We are NEWGRAIN LTD. We’re a company registered in England and Wales with company number 14366900, whose registered address is at Flat 7 Billingley, Pratt Street, London, England, NW1 0HJ. In this privacy notice, we will refer to ourselves as ‘we’, ‘us’ or ‘our’. We are the Data Controller of the personal information we collect, hold and use about you, as explained in this notice.
You can get hold of us in any of the following ways:
by emailing us at timothee.issenmann@gmail.com; or
by writing to us at 7 Billingley, Pratt Street, London, NW1 0HJ.
We take the privacy, including the security, of personal information we hold about you seriously. This privacy notice is designed to inform you about how we collect personal information about you and how we use that personal information. You should read this privacy notice carefully so that you know and can understand why and how we use the personal information we collect and hold about you.
We do not have a data protection officer, but if you have any questions about this privacy notice or issues arising from it, you should contact Timothée Issenmann, who is responsible for matters relating to data protection at our organisation, including any matters in this privacy notice. You can contact them using the details set out above.
We may issue you with other privacy notices from time to time, including when we collect personal information from you. This privacy notice is intended to supplement these and does not override them.
We may update this privacy notice from time to time. This version was last updated on 31 October 2022.
1.1 The key terms that we use throughout this privacy notice are defined below, for ease:
1.2. Data Controller: under UK data protection law, this is the organisation or person responsible for deciding how personal information is collected and stored and how it is used.
1.3. Data Processor: a Data Controller may appoint another organisation or person to carry out certain tasks in relation to the personal information on behalf of, and on the written instructions of, the Data Controller. (This might be the hosting of a site containing personal data, for example, or providing an email marketing service that facilitates mass distribution of marketing material to a Data Controller’s customer base.)
1.4. Personal Information: in this privacy notice, we refer to your personal data as ‘personal information’. ‘Personal information’ means any information from which a living individual can be identified. It does not apply to information that has been anonymised.
1.5. Special Information – certain very sensitive personal information requires extra protection under data protection law. Sensitive data includes information relating to health, racial and ethnic origin, political opinions, religious and similar beliefs, trade union membership, sex life and sexual orientation and also includes genetic information and biometric information.
2.1. Set out below are the general categories and details of retention periods in relation to those categories (see section 8 below for more details about retention)and in each case the types of personal information that we collect, use and hold about you:
2.2. The types of personal data we collect about you may differ from person to person, depending on who you are and the relationship between us.
3.1. Special information is explained in section 1 above. We do not collect or hold any special information about you.
3.2 We do not collect information from you relating to criminal convictions or offences.
4.1. We are only able to use your personal information for certain legal reasons set out in data protection law. There are legal reasons under data protection law other than those listed below; but, in most cases, we will use your personal information for the following legal reasons:
a. Contract Reason: this is in order to perform our obligations to you under a contract we have entered into with you;
b. Legitimate Interests Reason: this is where the use of your personal information is necessary for our (or a third party’s) legitimate interests, so long as that legitimate interest does not override your fundamental rights, freedoms or interests;
c. Legal Obligation Reason: this is where we have to use your personal information in order to perform a legal obligation by which we are bound; and
d. Consent Reason: this is where you have given us your consent to use your personal information for a specific reason or specificreasons.
4.2. As explained in section 3 above, there are more sensitive types of personal data, which require higher levels of protection. Where we process such sensitive types of personal data, we will usually do this in the following circumstances:
a. We have your explicit consent;
b. Where it is necessary in relation to legal claims;
c. Where you have made the personal data public.
4.3. So that we are able to provide you with services, we will need your personal information. If you do not provide us with the required personal information, we may be prevented from supplying the services to you.
4.4. It is important that you keep your personal information up to date. If any of your personal information changes, please contact us assoon as possible to let us know. If you do not do this, then we may be prevented from supplying the services to you.
4.5. Where we rely on consent for a specific purpose as the legal reason for processing your personal information, you have the right under data protection law to withdraw your consent at any time. If you do wish to withdraw your consent, please contact us using the details set out at the beginning of this notice. If we receive a request from you withdrawing your consent to a specific purpose, we will stop processing your personal information for that purpose, unless we have another legal reason for processing your personal information – in which case, we will confirm that reason to you.
4.6. We have explained below the different purposes for which we use your personal information and, in each case, the legal reason(s)allowing us to use your personal information. Please also note the following:
a. if we use the Legitimate Interests Reason as the legal reason for which we can use your personal information, we have also explained what that legitimate interest is; and
b. for some of the purposes, we may have listed more than one legal reason on which we can use your personal information, because the legal reason may be different in different circumstances. If you need confirmation of the specific legal reason that we are relying onto use your personal data for that purpose, please contact us using the contact details set out at the start of this privacy notice.
