At Your Services Ltd

Privacy Policy

Last Updated: Sunday 8th May 2022

We are committed to protecting the privacy of our customers and stakeholders, and we take our data protection responsibilities with the utmost seriousness.

To the extent that you are a customer or user of our services, this Privacy Policy applies together with any Terms of Business and other contractual documents, including but not limited to any agreements we may have with you. We reserve our right to issue separate policies in respect of other relevant stakeholders such as our employees, connected persons and/or our business partners

In this Policy, "we", "us" and "our" refers to At Your Services Ltd , a company incorporated in Gibraltar with incorporation number 118244. For more information about us, see the ‘9. Our details’ section of this Policy.

In this Policy, “Personal Data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

In this Policy, “processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

1. Navigating this Policy

If you are viewing this Policy online, you can click on the below links to jump to the relevant

section:

1. Navigating this Policy

2. How We Use Personal Data

3. Use of Third Party Applications

4. Sharing Your Personal Data

5. Data Security

6. Your Rights as a Data Subject

7. Storing Persoanl Data

8. Changes to this Privacy Policy

9. Our Details

1. How We Use Personal Data

1. 1. When using our App or Website

We may collect and process Personal Data when you use our App or Website. This data may

include:

• Your name, telephone number, and address;
• Your location via the use of GPS services
• Your card or other payment details

This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies.

1. 1. When communicating with us

When you email or contact us through our App we may collect and process Personal Data, this may include:

• Your email address
• Your name
• Your contact number (if provided)
• Any other Personal Data you submit as part of your communication with us
• Your location

This data is collected and processed for the purposes of assisting you with queries about our service or a particular service offered to you, arranging deliveries or collection as part of our service and/ or to answer any general enquiries which you may contact us about

The legal basis for this processing is i) the performance of our contractual obligations or steps taken at your request prior to us entering into a contractual relationship and ii) our legitimate interests

1. 1. When visiting our Twitter or Facebook

We may collect and process Personal Data about your use of our Twitter or Facebook. This data may include:

• clicks on a shortened URL;
• a history of referral URLs for clicks of a shortened URL;
• and a history of IP addresses used to access a shortened URL.

This data is collected and processed for the purposes to track the success of the marketing campaigns, blog posts, and other marketing material; and for user demographics in order to identify target markets. This data is collected and processed for the purpose of improving the content of our shared links pursuant to our legitimate interests. It is de-identified and becomes Aggregated Data to the furthest extent possible.

1. 1. Other uses of your Personal Data

We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.

Further, we may process your Personal Data where such processing is necessary in order for us to comply with a legal obligation to which we are subject.

1. Use of Third Party Applications

1. 1. Amazon Web Services

We use Amazon Web Servers to host our [website app etc].

Amazon Web Services, Inc’s servers are located in the United States and throughout the world. It is possible that Amazon Web Services may collect some Personal Data through your use of our website/app. However, Amazon Web Services participates in the EU-US and Swiss-US Privacy Shield frameworks. For further information about how Amazon Web Servers Inc safeguards data it collects please visit https://aws.amazon.com/privacy/

1. 1. UTP

We use UTP as payments provider on our App to allow us to process payments through our App. Stripe collects all financial and other details necessary for you to effect payment on our app directly from you. We do not store any payment or other financial information.

The entity responsible for the collection and processing of Personal Data for residents of the EEA and Switzerland is Stripe Payments Europe, Ltd., a company incorporated in Ireland and with offices at 1 Grand Canal Street Lower, Grand Canal Dock, Dublin

However, Stripe ay share your personal Data with other entities outside of the EEA either as part of its group of companies or as sub processors. Stripe’s US entity is a member of the Privacy Shield framework to safeguard your personal Data.

For further information on Stripe, its processing activities and its privacy policy please visit https://stripe.com/en-US/privacy#how-we-use-personal-dat

1. Sharing Your Personal Data

We may pass your information to our business partners, third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing our services to you.

In addition, when we use any other third-party service providers, we will disclose only the Personal Data that is necessary to deliver the service required and we will ensure, that they keep your information secure and not to use it for their own direct marketing purposes.

In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.

We do not share any Personal Data outside of the EEA.

1. Data Security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

1. Your Rights as a Data Subject

You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (‘General Data Protection Regulation’ or ‘GDPR’). We explain these below.

