ICEBLUE MARKETING & DESIGN LIMITED T/As Fable and Willow
Terms and Conditions of Website Use
By continuing to browse our site, you consent to our placing cookies on your computer (unless you have chosen to disable them via your browser).
A cookie is a small text file that a website you visit asks your browser to store on your computer or mobile device.
- to improve your experiences, understand how our Services are being used, and customize our Services;
- to remember your choices, such as your language preferences, and otherwise to customize our Services for you; and
- to monitor website use and traffic
We respect your right to privacy and are committed to maintaining it. We only collect, store and process your personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.
1. Protecting your privacy
1.1 We are committed to protecting your privacy and maintaining the security of any personal information received from you. We comply with the principles of the Data Protection Act 1998 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
1.2 Our company policy and reputation has been built on our ability to keep client data confidential and secure.
1.3 We comply with the principles, which are enshrined in law, relating to the processing of personal information. These are that personal information should be:
a) fairly and lawfully processed
c) processed for a limited time
d) adequate, relevant and not excessive
f) not kept longer than necessary
g) processed in accordance with your rights
h) not transferred to countries without adequate protection.
1.4 Your privacy and security are of primary importance to us and we are committed to safeguarding the privacy and security of our subscribers. We will always follow the principles set out above.
1.5 We reserve the right to add, remove, or edit any of these services. We strictly protect the security of your personal information within the confines of these domains and we honour your choices for their intended use.
1.6 We have safeguards in place (some of which are set out below) to protect your data from loss, misuse, unauthorised access, alteration, or destruction. All users should handle their own and other people’s personal and confidential information with care. We protect your data from disclosure, with the exception of matters where designated by law or court order.
2. Processing of data
2.1 Personal data is collected, stored, used, and transferred for the specific purposes or purposes for which you have indicated your consent to, and for those set out in this privacy statement.
2.4 This policy does not apply to companies, organisations or sub-contractors that are not connected to or part of the same organisation as IceBlue Marketing & Design Limited or in relation to websites that IceBlue Marketing & Design Limited does not own or control.
3. Legal basis for Collecting and Processing Data
3.1 Contractual basis: When you click the "accept” box you are agreeing to be bound by this Privacy Notice which is part of the T&C and together form the basis of our contractual relationship with you. Therefore, we may collect, hold and process your personal data on the basis that you have accepted our contractual terms by agreeing to this Privacy Notice and the T&Cs. For this reason, when we need to send you any notification regarding any change in the Privacy Notice or any communication regarding these documents we may send you an email including the relevant provisions, such as answering your queries, complaints, acknowledgement of how many points you have, activation messages, deletion request responses.
3.2 Consent: We collect, hold and process your personal data on the basis that you give us consent when you accept this Privacy Notice and choose the different options (defined above in "your communication preferences”). In other words, we set out what we are going to do with your data in this Privacy Notice.
• We present a link to this Privacy Notice from our website.
• We ask you to read this Privacy Notice to ensure you are happy with the way that we will process your data.
• We ask you to confirm that you agree with our Privacy Notice when you confirm your decision to subscribe to “Fable and Willow”.
You remain in control of the personal data you share with us. You can change your preferences in at any time, by choosing whether you want to give consent to your data being processed for specific types of communication and / or communication channels. You can cancel your account at any time and your details and information will be deleted.
3.3 Necessary for the performance of the Contract
3.4: Legitimate interest: We may collect, hold and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, and send you information about our features and updates.
NOTE: if you do not want to continue to receive these types of emails – notifications – you can opt-out at any time by sending an email to the following email address email@example.com
3.5 Vital interest: We may use your personal information to contact you if we reasonably believe that there is any urgent safety or product issue that we need to communicate to you because the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.
3.6 Legal Obligation: We may use and process your personal data to comply with our legal obligations such as HMRC requirements, if the Police requests it or to identify you as an individual if you contact us, or to verify the accuracy of your data.
3.7 The Company shall, as far as is reasonably practicable, to ensure that all data is:
• Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes
• Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
• Not kept for longer than necessary
• Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
• Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data is processed. Personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the data subject.
• Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
• Not transferred to other countries without adequate protection
• Where consent is relied upon, the Company will ensure that such consent is specific and granular
3.8 We will use your Personal Data as follows:
3.8.1 to enable us to provide the services which we have agreed to provide to you;
3.8.2 to alert you to any product and service changes and updated information; and
3.8.3 for our own administration purposes.
3.9 We shall not pass your Personal Data to any third party for marketing purposes unless you have provided us with your consent to do so.
3.10 We gather general information about users (outside the information referred to in the section on Cookies), for example, what services users access the most and which areas of our sites are most frequently visited. Such data is used in the aggregate to help us to understand how each of our sites is used.
3.11 We gather this information so that we can continue to improve and develop our services to benefit of our users. We may make this aggregated information available to our commercial partners, to our advertiser clients and also to auditors.
3.12 These statistics are anonymous and contain no personal information and cannot be used as a means to gather such information.
3.13 Every computer on the internet has an internet protocol (IP) address which is a unique number by which it can be identified. This gives no personal information about you but it does act as a sort of virtual fingerprint for your computer. This, together with other information also automatically produced by your computer as a by-product of contacting other computers, is known when stored by our computer system as a Cookie.
3.14 It is possible for you to set your computer to prevent Cookies being generated. You are free to do this at any time and doing so will not affect the relationship we have in any contractual or legal way.
