers, if you have them.

We will acknowledge receipt of your request and respond within thirty (30) days. You will not be charged for providing the information.

Right to correct any mistakes in your information
You can require us to correct any mistakes in your information, which we hold free of charge. If you would like to do this, please:

– email, call or write to us (see ‘How can you contact us?’ below),
– let us have enough information to identify you (e.g. account number, user name, registration details), and
– let us know the incorrect information and what it should be replaced with.

We will acknowledge receipt of your request and respond within thirty (30) days.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please: email, call or write to us (see ‘How can you contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of marketing emails from us,
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
let us know what method of contact you are not happy with if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to erasure
You can request that we delete all personal data relating to you free of charge. If you would like to do this, please:

– email, call or write to us (see ‘How can you contact us?’ below), and
– let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
– provide us with the justification for the erasure request (e.g. you are withdrawing your consent, you no longer believe that we should be processing the personal data for the original purpose for which it was obtained, the personal data is being unlawfully processed, there is a legal reason for erasure etc.).

We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to Restrict Processing
You can request that we restrict the processing of some of your personal data. If you would like to do this, please:

– email, call or write to us (see ‘How can you contact us?’ below), and
– let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
– provide us with details of what personal data you would like us to restrict the processing of (e.g. where you contest the accuracy of some personal data, we shall restrict the processing of it whilst its accuracy is verified).

We will acknowledge receipt of your request and respond within thirty (30) days. If we agree to restrict the processing of the personal data before the thirty (30) day period, we will inform you as soon as we have implemented the restriction.

Right to Object
You can object to us processing any of your personal data. If you would like to do this, please:

– email, call or write to us (see ‘How can you contact us?’ below), and
– let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
– Provide us with details of what personal data you object to us processing.

We will acknowledge receipt of your request and will respond within thirty (30) days.

Right to Data Portability
You can request that we provide some or all of your personal data we hold to a third party free of charge. If you would like to do this, please:

– email, call or write to us (see ‘How can you contact us?’ below),
– let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill will suffice), and
– Provide us with sufficient details of the third-party entity to which you would like your data transferred.

We will acknowledge receipt of your request and, provided you have provided us with sufficient information, provide your personal information to the third-party entity in a commonly used machine-readable format within thirty (30) days. We will not charge you for this service.

Rights relating to automated decision-making and profiling

We use software that automatically processes personal data for us. We ensure that this software’s processing is fair and implement all appropriate technical and organisational measures to minimise inaccuracies. If you are concerned about the use of such software, you have the right to ask for more details about the processing and request that we stop using the software to process your data. If you would like to do this, please:

– email, call or write to us (see ‘How can you contact us?’ below),
– let us have enough information to identify you (e.g. account number, user name, registration details), and
– Provide us with details of your concerns and the categories of personal data you believe are being processed by automated software.

We will acknowledge receipt of your request and will respond within thirty (30) days. Please note that if the automated processing is necessary for the performance of a contract between you and us, if you request that the software is no longer used to process your data, we may not be able to provide you with services anymore.

Right to complain to the supervisory authority.
If you are unhappy with how we have dealt with a request you have made or feel that we are not complying with this Privacy Policy in any way, you have the right to complain to the supervisory authority in the country in which you live. The supervisory authority in England and Wales is the Information Commissioner’s Office, and details of how to contact them are available on their website: www.ico.org.uk.

Time Extensions and Refusals

We reserve the right to extend the time period to respond to any of the requests listed above by up to sixty (60) days when a request is complex or a large number of requests are made. If we fail to respond to you by the deadline we set, you have a right to complain to the supervisory authority or seek a judicial remedy (see – ‘Right to complain to the supervisory authority’ above).

We may also refuse a request where there are legitimate reasons to do so. These include, but are not limited to:

– where a request is manifestly unfounded, excessive or repetitive; or
– where personal data is being processed:
• in order to comply with a legal obligation;
the public interest;
• in the exercise or defence of a legal claim;
• in the exercise of the right to freedom of expression and information.

Changes to this Privacy Policy
We may change this Privacy Policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version that will apply each time you access this Website.