14. Personal Data we Collect about You

We may collect and process the following personal data about our website visitors:

• Identity Data includes first name, last name, any previous names, title, nationality, country of residence, username or similar identifier, marital status, title, date of birth, and gender.
• Contact Data includes postal address, email address and telephone numbers. For example, if you send us an email or contact us via an online “Contact Us” form.
• Financial Data includes bank account and payment card details where you pay us for a service.
• Transaction Data includes details about bookings or payments to / from you and other details of products or services you have purchased from us.
• Correspondence between us such as website enquiries/ “Contact Us” enquiries, emails, letters, recorded telephone calls and correspondence relating to bookings, queries, incidents or complaints.
• Profile Data includes any of your usernames and passwords, any enquiries, bookings or purchases made by you, your interests, preferences and any feedback or survey responses that you have provided.
• Monitoring data includes information about how you use our website and other communications systems including internet services.
• Technical Data includes information collected during your visit to our website, your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
• Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.

Special Categories of Personal Data

When you visit our website, Fidum does not expect to routinely collect or process any special categories of personal data*. However, rarely, we may collect and process the following special categories of personal data where data protection law permits:

• Information about your racial or ethnic origin, religious or philosophical beliefs, and political opinions, for example where you provide this information to us in correspondence.

Information relating to physical or mental health or condition, for example, you may provide us with information about a disability you have in order for us to make reasonable adjustments.

• Special Category Personal Data relates to information about racial or ethnic origin, trade union membership, health and medical conditions, genetics, biometric information (but only where this is used for identification purposes), political opinions, sex life, sexual orientation and religious beliefs.

15. Where We Source Your Personal Data

Your personal data is mostly collected directly from yourself but in a few cases we collect it from third parties. We use the following different methods to collect your personal data including through:

• Your interactions with us: You may give us your personal data by filling in online forms or by corresponding with us by email, phone, post or otherwise. This includes personal data you provide when you register with us, enter a survey or promotion, provide us with feedback or otherwise generally correspond with us.
• Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
• Third parties or publicly available sources: Depending on the circumstances, we may collect or receive personal data about you from various third parties such as third party cookie providers. Please see our Cookie Policy for information.

16. If You Fail To Provide Your Personal Data

Where we need to collect personal data by law or in order to process your instructions or perform a contract we have with you and you fail to provide that data when requested, we may not be able to carry out your instructions or perform the contract we have or are trying to enter into with you. In this case, we may have to cancel our engagement or contract you have with us, but we will notify you if this is the case at the time.

17. Our Purposes and Legal Bases for Processing your Personal Data: Website Visitors

Fidum will only process your personal data providing data protection law permits or requires it.

When processing your personal data, data protection law requires us to have a legal reason (legal basis) for collecting and using it. The table below describes our purposes for processing personal data of our website visitors, and the corresponding legal bases we rely on to do so. Where we rely on the legal basis of “legitimate interests”, we have also identified what those “legitimate interests” are.

