From 25th May 2018, this website will comply with the General Data Protection Regulation ((EU) 2016/679) relating to the personal information you supply online. Any personal information that you provide to Weneed1.com whilst using the website is stored and controlled by Weneed1.com
The Help menu on the menu bar of most browsers will tell you how to prevent your browser form accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. However, cookies allow you to take full advantage of some of our website's most innovative and useful features and we recommend that you leave them turned on. You can configure your Internet browser to accept or reject certain cookies or inform you when a cookie is saved.
We may monitor customer traffic patterns, website usage and related website information in order to optimize your use of the website and we may give aggregated statistics to a reputable third-party, but these statistics will include no information personally identifying you.
We may also use the information we gather to notify you about important functionality changes and alterations to the website, or offers of products, services or information that might be of particular interest to you. By submitting your information you expressly consent to such use and transfer, to the extent permitted by applicable law.
In case any fraudulent activity is detected on the website, or, without limitation, in connection with the breach of intellectual property rights through the use of our website, we may release personal information in order to comply with any applicable law or regulation or assert our rights.
Notices and Revisions
Data Processing Agreement
These terms set out the additional terms requirements and conditions on which we will process personal data when providing services to you.
This Agreement contains the mandatory clauses required by article 28(3) of the General Data Protection Regulation ((EU) 2016/679) for Agreements between data controllers.
By creating an account you confirm that you accept to these terms of data processing and you agree to comply with them.
If you do not agree with these terms, you must not create an account or do business with us.
We recommend that you print a copy of these terms for your future reference.
Data Subject: an individual who is the subject of Personal Data.
Personal Data: means any information relating to an identified or identifiable natural person that is processed by the Data Processor as a result of, or in connection with, the provision of the services; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Processing, processes and process: either any activity that involves the use of Personal Data or as the Data Protection Legislation may otherwise define processing, processes or process. It includes any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording. organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Processing also includes transferring Personal Data to third parties.
Data Protection Legislation: all applicable privacy and data protection laws including the General Data Protection Regulation ((EU) 2016/679) and any applicable national implementing laws, regulations and secondary legislation in England and Wales relating to the processing of Personal Data and the privacy of electronic communications, as amended, replaced or updated from time to time, including the Privacy and Electronic Communications Directive (2002/58/EC) and the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426).
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
Standard Agreements Clauses (SCC): the European Commission's Standard Agreementual Clauses for the transfer of Personal Data from the European Union to processors established in third countries as set out in Commission Decision 2010/87/EU.
1.2 This Agreement is subject to the terms of any separate agreement made between the parties for the supply of website hosting services (“Services Agreement”) and is incorporated into any such Agreement. Interpretations and defined terms set forth in the Services Agreement apply to the interpretation of this Agreement.
1.3 The Annexes form part of this Agreement and will have effect as if set out in full in the body of this Agreement. Any reference to this Agreement includes the Annexes.
1.4 A reference to writing or written excludes faxes and email.
1.5 In the case of conflict or ambiguity between:
(a) any provision contained in the body of this Agreement and any provision contained in the Annexes, the provision in the body of this Agreement will prevail;
(b) the terms of any accompanying invoice or other documents annexed to this Agreement and any provision contained in the Annexes, the provision contained in the Annexes will prevail; and
(c) any of the provisions of this Agreement and the provisions of the Services Agreement, the provisions of the Services Agreement will prevail.
1.6 This agreement is in addition to and does not remove or replace a party’s obligations under the Data Protection Legislation.
1.7 In this agreement we are the Data Processor and you are the Data Controller
2. Personal data types and processing purposes
2.1 The Data Controller retains control of the Personal Data and remains responsible for its compliance obligations under the applicable Data Protection Legislation, including providing any required notices and obtaining any required consents, and for the processing instructions it gives to the Data Processor.
2.2 ANNEX A describes the subject matter, duration, nature and purpose of processing and the Personal Data categories and Data Subject types in respect of which the Data Processor may process to provide services to the Data Controller under the terms of the Services Agreement or otherwise.
3. Data Processor's obligations
3.1 The Data Controller acknowledges that for the purposes of fulfilling its obligations under the Agreement the Data Processor may have access to and may be required to process Personal Data (as defined in the Data Protection Legislation) on behalf of the Data Controller and in accepting the Agreement the Data Controller authorises the Data Processor to process its Personal Data in accordance with the terms of this Clause 3.
3.2 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 3 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
3.3 The parties acknowledge that for the purposes of the Data Protection Legislation, the Data Controller is the data controller and the Data Processor is the data processor (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation).
3.4 Without prejudice to the generality of clause 3.2, the Data Controller will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Data Processor for the duration and purposes of this agreement.
3.5 Without prejudice to the generality of clause 3.2, the Data Processor shall, in relation to any Personal Data processed in connection with the performance by the Data Processor of its obligations under this agreement:
(a) process that Personal Data only on the written instructions of the Data Controller unless the Data Processor is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Data Processor to process Personal Data (Applicable Laws). Where the Data Processor is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Data Processor shall promptly notify the Data Controller of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Data Processor from so notifying the Data Controller;
(b) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
(d) subject to clause [3.10] to not transfer any Personal Data outside of the European Economic Area (“EEA”) unless the prior written consent of the Data Controller has been obtained and the following conditions are fulfilled:
(i) the Data Controller or the Data Processor has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Data Processor complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(iv) the Data Processor complies with reasonable instructions notified to it in advance by the Data Controller with respect to the processing of the Personal Data;
(e) if so reasonably required, assist the Data Controller, at the Data Controller's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(f) notify the Data Controller without undue delay on becoming aware of a Personal Data breach;
(g) if so reasonably required, at the written direction of the Data Controller, delete or return Personal Data and copies thereof to the Data Controller on termination of the agreement unless required by Applicable Law to store the Personal Data; and
(h) if so reasonably required, maintain complete and accurate records and information to demonstrate its compliance with this clause 3.
3.6 In accepting these Terms and Conditions the Data Controller consents to the Data Processor appointing third-party processors of Personal Data (“the Sub Processors”) under this agreement.
3.7 The Data Processor shall enter with the Sub Processors into a written agreement incorporating terms which are substantially similar to those set out in this clause 3 prior to any Sub Processor being appointed.
3.8 The Data Controller accepts that for the purposes of this Agreement part or all of its Personal Data may need to be processed outside of the EEA and the Data Controller further consents to the Data Processor processing its Personal Data in appointing these third party processors listed at Annex A who are located outside of the EEA.
3.9 The Data Controller shall have the ability to withdraw its consent to the Data Processor’s use of Sub Processor for the purposes of fulfilling this Agreement by notifying the Data Processor in writing at its registered office. However the Data Controller acknowledges that the Data Processor may not be able to perform the Services or any part of the Services unless it is able to appoint an alternative Sub Processor and where an alternative Sub Processor cannot be appointed, the Data Processor shall not be obliged to provide any part of the Services which are so affected.
3.10 The Data Processor may, at any time on not less than 30 days’ notice, revise this clause 3 by replacing it with any applicable controller to processor standard clauses or similar terms forming party of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).
Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes:
Internal Third Parties
External Third Parties
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.
They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for [six] years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see [Request erasure] below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.