BY ACCESSING AND USING THIS WEBSITE OR OUR SERVICES, THE DATA SUBJECT CONSENTS TO THE PROCESSING OF THEIR PERSONAL DATA BY APOLLO BLACK LIMITED (HEREINAFTER REFERRED TO AS IndieMaker) ON THE BASIS SET OUT IN THIS PRIVACY NOTICE. IF THE DATA SUBJECT DOES NOT CONSENT, THE DATA SUBJECT MUST IMMEDIATELY STOP ACCESSING AND/OR USING THIS WEBSITE AND OUR SERVICES.
- 1.1 IndieMaker collects, uses and, in some circumstances, shares the personal data of data subjects in and through this website and during the provision of services to you.
- 1.2 IndieMaker respects the rights of data subjects whose personal data is collected and used by it, including their right to protection against the unlawful collection, retention, sharing and use of such personal data.
2. Definitions and Interpretation
- 2.1.1 consent shall have the meaning ascribed to it by the GDPR from time to time;
- 2.1.2 data protection legislation means, to the extent applicable (i) data protection laws and any data protection obligations contained within national legislation in England and Wales, and (ii) all other applicable law and regulations relating to data protection and privacy in (a) any jurisdiction in which obligations are performed, the relevant data subject is located, or the personal data is being processed, stored or used including the including the EU Data Protection Directive 95/46/EC, the EU Directive on Privacy and Electronic Communications 2002/58/EC, and Commission decisions and Guidance and the European Union General Data Protection Regulation ("GDPR");
- 2.1.3 data protection officer means CTO, reachable at email@example.com;
- 2.1.4 GDPR means the EU Directive on Privacy and Electronic Communications 2002/58/EC, and Commission decisions and Guidance and the European Union General Data Protection Regulation;
- 2.1.5 law means means all legal and regulatory requirements in England and Wales and any other jurisdiction from which the services are provided that are applicable in relation to the services;
- 2.1.6 data processor shall have the meaning ascribed to it by the GDPR from time to time;
- 2.1.7 personal data shall have the meaning ascribed to it in the GDPR from time to time;
- 2.1.8 process or processing shall have the meaning ascribed to it in the GDPR from time to time;
- 2.1.9 special personal data means any biometric information linked to a data subject or or biometrical information that can identify a data subject;
- 2.1.10 services means the services provided to any data subject by IndieMaker;
- 2.1.11 data subject means a visitor or data subject of this website, or any of the content or services associated with this website; and
- 2.1.12 the website means the website or any part thereof which is accessible from indiemaker.co.
- 2.2.1 the singular includes the plural and vice versa;
- 2.2.4 any one gender includes the other genders, as the case may be;
- 2.2.3 an act, regulation or other law is to the version of that law in force at the effective date of this Policy and includes any amendment or re-enactment made to that law after the effective date of this Policy.
- 2.3 When calculating any number of days for the purposes of this Policy, the first day must be excluded and the last day of the relevant interval included, unless the last day is not a business day, then the last day will be the next succeeding business day.
- 2.4 The word "include" means "include without limitation". Use of the word ‘'include'' or ‘'in particular'' is for illustration or emphasis only and where followed by specific examples must not be interpreted as limiting the meaning of the general wording preceding it.
3. Data Controller
- 3.1 IndieMaker will be the party who will be collecting and processing a data subject's personal data and as such is designated as the data controller for the purposes of this Policy.
3.2 IndieMaker‘s contact details are as follows:
- Email: firstname.lastname@example.org
- Website address: https://indiemaker.co
- 3.3 IndieMaker may instruct third party data processors from time to time to undertake certain processing activities relating to the data subject's personal data.
4. What Personal Data is Collected
4.1 IndieMaker may collect the following personal data from the data subject:
- 4.1.1 Initials, first name, surname;
- 4.1.2 Date of birth;
- 4.1.3 Email address;
- 4.1.4 Age and language preference;
- 4.1.5 Gender;
- 4.1.6 Billing information;
- 4.1.7 Address;
- 4.1.8 Cellphone number;
- 4.1.9 IP address.
