Welcome to The Joan Project Limited. This policy explains how we handle and use your personal information in connection with our websites and services and your rights in relation to it. Under data protection law, The Joan Project Limited is the controller of that information.
The Joan Project Limited (we, our or us) is committed to protecting and respecting your privacy.
This policy applies to our website located at firstname.lastname@example.org and related websites, social media accounts, and our instashop (together, the Site) and the services you can access through them.
The Joan Project Limited is the controller in relation to the processing activities described below. This means that The Joan Project Limited decides why and how your personal information is processed in connection with those activities. Please see the section at the end of this policy for our contact and legal information.
The Site is intended for use by individuals aged 16 and over. We do not knowingly collect personal information about children. If you are under the age of 16, please do not use the Site.
Information we collect about you
We receive personal information about you that you give to us (i.e. contact details, information you submit online via our Site and correspondence), that we collect from your use of the Site (i.e. device and Site activity data, traffic data and communication data) and that we obtain from other sources (i.e. account setup details). We only collect personal information that we need and that is relevant for the purposes for which we intend to use it.
Personal Information you give us
This is information about you that you give to us by entering information via the Site or our social media pages or by corresponding with us by phone, email or other means and is provided by you entirely voluntarily. The information you give to us can include your name, title and contact details (such as phone number, email address, postal address, social media handle), enquiry details, your opinion of our products, your comments on them and services and certain marketing preferences
If you do not provide this information to us we may not be able to contact you and/or resolve your queries effectively.
Information we collect about you from your use of the Site
Each time you use the Site we automatically collect the following information:
If you do not provide this information, you may be unable to access some or all of the Site or its features.
Information we collect about you from other sources
Use of your personal information
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We do not share your personal information with companies that would send their marketing to you.
We use your personal information in the following ways:
3.1 Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
to contact you via email (as you have indicated) with marketing information about our products, exciting product launches, events, promotions and general marketing communications (see Marketing for further details); and
to supply e-newsletters, brochures, marketing or other material you have specifically requested from us.
You may withdraw your consent for us to use your information in any of these ways at any time. Please see Your rights over your personal information for further details.
3.2 Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligation to keep a record relating to the rights you exercise in connection with our processing of your personal information.
3.3 Where processing is necessary for us to pursue a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business, brands and products
Processing necessary for us to promote our business, brands and products and measure the reach and effectiveness of our campaigns for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
to tailor and personalise our marketing communications based on your attributes, for example, by sending you a birthday treat message;
to supply your details to social media and other online platforms operated by other companies for them to contact you with our targeted advertising online. You may receive advertising based on information about you that we have provided to the platform or because, at our request, the platform has identified you as having similar attributes to the individuals whose details it has received from us. To find out more, please refer to the information provided in the help pages of the platforms on which you receive advertising from us;
if you are a corporate subscriber, to contact you by email or by telephone with marketing information about our products and services (other than where we have asked you for your consent). We will use your personal information to tailor or personalise the marketing communications you receive to make them relevant to you and also to send targeted marketing messages via social media and other third party platforms, which may involve sharing your personal information with those platforms.
to send you an electronic communication if you have closed your browser with items in your shopping basket; and in some cases we may use automated methods to analyse, combine and evaluate information that you have provided to us. We collect and analyse this information in this way so that we can deliver the most appropriate customer experience to you by tailoring and making relevant all our service and communications.
Please see further the Marketing section below;
Processing necessary for us to support customers and users with sales and other enquiries
to correspond and communicate with you in connection with the services we offer;
to train and monitor our staff and to identify ways of improving their call handling and your customer service experience;
Processing necessary for us to respond to changing market conditions and our customers’ needs for market research in order to improve the products and services that we deliver to you. Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively to administer the Site and our social media pages and for internal operations, including troubleshooting, testing and statistical reporting purposes;
for the prevention of fraud and other criminal activities;
to verify the accuracy of information we hold about you and create a better understanding of you as an account holder or visitor;
for network and information security purposes in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
for the purposes of a corporate restructure or reorganisation or sale of our business or assets;
for efficiency, accuracy or other improvements of our databases and systems e.g. by combining systems or consolidating records we or our group companies hold about you;
to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings; and
for general administration including managing your queries, complaints, or claims, to send service messages and to provide you with important information about our business.