Purpose / Use of Personal Data	Category / Type of data	Legal basis under UK GDPR
For the purposes of administering the Fidum Website		Legitimate Interests (Article 6(1)(f) EU GDPR).
For the purposes of administering website cookies: 1.       Strictly Necessary Cookies: these cookies to enable our website to operate effectively.		1.       Strictly Necessary Cookies: Legitimate Interests: (Article 6(1)(f) UK GDPR). Our website uses cookies or similar technologies that are strictly necessary in order to provide our internet services requested by you or to meet other necessary requirements. In these circumstances we do not rely on your consent and it is in our legitimate interests to process your personal data for these purposes. You can find out more about our cookies in our Cookie Policy.
For the purpose of administering queries or correspondence received via our website including Online Forms, email or similar.	(a) Identity (b) Contact (c) Company name if relevant (d) Correspondence (e) potentially special category personal data	(a)    Legitimate Interests (Article 6(1)(f) UK GDPR). (b)    We process special category personal data, as necessary, with your explicit consent (Article 9(2)(a) UK GDPR).
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy. (b) Dealing with your requests, complaints , feedback, correspondence and queries.	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	(a)    Necessary to comply with a legal obligation (We are required under Article 13/14 UK GDPR to provide you with the privacy information within this Privacy Notice and to ensure it is accurate and up to date. (Article 6(1)(c) UK GDPR)). (b)    Necessary for our legitimate interests (Article 6(1)(f) UK GDPR). (We are required to keep our records updated and manage our relationship with you.)
To enable you to partake in a prize draw, competition or complete a survey.	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications	(a)    Performance of a contract with you (Article 6(1)(a) UK GDPR) If you take part in a competition or prize draw we may be required to process your personal data in order to fulfil a contract we have with you. (b)    Necessary for our legitimate interests (Article 6(1)(f) UK GDPR). It is in our legitimate interest to study how our contacts and clients use our services, so we can continue to develop them and meet demand.
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data).	(a) Identity (b) Contact (c) Technical	(a)    Necessary for our legitimate interests (Article 6(1)(f) UK GDPR)). It is in our legitimate interests to be able to run our business and deliver our services and this website effectively, ensure network security, prevent fraud and protect our network and systems.
To send you relevant direct marketing communications about our services that may be of interest to you based on your Profile Data.	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications	(a)    We will rely on Legitimate Interests to carry out direct marketing, develop our products/services and grow our business. (Article 6(1)(f) UK GDPR). We will rely on Legitimate Interests to send you direct marketing communications to send you direct marketing communications via post that you have not specifically requested. (Article 6(1)(f) UK GDPR). (b)    Consent (Article 6(1)(a) UK GDPR). We will obtain your consent to send you direct marketing communications that you have not specifically requested, via email or by telephone and the law requires us to obtain your consent.

18. Your Legal Right To Object to Processing of Your Personal Data

Where your personal data is processed by us for the legal reason (lawful basis) of “legitimate interests”, you have the legal right to object. You can find a list of the purposes where your information is processed under the legal basis of “legitimate interests” above in the table, “Our Purposes and Legal Bases for Processing your Personal Data: Website Visitors”

In some cases, the right to object is absolute; this means that Fidum must comply with your objection and stop using your personal information. For example, you have the absolute right to object to your personal data being processed for the purpose of direct marketing.

In other cases, the right to object is not absolute.  This means that you have the legal right to object and Fidum must stop using your personal data unless it can demonstrate that its legitimate interest is more compelling than the impact of the processing has on you. Fidum will generally have one calendar month in which to respond to your objection.

If you want to object to your personal data being processed by Fidum for the legal reason of “legitimate interests”, please contact our Data Protection Manager using any of the contact details set out in “Contact”.

19. Who we may Share your Personal Data With

To deliver our services and comply with our legal obligations may share your personal data with the parties set out below for the purposes set out in the table Our Purposes and Legal Bases for Processing your Personal Data: If you require more detail,  please contact our Data Protection Manager.

• External Third Party Controllers: Fidum may need to share your personal data with third party organisations to be further processed by them as independent Controllers for their own independent purposes. For example, public authority regulators who need to access your personal information in order to exercise their statutory functions. For example, HMRC, the Information Commissioner’s Office, Financial Conduct Authority, the Police etc.
• External Third party professional advisors: such as legal advisors, consultants, auditors, insurers and any organisation or individual appointed by us to carry out an independent investigation.

In most cases, even though they may be providing Fidum with a service, the external third party advisor will be an independent Controller of your personal data.

• External Third party Service Providers (Processors): Processors are external service providers that have access to your personal data. Fidum remains the Controller of your personal data and in charge of it.

Where this happens, your personal data is shared securely, in compliance with data protection law and where a GDPR-compliant data processing contractual arrangement has been entered into. Processors are legally bound to only process your personal data on Fidum’s instructions and to take appropriate measures to keep it secure. They may not use your personal data for their own purposes.

By way of example, your personal data is  shared with the following Processors:

• Website hosting service providers such as GoDaddy.
• IT Service Providers such as Comis Technology Ltd (IT Support), 162-168 Regent Street, London, W1B 5TD.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets: Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Notice.