PRIVACY POLICY
(last updated: June 2024)
1) ABOUT US & THIS PRIVACY POLICY
The lang cat limited (we/us/our/lang cat) is the (i) owner and operator of thelangcat.co.uk, analyser.thelangcat.com, langcatanalyser.com and all associated lang cat websites (including any subsequent or replacement URL or URLs) (our Site), including any applications and/or digital channels provided by us for the purpose of accessing our Site or other services, and (ii) provider of the lang cat services, business information, publicity, products or goods ((i) and (ii) together being our Services).
Our Details
We are a limited company registered in Scotland under company number SC390771. Our registered company address is 6 Quayside Mills, Edinburgh, EH6 6EX. We are registered with the Information Commissioner’s Office in the UK under registration reference ZA263079.
If you have any questions about this privacy policy or our wider privacy practices, or if you want to make a complaint, please get in touch with us using the details below:
Telephone: 0131 380 4747
Online: through our contact form
Email: [email protected]
This Policy
We are what is known as a data controller of the personal information we gather and use in our business to be able to provide the Services. This means we are responsible for the personal data we collect.
It is important that you read this privacy policy together with any other terms that might apply in specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. Further details in connection with our and your use of personal information are also contained in our Terms of Use and our Cookie Policy.
2) YOUR PRIVACY
We take your privacy seriously, process your data in compliance with data protection law and we are Cyber Essentials accredited. This notice provides information about your privacy rights and how we gather, use and share your personal information (or personal data). This includes the personal information that we already hold about you now and the further personal information we might collect about you (either directly from you or from a third-party). How we use your personal information will depend on the Services we provide to you.
This notice describes the categories of personal information we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with applicable data protection laws (including the UK General Data Protection Regulations and the Data Protection Act 2018).
Third-party links
Where our Site includes any links to third-party websites, plug-ins and applications, clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Site, we encourage you to read the privacy policy of every website you visit.
Categories of Personal Data
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Contact Data includes first name, last name, email address and telephone number, business address.
- Transaction Data includes details about Services you have subscribed to from us.
- Finance Data includes card details and/or bank details for subscription payments (although this information may be held by a payment processor on our behalf).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our Site together with information on how you use our Site.
- Profile Data includes your account information for logging into our Site, your interests, feedback and survey responses.
- Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Technical Data to calculate the percentage of users accessing a specific Site feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Our Site and Services are not designed for use by those under the age of 18 and we do not knowingly collect any data relating to children, special category data or information about criminal convictions and offences.
Your responsibilities regarding personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you (for example a contract for Services), and you fail to provide that data when requested, we may not be able to carry out our obligations. If we require personal data to provide you with Services and you do not provide it, we may have to cancel the Services you have with us but we will notify you if this is the case at the time.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Analyser clients can do this by logging into your account and updating certain information or contacting us directly to update on your behalf. All other clients should contact us directly to update on your behalf.
Information you provide
Where you provide us with personal data relating to third parties, you confirm that you are entitled to share that information with us and you have all necessary consents, rights and permissions necessary to do so. You will be responsible for ensuring that any information provided is accurate.
3) HOW WE GATHER & USE YOUR PERSONAL INFORMATION
We collect personal data using different methods including:
- Direct interactions: you may provide personal data directly to us, for instance when you register to use or receive our Services including email updates, through a registration or payment process, enquiry form, feedback form, registration for events, panel participation and emails.
- Third party sources: We may also collect information from publicly available sources (e.g. Companies House, online sites and social media platforms such as X (previously Twitter) Bluesky and LinkedIn).
- Automated technologies or interactions: As you interact with our Site and Services, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. You can opt out of our use of cookies if you wish. Please see our cookie policy for further details
How we use your personal data
We collect and use personal information where (i) needed to perform a contract with you; (ii) to comply with our legal obligations; (iii) we have your consent (if consent is needed); or (iv) for certain fair or legitimate business purposes.
We will not process personal data in a way that is incompatible with the purposes for which it has been collected or subsequently agreed to by you. We also will not collect any personal data that is not needed for the mentioned purposes. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rule, where it is required or otherwise permitted by law.
Our Purposes
We have set out below details of the ways we use your personal data and the legal grounds we rely on to do so.
Use | Legal basis |
To provide communications, newsletters, email information or updates which we think will be of interest to you. You have the right to unsubscribe from these communications at any time through the unsubscribe link attached to any of our email communications, or otherwise please contact us. | Necessary for our legitimate interests (to develop our products/services and grow our business. |
To onboard you as a user of the Services (and verify identity where this is required). | Performance of a contract with you. |
To process an order or financial transaction. | Performance of a contract with you. Necessary for our legitimate interests (for running our business and provision of products/services). |
To manage our relationship with you. | Performance of a contract with you. Necessary for our legitimate interests (running our business, providing products/services, developing relationships with our customers). Necessary to comply with a legal obligation |
For statistical or survey purposes to improve the Services. | Necessary for our legitimate interests (to develop our services and grow our business. |
To improve our Site and Services and serve content to you through the Site. | Necessary for our legitimate interests (to define types of customers for our products/services, to keep our content relevant, to develop our business and to inform our marketing strategy). |
To administer and provide the Services, including the provision of tools and functionality, and to monitor use (including content generated through use) of the Services. | Performance of a contract with you. Necessary for our legitimate interests (for running our business and provision of products/services). Necessary to comply with legal obligation. |
To administer and protect our business and our Site and Services (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud). |
We also use analytic data for our legitimate interests (to understand how customers use our Site and Services, and to develop our business and inform our marketing strategy).
