CookieChimp Logo
Get Started
Legal

Privacy Policy

Effective from November 27, 2024
For any questions or to request your data to be deleted, email [email protected].
Terms & Conditions Privacy Policy Cookie Policy Data Processing Agreement Sub-Processors

Identity Square Limited (T/A CookieChimp) ("we," "us," "our") is dedicated to safeguarding your privacy and respecting your personal data.

This privacy policy ("Privacy Policy") and any related documents outline how we collect, use, and process your personal data as a data controller when you interact with our website or services.

Please carefully review this Privacy Policy to understand our practices and approach to handling your personal data. By visiting cookiechimp.com (the "Site") or using our services or apps (the "Services"), you consent to the practices detailed in this Privacy Policy.

Important Note:

This Privacy Policy does not cover any data you provide to us that we process on your behalf as your data processor. For example, when we handle customer data within the cloud service we provide as a B2B service provider, this falls outside the scope of this Privacy Policy.

DATA CONTROLLER

For the purposes of EU and UK data protection laws and any applicable national implementing laws, regulations, and secondary legislation relating to the processing of personal data (together "Data Protection Law"), the data controller is Identity Square Limited, located at Lytchett House, 13 Freeland Park, Wareham Road, Poole, Dorset, BH16 6FA, United Kingdom.

LEGAL BASIS FOR PROCESSING

We will only use your personal data when the law allows us to. Most commonly, we will process your personal data under the following circumstances:

  • To fulfil our contractual obligations to you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • To comply with a legal obligation.

If we process your personal data for any other purposes, we will obtain your consent in advance or ensure that our partners acquire such consent.

PERSONAL DATA WE MAY COLLECT ABOUT YOU

We may collect and process personal data about you. Personal data, or personally identifiable information, refers to any information about an individual from which they can be identified. It does not include data where the identity has been removed (anonymous data). We collect, use, store, and transfer various types of personal data, grouped as follows:

  • Identity Data: Includes first name, maiden name, and last name.
  • Contact Data: Includes billing address, email address, company name, and website.
  • Financial Data: Includes VAT number and payment card details.
  • Transaction Data: Includes details about payments to and from you and other information regarding products and services purchased from us.
  • Technical Data: Includes internet protocol (IP) address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology used on devices accessing our Site or Services.
  • Profile Data: Includes your username and password, purchases or orders made, interests, preferences, feedback, and survey responses.
  • Usage Data: Includes information about how you use our Site and Services, such as full Uniform Resource Locators (URL) clickstream to, through, and from our Site and Services (including dates and times); products viewed or searched for; page response times; download errors; visit duration; page interaction data (e.g., scrolling, clicks, mouse-overs); browsing methods; and any phone numbers used to contact our customer service.
  • Marketing and Communications Data: Includes preferences for receiving marketing communications from us and third parties and your communication preferences.
  • Aggregated Data: We also collect, use, and share statistical or demographic data for various purposes. Aggregated Data may be derived from your personal data but is not considered personal data in law, as it does not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to calculate the percentage of users accessing a specific feature. However, if we combine or link Aggregated Data with your personal data, making it possible to identify you, we treat the combined data as personal data in accordance with this Privacy Policy.
  • Special Category Data: We do not collect, store, or use special category data. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic or biometric data.

If You Fail to Provide Personal Data

If we are required by law or under the terms of a contract to collect personal data from you and you fail to provide that data when requested, we may be unable to perform the contract we have with you or are attempting to enter into (for example, providing you with goods or services). In such cases, we may need to cancel a product or service you have with us, but we will inform you of this at the time.

HOW IS PERSONAL DATA COLLECTED

We collect personal data about you using various methods, including:

  • Direct Interactions:
    You may provide us with your Identity, Contact, and Financial Data by filling in forms or communicating with us via post, phone, email, or other means. This includes personal data you provide when you:

    • Register to use our Site or subscribe to our newsletter.
    • Subscribe to our Services or create an account on our Site or Services.
    • Request marketing materials to be sent to you.
    • Search for a product or place an order on our Site.
    • Participate in discussion boards or other social media functions on our Site.
    • Enter competitions, promotions, or surveys.
    • Attend a conference or webinar.
    • Provide feedback or contact us.
    • Report a problem with our Site or Services.

  • Purchases:
    If you make purchases via our Site or within any Services, or register for an event or webinar, we may require you to provide Identity, Contact, Financial, and Transaction Data.

  • Community:
    When you register for an online community that we provide, we may request Identity, Contact, Profile, and Technical Data.

