Skip to content
*COVID-19 UPDATE* All guaranteed next day delivery orders are currently being dispatched as normal.
*COVID-19 UPDATE* All guaranteed next day delivery orders are currently being dispatched as normal.

Privacy

Navigating this Policy

If you are viewing this Policy online or on PDF, you can click on the below links to jump to the relevant section:

  •  Introduction & Scope of this Privacy Policy
  •  Who are we and how to contact us
  •  How we collect Personal Data
  •  How we process Personal Data and our reasons for doing so
  •  Sharing Your Personal Data
  •  Transferring Your Personal Data outside of the European Union (EU)
  •  Data Security & how we keep your information safe
  •  Existence of Automated Decision-making
  •  How long we keep your information
  •  Additional Information
  •  Your Rights as a Data Subject

To access this Policy online please visit: https://smartbreeder.com/pages/privacy

1. Introduction & Scope of this Privacy Policy
Lenken Limited, trading as “SmartBreeder” is committed to protecting the privacy of our customers and stakeholders, and we take our data protection responsibilities with the utmost seriousness.

This Privacy Policy sets out what Personal Data we collect, how we process it and how long we generally retain it, along with details of your rights as a data subject. It applies to all users of our website https://smartbreeder.com/, together with
our Cookie Policy. If you do not accept these policies, you should immediately discontinue your use of our website.

In this Policy, “Personal Data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. For the avoidance of doubt, Personal Data does not include data from which you cannot be identified (which is referred to simply as data, non-personal data, anonymous data, or de-identified data).

In this Policy, “processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

To the extent that you are a customer or user of our services, this Privacy Policy applies together with any Terms of Business and other contractual documents, including but not limited to any agreements we may have with you. We
reserve our right to issue separate policies in respect of other relevant stakeholders such as our employees, connected persons, affiliates and/or our business partners.

If you intend to use our services we will ask you to provide us with Personal Data on our website, and this Privacy Policy explains how we use your Personal Data when you become a customer of SmartTrace.

If you are just browsing, we have designed our website so that you may navigate and use it without having to provide Personal Data, subject only to certain data that may be collected via the use of cookies. This Policy should therefore be
read together with our Cookie Policy, which provides further details on our use of cookies on this website. Our Cookie Policy can be accessed at https://smartbreeder.com/pages/cookies.

We ask that you please read this Privacy Policy before providing us with any information about you or any other person.

2. Who are we and how to contact us

In this Policy, "we", "us" and "our" refers to Lenken Limited, trading as “SmartBreeder” (or “smartbreeder”); a company incorporated in England & Wales (Company Registration Number 08585205) with its registered address at Unit 3 Varley Business Centre, James Street, Manchester, M40 8EL, United Kingdom.
For any queries in relation to this Policy, please contact the Privacy Manager on the above address or:

  • - by telephone: +44 (0) 1208 420 999
  • - by email: hello@smartbreeder.com

Our website is owned and operated by us, and we are the “data controller” of any Personal Data you provide us in so far as it relates to the business of SmartBreeder. We may also act as a “data processor” of your data, acting on the
instructions of another data controller.

SmartBreeder runs an online retail business, specialising in veterinary products for consumers and businesses. Further information is available on our website https://smartbreeder.com. We have a close relationship with the business of
SmartTrace, an online retailer specialising in microchip technology for pets. The businesses work together by SmartTrace providing the microchip technology and an online administration tool for pet owners, whilst SmartBreeder distributes products as an online retailer. This requires both entities to work together as “joint controllers”, meaning they make joint decisions on how Personal Data is processed. Further information on SmartTrace is available on their website
https://smarttrace.org.uk.

3. How we collect Personal Data

3.1. When you visit our website

We may collect and process Personal Data about your use of our website, and further information on how this happens is covered in our Cookie Policy. In many cases, this data is de-identified or anonymised so that it is no longer Personal
Data. Our Cookie Policy can be accessed at https://smartbreeder.com/pages/cookies.

