Bulletproof privacy notice

When do we collect information about you?

• Information you give us. You may provide Personal Information when you: (i) access Bulletproof’s website, (ii) request, purchase and use a service from us, (iii) communicate with Bulletproof via phone calls (which may be recorded), chat, email, web forms, social media and other methods of communication, (iv) subscribe to Bulletproof’s marketing material, (v) attend our events, or (vi) provide services to Bulletproof.
• Information we collect about you via automated means. Each time you visit our website, view a Bulletproof advertisement on a third party-owned website or read a Bulletproof marketing email, we may automatically collect information about you via cookies, web beacons and other similar technologies. You can find out more about this in our Cookies Notice.
• Email communication. We use pixel tags and cookies in our marketing emails so that we can track your interaction with those messages. We use tools like pixel tags and cookies so that we can determine interest in particular topics and measure and improve the effectiveness of our communications.
• Information we receive from other sources.Some services that we provide require the involvement of third parties. We have carefully selected these third parties and taken steps to ensure that the Personal Information is adequately protected. The third parties may include business partners, suppliers, sub-contractors, advertisers (we do not disclose information about identifiable individuals to our advertisers, but will provide them with aggregate information to help us serve more relevant advertisements to a cohort of visitors and/or customers on various advertising platforms) analytics, search engine providers, evaluation companies.
• Social Media Platforms. We may receive certain information that’s stored or processed by third parties, such as the social media sites Twitter® and LinkedIn® when you interact with us through these social media platforms.

The types of data we collect

Contact Information includes your name, company name, job title, telephone numbers, fax numbers, postal addresses, email addresses, or other addresses at which you receive communications from or on behalf of Bulletproof.

Transactional Information includes information about the Services you use, and how you interact with us and the Services.

Information collected by Automated Means includes information that Bulletproof collects through commonly used information-gathering tools, such as cookies and web beacons. Such information includes standard information from your web browser (such as browser type and browser language) and your Internet Protocol (“IP”) address.

Why we collect your personal information

We collect and use your Personal Information because it is necessary to obtain certain details including Personal Information from you in providing you with the service you have requested and it is in our legitimate interests in the course of operating our business, including:

• Providing the requested service and/or information to you.
• Responding to your queries.
• Transmitting Personal Information between our functions for internal administrative purposes.
• Hosting and maintaining our websites.
• Ensuring network and information security.
• Carrying out direct marketing.
• Ensuring the quality of the service we provide and the accuracy of the information collected from you.

How we use your information

Unless otherwise stated herein, we use your information for providing you the Services that you have requested from us, as referred below:

• To contact you. We use your Contact Information to get in touch with you. Here are some examples of reasons why we might contact you to: communicate with you about your orders or the Services you use; conduct surveys; send you announcements about the Services; notify you about our upcoming events; administer surveys, sweepstakes, contests, or other promotional activities or events sponsored by us or our business partners.
• For marketing purposes. We use your Contact Information to recommend products and services that might be of interest to you, to send you marketing and advertising messages such as newsletters, announcements, or special offers or to notify you about our upcoming events. To provide you with marketing communications is not essential for the maintenance or existence of the legal relationship we may have with you at a certain point; thus, you may opt-out from receiving such communications.

You are entitled to opt-out from receipt of marketing communication at any time and free of charge by using the "unsubscribe" option included in any marketing e-mail or other marketing material received from us.

Your decision to opt-out from our marketing communications will not affect your ability to continue receiving the Services from us.

• To provide the Services to you, we need the Required Contact Information, Transactional Information, and Billing Information to: process orders (including payments) for our Services; provide the Services to you; provide access to secure areas of our websites; create and maintain your account, and control access to it.
• To enable third parties to provide services to us, we may need to provide your Required Contact Information to third parties so that they may carry out technical, logistical or other functions on our behalf.
• To protect our business, we use information we collect to prevent or detect fraud or abuses of our websites and the Services, and to identify and protect our business from fraudulent transactions.
• To manage our everyday business needs, such as to: administer and manage our business; train our employees; help promote compliance with our terms of service or any other agreements between us; allow you to apply for a job; carry out research and development; carry out other purposes that are disclosed to you and to which you consent; or to comply with the law.

International transfers of your personal information

We may share or store your Personal Information with our third-party service providers based outside the European Economic Area (“EEA”) who we engage to help us, amongst other things, fulfil your order, process your payment details and the provision of support services. We only transfer your Personal Information outside of the EEA:

• Where the transfer is to a place that is regarded by the European Commission as providing adequate protection for your Personal Information.
• Where we have put in place appropriate safeguards, for example by using a contract for the transfer which contains specific data protection provisions that have been adopted by the European Commission or a relevant data protection authority. You can request a copy of these contracts by contacting us at: dpo@bulletproof.co.uk
• Where you have consented to it, or there is another legal basis to allow us to make the transfer.

How long do we store personal information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Security and confidentiality

We employ appropriate security measures to help protect your Personal Information and guard against access by unauthorised persons. Information storage is on our secure servers

Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask that you do not share passwords with anyone.

Unfortunately, the transmission of information via the Internet is not completely secure so we cannot guarantee the security of your information when it is transmitted to our website or from third party websites, any transmission is at your own risk, however we use strict procedures and security features to prevent unauthorised access.

The site may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, we cannot accept any responsibility or liability and you will have to agree to such company’s privacy notice. Please ensure you agree to such policies before submitting your personal data.

We acknowledge that the information you provide may be confidential. We do not sell, rent, distribute or otherwise make Personal Information commercially available to any third party, but we may share information with our service providers for the purposes set out in this Privacy Notice. We will keep your information confidential and protect it in accordance with our Privacy Notice and all applicable laws.

Your rights

You may withdraw your consent to receiving marketing at any time by changing your preference through your account. It is important to us that you are in control of your own information. As a result, we offer the following controls:

• You may request access to or copies of the Personal Information that we hold about you. If you would like to exercise this right, please contact us at dpo@bulletproof.co.uk or at Bulletproof’s registered address: Unit H Gateway 1000 Whittle Way, Arlington Business Park, Stevenage, Hertfordshire, SG1 2FP. You will not have to pay a fee to access your personal data. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in such circumstances.
• If you believe that any information we have about you is incorrect or incomplete, please contact us dpo@bulletproof.co.uk as soon as possible. We will take steps to seek to correct or update any information if we are satisfied that the information we hold is inaccurate. You may request that we restrict our processing.
• You may request that your Personal Information be deleted, where it is no longer necessary for the purposes for which it is being processed and provided there is no other lawful basis for which we may continue to process such information.
• To the extent we are processing your Personal Information to meet our legitimate interests (as set out above), you may object to the processing of your Personal Information by us. If we are unable to demonstrate our legitimate grounds for that processing, we will no longer process your Personal Information for those purposes.
• You may object to our processing as set out above.
• You may withdraw any consent given to processing.
• Where we are processing your Personal Information automatically for the purposes of performing our contract with you, you may have the right to request that the Personal Information we hold about you be transferred to a third-party data controller.

Please contact dpo@bulletproof.co.uk and we will assist you and provide you with all rights to which you are entitled in relation to your Personal Information under applicable data protection law.

If you are unhappy with the way that we have handled your Personal Information, you can make a complaint to the Information Commissioners Office (ICO) which is the UK authority responsible for data protection. Contact details are available online, or alternatively please ask us on dpo@bulletproof.co.uk