  • Automated Technologies or Interactions:
    As you interact with our Services, Sites, or emails, we automatically collect Technical Information about your device, browsing actions, patterns, Location Data, and Usage Data. This is collected through cookies, server logs, web beacons, pixels, and similar technologies. Additionally, we may collect Technical Data and Location Data if you visit other websites that use our cookies. Please refer to the Cookie section below for more information.

PERSONAL DATA WE RECEIVE FROM OTHER SOURCES

We work closely with third parties (e.g., business partners, sub-contractors in technical, payment, and delivery services, advertising networks, analytics providers, search information providers, and credit reference agencies) as detailed in our Third Party Supplier List (available upon request). These third parties may provide us with the following personal data about you:

  • Technical Data:
    Provided by analytics providers, advertising networks, and search information providers, such as Google and Hotjar.

  • Contact, Transaction, and Financial Data:
    Provided by technical, payment, and delivery service providers, such as Stripe.

  • Identity and Contact Data:
    Provided by customer chat and communication service providers, including email platforms such as Zendesk.

  • Email Communications and Contact Data:
    Provided by email communication service providers such as Sendgrid, SendinBlue, Getresponse, and Google.

  • Business Contact and Financial Data:
    Provided by CRM service providers that manage customer contacts and keep records of communications and interactions.

  • Contact Data and Financial Data:
    Provided by our cloud accounting system, which stores the email addresses and names of individuals to whom invoices are sent.

PERSONAL DATA WE COLLECT FROM OTHER SOURCES

We also collect personal data about you from publicly available sources. This information may be combined with the personal data you provide to us. By doing so, we aim to update, expand, and analyze our records, identify potential customers, and deliver tailored advertising and services that may be of interest to you. We also use this information for targeted advertising, relevant email content delivery, event promotion, profiling, eligibility determination, and verifying Contact Data. The personal data we collect includes:

  • Identity and Contact Data:
    Obtained from publicly available sources such as Companies House.

  • Identity, Contact, and Profile Data:
    Gathered from publicly available social media profiles such as LinkedIn, Facebook, Twitter, and similar platforms.

COOKIES

We use cookies on our Site and within our Services to distinguish you from other users. This helps us provide a better experience when you browse our Site and allows us to improve the Site and Services.

What are cookies

Cookies are small text files placed on your computer by websites you visit. They are commonly used to make websites function or operate more efficiently, as well as to provide information to the website owners. Cookies can be categorized as either "persistent" or "session" cookies.

We use both persistent and session cookies.

Persistent Cookies

Persistent cookies are stored on a user’s device between browser sessions. They allow the Site to remember your preferences or actions across sessions or, in some cases, across different websites. We use persistent cookies to save your login information for future access to the Site or Services.

Session Cookies

Session cookies link your actions during a single browser session. These cookies enable features of the Site or Services, help us understand how you interact with the Site or Services, and monitor aggregate usage and web traffic. Session cookies are deleted from your device when you log off from the Site or Services and close your browser.

For detailed information about the cookies we use, please review our Cookies Policy.

You can configure your browser to stop accepting cookies or to prompt you before accepting a cookie. Note, however, that some features of the Site or Services may not function properly without cookies.

To learn more about cookies, including how to manage or delete them, visit www.aboutcookies.org or www.allaboutcookies.org. To opt out of being tracked by Google Analytics across websites, visit https://tools.google.com/dlpage/gaoptout.

Do Not Track

We support Do Not Track (DNT).

Do Not Track is a browser preference that informs websites you do not wish to be tracked. You can enable or disable Do Not Track in the "Preferences" or "Settings" section of your web browser.

USES MADE OF PERSONAL DATA

Below is a table outlining how we use your personal data, the legal basis for processing it, and our legitimate interests where applicable.

Please note, we may rely on multiple legal grounds depending on the purpose of processing. If you require more details about the specific legal grounds we rely on, please contact us.

1. Purpose/Activity: To register you as a new customer

Type of data: Identity, Contact

Lawful basis for processing: Performance of a contract with you

2. Purpose/Activity: To process and deliver your order including: Manage payments, fees, and charges; collect and recover money owed to us

Type of data: Identity, Contact, Financial, Transaction, Marketing and Communications

Lawful basis for processing: Performance of a contract with you; necessary for our legitimate interests (to recover debts due to us)

3. Purpose/Activity: To manage our relationship with you, which will include notifying you about changes to our terms, this Privacy Policy, the Site, or Services; asking you to leave a review or take a survey; communicating with you

Type of data: Identity, Contact, Profile, Marketing and Communications

Lawful basis for processing: Performance of a contract with you; necessary to comply with a legal obligation; necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services); consent

4. Purpose/Activity: To enable you to partake in a prize draw, competition, or complete a survey

Type of data: Identity, Contact, Profile, Usage, Marketing and Communications

Lawful basis for processing: Performance of a contract with you; necessary for our legitimate interests (to study how customers use our products/services, to develop them, and grow our business)

