1. Introduction
Welcome to Iron Alpaca ("we", "us", or "our"). We are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is Iron Alpaca.
2. Contact Details
If you have any questions about this privacy policy or our privacy practices, please contact us:
- Entity Name: Iron Alpaca [Legal Entity Name, e.g., Ltd]
- Email: support@ironalpaca.uk
- Registered Address: [Insert UK Registered Address]
- Supervisory Authority: You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO.
3. The Data We Collect About You
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data: Includes first name, last name, or username.
- Contact Data: Includes email address (if you contact us or subscribe to a newsletter).
- Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
- Usage Data: Includes information about how you use our website, products, and services.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
4. How We Collect Your Data
We use different methods to collect data from and about you including through:
- Direct Interactions: You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email, or otherwise.
- Automated Technologies or Interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and server logs.
5. How We Use Your Data (Legal Basis)
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. (e.g., keeping our website secure, analyzing website traffic).
- Consent: Generally, we do not rely on consent as a legal basis for processing your personal data unless we are sending you direct marketing communications via email. You have the right to withdraw consent to marketing at any time.
- Contract: Where we need to perform the contract we are about to enter into or have entered into with you.
6. Cookies (PECR Compliance)
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
- Strictly Necessary Cookies: These are required for the operation of our website.
- Analytical/Performance Cookies: Allow us to recognize and count the number of visitors. We use Google Analytics for this purpose. Under the Privacy and Electronic Communications Regulations (PECR), we require your consent for non-essential cookies. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.
7. International Transfers
We may share your personal data with external third parties (e.g., hosting providers, analytics services). Some of these third parties may be based outside the United Kingdom (UK).
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK Government.
- Where we use certain service providers, we may use specific contracts approved for use in the UK (International Data Transfer Agreements - IDTA) which give personal data the same protection it has in the UK.
8. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know.
9. Data Retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.
10. Your Legal Rights (UK)
Under certain circumstances, you have rights under UK data protection laws in relation to your personal data:
- Request access to your personal data (commonly known as a "data subject access request").
- Request correction of the personal data that we hold about you.
- Request erasure of your personal data ("Right to be forgotten").
- Object to processing of your personal data where we are relying on a legitimate interest.
- Request restriction of processing of your personal data.
- Request the transfer of your personal data to you or to a third party.
- Right to withdraw consent at any time where we are relying on consent to process your personal data.
If you wish to exercise any of the rights set out above, please contact us at support@ironalpaca.uk.