- About this notice
Archer’s Toolbox Limited (“we”, “our”, “us” or “Archer’s Toolbox”) is committed to protecting the privacy of all users of our mobile app’s, website and platforms (“Platforms”) Please read the following Privacy notice that explains how we use and protect your information.
This Privacy Notice also applies to any personal data we collect if you take part in events or other activities organised by us, or otherwise interact with us.
- Contact Details
If you have any queries or requests concerning this Privacy Notice or how we handle your data more generally, please get in touch with us using the following details.
Address: 45 Shortmead Street, Biggleswade, Beds, SG18 0AT
- Types of information
This Privacy Notice deals with personal data. We also collect anonymous/aggregated information, and may turn your personal data into anonymous/aggregated information.
Information relating to natural persons who can be identified or who are identifiable, directly from the information in question, or who can be indirectly identified from that information in combination with other information
Information we collect from you that cannot be used to identify you, either directly from that information or in combination with other information that could reasonably be obtained. We turn some of your personal data into anonymised/aggregated information.
- Information you provide to us
You provide us with personal data when you use our Platforms and interact with us. This information includes:
- Sign-up/profile information (such as your name, contact details, date of birth,age, club name, gender and any information which you add to your profile or upload on our Platforms)
- Transaction and billing information , if you make any purchases from us or using our Platforms (e.g. a record of your subscriptions and credit/debit card details);
- Records of your interactions with us (e.g. if you contact our customer service team or interact with us on social media)
- Information we collect when you take part in another activity (such as user testing for one of our services/products).
- Information you provide us when you enter a competition or participate in a survey or give us feedback
- Information you provide through a portal with other archery clubs
- User generated content (such as content you share and upload on our Platforms)
- Information we collect
We collect some personal data automatically, such as usage information (things like which pages you viewed, how long you spent with us, referring and exit URLs and whether you clicked on a link in one of our emails), device information (things like IP address, location, browser type, language, device ID and type).
Our Platforms are not intended for use by under thirteens and we do not knowingly collect or use personal information relating to children.
You must be at least thirteen years of age to use our Platforms and create an account. By using our Platforms and creating an account, you confirm that you are at least thirteen years of age.
- Information provided by third parties
We also collect information from third party sites, such as advertising platforms our fraud detection provider and archery club platforms.
- Information we use
We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information:
- if we need to process your information in order to provide you with our applications, services you have requested or to enter into a contract;
- we have your consent;
- we have a justifiable reason for processing your data; or
- we are under a legal obligation to do so.
Where we need to in order to provide you with the application/service you have requested or to enter into a contract, we use your information:
- to enable us to provide you with access to the relevant parts of the Platform;
- to supply the services you have requested;
- to enable us to collect payment from you;
- to contact you where necessary concerning our services;
- to contact you in relation to applicable laws, regulatory requirements, government guidance and related;
- to contact you in relation to health and safety.
We also process your data where we have a justifiable reason for doing so— for example personalisation of our service. We have listed these reasons below:
- to improve the effectiveness and quality of service that our customers can expect from us in the future;
- to tailor content that we or our suppliers display to you, for example so that we make sure you see the advertising which is most relevant to you, based on characteristics determined by us;
- to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible and to provide a positive customer experience;
- to contact you for your views and feedback on our services and to notify you if there are any important changes or developments to the Platform or our services;
- to send you information about our products, services and promotions (if you do not want to receive these, you can let us know by getting in touch (please see Contact Details));
- to analyse your activity on our Platform so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to prevent fraud;
- to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect our rights, our affiliates or others (including to prevent fraud);
- if you submit comments and feedback regarding the Platform and the services, we may use such comments and feedback on the Platform and in any marketing or advertising materials; and
- where you have chosen to receive push notifications from us, we may send you push notifications relating to the services that you have requested from us and information about our services and offers. You can choose to stop receiving push notifications from us at any time by changing your preferences on your mobile device or by getting in touch (please see Contact Details).
We will also analyse data about your use of our services from your location data to create profiles relating to you and for you. This means that we may make certain assumptions about what you may be interested in and use this, for example, to send you more tailored marketing communications or to let you know about special offers or products which we think you may be interested in. This activity is referred to as profiling. You have certain rights in relation to this type of processing. Please see ‘Your Rights’ section below for more information.
Where we rely on legitimate interest as a basis for processing your personal information, we carry out a ‘balancing test’ to ensure that our processing is necessary and that your fundamental rights of privacy are not outweighed by our legitimate interests. You can find out more information about these balancing tests by contacting us using the details above.
Where we are under a legal obligation to do so we may use your information to:
- create a record of your subscriptions;
- comply with any legal obligation or regulatory requirement to which we are subject.