3.2. When you visit our offices or arrange to meet us

As we are an online business, our registered office is a correspondence address. Although if for any reason we need to arrange to meet you, we will normally do so in the United Kingdom. We may additionally be required to make an
arrangement with SmartTrace where you are a customer, stakeholder or have any other business or professional relationship with both entities. Details of our relationship with SmartTrace are contained in section 2 (Who are we and
how to contact us). If we do need to meet, we will typically collect the following information:

  •  Name
  •  Email address
  •  Mobile number
  •  Alternative contact number (optional)
  •  Postal Address
  •  Details of our meeting and what was discussed

3.3. When you open a SmartBreeder account

We collect the following information by asking you to fill an online form on our website:

  •  Name
  •  Email address
  •  Password

Although your password relates to your account, it will not be visible to SmartTrace and cannot be used to identify you as it is encrypted data.
We may also require further information during the sign-up or order process, in order to be able to fulfil any orders you make on the SmartBreeder website, as follows:

  •  Mobile number
  •  Alternative contact number (optional)
  •  Postal Address

We will also produce an account number for your SmartBreeder account, so it can be distinguished from accounts of other users and to ensure we can associate the products you purchase with this account.

3.4. When you contact us by telephone - call recording

SmartBreeder records all calls made to our dedicated customer service line +44 (0) 1208 420 999, and our advisors must provide you with a warning that calls are being recorded. Data from these calls is converted to audio files and
stored securely in accordance with this Privacy Policy and for the periods outlined below. Data collected may include Personal Data requested from you during the call, which at the very least will be your name and account number (if
applicable and where you have an active account).

3.5. When you contact us by email, post or using an online form

If you prefer to make a written query, you can do so using the above methods. Our email hello@smartbreeder.com is available to all our dedicated customer service advisors in order to ensure we can deal with queries and requests as
efficiently as possible. Where you use an online form, you will be required to provide the following information:

  •  Name
  •  Email address
  •  Phone number

3.6. When you purchase a product or use our services
SmartBreeder works with SmartTrace in order to sell its products. Details of our relationship with SmartTrace are contained in section 2 (Who are we and how to contact us). SmartTrace has a separate Privacy Policy, which is available
on its website: https://smarttrace.org.uk.

When you use the SmartBreeder service, we also will require:

  •  payment and financial information from you such as your credit or debit card details This information shall be securely stored in accordance with this Privacy Policy for as long as you have an active account with us. We offer alternative payment options (such as Klarna, PayPal and ApplePay) that do not require us to process Personal Data relating to your payment and financial information and will only record the method of payment used in such circumstances.

3.7. When subscribing to any newsletters or marketing material we produce, attend an event we host, or enter into any competitions we run

Newsletters/subscriptions
Where we add this a newsletter/subscription function to our website, we will simply ask for your email address if you wish to subscribe to any electronic newsletters we produce.

Additionally, if you have subscribed to any electronic newsletter we produce, each time you receive a newsletter from us we may collect and process Personal Data.

This data may include:

  •  The date and time you opened the email
  •  What (if any) links or URLs you accessed from our newsletter
  •  The location our newsletter was accessed from

We may also choose to use an marketing email management system (such as MailChimp) to send out newsletters to subscribers, allowing us to prepare customised emails and manage our subscriber base. Where we use such services, we will not store any information collected by our mailing list provider, other than the association of a name to an email address. We will direct you to the privacy policies/notices of any third party system we implement for this purpose.

Printed marketing material
If you wish to subscribe for printed marketing material, we will collect your name and address

Events attendance
If you attend an event we host, we will collect your name and email address, and only collect your telephone number if you wish for us to call you back.

Competitions, offers and discounts
Any competitions we run, or offers or discounts we make on our products will be done online. We will give you a chance to participate where you are a customer, or on the condition you become a customer and will not usually collect any
additional Personal Data other than that we hold or require when you open a SmartTrace account (see 3.3 above), where we require additional information, we will inform you.

3.8. When visiting our any of our Social Networking sites
We may collect and process Personal Data about your use of our social networking sites (e.g. where we use Twitter, Medium, Facebook, Instagram or other popular social networking sites). This data may include:

  •  clicks on a shortened URL;
  •  a history of referral URLs for clicks of a shortened URL;
  •  and a history of IP addresses used to access a shortened URL.