3.15 However, the advantage to you of permitting Cookies to arise is that it is easier for us to identify you as soon as you log on. As above, our system will recognise your computer’s fingerprint and fast-track you through the security process to allow you to use the relevant site. If you do not permit us to use a Cookie to identify you, you will have to go through the full log-in procedure each time you visit any of our sites to which you may have registered.
3.16 Not permitting Cookies to be used may also make it harder for us to allow you easy access to any personalised areas of our sites where you may have stored personal data or specific requirements you have or business sectors in which you operate or are interested in.
4. Your Personal Information
4.1 The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
4.2 When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
4.3 The DPO will instruct specific members of staff to periodically review the data being held by the Company and to review whether or not it is still required to be held. This review will take place on an annual basis or, on an ad hoc basis should any issues be identified.
4.4 If your Personal Data changes, please notify us in writing.
4.5 We will update your Personal Data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
4.6 We may use information that you provide to alert you to our own products and services and may contact you regarding changes to the sites to which you are registered or changes to our products or services that you use.
5. Disclosure of Personal Information
5.1 We do not disclose information about your individual visits to any of our sites, or personal information that you provide, such as your name and personal contact details unless you have given us your express permission or we reasonably believe that the law requires it.
5.2 We may record and share aggregated information with our clients. In addition, if you input personal information on a co-branded registration page, then it is possible that the information that you give becomes the property of both ourselves and our client.
5.3 IceBlue Marketing & Design Limited can only confirm its own position in relation to your personal information and cannot be responsible for the information that the client receives in these or similar circumstances.
5.4 We may send personally identifiable information about you to other clients when we:
a) already have your consent to share the information;
b) need to share your information in order to provide the products or services you have requested;
c) have to send the information to companies who work on our behalf to provide a product or service to you. (Unless otherwise stated, these companies do not have the right to use the personally identifiable information we provide to them beyond what is necessary to assist us in providing you the relevant products or services);
d) are legally obliged to respond to subpoenas, court orders or due legal process;
e) to protect our legal rights, property, or safety of our staff, our customers, or third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
6. Your rights
6.1 Data subjects may make subject access requests ("SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why. The responsibility of responding to any SAR shall be that of the DPO. If you wish to contact us for these purposes, please email us at firstname.lastname@example.org
6.2 Data subjects wishing to make a SAR may do so in writing, using the Company’s Subject Access Request Form, or other written communication.
6.3 SARs should be addressed to the Company’s Data Protection Officer at IceBlue Marketing and Design Ltd, 6 Church Street, Kidderminster, Worcestershire, DY10 2AD.
6.4 Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
6.5 All SARs received shall be handled by the Company’s Data Protection Officer.
6.6 The Company does not charge a fee for the handling of normal SARs. However, the Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
6.7 Data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.
6.8 The Company shall rectify the personal data in question, and inform the data subject of that rectification, within one month of the data subject informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
6.9 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.
6.10 The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
6.11 Data subjects have the right to request that the Company erases the personal data it holds about them in the following circumstances:
• It is no longer necessary for the Company to hold that personal data with respect to the purpose(s) for which it was originally collected or processed;
• The data subject wishes to withdraw their consent to the Company holding and processing their personal data
• The data subject objects to the Company holding and processing their personal data (and there is no overriding legitimate interest to allow the Company to continue doing so)
• The personal data has been processed unlawfully;
• The personal data needs to be erased in order for the Company to comply with a particular legal obligation
6.12 Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request.
6.13 The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
6.14 In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
7. Data Breach Notification
7.1 All personal data breaches must be reported immediately to the Company’s Data Protection Officer.
7.2 If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
7.3 In the event that a personal data breach is likely to result in a high risk (that is, a higher risk than that described under Part 7.2) to the rights and freedoms of data subjects, the Data Protection Officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
7.4 Data breach notifications shall include the following information:
• The categories and approximate number of data subjects concerned;
• The categories and approximate number of personal data records concerned;
• The name and contact details of the Company’s data protection officer (or other contact point where more information can be obtained);
• The likely consequences of the breach;
• Details of the measures taken, or proposed to be taken, by the Company to address the breach including, where appropriate, measures to mitigate its possible adverse effects.
8. Interactive Services
8.1 Where individuals engage with the ability of our sites to store personal information about them, the way such information is stored means that it can be downloaded or printed off, again, as part of the process an individual will have had to expressly agreed to allowing such information to be downloaded by other users.
8.2 We can offer individuals the option of remaining anonymous but where this option is not taken, individuals must be aware of the possible disclosure of this information to third parties. Those parties are contractually obliged to obtain, store and use that information solely for the purposes for which it is made available by individuals but apart from this, we cannot control third party organisations’ use of such data.
8.3 Individuals should therefore be aware that this disclosure, for the purposes of meeting their expectations, may occur.
9. Other Ways of Ensuring Your Privacy
9.1 If you subscribe for a service in which delivery by you of your personal details is required, you will be given the opportunity to amend your personal details at any time. The option to do this will ordinarily be available from the login page of our sites or other registration or user areas of the sites, particularly those where you may be asked to input your personal login or registration information (such as user name, password or other security data).
9.2 You may unsubscribe from any promotional information that we may send to you by using the unsubscribe function at the bottom of any e-mail you may receive of this nature or by visiting the appropriate website (which will contain a route for you to take action to unsubscribe yourself from such promotional information).