- 4.2 The supply of personal data by the data subject to IndieMaker is voluntary and not mandatory. However, if the data subject refuses to supply any personal data, certain consequences may naturally flow from such a refusal, such as preventing IndieMaker from concluding or performing any contract with the data subject, or preventing IndieMaker from complying with one or more of its obligations in law.
5. Purpose/s for Collection and Processing of Personal Data
- 5.1 IndieMaker shall only collect a data subject's personal data for a specific, explicitly defined and lawful purpose relating to a function or activity of IndieMaker's business.
5.2 Such purposes may include the following:
- 5.2.1 to enter into a contract with a data subject;
- 5.2.2 to perform any obligations under a contract with a data subject;
- 5.2.3 to comply with a legal obligation;
- 5.2.4 to protect a legitimate interest of a data subject (unless the data subject has specifically objected in writing to all or some of the processing activities on reasonable grounds);
- 5.2.5 to pursue its own legitimate interests or the legitimate interests of a third party who it is sharing the information with (unless the data subject has specifically objected in writing to all or some of the processing activities on reasonable grounds);
- 5.2.6 to process personal data for direct marketing purposes (only if the data subject has opted in to receiving any direct marketing material);
- 5.2.7 to customise and display content including, but not limited to products, articles, listings and advertisement to the data subject in a way that IndieMaker feels may interest the data subject or be most beneficial to them;
- 5.2.8 to send content including, but not limited to products, articles, listings and advertisement content to the data subject via email or other electronic media, where the data subject has consented to be contacted by IndieMaker with such content;
- 5.2.9 to enable the data subject to voluntarily participate in interactive features on the website;
- 5.2.10 to notify the data subject about changes to the website or services.
- 5.3 If IndieMaker intends to process a data subject's personal data for any other purpose not listed in clause 5.2 or which is otherwise not automatically permitted by law, it shall ensure that it obtains the Ddta subject's written consent to do so.
- 5.4 IndieMaker will not sell a data subject's personal data to any third party without the prior written consent of the data subject.
6. Collection Directly from Data Subject
6.1 IndieMaker shall, as far as possible, always collect personal data about a data subject directly from the data subject, except in the following circumstances:
- 6.1.1 Where personal data is collected from a public record, or from another source if the information has already been made public by the data subject;
- 6.1.2 where the data subject has given their written consent to IndieMaker to collect their information from another source;
- 6.1.3 where the collection of a data subject's personal data from another source will not prejudice any of the data subject's legitimate interests;
- 6.1.4 where the collection of personal data from another source is necessary to maintain IndieMaker' legitimate interests or those of any third party it intends sharing the information with;
- 6.1.5 where the collection of personal data directly from the data subject would prejudice the purpose for the collection;
- 6.1.6 where the collection of personal data directly from the data subject is not reasonably practicable in the circumstances.
- 6.2 If IndieMaker collects personal data from a source other than the data subject, it shall record in writing the details of that source, including the full names and contact details of that source where applicable.
6.3 Personal data may be collected from or supplied by the data subject in any of the following ways:
- 6.3.1 during the process of registering on this website;
- 6.3.2 when subscribing to a service;
- 6.3.3 when posting a comment, review, reply or recommendation on this website (no personal data will be posted to any public forum by us);
- 6.3.4 when requesting further services or information from IndieMaker;
- 6.3.5 when contacting IndieMaker to report a problem with the website or the services or for any other reason;
- 6.3.6 when completing any forms on the website.
- 6.4 The data subject may visit the website without providing any personal data. However, the website's servers may still collect technical information regarding the use of the website, which is aggregated for analytical purposes, technical maintenance and for improving the content offered on the website. Such information may include details of the data subject's visit, information about the data subject's computer, including IP (Internet Protocol) address, operating system and browser type, the data subject's location, and usage information. An individual data subject will not be identified from or by this information and IndieMaker is entitled to copy, distribute or otherwise use such information without limitation.