3.9. How we get Personal Data about you from third parties
Sometimes, we receive information about you from third parties. For example, if you login to a site or app using Facebook Connect you will be asked if you wish to share information from your Facebook account with us. If you use a "like" or a
"share" button feature in relation to one of our adverts or posts on a third party website, then the third party will share information with us such as your name or IP address. If you participate in activities outside of our website, such as participating in a Facebook application, you may allow us to have access to Personal Data held by Facebook, or other site or app owners.

Our website may provide links to social media profiles. Those services might also collect Personal Data. Below is a broad selection of social media applications that we may currently use or potentially use in the future, and links to their privacy policies:

Slack channel: https://slack.com/privacy-policy
Facebook: https://www.facebook.com/policy.php
Twitter: https://twitter.com/privacy
Reddit: https://www.redditinc.com/policies/privacy-policy
Medium: https://medium.com/policy/medium-privacy-policy-f03bf92035c9

Please refer to their privacy policies on the above links, noting however that they may be changed without notice by those social media service providers. We are not responsible for the privacy policies and practices of other organisations
and you should check with the relevant organisation as to how they manage

Personal Data and any updates they may make to their privacy policies, notices and practices.

4. How we process Personal Data and our reasons for doing so
Processing of your Personal Data is defined in section 1 (Introduction & Scope of this Privacy Policy) above. All of the operations noted in the definition are performed on your Personal Data, but we do not submit this to automated
processing (see section 8 [Existence of Automated Decision-making] below). We must always have a valid reason or “lawful basis” for processing your Personal Data. These are explained below.

4.1. Where you give your consent
We rarely rely on your consent to process your Personal Data, as usually another lawful basis will be more suitable. Where we do seek to rely on your consent, we will always ensure that this consent is fairly obtained by clearly informing
you about why your consent is needed. Although consent can be obtained orally, we will usually require that you provide your consent through a clear, affirmative action such as ticking a box, toggling/swiping a button or switch on our website
or on a mobile application, signing your name or other suitable method that can clearly evidence your consent.

Non-exhaustive examples of when we may need your consent are:

  •  To enable a feature on a mobile device application or on a microchip
  •  To allow us to transfer the association (alignment) of microchip data with your account, to another user account
  •  To enable us to place cookies and similar technologies in accordance with our Cookie Policy. Our Cookie Policy can be accessed at https://smartbreeder.com/pages/cookies.

4.2. Where we have a contract or business relationship with you
This is the primary lawful basis for processing Personal Data relating to our customers. It also includes processing in order to take steps at your request prior to entering into a contract (e.g. at the time you open an account on our website).

We will need to process your Personal Data where:

  •  you wish to make a purchase from us, even though the purchase may be related to goods offered by SmartTrace. Details of our relationship with SmartTrace are contained in section 2 (Who are we and how to contact us). SmartTrace has a separate Privacy Policy, which is available on its website: https://smarttrace.org.uk;
  •  we renew your monthly or annual subscriptions to use our services, or otherwise take payments from you in respect of our services;
  •  we need to communicate with you in the event of a delay or disruption to our services, or other important updates, whether that information is time-critical or otherwise;
  •  administration of events, competitions, communications, meetings and other interactions with you relating to our business relationship;
  •  we need to investigate complaints made one or more users of our services, or respond to queries and comments from our customers

4.3. Where we need to comply with a legal obligation to which we are subject
Processing Personal Data may be necessary in order for us to comply with a legal obligation to which we are subject. for example, certain record keeping requirements may apply to us by statute and prescribe minimum period for us to retain data. Other laws and regulations (e.g. those relating to anti-money laundering and counter-terrorism/ counter- terrorist financing) may require us to properly identify our customers, or to ensure that our products and services are not used for an unlawful purpose.

Processing may also be necessary where it is in response to requests by government or law enforcement authorities conducting an investigation.

4.4. Where processing is necessary to protect your vital interests or those of another person

We very rarely rely on this as a lawful basis to process your Personal Data, as usually another lawful basis will be more
suitable.