4.7. Sometimes we may anonymise personal information so that you can no longer be identified from it and use this for our own purposes.In addition, sometimes we may use some of your personal information together with other people’s personal information to give us statistical information for our own purposes. Because this is grouped together with other personal information and you are not identifiable from that combined data we are able to use this. For these purposes we use Google Analytics,
4.8. Under data protection laws, we can only use your personal information for the purposes we have told you about, unless we consider that the new purpose is compatible with the purpose(s) we told you about. If we want to use your personal information for a different purpose that we do not think is compatible with the purpose(s) we told you about, then we will contact you to explain this and what legal reason is in place to allow us to do this.
5.1. We usually collect Identity Information, Contact Information, Survey Information, Marketing Information, Special Information; directly from you when you fill out a form, survey or questionnaire, purchase goods, services and/or digital content from us, contact us by email, telephone, in writing or otherwise. This includes the personal information that you provide to us when you subscribe to our mailing list enter a competition or survey.
5.2. We may receive some of your personal information from third parties or publicly available sources. This includes:
a. Identity Information and Contact Information from publicly available sources such as Companies House
6.1. Cookies or Browser Cookies. A cookie is a small file placed on Your Device. You can instruct Your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if You do not accept Cookies, You may not be able to use some parts of our Service. Unless you have adjusted Your browser setting so that it will refuse Cookies, our Service may use Cookies.
Web Beacons. Certain sections of our Service and our emails may contain small electronic files known as web beacons(also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).
Cookies can be "Persistent" or "Session" Cookies. Persistent Cookies remain on Your personal computer or mobile device when You go offline, while Session Cookies are deleted as soon as You close Your web browser.
6.2. We use both Session and Persistent Cookies for the purposes set out below:
6.2.1. Necessary / Essential Cookies Type: Session Cookies
Administered by: Us
Purpose: These Cookies are essential to provide You with services available through the Website and to enable You to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. Without these Cookies, the services that You have asked for cannot be provided, and We only use these Cookies to provide You with those services.
6.2.2. Cookies Policy / Notice Acceptance Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.
6.2.3. Functionality Cookies
Type: Persistent Cookies
Administered by: Us
Purpose: These Cookies allow us to remember choices You make when You use the Website, such as remembering your login details or language preference. The purpose of these Cookies is to provide You with a more personal experience and to avoid You having to re-enter your preferences every time You use the Website.
6.2.4. Tracking and Performance Cookies
Type: Persistent Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the Website and how users use the Website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the Website. We may also use these Cookies to test new pages, features or new functionality of the Website to see how our users react to them.
For more information about the cookies we use and your choices regarding cookies, please visit our Cookies Policy or the Cookies section of our Privacy Policy.
6.3. For these purposes we use Google Analytics. It is a traffic analytics tool. That means it allows us to see how our users are moving around on Newgrain. The JavaScript tags which Google Analytics uses set cookies on their browsers that harvest personal and sometimes sensitive data from users in return. We anonymise the use of IP addresses by removing the last octet of the IP address before any storage or processing begins. Once this feature is enabled, the full IP address is never written to the disk according to Google. Additionally, we check the pseudonymous identifiers in our Google Analytics to make sure that data is not identifiable. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information withGoogle Analytics about visits activity.
For more information on the privacy practices of Google, please visit the Google Privacy; Terms web page:https://policies.google.com/privacy
6.3.1. Google Analytics set the following cookies when in use –
_ga (cookie used to distinguish individual users on your domain, expires after 2 years)
_gid (cookie used to distinguish individual users on your domain, expires after 24 hours)
_gat (cookie used to limit amount of user requests in order to maintain your website’s performance, expires after 1 minute)
AMP_TOKEN (cookie containing a unique ID assigned to each user on your domain, expires somewhere between 30 seconds and 1year)
_gac_<property-id> (cookie containing a unique ID that makes Google Analytics and Ads work together, expires after 90 days)
Some Google Analytics cookies expire after 1 minute (e.g. the _gat cookie), while other Google Analytics cookies stay on the browser for two years (e.g. the _ga cookie).
7.1. We may need to share your personal information with other organisations or people. These organisations include:
a. Third parties who are not part of our group. These may include:
i. Suppliers: such as IT support services, payment providers, administration providers, marketing agencies, who are based in non-EU countries;
ii. Government bodies and regulatory bodies: such as HMRC, fraud prevention agencies who are based in non-EU countries;
iii. Our advisors: such as lawyers, accountants, auditors, insurance companies who are based in England
iv. Credit Reference Agencies who are based in non-EU countries;
v. Email platforms who are based in non-EU countries, England
vi. any organisations that propose to purchase our business and assets, in which case we may disclose your personal information to the potential purchaser.
7.2. Depending on the circumstances, the organisations or people who we share your personal information with will be acting as eitherData Processors or Data Controllers. Where we share your personal information with a Data Processor, we will ensure that we have inplace contracts that set out the responsibilities and obligations of us and them, including in respect of security of personal information.