- 7.1 Cookies are small text files transferred by a webserver to a data subject's hard drive and thereafter stored on their computer. The types of information a Cookie collects includes a data subject's username, the date and time of their visits to the website, their browsing history and preferences.
- 7.2.1 distinguish one data subject from another on the website;
- 7.2.2 remember the data subject's last session when they return to the website;
- 7.2.3 estimate the website's audience size and usage patterns;
- 7.2.4 store information about the data subject's preferences, which allows IndieMaker to customize the website and content according to the data subjects individual preferences; and
- 7.2.5 speed up searches on the website.
8. General Conditions for Processing of Personal Data
- 8.1 IndieMaker shall comply with all laws, contracts or regulations when it processes a data subject's personal data.
- 8.2 IndieMaker shall not act unreasonably when processing a data subject's personal data. This means that it will collect and process a data subject's personal data in a way that the Data subject can reasonably expect and in a way that is fair.
- 8.3 IndieMaker shall respect the data subject's right to privacy at all times. If there is another way in which it can achieve the same goal without posing any risk of harm to the privacy rights of the data subject, then it will choose that option.
- 8.4 Similarly, if IndieMaker needs to process personal data but there are less privacy-invasive methods of collecting, using and sharing that information, then it will use those methods.
- 8.5 IndieMaker shall ensure that the personal data that is collected and processed is and remains relevant to the identified purpose/s for such processing, and that such information is and remains adequate, but not excessive, for achieving the identified purpose/s.
- 8.6 If there are any alternative ways to achieve the identified purpose/s without processing personal data, IndieMaker shall not process that personal data.
- 8.7 IndieMaker shall ensure that the processing activities it chooses to apply are proportionate to achieving the identified purpose/s and that no less privacy invasive measures are available to achieve the same purpose/s.
- 8.8 IndieMaker shall ensure that, regardless of the stated purpose/s for processing personal data, the rights and interests of data subjects will not be unnecessarily prejudiced or infringed, unless it cannot be avoided, and then in such cases, it shall ensure that its own rights and/or interests justify such prejudice or infringement taking place.
- 8.9 Once IndieMaker has achieved the purpose for the collection of the data subject's personal data, it will destroy or delete such information, unless the data subject has directed otherwise in writing, or IndieMaker is required by law to retain the information for a longer period of time.
- 8.10 If IndieMaker no longer needs to process personal data to achieve the purpose originally specified, it will stop using that information.
9. Disclosure and Sharing of Personal Data
- 9.1 IndieMaker may, in the course of providing any content or services on this website, or for the purposes of concluding or performing any other services or transaction with a data subject, share certain personal data with third party processors who perform certain processing activities on behalf of IndieMaker.
- 9.2 The information shared and the categories of third party processors with whom it is shared will always be notified to you prior to being shared.
- 9.3 IndieMaker may also share aggregated information about data subjects of this website and their usage patterns. IndieMaker may also use such aggregated information to help advertisers target specific audiences. Such aggregated information will be de-identified and the data subject's personal data will not be disclosed.
- 9.4 Other than as stated in clause 9.1 and 9.3, IndieMaker shall not share a data subject's personal data with any third parties unless it has the data subject's express consent to do so.
10. Data Subjects Rights in Relation to the Processing of their Personal Data
10.1 Data subjects shall have the following rights in relation to the processing of their personal data:
- 10.1.1 to access and correct any personal information held by IndieMaker about them;
- 10.1.2 to object to the processing of their information; and
- 10.1.3 to lodge a complaint with the Information Commissioners Office.
11. Further Processing
11.1 IndieMaker shall not process a data subject's personal data for any purpose not previously specified except in the following circumstances:
- 11.1.1 where the data subject has consented to such further processing;
- 11.1.2 where the further processing is necessary for the exercise of any contractual rights or the fulfillment of any obligations between IndieMaker and the data subject;
- 11.1.3 where the further processing activities are linked to or compatible with the original purpose;
- 11.1.4 where the further processing is necessary for the prevention, detection, investigation, prosecution and punishment of an offence;
- 11.1.5 where the further processing is necessary to enforce any law;
- 11.1.6 where the further processing is necessary for the conduct of legal proceedings in any court or tribunal that have commenced or are reasonably contemplated;
- 11.1.7 where the further processing is necessary to prevent or mitigate a serious and imminent threat to the life or health of the data subject or another individual;
- 11.1.8 where the further processing is necessary for historical, statistical or research purposes.