5. Purpose/Activity: To administer and protect our business and this Site, including troubleshooting, data analysis, testing, system maintenance, support, updates, reporting, and hosting of data

Type of data: Identity, Contact, Technical

Lawful basis for processing: Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise); necessary to comply with a legal obligation

6. Purpose/Activity: To deliver relevant Site and Services content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Type of data: Identity, Contact, Profile, Usage, Marketing and Communications, Technical

Lawful basis for processing: Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy)

7. Purpose/Activity: To use data analytics to improve our Site and Services, marketing, customer relationships, and experiences

Type of data: Technical, Usage

Lawful basis for processing: Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy)

8. Purpose/Activity: To make suggestions and recommendations to you about goods or services that may be of interest to you

Type of data: Identity, Contact, Technical, Usage, Profile, Marketing and Communications

Lawful basis for processing: Necessary for our legitimate interests (to develop our Services and grow our business)

We will not sell or rent your personal data to any third party.

We will only use your personal data for the purposes for which it was collected unless we reasonably determine that it is necessary to use it for another purpose that is compatible with the original purpose. If you would like an explanation of how the processing for a new purpose is compatible with the original purpose, please contact us.

Please note that, in accordance with applicable laws, we may process your personal data without your knowledge or consent where required or permitted by law.

DISCLOSURE OF YOUR PERSONAL DATA

Personal data we share with third parties. We may share your personal data with third-party service providers (sub-processors) to help us provide and improve our services, including hosting, payment processing, customer support, and analytics. A complete and updated list of our sub-processors is available here.

Below is a summary of the types of third parties used:

  • Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
  • Business partners, suppliers and subcontractors for the performance of any contract we enter into with them or you to provide services such as IT and system administration services, email communications, hosting services, backup services, credit card processing, research, development, marketing and customer support.
  • Professional advisors acting as service providers to us in relation to the Site or Services – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
  • Tax authorities, regulators and other authorities who require reporting of processing activities in certain circumstances.
  • Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose personal data about identifiable individuals to our advertisers, but we may provide them with Aggregated Data and/or pseudonymised data about our users (for example, we may inform them that 250 men aged over 25 have clicked on their advertisement on any given day). We may also use such Aggregated Data to help advertisers reach the kind of audience they want to target (for example, women living in London). We may make use of the personal data we have collected from you to enable us to comply with our advertisers’ wishes by displaying their advertisement to that target audience. We will also share such pseudonymised data with Google ads in order for us to not show our ads to our paying customers. To know more about this, you can visit this page provided by google. 
  • Analytics and search engine providers that assist us in the improvement and optimisation of our Site and Services.
  • Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.

Personal data we disclose to third parties. We may disclose your personal data to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If we or a member of our group of companies or substantially all of their assets are acquired by a third party, in which case personal data held by them about their customers will be one of the transferred assets.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions, terms of use and/or any other legal agreements; or to protect our rights, property, safety, our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • We may share Aggregated Data in the normal course of operating our business; for example, with other Site or Services users, our customers or publicly to show trends or benchmark the general use of our Site and Services.

INTERNATIONAL TRANSFERS

Our Services operate globally, and your personal data may be stored and processed in any country where we have operations, where our staff are located, or where we engage service providers. These providers may be involved in activities such as fulfilling your order, processing your payment details, or providing support services. This means your personal data may be transferred to countries outside your country of residence, where data protection laws may differ from those in your home country.

The processing of your personal data may include transfers to countries outside the European Economic Area (“EEA”), Switzerland, or the UK.

We will take all reasonably necessary steps to ensure your personal data is handled securely and in compliance with this Privacy Policy. Specifically, your personal data will only be transferred to:
- Countries deemed to provide an adequate level of protection (for instance, those approved by the European Commission or the UK Information Commissioner’s Office (“ICO”)), or
- Recipients bound by standard contractual clauses as stipulated by the European Commission or ICO.

Since our Site and Services are accessible via the internet, they may potentially be accessed by individuals around the world, including those outside the EEA, Switzerland, or the UK. If you choose to post personal data on our Site or within our Services, it could be accessed globally, which may constitute a transfer of your personal data outside of the EEA, Switzerland, or the UK.

DATA SECURITY

We have implemented appropriate security measures to protect your personal data from accidental loss, unauthorized access, misuse, alteration, or disclosure. For example:

  • All information you provide to us is stored on secure servers.
  • Credit card information and payment transactions are encrypted using SSL technology.
  • If we provide you with (or you create) a password to access certain areas of the Site or Services, you are responsible for keeping it confidential. We request that you do not share your password with anyone.

