Policy effective as of: 14/05/2018
The processing of your personal data will always be in line with the rules set out by the General Data Protection Regulation (GDPR). One of the guidelines of this is to ensure that privacy policies are written in plain-english and with as little legalise as possible. So we’ll try to keep it as simple as possible!
A lot of people visit this policy to find out how to unsubscribe, so here’s a recap:
E-mail mailing list
You may unsubscribe from our e-mail mailing list at any time. To unsubscribe you may do any of the following:
- Enter your e-mail here
- Click the 'unsubscribe' link which is situated at the bottom of every e-mail we send.
- Contact us directly
1. Our purposes & legal bases for processing your data
The law states that we need to review and decide upon a legal basis for processing any of your personal data. These are the appropriate bases that we’ve selected and the data that is being processed:
a. Consent – e-mail mailing list
When joining our e-mail mailing-list you provide us with direct consent to send you e-mails containing freebies/offers. Some of these communications are used for 3rd party advertising, the categories of marketing are listed below in section 6. You also agree for us to personalise the offers sent by e-mail according to any demographic data you’ve provided.
This e-mailing consent is provided on our subscribe forms by:
- The explanation within the heading and description text that the user is subscribing to the receive e-mails containing freebies/offers
- An affirmative action of submitting the subscribe button which states 'E-MAIL ME FREEBIES'
- The accompanying privacy notification text (shown clearly and unambiguously)
The minimum personal data we process and save during the subscribe is:
- IP address (to mitigate fraud & data duplications)
But is not limited to those data fields and some subscribe forms contain more. If you provide more personal information using on site forms, we will process it under the consent/legitimate interest shown in this privacy notice.
d. Legitimate Interest
For all our other data processing we use the legal basis of ‘legitimate interest’. This has been chosen after having performed a balancing test for each individual data use-case. During the tests we consider:
- The data processing that’s necessary for us to produce the best website for our users & perform as a profitable/sustainable company that uses marketing activity as its primary revenue driver
- Against your rights and interests as an individual
The data we use & processing we perform under the ‘legitimate interest’ bases are:
- If a user wishes to unsubscribe from our e-mail marketing we need to keep a record of that e-mail in order to make sure it can’t be signed up with again. A user still has the ‘right to be forgotten’ in which case all of the personal information we hold about user will be deleted. They would then appear to us as a fresh user and would be able to subscribe again using the same details. To request this please visit our contact page.
- We use Google Analytics to assess the number of visitors, sessions, page views, user journeys etc. We use this information to optimise the website and future marketing campaigns, however, it doesn’t include any personally identifiable information.
- Our servers hosted on Rackspace log errors and page requests to help fix problems and keep the website secure.
- We use the server monitoring software New Relic to monitor the integrity of our websites and keep them secure.
- We send e-mails using Campaign Monitor. Their platform records e-mail analytics on an individual user basis including (but not limited to) who was sent particular e-mails, opens, clicks, bounces & unsubscribes. These are used for segmentation and optimisation purposes.
2. Recipients of personal data
As mentioned in section 2 we use several external companies/services to help us perform our legitimate interests. These services are:
- Google Analytics - Belgrave House, 76 Buckingham Palace Road, London, SW1W 9TQ
- New Relic - 188 Spear St., Suite 1200, San Francisco, CA USA 94105
- Codebase HQ - Unit 9 Winchester Place, North Street, Poole, Dorset, BH15 1NX
- Campaign Monitor - Campaign Monitor, Level 38, 201 Elizabeth Street, Sydney, NSW 2000, Australia
- Rackspace - 5 Millington Road, Hyde Park Hayes, Middlesex, UB3 4AZ
3. Personal data transfers outside the EU
You should be aware that some recipients of your data may be based outside the European Union, whose laws provide a different standard of protection than that provided under English law. We will not release your data to a non-EU country processor without performing proper due diligence as to the standards of data protection within the specified country and proof of compliance with the standards of the UK Data Protection Act 1998 and other relevant legislation. Such requirements will be part of a formal and legally binding Data Processing agreement between us and the recipient.
