Gettway (which may be referred to in this document as ‘we’, ‘ourselves’, ‘us’ and ‘our’) has ownership of this web site and its various functions, and also trades as Gettway. For the necessary grounds of the Information Protection Act 1998 (Act), the information controller is Gettway.
1. Important information
a. We do not knowingly collect information which relates to children and our website is not intended for children.
c. We are the information controller and accountable for your personal information.
i. by email to: info@Gettway.com
ii. by post to: Data Protection Manager, Gettway.
f. You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, like the opportunity to deal with your concerns before you contact the ICO so we encourage you to contact us first and we will look to resolve the matter.
g. Our website may have links to third-party websites, plug-ins and apps. By connecting or clicking on these links please be aware that you may be allowing third parties to share or gather your personal information. We do not have any control over these third-party websites, plug in or apps and we will not be held responsible for their privacy policies – please make sure to read their privacy policies to recognise what personal information they collect about you and the way in which this information is used.
2. Your responsibility to inform us of updates
a. It is imperative that the information we have about you is correct and up to date, please ensure we are aware of any changes to your personal information.
3. The information we collect about you
a. Part 1 of Schedule 1 provides you with the types of personal information we are likely to collect, use, store and transfer.
b. We also collect, use and share aggregated information. However, if we combine aggregated information with your personal information so that it can directly or indirectly identify you, we treat this as your personal information.
c. We do not collect any special classes of personal information.
4. Failure to provide personal information
a. If we are required by regulation, or under the terms of an agreement we have with you, to collect your personal information and you fail to provide the required information, we may not be able to enter into the agreement with you and therefore we may have to terminate a product or service. We will notify you of this at the appropriate time.
5. How personal information is collected
a. We gather personal information via the following methods:
i. Direct communications you may provide personal information when you complete online orders, apply for products/services, subscribe to our services, create a user account, join our newsletter or otherwise or contact us (by letter, telephone or electronic mail).
ii. Robotic technology
When you browse or interact with this website, we may automatically collect personal information – this includes technical and usage data. This is done by using cookies, and other related technologies. If you visit other websites that use our cookies, we may also receive technical information about you. Please see our cookie notice here for further details.
iii. Publicly available information
we may collect personal information from publicly availably sources [such as Companies House and the Electoral Register and credit reference agencies, based inside the EU.
iiii. Third parties
we may receive personal information from: (a)analytics providers based outside the EU (such as Google); (b) advertising networks inside the EU; (c) search information providers inside the EU; and (d) our suppliers such as payment providers, delivery services, website support and maintenance providers.
6. How we use your personal information
a. We will only use your personal information where there is a lawful basis to do so. Usually, we will use your personal information:
i. to achieve the agreement we are to enter into or have entered into with you;
ii. to ensure we are complying with a legal requirement; and
iii. where it is essential to carry out our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
b. Part 2 of Schedule 1 sets out the legal basis we will rely on to process your personal information.
c. We usually only rely on consent as the legal basis for processing your personal information to send email and SMS marketing messages and you have the right to remove your consent at any time by getting in touch with us. Please be aware that we may process your personal information for more than one lawful basis depending on the precise purpose for which we are using your information.
a. From time to time, we may examine your personal information to ascertain what products and or services we think may be of interest to you. You will only receive marketing messages from us, if you have requested information from us or purchased services from us, if you provided consent to marketing at the time we collected your personal information and you have not since opted out or removed your consent or if we have another basis to send you the marketing communications.
b. We will ensure to get your express opt in before sharing any of your personal information with other parties for marketing reasons. We do not sell any customer lists, accept advertising or profit from any third party revenue based on the information gathered on this website.
8. How to opt out
a. You can remove your consent from receiving marketing emails by clicking the unsubscribe button within the specific marketing message. You can also remove your consent to marketing at any time by contacting our DPM.
b. Even if you remove your consent from receiving marketing messages, we may still use your personal information for other purposes as long as we have a legal grounding to do so.
9. Change of purpose
a. Your personal information will only be used for the reason it was initially collected for. We will only use your personal information for another reason if that reason is connected to the initial reason.
b. If use of your personal information is required for an unconnected reason, we will inform you and will explain the lawful basis which allows us to use your personal information in this way.
c. Where this is required or allowed by law, we may process your personal information without your knowledge or consent.
10. Disclosure of your personal information
a. We may have to share your personal information with third parties, more details on this can be found in Part 4 of Schedule 1. All third parties are required treat your personal information in accordance with data protection regulations and to respect the security of your personal information. Third party service providers are not authorised to use your personal information for their own aims. Your personal information can only be processed within the specific instructions and for the specified reasons that we prescribe.
11. International transfers
a. When sharing your data with third parties as specified in Part 4 of Schedule 1, we may transfer your data outside the European Union (EU).
b. We work with intermediaries based outside the EU, therefore their processing of your personal data will involve a transfer of data outside the EU.
c. In these circumstances, we ensure your data is protected by ensuring at least one of the following safety mechanisms is in place:
i. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
ii. We use specific contracts approved by the European Commission which give personal data the same protection it has in Europe with our services providers;
iii. We may transfer data to US based service providers under the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
d. Please contact our DPM if you require further information on the specific methods used by us in situations where your personal data out of the EU.
12. Information security
a. Your personal data is held in the highest regard and we do our utmost to ensure it is kept secure. Nonetheless, please note that no security system, however advanced, can provide guaranteed safety all of the time. Gettway is dedicated to protecting and securing your personal data, but we are unable to fully promise or license our server security. Also, there may be unfortunate instances where personal data that you provide on this website is seized during Internet communications. We adhere to the qualified industry standards to always protect the personal data.
b. Gettway personnel, agents, contractors and other third parties will only be allowed access to your personal information if they require access in order to perform their core business function – we will take steps to limit access to those that do not require access to your personal information. Those accessing your personal information will be subject to a duty of confidentiality.
c. We have procedures in place to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
13. Information retention
a. Gettway will only store your personal information for as long as necessary to fulfil the purposes we collected your personal information for. This includes for the purposes of fulfilling our legal, accounting, or reporting requirements.
b. Details of retention periods for different aspects of your personal information are available in our retention policy which you can request from us. However, we are legally obligated to keep rudimentary information about our customers (including contact, identity, financial and transaction information) for six years after our business relationship ends, for tax reasons.
c. We may also anonymise your personal information (so that it can no longer be linked to you) for research or statistical purposes. We can use anonymised information indeterminately without further notice to you.
14. Your legal rights
a. You have certain rights in certain situations under data protection law. These are set out in full in Part 3 of Schedule 1. Please contact our DPM if you wish to exercise any of your legal rights.
b. You will not have to pay a fee to exercise any of your rights. However, if your request is clearly unfounded, repetitive or excessive, we may charge a reasonable fee for this information or refuse to comply with your request.
c. We may request specific information from you to help us confirm your identity when you contact us. This is a security measure to ensure that personal information is not disclosed to any person who does not have the right to receive it.
d. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.