Additionally, we restrict access to your personal data to employees, agents, contractors, and other third parties who need access for business purposes. These individuals or entities will only process your personal data based on our instructions and are bound by a duty of confidentiality.

We have procedures in place to handle any personal data breaches. In the event of a breach, we will notify you and any relevant regulatory authority as required by law.

However, please note that the transmission of information over the internet is not entirely secure. While we strive to protect your personal data, we cannot guarantee its security during transmission to our Site or Services. Any transmission of your data is at your own risk. Once we receive your personal data, we employ strict procedures and security measures to prevent unauthorized access.

LINKS TO OTHER WEBSITES

Our Site and Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

YOUR RIGHTS

You have the following rights under Data Protection Law, free of charge:

  • Access: Request access to your personal data.
  • Rectification or Deletion: Request correction or deletion of your personal data.
  • Restriction: Request a restriction on the processing of your personal data.
  • Objection: Object to the processing of your personal data.
  • Data Portability: Request a transfer of your personal data in a structured, machine-readable, and commonly used format.
  • Withdraw Consent: Withdraw your consent for us to process your personal data at any time.

If you wish to exercise any of these rights, please contact us as detailed at the end of this Privacy Policy. We will respond to your request within 30 days, in accordance with Data Protection Law. In cases where your request is complex or you have made multiple requests, we may need additional time and will notify you of the delay and provide updates.

You will not be charged a fee to access your personal data or to exercise your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. In such cases, we may also refuse to comply with your request.

To confirm your identity and safeguard your personal data, we may request specific information from you. This security measure ensures that personal data is not disclosed to unauthorized individuals. Additionally, we may contact you for further details about your request to expedite our response.

MARKETING

  • Marketing:
    We may use your Identity, Contact, Technical, Usage, and Profile Data to form a view of your preferences and interests. This allows us to identify which products, services, and offers may be relevant to you (referred to as marketing).

  • Promotional Offers from Us:
    We will send you marketing emails if you have "opted in" to receive them when registering on our Site, or if you have enquired about or purchased goods or services from us and have not opted out of receiving such communications.

  • Third-Party Marketing:
    We will obtain your explicit opt-in consent before sharing your personal data with third parties for their marketing purposes.

  • Opt Out:
    If you decide you no longer want to receive marketing emails, you can "opt out" at any time by clicking the "unsubscribe" link at the bottom of any marketing email. Once you opt out, you will no longer receive marketing communications from us.

However, we will continue to email you regarding service billing and support. Additionally, we may send push notifications about service updates, events, and promotions. If you wish to stop receiving these notifications, you can disable them in your device settings.

DATA RETENTION

We retain personal data for as long as reasonably necessary to fulfill the purposes for which it was provided or collected, including satisfying legal, regulatory, tax, accounting, or reporting obligations. We may retain your personal data longer in cases such as:

  • A complaint or the reasonable prospect of litigation regarding our relationship with you.
  • Compliance with law enforcement requests.
  • Ensuring security, fraud prevention, and abuse prevention.
  • Resolving disputes.
  • Enforcing legal agreements.
  • Honoring your request to “unsubscribe” from further communications.

Retention Period Determination

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the data.
  • The potential risk of harm from unauthorized use or disclosure.
  • The purposes for processing the data and whether these can be achieved by other means.
  • Legal, regulatory, tax, accounting, or other requirements.

Personal data will be retained for as long as you have access to the Site or Services, your account remains active, or as specified in any relevant contract. Once you close your account, we typically delete personal data.

Anonymized Data

After your account is closed, we may retain some anonymized information for research or statistical purposes. This anonymized data may be used indefinitely without further notice.

Shared Data

Please note that information you shared with others will remain visible even after you close your account or delete information. We do not control data that other users may have copied from the Site or Services. Your profile may also continue to appear in services such as search engine results until their cache is refreshed.

COMPLAINTS

If you have any complaints about our use of your personal data, please contact us using the details provided at the end of this Privacy Policy.

AGE OF USERS

This Site and the Services are not intended for, and shall not be used by, anyone under the age of 16.

CHANGES TO OUR PRIVACY POLICY

Any changes to our Privacy Policy will be posted on this page and, where appropriate, notified to you by email. Please check this page regularly for updates or changes to our Privacy Policy.

This Privacy Policy was last updated on 18th of January, 2025, and this version replaces any previously applicable Privacy Policy.

CONTACT

If you have any questions, comments, or requests regarding our privacy practices or this Privacy Policy, please contact us as follows:

By post:
Identity Square Limited
Lytchett House, 13 Freeland Park, Wareham Road,
Poole, Dorset, BH16 6FA, United Kingdom.

By email:
[email protected]