This privacy notice sets out how we collect and process your personal data when you use our website or contact us in relation to our products and services.
Rocket is the data controller and is responsible for your personal data. Should we ask you for specific information by which you can be identified we will only use this information in accordance with this privacy notice.
If you are not satisfied with the way in which we hold information about you, you have the right to complain to the Information Commissioner’s Office (ICO). We would ask that you contact us in the first instance, so we can attempt to resolve this for you
What data we may collect about you:
Contact information including email and postal address
Transactional information including browser types and plug-ins, time zones, location, operating systems and platforms you may use.
Usage data that includes how often you have visited and / or used or services
Marcomms data may also be collected that will include marketing preferences
We do not collect and sensitive data that includes race and ethnicity, religious beliefs, sexual orientation, health data, trade union membership or political opinion.
How we collect your data:
We may also collect data via third party aggregators or brokers or utilise companies house or other public ally available sources
Rocket may update this policy from time to time.
How we use it:
We only use your personal data in a legal manor and in particular for the following reasons:
To help us to deliver commissioned work
For promotional purposes surrounding us and our products and services that we believe you will find interesting.
For market research purposes.
For occasions where we need to comply with legal or regulatory obligation
Data security and retention:
Your data is stored securely with appropriate measures in place to prevent it from being accessed in any unauthorised way. Only those with a specific business need will have access to the data.
Your data is only held for the length of time that it is necessary to fulfil the purposes in which we collected it for initially. The retention period is determined by the amount, sensitivity and nature of the data we hold and whether there is any legal requirement in terms of timeframes.
You can ask us to delete your data and, in some instances, we may be able to do so or we may be able to anonymise your personal data.
Disclosure of your data:
To our IT service providers and system administrators alongside of any professional advisers who may provide a service to us. This includes banks, auditors, lawyers and insurers.
HMRC and any other authorities based in the UK that require reporting of processing activities.
Third party data transfer:
We require that all third party service provides commit to the confidentiality and respect the security of your personal data and only use it in accordance with our specific instructions.
We do not transfer your data outside of the EEA
- rectify inaccurate data;
- stop processing or erase data that is no longer necessary for the purposes of processing;
- stop processing or erase data if the individual’s interests override the Rocket’s legitimate grounds for processing data (where Rocket relies on its legitimate interests as a reason for processing data);
- stop processing or erase data if processing is unlawful; and
- stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual’s interests override the Rocket’s legitimate grounds for processing data.
To ask Rocket to
take any of these steps, the individual should send the request to firstname.lastname@example.org
Rocket will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form if the individual has made a request electronically, unless he/she agrees otherwise.
If the individual wants additional copies, Rocket will charge a fee, which will be based on the administrative cost to Rocket of providing the additional copies.
To make a subject access request, the individual should send the request to email@example.com. In some cases, Rocket may need to ask for proof of identification before the request can be processed. Rocket will inform the individual if it needs to verify his/her identity and the documents it requires.
Rocket will normally respond to a request within a period of one month from the date it is received. In some cases, such as where Rocket processes large amounts of the individual’s data, it may respond within three months of the date the request is received. Rocket will write to the individual within one month of receiving the original request to tell him/her if this is the case.
If a subject access request is manifestly unfounded or excessive, Rocket is not obliged to comply with it. Alternatively, Rocket can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which Rocket has already responded. If an individual submits a request that is unfounded or excessive, Rocket will notify him/her that this is the case and whether or not it will respond to it.
If Rocket discovers that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. Rocket will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.