7.3. We do not sell or trade any of the personal information that you have provided to us.
8.1. If any transfer of personal information by us will mean that your personal information is transferred outside of the EEA, then we will ensure that safeguards are in place to ensure that a similar degree of protection is given to your personal information as is given to it within the EEA and that the transfer is made in compliance with data protection laws (including, where relevant, any exceptions to the general rules on transferring personal information outside of the EEA that are available to us – these are known as ‘derogations’ under the data protection legislation). We may need to transfer personal information outside of the EEA to other organisations within our group or to the third parties listed above in section 6 who may be located outside of the EEA.
8.2. The safeguards set out in data protection laws for transferring personal information outside of the EEA include:
a. where the transfer is to a country or territory that the EU Commission has approved as ensuring an adequate level of protection;
b. where personal information is transferred to another organisation within our group, under an agreement covering this situation which is known as 'binding corporate rules';
c. having in place a standard set of clauses that have been approved by the EU Commission;
d. compliance with an approved code of conduct by a relevant data protection supervisory authority (in the UK, this is the Information Commissioner’s Office (ICO);
e. certification with an approved certification mechanism;
f. where the EU Commission has approved specific arrangements in respect of certain countries, such as the US Privacy Shield, in relation to organisations that have signed up to it in the USA.]
9.1. We will only hold your personal data for as long as is necessary. How long is necessary will depend upon the purposes for which we collected the personal information (see section 4 above) and whether we are under any legal obligation to keep the personal information (such as in relation to accounting or auditing records or for tax reasons). We may also need to keep personal information in case of any legal claims.
9.2. We have set out above the details of our retention periods for different types of data. You can find them in section 2 and also in section3.
10.1. ‘Automated decision making’ is where a decision is automatically made without any human involvement. Under data protection legislation, this includes profiling. ‘Profiling’ is the automated processing of personal data to evaluate or analyse certain personal aspects of a person (such as their behaviour, characteristics, interests and preferences).
10.2. Data protection laws place restrictions upon us if we carry out any automated decision making (including profiling) that produces alegal effect or similarly significant effect on you.
10.3. We do not carry out any automated decision making (including profiling) that produces a legal effect or similarly significant effect on you. If we do decide to do this then we will notify you and we will inform you of the legal reason we are able to do this.
11.1. Under data protection laws, you have certain rights in relation to your personal information, as follows:
a. Right to request access: (this is often called ‘subject access’). This is the right to obtain from us a copy of the personal information that we hold about you. We must also provide you with certain other information in response to these requests to help you understand how your personal information is being used.
b. Right to correction: this is the right to request that any incorrect personal data is corrected and that any incomplete personal data is completed.
c. Right to erasure: (this is often called the 'right to be forgotten').This right only applies in certain circumstances. Where it does apply, you have the right to request us to erase all of your personal information.
d. Right to restrict processing: this right only applies in certain circumstances. Where it does apply, you have the right to request us to restrict the processing of your personal information.
e. Right to data portability: this right allows you to request us to transfer your personal information to someone else.
f. Right to object: you have the right to object to us processing your personal information for direct marketing purposes. You also have the right to object to us processing personal information where our legal reason for doing so is the Legitimate Interests Reason (see section 4 above) and there is something about your particular situation that means that you want to object to us processing your personal information. In certain circumstances, you have the right to object to processing where such processing consists of profiling(including profiling for direct marketing).
11.2. In addition to the rights set out in section 11.1, where we rely on consent as the legal reason for using your personal information, you have the right to withdraw your consent. Further details about this are set out in section 4.5.
11.3. If you want to exercise any of the above rights in relation to your personal information, please contact us using the details set out at the beginning of this notice. If you do make a request, then please note:
a. we may need certain information from you so that we can verify your identity;
b. we do not charge a fee for exercising your rights unless your request is unfounded or excessive; and
c. if your request is unfounded or excessive, then we may refuse to deal with your request.
12.1. You may receive marketing from us about similar goods and services, where either you have consented to this, or we have another legal reason by which we can contact you for marketing purposes.
12.2. However, we will give you the opportunity to manage how or if we market to you. In any email that we send to you, we provide a link to either unsubscribe or opt out, or to change your marketing preferences. If you have an account with us, you can login to your account and manage your preferences there too. To change your marketing preferences, and/or to request that we stop processing your personal information for marketing purposes , you can always contact us on the details set out at the beginning of this notice.
12.3. If you do request that we stop marketing to you, this will not prevent us from sending communications to you that are not to do with marketing (for example in relation to goods services digital content that you have purchased from us).
12.4. We do not pass your personal information on to any third parties for marketing purposes.
13.1. If you are unhappy about the way that we have handled or used your personal information, you have the right to complain to the UK supervisory authority for data protection, which is the Information Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to raise any queries or make a complaint in respect of our handling or use of your personal information, so that we have the opportunity to discuss this with you and to take steps to resolve the position. You can contact us using the details set out at the beginning of this privacy notice.