Non-exhaustive examples of where we need to rely on this are:

  •  Where we believe there may be an immediate threat of harm or potential harm to you or another person (such as in cases where pet ownership is disputed), we may need to advise the persons concerned as well as authorities
  •  If an event we host is catered or we are responsible for food/refreshment we will collect information on any allergies and/or disabilities you may have. Information on allergies and/or disabilities will be deleted as it is a more sensitive type of data known as “special category data” that relates to your health.
  •  We may also need to process details relating to criminal convictions and offences of persons in relation to ownership of animals and/or violent behaviour. Such data, like “special category data” are also a sensitive type of data category, and is subject to stricter controls and security measures. Such data may be retained as long as we are required to do so by law or where we reasonably believe vital interests may be engaged.

4.5. Where processing based on a task carried out in the public interest or to exercise official authority

We will not normally rely on this as a lawful basis, and inform you if this changes.

4.6. Where processing is required to pursue our legitimate interests (or those of a third party)

Where we have a business relationship with you and have obtained your Personal Data for that purpose, we may also wish to use that Personal Data to pursue a legitimate aim. We cannot, and will not, always rely on this lawful basis for all processing. There may be cases where your interests and fundamental rights could override our legitimate interest.

This may happen in cases where Personal Data are processed in circumstances where you do not reasonably expect further processing. We will always need to (i) identify a legitimate interest (ii) show that processing is necessary to achieve it; and (iii) balance it against your interests, rights and freedoms. Some non-exhaustive examples of situations where we may seek to pursue legitimate interests are:

Direct Marketing, and improving our services, website and user experience
We may wish to directly marketing products or services we think may interest you.

This includes processing for purposes of sending out newsletters and generic marketing correspondence (whether printed or digital). Further processing may
take place in order to track the success of the marketing campaigns, blog posts, and other marketing material, as well as improve the content of our shared links and material. We may also wish to analyse user demographics in order to
identify target markets. To the furthest extent possible, Personal Data will be de-identified and become aggregated data from which you cannot be identified, but we may choose to keep certain marketing lists from which you can be identified.

You have right to be free from (“opt-out” of) direct marketing. See more information on this right in section 11 under the heading “Right opt-out of direct marketing”.

Legal claims

We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing in this case will also be our legitimate interests; namely, the protection and assertion of
our legal rights, your legal rights and the legal rights of others.

Preventing fraud, keeping our staff and our premises secure, and disclosing criminal acts We generally have a legitimate interest to keep our business going and ensuring that criminals do not take advantage or otherwise exploit any potential vulnerabilities of our business. If you use a credit or debit card as payment, we also use third parties to check the validity of the sort code, account number and card number you submit in order to prevent
fraud. (please refer to section 5.Sharing Your Personal Data for further information on how your data is shared).

Use of client data, use of employee/consultant data, and IT security
We monitor use of our products, website and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline. We may also monitor data on our networks and information management systems, which may relate to personal data of our employees and/or consultants. Our legitimate interests is keeping your data secure and also to ensure to prevent possible data breaches by any of our
employees, as well as maintain the integrity, confidentiality and resilience of our IT systems. Any use of employee data will be subject to separate privacy notices/policies issued to them at the time of commencement of the
employee/independent contractor relationship.

Intra-group transfers
We may share Personal Data as part of an intra-group transfer with the related business of SmartTrace. Details of our relationship with SmartTrace are contained in section 2 (Who are we and how to contact us). SmartTrace has a separate
Privacy Policy, which is available on its website: https://smarttrace.org.uk.

5. Sharing Your Personal Data
We may pass your information to our business partners, affiliates, administration centres, third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing our
services to you. These will be treated as our data processors, who will act on our instruction when processing your Personal Data. In addition, when we use any other third-party service providers, we will disclose only the Personal Data
that is necessary to deliver the service required and we will ensure, that they keep your information secure and not to use it for their own direct marketing purposes.
In particular, we have a close business relationship with the business of SmartTrace, and act as joint controllers in respect to data relating to clients of both businesses. Details of our relationship with SmartTrace, including how we act as joint controller, are contained in section 2 (Who are we and how to contact us). SmartTrace has a separate Privacy Policy, which is available on its website: https://smarttrace.org.uk. Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes
set out in section 4 above, such as where we are mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws.