- 11.2 IndieMaker shall ensure that if it intends processing personal data for other purposes not previously specified, it shall notify the data subject of such further purposes and the possible consequences of the intended further processing for the data subject.
12. Accuracy, Correctness and Completeness of Personal Data
- 12.1 IndieMaker shall take reasonably practicable steps to ensure that the personal data kept by it about data subjects is complete, accurate, not misleading and is updated when necessary.
- 12.2 However, if a data subject is aware of any personal data in IndieMaker's custody that is incorrect, inaccurate or which needs to be updated, the data subject must make a written request to IndieMaker's data protection officer at to email@example.com to update or correct the relevant information.
- 12.3 If a data subject has contested the accuracy of any personal data being used by IndieMaker, it shall immediately stop using that information until its accuracy has been verified.
- 12.4 IndieMaker reserves its right to only adhere to a request from a data subject in terms of clause 12.2 if the correction or updating of that information will result in the personal data being correct and accurate.
- 12.5 Where personal data that has been shared by IndieMaker with a third party is subsequently updated or corrected, IndieMaker shall ensure that all third parties, with whom that information was shared, receives the updated and/or corrected version of the information as soon as it has been updated and/or corrected.
13. Security Safeguards
- 13.1 IndieMaker is committed to protecting the personal data in its custody against any loss of, damage to or unauthorised destruction of that information, and to prevent any unauthorised parties from accessing that information.
- 13.2 IndieMaker takes steps to continually identify and document any risks to the personal data it has in its possession or under its control and that appropriate security safeguards are in place against those risks.
13.3 IndieMaker shall ensure that in any contracts entered into with third party processors who process personal data on IndieMaker' behalf, include the following obligations:
- 13.3.1 the processor shall not process any personal data without IndieMaker' knowledge and authority;
- 13.3.2 the processor shall treat all personal data given to it as confidential and shall not disclose it to any unauthorised third parties;
- 13.3.3 the processor shall establish and maintain adequate security measures which are the same or offer similar protection over the personal data as that employed by IndieMaker;
- 13.3.4 the processor shall notify IndieMaker immediately where there are reasonable grounds to believe that any personal data has been leaked to or accessed by any unauthorised person;
- 13.3.5 if the processor is situated in another country, it must comply with the data protection laws in that country and be able to provide verification that it is so compliant;
- 13.3.6 if an processor is legally obliged to disclose any personal data processed by them on IndieMaker' behalf to other parties, it must notify IndieMaker beforehand to enable IndieMaker and/or individual Data subjects to protect their rights if necessary.
- 13.4 IndieMaker shall ensure that all personal data on its systems is properly backed-up and that back-up copies are stored separately from the live files.
14. Notification of Breach of Security
- 14.1 If personal data about a data subject is inadvertently leaked or IndieMaker' security has been unlawfully breached by any unauthorised party, IndieMaker shall immediately identify the relevant data subjects who may be affected by the security breach, and shall contact them at their last known email address or contact details or by the quickest means possible.
- 14.2 IndieMaker shall provide sufficient information to the data subject to allow him or her to take the necessary protective measures against the potential consequences of the compromise, or shall advise data subjects of the steps to be taken by them and the possible consequences that may ensue from the breach for them.
15. Decisions based on personal data processed
- 15.1 If IndieMaker is required to make a decision about a data subject using any personal data that has been obtained, it shall ensure that a record of such information and the decision made is kept for a reasonable period of time to give the data subject an opportunity to request access to that record.
- 15.2 IndieMaker shall allow a data subject a reasonable opportunity to make representations before any decision is made solely on the basis of the personal data processed, if that decision will affect the legal position of the data subject, or will otherwise adversely affect them in some manner or form.