- Cookies and similar technologies
- Direct Marketing
Where you have given your consent or where we have a justifiable reason for doing so (and are permitted to do so by law) we will use your information to let you know about our other products and services that may be of interest to you and we may contact you to do so by email or phone.
You can opt out of receiving direct marketing from us, either by clicking unsubscribe links in the messages we send you, by getting in contact with our customer service teams or by updating your preferences on our Platforms.
- Automated Decision Making
We conduct fraud checks on all customers. Where we believe we may detect fraudulent activity we may block you from using our Platform.
- Information Retention
All user data is retained for as long as the user maintains their account. Upon a user deleting their account, all user data will be removed from live and backup systems within 30 days.
We will not retain your information for any longer than we think is necessary.
Information that we collect will be retained for as long as needed to fulfil the purposes outlined above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- limitations under applicable law(s);
- our legitimate interests where we have carried out balancing tests;
- (potential) disputes; and
- guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
Data Retention in Third Party Services with us
We make use of various Google/Firebase services which may process and retain user data in order to improve the user experience, stability and security of our Platforms.
The particular services our app uses include:
Cloud Functions for Firebase (retains IP addresses temporarily)
Firebase Authentication (IP addresses retained for up to ‘a few weeks’, other authentication information is retained until the user deletes their data after which time it will be removed within 180 days)
Firebase Crashlytics (data retained for up to 90 days)
Firebase Hosting (retains IP data for a few months)
Google Analytics for Firebase (retains data up to a maximum of 26 months)
Further information on the above can be found at:
- Information Disclosure
The information we collect about you will be transferred to and stored on our servers located within the EU. We are very careful and transparent about who else your information is shared with.
Sharing your information internally:
- We share your information with our affiliate companies only where necessary for the purposes set out above.
Sharing your information with third parties:
We share your information with third party service providers. The types of third party service providers whom we share your information with includes:
- Payment providers (including online payment providers and fraud detection providers): for the purposes of providing services to us, for example when they process information such as credit card payments for us, provide support services to you or carry out fraud checks for us;
- IT service providers: including cloud, software, analytics, communications and data storage providers and SDKs.
- Customer support partners: who will help us to resolve any issues you may have with our services; and
- Marketing and advertising partners: so that they can ensure that you see advertising which is more relevant to you and send you email and postal marketing on our behalf.
If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your information may be disclosed or transferred to the target company, our new business partners or owners or their advisors.
We may also share your information:
- if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation, regulatory requirement or guidance. This includes exchanging information with other companies and other organisations for the purposes of health and safety, fraud protection and prevention;
- in order to enforce our contractual terms with you and any other agreement;
- to protect our rights, our affiliates or others, including to prevent fraud; and
- with such third parties as we reasonably consider necessary in order to prevent crime, e.g. the police.
International transfers of data:
- In some cases the personal data we collect from you might be processed outside the UK/European Economic Area (“EEA“). These countries may not have the same protections for your personal data as the EEA has. However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the EEA is protected in the same ways as it would be if it was processed within the EEA. There are therefore certain safeguards in place when your data is processed outside of the EEA.
- We ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- we use the EU approved Standard Contractual Clauses; and
- where your personal data is transferred to third party providers based in the US, data may be transferred to them if they have self-certified under the Privacy Shield framework in relation to the type of data being transferred, which requires them to provide similar protection to personal data shared between the EU and the US.
- Please contact us using the contact details above if you want further information on the countries to which personal data may be transferred and the specific mechanism used by us when transferring your personal data out of the EEA.
We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.
We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
Where you have chosen a password that allows you to access certain parts of the Platform, you are responsible for keeping this password confidential. We advise you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will take steps to protect your information, we cannot guarantee the security of your data transmitted to the Platforms; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
- Your Rights
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact us, using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.
Right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Notice.
Right of access
You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch (please see Contact Details).
Right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (please see Contact Details).
Right to erasure
This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us (please see Contact Details).
Right to restrict processing
You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.
Right to data portability
You have the right to obtain your personal information in an accessible and transferable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see Contact Details).
Right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority.
Right to withdraw consent
If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (please see Contact Details). Withdrawing consent will not however make unlawful our use of your information prior to withdrawal.
Right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing and profiling. You can object by changing your marketing preferences, disabling cookies or by getting in touch (please see Contact Details).
You can also contact the UK Information Commissioner’s Office (or a local data protection authority in your own country, if you live outside the UK) about your personal data.
We regularly review our notices so we may make changes to this notice from time to time.
We will let you know about relatively significant changes by putting a sign on our Platforms or by sending out an email.
We nevertheless recommend that you periodically revisit this page to remind yourself of the details of this notice, and to see if anything has changed.
This Privacy Notice was last updated: 19th October 2020
- Our Details
Archer’s Toolbox Registered Address: 45 Shortmead Street, Biggleswade, Beds, SG18 0AT
Company number: 09045356