In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your
Personal Data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.

6. Transferring Your Personal Data outside of the European Union (EU)
We will ensure that any transfer of data outside of the EU or the European Economic Area (EEA) to what are commonly referred to as “third countries” is only effected to such extent as allowed by applicable legislation, and subjected to
additional safeguards that are appropriate to ensure the processing of your data outside of the EEA remains within our control as far as possible and allows you to continue to enforce your rights as a data subject. The EEA includes all the EU Members States, plus Norway, Iceland and Liechtenstein We will ensure that third country transfers of this nature happen, insofar as we can control this, only where the Personal Data will be adequately protected by measures such as the following:

  •  Standard contractual clauses approved by the European Commission.
  •  Working with entities that have Privacy Shield certification under the US or Swiss Privacy shield frameworks.
  •  Ensuring transfers are to third countries that it subject to an adequacy decision by the European Commission.
  •  Use of Binding Corporate Rules (note: given the size of our organisation, we do not transfer Personal Data subject to Binding Corporate Rules) Certain third country transfers are exempted transfers, meaning that they are allowed under the specific derogations in the law and are used where “appropriate safeguards” above are not available. We may rely on these exemptions and transfer data to third countries:
  •  with your explicit consent;
  •  where necessary for the performance of a contract, or for pre-contractual steps taken at your request;
  •  where necessary for the conclusion of a contract between us and a third party which is in your interest;
  •  where necessary for important reasons of public interest;
  •  where necessary for the establishment, exercise or defence of legal claims; or
  •  where necessary to protect your vital interests (or those of another), if you are physically or legally incapable of giving consent. As a measure of last resort, we may also make a third country transfer where we cannot rely on any of the above reasons, but only if the transfer fulfils the following criteria
  •  the transfer must not be repetitive;
  •  the transfer must concern only a limited number of data subjects;
  •  the transfer must be necessary for compelling legitimate interests we pursue which are not overridden by your interests and freedoms (as well as those of affected data subjects);
  •  we must have assessed all the circumstances and provided suitable safeguards (e.g. encryption measures) to protect the Personal Data;
  •  we inform the relevant supervisory authority of the transfer; and
  •  we provide you with (i) confirmation of the transfer, (ii) the information in this Privacy Policy, and (iii) the compelling legitimate interests we seek to rely on.

7. Data Security & how we keep your information safe

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of
confidentiality. We educate and train our employees on our information security, fraud prevention and privacy obligations at least annually, and they are aware that mishandling of your Personal Data is a disciplinary offence, but also has
important legal implications. Information Security awareness also forms part of our new employee induction program and we also educate our employees in identifying potential financial crime and internal fraud, encouraging them to report
suspicious activity, so that we can consider if this should be reported to relevant authorities.

We have put in place procedures to deal with any suspected Personal Data breach and where we are legally required
to do so, we will notify you and any applicable supervisory authority of a breach without undue delay.

Although the transmission of information via the internet is not completely secure, we take all reasonable steps to protect Personal Data from loss, misuse or alteration when it is within our control. For example, if you choose to complete our
online forms or make enquiries via telephone calls that are recorded, we will ensure that Personal Data are stored on password-protected databases or secure servers, which not every employee will have access to. Additionally, we use
technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information and have other security measures in place to help prevent fraud and cybercrime.
Whilst we take appropriate technical and organisational measures to safeguard your personal information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.

All information is encrypted between your browser and our web server using Secure Sockets Layer (SSL), ensuring that communications are secure. We also conduct regular penetration tests to ensure that our servers are tested for security.

Staff members associated our website maintenance only may access our website’s administration system. When they do, they are subject to confidentiality obligations. Access to our website administration service is also password
protected

8. Existence of Automated Decision-making
We do not use automatic decision-making or profiling when processing Personal Data. This means decisions are not made by robots or computers, and therefore not ‘automated’. However, certain third parties may use certain automated
decision-making tools or software. We are not responsible for the privacy practices of others and will take reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become familiar with the privacy practices of any third parties you enter into any agreements with.