1. 1. Right Information and access

You have a right to be informed about the processing of your Personal Data (and if you did not give it to us, information as to the source) and this Policy intends to provide the information. Of course, if you have any further questions you can contact us using the details found under the ‘11. Our details’ section of this Policy.

1. 1. Right to rectification

You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information.

The accuracy of your information is important to us. If you do not want us to use your Personal Data in the manner set out in this Policy, or need to advise us of any changes to your personal information, or would like any more information about the way in which we collect and use your Personal Data, please contact us using the details found under the ‘11. Our details’ section of this Policy.

1. 1. Right to erasure (right to be ‘forgotten’)

You have the general right to request the erasure of your personal information in the following circumstances:

• the personal information is no longer necessary for the purpose for which it was collected;
• you withdraw your consent to consent based processing and no other legal justification for processing applies;
• you object to processing for direct marketing purposes;
• we unlawfully processed your personal information; and
• erasure is required to comply with a legal obligation that applies to us.

However, when interacting with the blockchain we may not be able to ensure that your Personal Data is deleted. In these circumstances we will only be able to ensure that all Personal Data that is held by us is permanently deleted.

We will proceed to comply with an erasure request without delay and to such extent we are able to do so, unless continued retention is necessary for:

• Exercising the right of freedom of expression and information;
• Complying with a legal obligation under EU or other applicable law;
• The performance of a task carried out in the public interest;
• Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
• The establishment, exercise, or defence of legal claims.

1. 1. Right to restrict processing and right to object to processing

You have a right to restrict processing of your personal information, such as where:

• you contest the accuracy of the personal information;
• where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
• we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims.

You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.

1. 1. Right to data portability

Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.

1. 1. Right to object to direct marketing (‘opting out’)

You have a choice about whether or not you wish to receive information from us.

We will not contact you for marketing purposes unless:

• you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above)
• you have otherwise given your prior consent (such as when you download one of our guides)

You can change your marketing preferences at any time by contacting us using the details found under the ‘11. Our details’ section of this Policy..

On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your Personal Data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your Personal Data. You may also opt-out at any time by contacting us using the details found under the ‘11. Our details’ section of this Policy.

Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Policy or applicable terms of business, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe, as they are necessary to provide the services requested.

Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website and/or our products and services, or as part of a contractual relationship we may have with you.

1. 1. Right to request access

You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Data that we hold or process. To protect your Personal Data, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us using the details found under the ‘11. Our details’ section of this Policy.

1. 1. Right to withdraw consent

Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us using the details found under the ‘11. Our details’ section of this Policy.

1. 1. Raising a complaint about how we have handled your Personal Data

If you wish to raise a complaint on how we have handled your Personal Data, you can contact us using the details found under the ‘11. Our details’ section of this Policy.

     6.10 Right to lodge a complaint with a relevant supervisory authority

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Information Commissioner under the Data Protection Act (i.e. the Chief Executive Officer of the Gibraltar Regulatory Authority), which is presently the Gibraltar Regulatory Authority (GRA). You may contact the GRA on the below details:

Gibraltar Information Commissioner

Gibraltar Regulatory Authority

2nd Floor, Eurotowers 4

1 Europort Road

Gibraltar

Email: info@gra.gi

Phone: (+350) 200 74636

Fax: (+350) 200 72166

You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA.

1. Storing Personal Data

We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this Policy. Records can be held on a variety of media (physical or electronic) and formats.

Retention periods are determined based on the type of record, the nature of the data and activity and the legal or regulatory requirements that apply to those data. To determine the appropriate retention  period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of the Personal Data, the purposes for which we process the Personal Data and whether we can achieve those purposes through other means, considering the applicable legal requirements that may require us to retain or destroy it.

However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

1. Changes to this Privacy Policy

We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our emailing lists directly of the changes, and change the ‘Last Updated’ date above. We encourage you to review this Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your use of this website.

1. Our Details

This website is owned and operated by At Your Services Ltd; a company incorporated in Gibraltar (Company Registration Number 118244) with its registered address at Suite 4, 2nd Floor, The West Wing, Montarik House, 3 Bedlam Court, Gibraltar, GX11 1AA

Our trading address where we can be contacted is at:

At Your Service Ltd

Unit G06, WestOne

Eurport Road

Gibraltar

Telephone: +350 200 77511

If you have any queries concerning your rights under this Policy, you can contact the Privacy Manager on the above details or via email to: info@fabriclaundry.gi