4. Retention periods – how long we store your data
When you provide us with personal data via consent or any other legal basis we store it within our server, database or external source. Without time limits this would stay stored indefinitely.
However, we don’t want to keep it longer than necessary. As such, we’ve set these time limits on keeping personal data:
We will keep a record of suppressed (unsubscribed) e-mails & IP addresses indefinitely to make sure they cannot be re-subscribed. This is unless a user requests for complete data deletion under their ‘right to be forgotten’.
External data services
When we use external services to process your data this will be stored on their servers:
- Google Analytics (web analytics) - The data is stored indefinitely and as it’s not user identifiable does not fall under the remit of the ‘right to be forgotten’
- New Relic (server monitoring) - The data is stored indefinitely. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.
- Codebase HQ (error monitoring) - The data is stored indefinitely. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.
- Rackspace (server hosting) - The data within the access & error logs is stored indefinitely and can be identified to a user via the IP address. However, we reserve the right to retain these records for security purposes even if a user requests the right to be forgotten.
- Campaign Monitor (e-mail sending) - Any demographic / personalisation data we have on a user is also stored within the Campaign Monitor e-mail system. We will keep the same retention criteria as data on our own servers – keeping the demographic / personalisation data while a user is subscribed to our mailing list. A user can always request complete deletion of their data under the ‘right to be forgotten’ by contacting us.
5. Your rights as a data subject
Along with other rights mentioned in this policy and in keeping with the GDPR regulations you have the:
- Right of access - Following an individual’s request to access their personal data we have a process to fulfil this request in a timely manner.
- Right to rectification and data quality - We have several internal processes that ensure your personal data remains accurate and up to date. A user can also request that their data be updated or changed by contacting us.
- Right to restrict processing - We have procedures to respond to an individual’s request to suppress the processing of specific personal data.
- Right of data portability - There are no other relevant environments which an individual could easily move, transfer or copy their data to. However, we can provide a copy of all the data we hold on an individual for the purposes of verification etc.
- Right to object - We have procedures to handle an individual’s objection to the processing of their personal data.
- Right to lodge a complaint - As an individual you will always retain the right to lodge a complaint with a supervisory authority.
If you wish to enforce any of your rights relating to data you may contact us and we will endeavour to get back to you within 48 hours. To speed up e-mail unsubscribe/suppression requests you may also use the form here.
6. Categories of marketing
As mentioned in section 1, some of our communications are used for 3rd party advertising, the categories of marketing you can expect to receive are:
- Food & Drink
- Health & Fitness
- Home & Garden
- Sports & Outdoors
6. Gambling offers/content
As per section 2 - if you've joined our e-mail list we may send you e-mails containing freebies/offers. Some of these offers can contain information related to gambling or be offers from gambling companies.
Cookies help us to provide you a better website, enabling us to see which pages you find useful and which ones you don’t. The cookie in no way gives access to your computer or information about you, other than the data that you choose to share with Free Stuff World.
When you visit a domain, the assets that are loaded on that domain may drop a third-party cookie. These sometimes allow the third party to track you from one site to the other.
You can choose to accept or decline cookies if you prefer by adjusting the setting within your web browser.
If you want to stop cookies being stored on your computer in future, please refer to your browser manufacturer's instructions by clicking 'Help' in your browser menu.
8. Cookie Analytics
We work with advertisers & marketing partners to fund the site and keep it free for use by the public.
9. Minimum age
You must be aged 18+ to register for marketing (by any channel) from Free Stuff World. We do not knowingly, deliberately or aim to, collect personal data from children under the age of 18, either for registration or for marketing purposes.
10. The data controller
The data controller for Free Stuff World is:
Veneficus Ltd, 229-235 High Street, Guildford, Surrey, GU1 3BJ. Phone: 01483 610253