3.4 Where necessary for the performance of our CONTRACT
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
to process and deliver your order;
to process your payment card or bank details when taking payment for your orders or when providing a refund;
to run our competitions and promotions that you enter from time to time and to distribute prizes. Marketing Communications:
As described above, if we specifically request your permission to send (or you specifically ask us to send) you newsletters, marketing material or to notify you of special events, offers, promotions, competitions or new products and services by email, we rely on your consent to do so. If you do not wish to receive email communications from us, please inform us by using the unsubscribe link inside the email, or by sending an email to email@example.com or using your email settings (to unsubscribe from marketing emails).
Otherwise we process your personal information for direct marketing purposes on the basis that it is necessary for us to pursue our legitimate interests as a business (see above in this section for further details). We try to tailor and personalise any marketing communications that we send to you, for example, by notifying you of products, services, offers or promotions that apply to your interests, location. If you do not wish to receive marketing communications from us, you can opt- out at any time by using the unsubscribe link inside the email (to unsubscribe from marketing emails), or by sending an email to firstname.lastname@example.org or using your email settings (to unsubscribe from marketing emails).
If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list for a defined period to ensure that we comply with your wishes. Please see further the periods for which we retain your personal information.
Disclosure of your personal information by us
We only disclose your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any suppliers or other recipients that work for us will be obliged to follow our instructions.
We may disclose your information to our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site, Apps and social media pages. Our Suppliers can be categorised as follows:
Banks, payment processors and financial services providers – EEA
Santander, Paypal, WordPress, Elavon, Onesaas
Cloud software system providers, including database, email and document management providers – EEA
Gmail, OneDrive, iCloud
Delivery and mailing services providers – WORLDWIDE
Health and safety claims administrators and consultants – EEA
Legal, security and other professional advisers and consultants – EEA
Website and data analytics platform providers – WORLDWIDE
WordPress, Mailchimp, Google Analytics
Website and App developers – WORLDWIDE
WordPress, Internal consultant
Website hosting services providers – EEA
WP Engine, WordPress
Wifi and other communication service providers – EEA
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
We may disclose the personal information to other third parties as follows:
any third party who is restructuring, selling or acquiring some or all of our business or assets or otherwise in the event of a merger, re-organisation or similar event; and
if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.
Transfers of your personal information outside of Europe
We do not transfer your personal information outside of Europe. If we do so in the future, we’ll let you know and take measures to protect your personal information.
All information you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).
If at any time we transfer your personal information to, or store it in, countries located outside of the EEA (for example, as a result of changing our hosting services provider) we will amend this policy and notify you of the changes. We will also ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA. If we transfer your personal information to the United States of America, we will only send the personal information to companies that participate in the Privacy Shield framework (or such other framework that may replace it from time to time) or for which we have an alternative safeguard in place in accordance with applicable law. Where they apply to our data transfer activities, we may rely on adequacy decisions by the European Commission about certain countries for data transfers to countries outside the EEA.
Security and links to other websites
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to the Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. When we have provided (or you have chosen) a password allowing you access to certain benefits of the Site, you are responsible for safeguarding it and keeping it confidential and you promise not to allow it to be used by third parties. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information you disclose online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
In addition, if you linked to the Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
The periods for which we retain your personal information
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. The periods for which we hold your personal information will depend on the type of personal information and whether you are a user of the subscription services we provide to a subscribing client or of a prospective/trialling client, or a visitor to the Site.
These periods also apply where we share your information with suppliers who process your personal information on our behalf.
We (and the suppliers we instruct) retain your personal information for the following periods: We retain your personal information for the following periods:
Type of personal information When do we receive your personal information? How long do we keep your personal information after we receive it?