9. How long we keep your information
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this Policy. Records can be held on a variety of media (physical or electronic) and formats.

Retention periods are determined based on the type of record, the nature of the data and activity and the legal or regulatory requirements that apply to those data. To determine the appropriate retention period for Personal Data, we
consider:

  •  the amount, nature, and sensitivity of the Personal Data;
  •  the potential risk of harm from unauthorised use or disclosure of the Personal Data;
  •  the purposes for which we process the Personal Data and whether we can achieve those purposes through
  • other means; and
  •  the applicable legal requirements that may require us to retain or destroy it. However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. Finally, we may retain your Personal Data where we have a legitimate interest to do so; e.g. for the establishment, exercise, or defence of legal claims.

10. Additional Information
10.1. Privacy protections for children using the internet
Protecting children's privacy is important to us. For that reason, we do not collect or maintain information on our website from those we actually know are under the age of 16, nor is any part of our website targeted to attract anyone under 16.
We request that all visitors to our website who are under 16 not disclose or provide any Personal Data and discontinue use of our website.

If we are required to provide or decide to provide online services to a child, or to investigate a report or complaint made by a child, we will need parental consent for this, and may, for this purpose, ask for the name, email address and contact
information of the person(s) with parental responsibility for that child.

10.2. Changes to this Privacy Policy
We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us, have an online account with us, or who are subscribed to our emailing lists directly of the changes,
and change the ‘Last Updated’ date above. Any amended policy will be effective immediately on the date stated therein.

We encourage you to review this Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your
use of our website. By continuing to access or use our website after the effective date of a change, you confirm your acceptance of any revised Privacy Policy or policies.

 

11. Your Rights as a Data Subject
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (‘General Data Protection Regulation’ or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website at the following Link https://ec.europa.eu/info/law/law-topic/data-protection_en.

If you wish to enforce any of these rights, you should contact our Privacy Manager, who will be pleased to assist in providing further information on how you can exercise your privacy rights. Our Privacy Manager can be contacted using
the details found under section 2 (Who are we and how to contact us) above.

Requests are free of charge, unless manifestly unfounded or excessive in which case we may charge a reasonable fee.

Alternatively, we may refuse to comply with your request in these circumstances.
Requests will be processed within one month of receipt but this might be extended to two months in case of a complex request, where you have made a number of requests, or if the identity of the requestor cannot be verified. In such cases, we will notify you and keep you updated, and may seek additional information to allow us to understand your request.

Right to information
You have a right to be informed about the processing of your Personal Data (and if you did not give it to us, information as to the source) and this Privacy Policy intends to provide such information. Of course, if you have any further questions
you can contact us on the above details.

Right of access
You have a right to obtain confirmation from SmartBreeder as to whether or not your Personal Data are being processed and, where this is the case, a right of access to your Personal Data, but not that of others. SmartBreeder has an
obligation to provide additional information when complying with a access request (also referred to as a “data subject access request” or “DSAR”), and we have endeavored to capture this information within this Policy.

We are happy to provide you with details of the Personal Data that we process about you. To protect our customers' personal information, we follow strict storage and disclosure procedures, which means that we will require proof of
identity from you prior to disclosing such information. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.

Right to rectification
You have the right to have any inaccurate Personal Data rectified and to have any incomplete personal information about you completed.
It is important that the Personal Data we hold about you is accurate and current.

Please keep us informed if your Personal Data changes during your relationship with us. If we do hold Personal Data and you believe it is incorrect, you
may submit a request to SmartBreeder to correct any alleged mistakes. SmartBreeder shall communicate any rectification of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such
recipients if you request it.

Right to restrict processing
Instead of requesting erasure, you also have the right to right to restrict processing of your personal information where:

  •  you contest the accuracy of the personal information;
  •  processing is unlawful, but you do not want us to erase it;
  •  we no longer need to process your personal information but you need us to retain your information as you need it for the establishment, exercise, or defence of legal claims; or
  •  you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. SmartBreeder shall communicate any restriction of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients if you request it.

