This Data Protection Policy ("Policy") outlines the measures and procedures we undertake to ensure that we comply with the provisions of the Data Protection Act 2018 ("DPA"), the General Data Protection Regulation ("GDPR"), and any other applicable data protection laws in the UK. This Policy applies to all personal data that we collect, process, store, and handle.

1. Data Controller

The data controller responsible for your personal data is STORYVORD ("we," "us," or "our"), a company registered in England and Wales under registration number. We are registered with the Information Commissioner's Office ("ICO") under registration number [insert ICO registration number].

2. Types of Personal Data We Collect

We may collect the following types of personal data:

  • a. Contact information, such as your name, address, telephone number, and email address.
  • b. Payment information, such as your credit/debit card details or bank account information.
  • c. Information you provide to us when you fill in forms on our website.
  • d. Information you provide when you participate in our surveys or promotions.
  • e. Details of transactions you carry out through our website.
  • f. Information you provide when you communicate with us via email or phone.
  • g. Information about your visits to our website, including your IP address, browser type, and referring/exit pages.

3. How We Collect Personal Data?

We may collect personal data in the following ways:

  • a. When you visit our website and use our services.
  • b. When you fill out forms on our website.
  • c. When you participate in our surveys or promotions.
  • d. When you communicate with us via email or phone.

4. Legal Basis for Processing Personal Data

We will only process your personal data if we have a legal basis to do so. The legal bases for processing personal data are:

  • a. Consent - the individual has given clear and explicit consent for us to process their personal data for a specific purpose.
  • b. Contract - processing is necessary for the performance of a contract with the individual, or to take steps prior to entering into a contract with them.
  • c. Services: processing is necessary for providing you the services.
  • d. Legal Obligation - processing is necessary to comply with a legal obligation.
  • e. Vital Interests - processing is necessary to protect someone's life.
  • f. Public Task - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
  • g. Legitimate Interests - processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.

5. How We Use Personal Data?

We use personal data to:

  • a. Provide our services to you.
  • b. Process your transactions.
  • c. Respond to your inquiries and requests.
  • d. Improve our website and services.
  • e. Send you marketing and promotional communications.
  • f. Comply with legal obligations.

6. Sharing Personal Data

We may share your personal data with the following third parties:

  • a. Service providers who help us deliver our services, such as payment processors, IT service providers, and marketing agencies.
  • b. Regulatory and law enforcement authorities.
  • c. Other third parties with your consent.

7. Retention of Personal Data

We will only retain your personal data for as long as necessary to fulfill the purposes for which it was collected. We may retain your personal data for a longer period if required by law or if necessary for legitimate purposes.

8. Data Security

We will ensure that personal data is processed securely, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage. We will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of personal data.

9. Data portability

We will ensure that individuals can exercise their rights under the GDPR. We will respond to requests within one month, and we will provide information free of charge, unless the request is manifestly unfounded or excessive.

10. Data Breach Notification

In the event of a personal data breach, we will notify the Information Commissioner's Office (ICO) without undue delay, and where feasible, within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals. We will also notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms

11. Your Rights

You have the following rights regarding your personal data:

  • a. The right to access your personal data.
  • b. The right to rectify any inaccuracies in your personal data.
  • c. The right to erase your personal data.
  • d. The right to restrict the processing of your personal data.
  • e. The right to data portability.
  • f. The right to object to the processing of your personal data.

To exercise your rights, please contact us using the details provided in section 13.

12. Amendment

We are committed to protecting personal data and complying with the GDPR and the Data Protection Act 2018. We will regularly review and update our Data Protection Policy to ensure that it remains relevant and effective.

13. Contact Us

If you have any questions or concerns about our data protection practices or this Policy, please contact us by email at [insert email address], or by post at [insert postal address].