- 15.3 IndieMaker shall always ensure that the underlying logic behind any decision made pursuant to the automated processing of personal data is sound and that this underlying logic can be communicated to the data subject to enable them to make representations.
- 15.4 If IndieMaker has made a decisions based on incorrect personal data, it shall immediately revisit that decision as soon as it receive notice or becomes aware of the error or inaccuracy of that information.
16. Linked third party websites
- 16.1 This website may contain links or references to other websites, including those of advertisers (third party websites) which are not under IndieMaker's control.
17. Direct Marketing
- 17.1 The data subject hereby consents to the processing of their personal data for the purpose of direct marketing by means of electronic communications including, text messages or electronic mail.
- 17.2 IndieMaker will only send electronic communications to the data subject for the purpose of marketing similar products or services offered by IndieMaker, with the data subject's consent.
- 17.3 The data subject may object, free of charge, and without unnecessary formality, to the use of their details either when the information was first collected from them or when each subsequent electronic communication is sent to them by IndieMaker.
- 17.4 The data subject can opt out of receiving further marketing communications by un-checking certain boxes on the forms used on the website to collect their personal data, or by contacting IndieMaker at firstname.lastname@example.org.
18. Children's Personal Data
19. Cross Border Transfers of Personal Data
19.1 IndieMaker may transfer personal data to another country in the following circumstances:
- 19.1.1 the transfer is necessary for the performance of a contract that IndieMaker has with the data subject;
- 19.1.2 the transfer is necessary for the conclusion or performance of a contract with a third party which is for the benefit of or in the interest of the data subject;
- 19.1.3 the transfer is otherwise for the benefit of the data subject; or
- 19.1.4 the data subject has consented to the transfer of their information.
- 19.2 If IndieMaker is required to transfer personal data to a third party in a foreign country, it shall ensure that the third party is subject to a law, binding code of conduct or contract which effectively upholds principles for the reasonable processing of personal data which are substantially similar to the GDPR and provide and adequate level of protection.
20. Retention of Information
20.1 IndieMaker will keep a record of any personal data collected for no longer than is necessary to achieve the specific purpose for which it collected such information in the first place unless:
- 20.1.1 It is required by law to keep a record of such information for a longer period of time; or
- 20.1.2 It needs to keep a record of such information for another lawful purpose; or
- 20.1.3 It has a contractual obligation to keep a record of such information; o
- 20.1.4 The data subject has consented to their information being kept for a longer period.
- 20.2 IndieMaker may, if it has pseudonomysed personal data, kept such information for historical, statistical or research purposes. IndieMaker shall ensure that appropriate safeguards are in place to prevent those records from being used for any other purposes, or against the information being re-identified.
21. Returning, Destroying or Deleting Personal Data
21.1 Where IndieMaker is no longer authorised to retain a record of any personal data, it shall either:
- 21.1.1 ensure that the information is permanently destroyed or deleted as soon as reasonably practicable; or
- 21.1.2 return the information to the Data subject or transfer it to a third party, if requested by the data subject in writing to do so.
22. Returning, Destroying or Deleting Personal Data
- 21.2.1 the types of personal data to be processed, including specifically special personal data;
- 21.2.2 the specific processing activities to be undertaken;
- 21.2.3 the specific purpose/s for such processing; and
- 21.2.4 the possible consequences for the data subject that may arise from such processing.
- 22.3 Should a data subject wish to withdraw any consent previously given by the data subject, they must notify IndieMaker' data protection officer in writing.
23. Lodging and Objection
- 23.1 A data subject may, on reasonable grounds, object to the processing of their personal data at any time after that processing has started.
- 23.2 If a data subject wishes to object to the processing of their personal data, they must send written Policy of their objection to IndieMaker's data protection officer, together with their reasons for doing so.
24. Choice of Law
For more information on your rights to privacy over your information, or the information processing activities of IndieMaker, please do not hesitate to contact us directly on email@example.com.
Last Updated on 11 March 2020