 

Right to object
You have a right to object at any time to processing of Personal Data (including profiling) concerning you where:

  •  processing is based on your consent, and you withdraw that consent;
  •  processing is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in a controller; or
  •  where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. SmartBreeder does not process Personal Data on grounds of public interest or exercise of official authority. We do however rely on our legitimate interests as a lawful basis for processing Personal Data as outlined in this Policy. This applies, in particular, in the context of directly marketing to you. Exercise of this right may impact the services we can provide and we will explain this to you if you decide to exercise it. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which
  • override your rights and freedoms, and this may allow us to continue to (wholly or partly) process your personal information.

Right opt-out of direct marketing

This forms part of your right to object (see immediately above), but is an absolute right, in that it is always available to you and you can exercise this right at any time without restriction.

You have a choice about whether or not you wish to receive direct marketing information from us. We will not contact you for marketing purposes unless:
 you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above); or
 you have otherwise given your prior consent (such as when you actively subscribe for news, information, newsletters or marketing information on our website, where we provide this functionality).

We will only use your preferred communication channels to contact you, and on each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your Personal Data for marketing purposes (known as ‘opting-out’) by clicking on an ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data.

You can change your marketing preferences and/or opt-out at any time by contacting us on the details in section 2 (Who are we and how to contact us)

Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Policy or applicable terms of business, etc.) will solely be directed at our clients or business partners, and
such communications generally do not offer an option to unsubscribe as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website or as part of a contractual relationship we may have with you.

Right to data portability

You have a right to receive the Personal Data concerning you (which you have provided to us) in a structured, commonly used and machine-readable format, or ask us to send it to another person. This right only applies where:

  •  processing is based either (i) on your consent or (ii) on a contract we have with you (or steps taken at your request prior to entering into a contract); and
  •  processing is carried out by automated means (i.e. excluding paper files)
Processing by automated means is understood as general electronic processing, and is to be distinguished from automated decision-making (explained below). This right does not include any additional data that created by SmartTrace based on the data you have provided. For example, if we use the data you have provided to create a user profile, then this data would not be in scope of data portability (but could be in the scope of a data subject access request as explained above)

 

Right to erasure (‘right to be forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances:

  •  the personal information is no longer necessary for the purpose for which it was collected;
  •  you withdraw your consent to consent based processing and no other legal justification for processing applies;
  •  you object to processing for direct marketing purposes;
  •  we unlawfully processed your personal information; and/or
  •  erasure is required to comply with a legal obligation that applies to us.

We will proceed to comply with an erasure request without delay, unless continued retention is necessary for:

  •  Exercising the right of freedom of expression and information;
  •  Complying with a legal obligation under EU or other applicable law;
  •  The performance of a task carried out in the public interest;
  •  Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
  •  The establishment, exercise, or defence of legal claims.

SmartBreeder shall communicate any erasure of Personal Data to each recipient to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort, and shall inform you about such recipients
if you request it.

Right to freedom from automated decision-making
SmartBreeder does not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions
based on automated processing concerning you or significantly affecting you and based on your Personal Data are made by natural persons, not only by computers.

Other rights
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your
consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent

Consent should be as easy to withdraw as it is to give, so we will normally provide toggle switches, tick boxes or forms that allow you to change your preference at any time online. However, if an online option is not available, or if you have submitted a paper form and no longer have a copy available, you can always enquire about and exercise your right to withdraw consent by contacting our Privacy Manager on the details in section 2 (Who are we and how to contact us).

Raising a complaint about how we have handled your Personal Data
If you wish to raise a complaint on how we have handled your Personal Data, you can contact us as set out above and we will then investigate the matter.

Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction or otherwise believe our processing of your Personal Information does not comply with data protection
law, you can make a complaint to the relevant EU data protection authority where you are located. The contact details for each EU data protection authority can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based
in the EEA.

If your complaint relates to products and services provided by SmartTrace, you should review their complaint handling procedures and privacy policy as may be available on their website: https://smarttrace.org.uk.