Last updated: 2.7.21
This notice tells you how we look after your personal data when you visit our website at https://minima.global/ (Website), use our services or participate in our Minima Incentive Program (together, the Services).
It sets out what information we collect about you, what we use it for and whom we share it with. It also explains your rights and what to do if you have any concerns about your personal data.
We may sometimes need to update this notice, to reflect any changes to the way the Services are provided or to comply with new legal requirements. We will notify you of any important changes before they take effect.
Who we are and other important information
We are Minima Global Ltd, a company registered in United Kingdom with company number 11748734 whose registered address is 15 Westferry Circus, London E14 4HD, UK (we / us / our).
For all visitors to our Website and those who use our Services, we are the controller of your information (which means we decide what information we collect and how it is used). We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under number ZB112662
If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:
- Email address: email@example.com
- Postal address: 15 Westferry Circus, London E14 4HD, UK
The information we collect about you
Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect from you below:
- Identity Data – name, email, mobile number
- Contact Data – your email address, telephone numbers
- Feedback – information and feedback you provide about our Services
- Communication Data – any exchanges between you and us by email or any other means
- Technical and Usage Data - information about your visit to our Website and internet protocol (IP) address, browser type and version, browser plug-in types and versions, operating system and platform on the devices you use to access our Website
- Marketing Data – information you submit to confirm whether you wish to receive marketing from us and which method you prefer to be contacted by (e.g. text, email)
How we use your information
We are required to identify a legal justification (also known as a lawful basis) for collecting and using your personal data. There are six legal justifications that organisations can rely on. The most relevant of these to us are where we use your personal data to:
- fulfil our contract with you
- pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy)
- comply with a legal obligation that we have
- do something for which you have given your consent
The list below sets out the lawful basis we rely on when we use your personal data. If we intend to use your personal data for a new reason that is not stated in the list, we will update our privacy notice.
Purpose: Providing our Services to you
Justification: Contract (you accept our Terms and Conditions)
Purpose: Asking you to provide feedback about our Website and Services
Justification: Consent (the feedback is always optional)
Purpose: Providing insight on how our Website is being used
Justification: Legitimate interest (necessary to improve and optimise our Website)
Purpose: Administering and protecting our Website and systems
Justification: Legitimate interests (necessary to provide our Services, monitor and improve Website security and prevent fraud)
Purpose: Handling requests for technical support and other queries
Justification: Legitimate interests (necessary to provide our Services to you and ensure the proper functioning of our Website)
Purpose: Defending against legal claims
Justification: Legitimate interests (to protect our business and defend ourselves against legal claims)
Purpose: Notifying you about changes to our privacy notice
Justification: Legal obligation (necessary to comply with our obligations under data protection law)
We may anonymise the personal data we collect (so it can no longer identify you) and then combine it with other anonymous information so it becomes aggregated data. Aggregated data helps us identify trends (e.g. what percentage of users responded to a specific survey). Data protection law does not govern the use of aggregated data and the various rights described below do not apply to it.
Who we share your information with
We share (or may share) your personal data with:
- Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations
- Our supply chain: other organisations that help us provide our Services. We ensure these organisations only have access to the information required to provide the support we use them and have a contract with them that contains confidentiality and data protection obligations
- Regulatory authorities: such as HM Revenue & Customs
- Our professional advisors: such as our accountants or legal advisors where we require specialist advice to help us conduct our business
If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.
Where your information is located or transferred to
We will only transfer information outside of the UK where we have a valid legal mechanism in place (to make sure that your personal data is guaranteed a level of protection, regardless of where in the world it is located, e.g. by using contracts approved by the European Commission or UK Secretary of State).
If you access our Website or purchase our Services whilst abroad then your personal data may be stored on servers located in the same country as you or your organisation.
How we keep your information safe
We have implemented security measures to prevent your personal data from being accidentally or illegally lost, used or accessed by those who do not have permission. These measures include:
• access controls and user authentication • internal IT and network security • regular testing and review of our security measures • staff policies and training • incident and breach reporting processes • business continuity and disaster recovery processes
If there is an incident that has affected your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we notify the controller and support them with investigating and responding to the incident. If you notice any unusual activity on the Website, please contact us at firstname.lastname@example.org.
How long we keep your information
Where we act as the controller, we will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
To decide how long to keep personal data (also known as its retention period), we consider the volume, nature, and sensitivity of the personal data, the potential risk of harm to you if an incident were to happen, whether we require the personal data to achieve the purposes we have identified or whether we can achieve those purposes through other means (e.g. by using aggregated data instead), and any applicable legal requirements (e.g. minimum accounting records for HM Revenue & Customs).
We may keep Identity Data, Contact Data and certain Communications Data for up to six years after the end of our contractual relationship with you.
If you browse our Website, we keep personal data collected through our analytics tools for only for as long as necessary to fulfil the purposes we collected it for.
If you have asked for information from us or you have subscribed to our mailing list, we keep your details until you ask us to stop contacting you.
Your legal rights
You have specific legal rights in relation to your personal data.
It is usually free for you to exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once).
We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens, we will always inform you in writing.
We do not respond directly to requests which relate to personal data for which we act as the processor. In this situation, we forward your request to the relevant controller and await their instruction before we take any action. If you wish to make any of the right requests listed below, you can reach us at email@example.com.
Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.
Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.
Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it (see above). If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.
Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it.
Objection: You can object to us using your personal data if you want us to stop using it. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.
Portability: You can ask us to send you or another organisation an electronic copy of your personal data.
Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the ICO or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. Please contact us at firstname.lastname@example.org.
Cookies are not harmful to your devices (like a virus or malicious code), but some individuals prefer not to share their information (for example, to avoid targeted advertising).
Cookies can be grouped by what they help the website or website owner do. • Necessary cookies are cookies that help the website to run properly (when they are strictly necessary cookies it means their only function is to help the website work). • Performance cookies help a website owner understand and analyse how website visitors use their website. • Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, etc.
- to track how visitors use our Website
- to record whether you have seen specific messages we display on our Website
- to keep you signed in to our Website
- to capture and analyse information such as the number of your views and shares
The cookies we use are:
What it does: This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. Duration: 2 years
Cookie: _gid Purpose: Analytical What it does: This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visited in an anonymous form. Duration: 1 day
Cookie: _gat Purpose: Performance What it does: This cookie is installed by Google Universal Analytics to throttle the request rate to limit the collection of data on high traffic sites. Duration: 1 minute
You can also delete cookies directly with the relevant third parties (for example, you can disable Google Analytics on their website).