One Hot Tub is a blogging site about anything related to hot tubs, from maintenance to relaxation.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR) and the Data Protection Act 2018, together the “Data Protection Laws”), the company responsible for your personal data is One Hot Tub (“we” or “us”).
We have developed this policy because we want you to feel confident about the privacy and security of your personal information. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
What personal information do we collect about you, and when do we collect it?
We collect and process some or all of the following types of information from you in the course of your use of the website, providing our services, and/or dealing with you as a supplier to One Hot Tub:
Information you provide in the course of communications with us. This includes information you provide when requesting further details of our services, registering on our website, or when negotiating contracts for provision of products and/or services (either where we are your customer or a supplier).
Specifically we will process personal details such as your name, private and/or business address, contact telephone numbers (switchboard, direct lines and mobile numbers) and email address, and any other information provided by you when communicating with us, using the website or our services.
We may also ask you for other information relating to the service you are using or ordering. For example, we may need to collect bank details if paying by Direct Debit.
We may ask you from time to time about what use you make of the services we provide, what other services you would like us to provide in the future and for other relevant information.
Details of your visits to the website including, but not limited to, traffic data, location data, weblogs and other communications data, and the resources that you access.
The provision of certain information (e.g. name, address, contact details) is required from you to enable us to provide you with the services. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
What personal information do we collect about you from other companies and organisations?
We may receive personal information about you from other companies and organisations (for example, for marketing purposes) and we rely on these third parties to obtain your consent for us to use this information.
Please note that when you order goods and services from One Hot Tub we may make enquiries about you for credit reference purposes. These enquires include searching your records held by any credit reference agency. At all times where your information is disclosed to us we will protect it in accordance with this policy and keep it secure.
How do we use your personal information?
Lawful basis for processing
We rely on our legitimate interests in performing our contracts with our customers and suppliers, marketing and business development and the administration and improvement of our website and services, as the lawful basis on which we collect and use your personal data.
Where we have or are about to enter into a contract with you, we rely on performance of our contract with you as the lawful basis for processing.
Purpose of processing
We use information held about you in the following ways:
To provide you or the organisation that you are engaged by with our services.
To carry out our obligations arising from any contracts entered into between you (or the organisation that you are engaged by) and us.
To provide you with information and offers that you request from us or which we feel may interest you.
To notify you about changes to our services.
To ensure that content on the website is presented in the most effective manner for you and for the device(s) you use to access and view the website.
In addition to the above uses, we may use your information to notify you about goods or services which may be of interest to you. Where we do this, we will contact you by electronic means (email or SMS) only if you have consented to such communication. If you do not want us to use your data in this way, please either (i) tick the relevant box situated on the form on which we collect your data; (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform us at any time by contacting us at the contact details set out below.
Do we share your personal information with anyone else?
We sometimes use other companies to provide services to you or to provide services to us. To enable them to do this, we may need to share your personal information with them. When we do so, these companies are required to act in accordance with the instructions we give them and they must meet the requirements of the Data Protection Laws to keep the information secure.
We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).
We may also disclose your personal data to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
In response to properly made requests, for the purposes of the prevention and detection of crime, and the apprehension or prosecution of offenders. We may also provide information for the purpose of safeguarding national security.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our contracts with you (or the organisation that you are engaged by).
To protect our rights, property or safety, or that of our affiliated entities and our users and any third party we interact with to provide the website or our services.
In relation to selected third parties only, solely to the extent that you have consent to such selected third parties notifying you about certain goods or services, which may be of interest to you.
How do we keep your personal information secure?
We take appropriate measures to ensure that any personal information is kept secure, including security measures to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. We use a secure server to store the information you give us when you register or make an order. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
Where do we store your personal information?
All information we hold about you is stored on our secure servers [within the UK / EEA].
The information we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services.
Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission may not have given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the UK and EEA, any transfer of your personal data will be subject to a European Commission approved contract, or the EU-US Privacy Shield.
If you would like further information please contact us using the contact information provided below. We will not otherwise transfer your personal data outside of the UK or EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
For how long does One Hot Tub keep personal information?
The time period for which we keep information varies according to what the information is used for. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed. In particular:
Where we hold your personal information in connection with the performance of a contract with one of our customers or suppliers, we will hold your information, and in particular any communications between you and us in relation to the negotiation or performance of the contract by either party for so long as that contract is in force and for a period of at least [7 years] after.
Where we hold your data in connection with the marketing or promotion of our business, we will hold your data for up to [2 years], or for up to [2 years] after you last communicated with us, if later.
What are your rights in relation to the personal information we hold?
Even if we already hold your personal data, you still have various rights in relation to it under the Data Protection Laws free of charge. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to rectification: You have the right to ask us to rectify any inaccurate personal information. You may also be able to have incomplete personal information completed (though this may depend on the purposes for processing).
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, or using your data for direct marketing purposes, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). In the event you request that we stop processing your data for direct marketing, we will do so as soon as reasonably possible. We may retain some personal data to ensure that you are not sent direct marketing in the future. In the event of data being processed for other purposes, we will generally only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities you may withdraw your consent at any time.
Right to erasure: Otherwise known as the “right to be forgotten”. In certain situations (for example, if we have processed your data unlawfully, or the data is not necessary for the purpose we originally collected or processed it for), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted.
That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right to restrict processing: As an alternative to requesting we erase your personal data, you have the right to limit the ways that we use your data. Similarly, this right applies only in certain circumstances, e.g. if you are contesting the accuracy of the personal data we hold, and we are in the process of verifying the accuracy. Restricting our processing may mean temporarily moving the data to another system, or making the data unavailable to users. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation. You also have the right to lodge a complaint with the Information Commissioner’s Office who can be contacted on 0303 123 1113 or by the contact form on their website https://ico.org.uk.
How can I exercise my rights in relation to personal information One Hot Tub holds about me?
You can make a data subject request (sometimes known as a subject access request). The simplest way to do this is to put your request in writing and send it to One Hot Tub.
Please let us have enough information to identify you (e.g. an account number, username, registration details), proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you want specific information, please tell us and give us any relevant details to enable us to locate the information about you; this may mean we can speed up our reply.
How can I change the personal information One Hot Tub holds about me?
If your personal details change, or the information we hold about you is otherwise inaccurate, please contact us to let us know and we will make the necessary amendments and confirm that these have been made.
We may collect information about [your mobile phone, computer or other device from which you access the website] including where available [your IP address, operating system and browser type], for systems administration [and to report aggregate information to third parties affiliates]. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data we have about you in order to track your usage of our services.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
The cookies We use include:
“Analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
“Strictly necessary” cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
“Functionality” cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
“Targeting” cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed to our affiliates websites. We will use this information to make our website, offers e-mailed to you and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.