How we might share your personal data
Your personal information may be disclosed or shared with limited third parties for a limited purpose. These third parties may be businesses who will help process your order, provide the Services and/or who we otherwise work with.
We might also share with our professional advisers who provide legal, insurance and accounting services to us, or with appropriate regulatory, government and industry bodies, like ICO, HM Revenue & Customs, fraud prevention organisations or law enforcement bodies who require reporting of processing activities in certain circumstances, especially in the prevention of money laundering and fraud.
Finally, we may share personal data at an appropriate stage to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
Whenever we share personal information, we will do so in line with our obligations to keep personal information safe and secure.
International Transfers
The majority of your personal information is processed in the UK. However, some of this (e.g. information held on cloud storage, or information that is exchanged with third party service providers who assist us in the provision of the Services including Less Annoying Software LLC (customer management), Mailchimp (Intuit Inc. e-communications), Google Inc, Sage Group plc (payments), Stripe Payments UK Ltd, PayPal (Europe) S.a.r.l. (also payments), Crowdcast Inc. (online event organisation), our Analyser system software provider in Edinburgh, Bad Dinosaur Limited, Zimma Ltd (Ticket Tailor events ticketing platform) and Automattic Inc. (website systems such as WordPress.com & WooCommerce)) may be processed by us, or such third parties, in the European Economic Area (EEA) and other countries such as the United States.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the ICO; or
- Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK (like the International Data Transfer Agreement approved by the ICO).
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK
4) HOW LONG WE WILL KEEP YOUR PERSONAL INFORMATION FOR
How long we keep data in a form which permits identification of data subjects depends on the Services provided to you, and we won’t retain your personal information for any longer than is necessary for the purposes that we need to use it. We may retain your personal data for a longer period if there has been a complaint or if we think there is a risk of a claim in respect of our Services.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
As a general rule, we will retain your personal data as long as you are a registered user of our Site, and for a short period after your subscription ends, so we can manage our relationship with you and provide Services. We will also retain certain Transactional Data for seven years for legal, regulatory, tax and accounting purposes.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
5) YOUR ONLINE ACTIVITIES
We use cookies on our Site and in the provision of the Services in order to make your user experience as easy and quick as we can. For further information, please refer to our Cookie Policy.
6) DATA SECURITY
We take data security seriously and are Cyber Essentials accredited. We know that it is incredibly important to protect and manage personal data appropriately, but unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted online or through the Site.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
7) YOUR RIGHTS
Complaints
You will always have the right to lodge a complaint with a supervisory body. The relevant authority in the UK (where we are based) is the Information Commissioner’s Office (www.ico.org.uk). If you do have a complaint, we would appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance if possible, at the email address above. If you are based in another jurisdiction, you may have additional rights or ability to refer matters to an alternative supervisory body.
Rights
You also have certain other rights in relation to your personal data. We have set these out in the table below:
Your Right | What it means |
Right to be informed You have the right to be told how we will use your personal data | We provide this privacy policy to explain how we use your personal data. We will also answer any questions you have on how we use your personal data.
|
Right of access You can ask us to receive a copy of your personal data, commonly known as a SAR. | If you ask, we will confirm how we process your personal data and, in certain cases, provide you with a copy of the personal data we hold about you. There are some exemptions where we do not need to provide copies (like communications we have had with our legal advisers), and we can’t give you any personal data about other people or personal data which is linked to ongoing investigations, and we are prevented by law from sharing. |
Right to rectification You can ask us to correct your personal data if you think it is wrong or complete if it is incomplete | You can have incomplete or inaccurate personal data corrected. Before we update your file, we may need to check the accuracy of the new personal data you have provided, and we will restrict processing while we verify the accuracy. |
Right to erasure You can ask us to delete personal data in certain circumstances | If we do not have a reason for holding your personal data and continuing to use it, if you gave us consent and have now withdrawn that consent, where you have objected to us using your personal data or we are using it unlawfully, you can ask us to delete it. We might not be able to do this in all circumstances, and we may need to retain information for legal obligations. We will always confirm if we cannot delete entirely. |
Right to restrict processing In certain circumstances, you can ask us to restrict or suspect use of your personal data. | You can ask us to suspend the processing of your personal data in the following scenarios: · If you want us to establish the data’s accuracy. · Where our use of the data is unlawful but you do not want us to erase it. · Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims. · You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. |
Right to object You can object to us processing your personal data for (i) direct marketing or (ii) our own legitimate interests. | If you object to direct marketing, we must stop using your personal data for that reason. If we are using legitimate interest, you can object to us using your personal data. But if there is an overriding reason why we need to use your personal data, we do not need to accept your request to stop and can continue to use your personal data. If you object to us using personal data which we need in order to provide our services, we may need to close your account as we won’t be able to provide the services |
Right to data portability You can ask us to transfer your personal data to you or another company | We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. |
If you wish to exercise any of the rights set out above, please contact us using the details at the start of this policy.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we are permitted under law to charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests promptly and within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
© the lang cat ltd, June 2024 edition