IP addresses and type of device From when you use any The Joan Project websites/apps 1 year
Payment card information From when the payment is processed via card processor Electronic truncated payment card information is held for 5 years
Info given via competition entries We receive completed form entry 5 years
Opinions /other info given via customer surveys Online form is submitted 2 years if completed a questionnaire. Maximum of 2 years for research
Details of your orders From when the system records the order 7 years, stored on Elavon, Paypal, Wordpress, Limmworks, Onesass, Quickbooks
Information included in any correspondence to THE JOAN PROJECT sites, Customer care, Apps and social media pages Correspondence is received/acknowledged 5 years for inactive users
Location and frequency of your visits From when signed up to our newsletter 5 years for inactive app users, ongoing for active app users
Social media handles When you like or follow a Joan Project account Ongoing until you remove 'link' (i.e. unfriends etc.) to The Joan project social accounts or request comment removed as inappropriate.
Details regarding when you have consented to receiving marketing from us when form completed 5 years
Name, email address, telephone number, postal address, date of birth, your marketing preferences Signed up to received marketing Data is retained ongoing if customer active (i.e. opened trackable Marketing Comms within the last 5 years). If a customer hasn’t opened trackable Marketing Comms for >5 years (but hasn’t actively unsubscribed from The Joan Project Marketing) then they will be removed from The Joan Project marketing database.
In relation to any period mentioned above, we will retain your personal information from the expiry of that period until the start date of our next financial year (1st of July each year) to allow us to manage the deletion/destruction process efficiently.The only exceptions to the periods mentioned above are where: you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further Your rights over your personal information);
you exercise your right to require us to retain your personal information for a period longer than our stated retention period (see further Your rights over your personal information);
we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
the terms of our contract with our client under which you access our subscription services require that we delete, destroy or return your personal information sooner;
or in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
We retain an anonymised version of the submitted personal information for as long as we require it for reporting and other statistical and analytical purposes. Such anonymised information will not identify you and may be derived from personal information that was contained within accounts that have subsequently been deleted.
Your rights over your personal information
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request.
You have the following rights, some of which may only apply in certain circumstances:
to be informed about the processing of your personal information (this is what this statement sets out to do);
to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
to object to processing of your personal information
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal
to withdraw your consent to processing your personal information
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
to restrict processing of your personal information
you may ask us to restrict the processing of your personal information in the following situations:
where you believe it is unlawful for us to do so,
you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
to have your personal information erased
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
to request access to your personal information and information about how we process it
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
To find out more about each of your rights, please click the ✓ icon next to each right above. To exercise these rights, please contact us using the details at the end of this policy.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
Please check this page regularly for changes to this policy. We will notify you of changes via your account and/or by email (if we hold a valid email address for you).
We may review this policy from time to time and any changes will be notified to you by posting an updated version on this Site and/or by contacting you by email or via your account. Any changes will take effect 7 days after we post the modified terms on our website or after the date we notify by email or via your account. We recommend you regularly check for changes and review this policy when you visit this Site. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using this Site.
Contact and legal information
You can contact us with your queries in relation to this policy or for any other reason at any time.
To contact us for any reason, including to exercise any of your rights in relation to your personal information, please write to the Data Protection Manager at the address below or email us at email@example.com
The Joan Project Limited’s company registration number is [number] and registered office address is at [address]
What are cookies?
A cookie is a small data file that is placed on your computer or other device to allow a website to recognise you as a user when you return to the website using the same computer and web browser, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (a ‘persistent cookie’). Other similar files work in the same way and we use the word ‘cookie’ in this policy to refer to all files that collect information in this way.
Strictly necessary cookies. These are cookies that are required for the operation of our Site. They include, for example, cookies that enable you to log into secure areas of our Site.
Analytical cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our Site when they are using it. This helps us to improve the way our Site works, for example, by ensuring that users are finding what they are looking for easily. Functionality cookies. These are used to recognise you when you return to our Site and to embed functionality from third party services. This enables us to personalise our content for you, greet you by name, remember your preferences and to integrate useful services provided by third party providers into our Site.
Advertising cookies. These cookies record your visit to our Site, the pages you have visited on our Site and others and the links you have followed. We will use this information to make the advertising displayed to you more relevant to your interests. We may also share this information with third parties for this purpose.
How to control and delete cookies
Alternatively, you may wish to visit http://www.allaboutcookies.org/ which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your computer, as well as more general information about cookies. Please note that, as these websites are not owned or operated by us, we are not responsible for any of the content on them.
Please be aware that restricting cookies may mean that you will not be able to take full advantage of all the features or services available on this Site.