This Privacy Notice sets out the basis on which any personal data you provide to us, will be processed. It also details the cookies we use on this website.
For your information, this website is operated and wholly owned by Submission Technology Ltd. (the “Company”), registered in England with the company number 4456811.
The Company processes personal data and in this regard, acts as a Data Controller. The Company is registered with the Information Commissioner’s Office (ICO); our registration number is Z7981900. The scope of this Privacy Notice extends to all staff, contractors, partners, suppliers, affiliates and clients of the Company.
The Company also processes personal data on its branded websites. For privacy information specific to each branded website, please see the links below to the corresponding Privacy Notices:
Oh My Dosh – Privacy Notice
20 Cogs – Privacy Notice
Paid Surveys – Privacy Notice
Freeclub UK – Privacy Notice
Cashback – Privacy Notice
US Product Testing – Privacy Notice
Product Testing USA – Privacy Notice
Freeclub USA – Privacy Notice
- Identity Data such as first name, last name, links to professional social media profiles, personal references
- Contact Data such as billing address, postal address, email addresses and telephone numbers
- Financial Data such as your bank details for payments
- Transaction Data such as details about payments to you / received from you
- Technical Data such as your Device IDs, your login data, access dates and times, browser type and version, device information, cookie data, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Company systems
- Special Category Data such as religion and medical history in cases of employment
- When we engage with you for business opportunities
- When you complete a form e.g. for due diligence
- During the recruitment process, directly
- When you tell us your personal information has been updated
- When you use our company systems
- During the recruitment process via a recruitment agency
- When you use our company systems or visit our websites
- When a third-party recommends your services
We process your personal data to:
- Fulfil our legal and contractual obligations
- Contact you about employment or our business services
- Manage your account
- Send or receive payment
- Perform general business administrative tasks
- Prevent fraud
- Improve our service
- Troubleshoot issues
- Answer and manage your queries
- Maintain accurate records
In specific situations, we collect and process your data with your consent, this includes special category data during the course of employment.
Performance of a Contract
We require information from you in order to fulfil our contractual obligations. This includes identity data, contact data and financial data.
The company has an obligation to process certain categories of data including identity, transaction and special categories data to comply with the law. This extends to any situation in which the Company needs to protect its legal position in the event of legal proceedings.
Most of the personal data we process will be used for our management and administrative use. This enables us to run the business and manage our relationship with you effectively and appropriately. All processing based on legitimate interest is subject first to a legitimate interest assessment.
All data is processed in line with the Company’s Data Classification Policy which dictates the security protocols which must be in place for each classification.
All data disclosed internally is subject to role-based access and only ever disclosed on a need-to-know basis. In most cases, disclosure will be limited to those staff who work directly for the Company. All staff are bound by privacy and data security policies and procedures. All staff receive annual training on how to handle your personal data securely.
At times, we may disclose your data to the following parties:
- Data processors who process your data on behalf of the Company to support our business and help provide our services. Data processors are bound by a Data Processing Agreement and subject to the same policies and procedures as internal parties.
- Fraud prevention and identity verification services where we believe that disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our staff, customers or partners.
- Professional advisers such as lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, financial, auditing, and accounting services so we can operate our business. All parties are bound by confidentiality agreements.
- Law enforcement agencies, courts, supervisory authorities, regulatory bodies and related third-parties, to the extent that we are permitted or required to do so by law, or in order to comply with our legal and regulatory obligations, or in the interests of national security, or to respond to verified requests relating to a criminal investigation or alleged or suspected illegal activity.
Your personal data is stored securely within the EEA and data will not be transferred outside of the EEA unless specific requirements of the data protection legislation governing such transfers are met.
We retain your personal data for as long as necessary to fulfil its purpose for which we collected it. The length of time we hold your data will depend on our ongoing relationship with you, our legal obligations, any request you may make to delete your personal data, and our legitimate interest in relation to the management of our own rights.
Typically, we store Identity Data, Contact Data and Technical Data for the length of our relationship with you plus 12 months unless we have legal obligations to the contrary. Other data is subject to legal retention periods (e.g. financial records for 6 years).
Retention of personal data is in line with our Data Retention Policy.
Once we no longer have a purpose to retain your personal data, we will securely destroy your personal data subject to the foregoing and in accordance with applicable laws and regulations.
The Company takes the security of your personal data very seriously. Internal policies and procedures are in place to ensure this. Some ways in which the company protects your personal data include:
- Implementing appropriate technical and organisational measures to protect the confidentiality, integrity and availability of personal data and information;
- Ongoing training and awareness for staff on information governance, security and data protection;
- Regular review of data security risks, with a treatment plan on how to mitigate them;
- Assigning responsibility for data security to a senior member of the company;
- Regular audits of processes, policies and procedures to ensure they are up to date and reflective of the risk review;
- Ensuring security is centrally administered;
- Aligning efforts with best practice, Codes of Conduct, certification schemes and government guidance; and,
- Ensuring supplier relationships are managed with contracts that have provisions for security and data protection.
Where the Company engages third parties to process personal data on its behalf, they do so under contract and on the basis of written instructions. Third parties are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data and comply with data protection legislation.
You have certain rights in relation to the personal data we hold about you. You may have a:
- Right to be informed – You have a right to know what Personal Data we collect and further process about you and how we use it. The Company communicates this to you via this privacy notice.
- Right of access – You have a right to be provided with a copy of your personal data.
- Right of rectification –You have a right to correct or update any inaccurate or incomplete personal data we hold about you.
- Right to erasure (right to be forgotten) – In some circumstances, you have the right to ask us to erase personal data. This is not an absolute right, meaning we may not always be able to comply with your request. If this is the case, we will inform you in a timely manner with reasons why.
- Right to restrict processing – where certain conditions apply, you have a right to restrict the processing of your personal data.
- Right of data portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing, the performance of a legal task and scientific or historical research.
- Right to object to automated processing, including profiling.
- The right to withdraw consent – If the legal basis for our processing of your personal information is consent then you have the right to withdraw that consent at any time.
Please submit your queries via the web form on the homepage. If you have any questions in relation to your information rights or how your personal data is processed, please contact our Data Protection Officer via email.
Data Protection Officer
We use the following cookies:
- Strictly Necessary Cookies
These Cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in, or filling in forms.
- Performance Cookies
Performance cookies have been set through our site by YouTube because we embed videos from YouTube on our site. These cookies are based on uniquely identifying your browser and internet device. They may be used by YouTube to build a profile of your interests and show you relevant adverts on other sites. You can manage these cookies in your browser settings. If you do not allow these cookies, you will not be able to experience the site fully.