Icebreaker One privacy notice
This notice explains what personal information we collect, how it is used and shared. It applies to users of this website, our customers and clients.
This privacy notice was created on: 2019-08-16
Last updated: 2019-10-10
About us and how to get in touch
How do we get your personal information?
For what purposes do we use your information?
What is the legal basis for using this information?
How do I unsubscribe or withdraw consent?
What are my data protection rights?
Can I get a copy of the information you’ve collected about me?
Can I amend information you’ve collected about me?
Can you delete my information?
Can you restrict the processing of my information?
Can I object to you processing my information?
Do you use any automated decision making or profiling?
How long do you keep data for?
How is my information stored, transferred and kept secure?
How to complain
Icebreaker One is the controller of the personal information we process unless otherwise stated.
We are a Limited by Guarantee Company registered in England and Wales at Companies House. Registration number: 12156788.
For data protection and privacy we are regulated by the UK’s Information Commissioner’s Office. Reference number: ZA546762.
You can contact us regarding your rights and this privacy notice by:
Post: Data Controller, Icebreaker One Ltd, 16 Wapping High Street, London E1W 1NG
Most of the personal information we process is provided to us directly by you for one of the following reasons:
We may also receive information about you indirectly, in the following scenarios:
We collect some information about you automatically in the following ways:
We use the personal information we collect to provide our services, to improve and optimise what we do, to protect you and Icebreaker One.
We may use this information to:
The lawful bases we rely upon for processing your data are:
Contractual obligation - if you ask us to do something before entering into a contract, and for providing products and services under contract - such as a membership agreement or contracted project.
Legitimate interests - where you are a partner, client or member we may use this lawful basis, where you’d reasonably expect us to get in touch beyond the direct contract - such as to update you with relevant news and information or new products or services that might be of interest to you. Where we use this basis we will test the purpose, necessity and balance of rights for using it.
Consent - for example, if you would like to receive newsletters from us and are not an existing or prospective partner, client or member; or where used, to manage cookies that are not strictly necessary.
If you receive an email newsletter or invite from us we provide a way to unsubscribe in every email.
If you have consented to some of our cookies to be placed on your browser, you may opt-out at any time.
If you are a member of one of our WhatsApp groups, using the WhatsApp settings for the group you can mute conversations so that you don’t get notified for every message, or you can remove yourself from the group.
For rights requests please contact firstname.lastname@example.org.
Yes. You have the right to ask us to confirm if we are processing your personal data, for copies of your personal information, and supplementary information.
We try to keep our records up to date, but if we’ve got it wrong or your details have changed let us know. You also have the right to ask us to complete information you think is incomplete.
Yes. However, please note that this right only applies in some circumstances. For example, there are some records which contain personal information that we are required to keep for other regulatory reasons, such as for finance and tax. Such records will not be deleted until seven years after the end of the contract with you.
This right applies only in some circumstances. When we receive a request for processing to be restricted we are permitted to store the personal data, but we cannot use it. For example, you might request your information to be restricted in order to establish, exercise or defend a legal claim or if you think we’ve unlawfully processed your data but you do not wish us to delete it.
This right applies to you if we have used your data under the lawful basis of “legitimate interests”. For example, if you are a customer and we have used your information to get in touch with you about new products, you can object to us doing so.
Can I ask you to move, copy or transfer my personal data from us to elsewhere?
This right is often referred to as “data portability”. This right applies only to personal information you have provided to us about you, for example orders you have made.
When moving, sending you a copy or transferring this data we will only do so in a secure manner using a structured, commonly used and machine readable format.
Find out more about your data rights.
Find out more about time limits for responding to data rights requests.
We do not store your data longer than necessary. We regularly review our records to remove or anonymise data if it should no longer be retained. The criteria we use for this is:
Some records we are required to retain by law for certain lengths of time. These include for tax and employment purposes.
To manage our business we use a number of third party services who process your data on our behalf. This is for tasks such as to operate our email, host this website, manage documents, process orders and communicate with clients.
These services cannot share your data with anyone. The website servers we use are located in the EU and USA. Where a company is not based in the UK or European Economic Area (EEA), or where data may be transferred outside the EEA, we have put in place agreements to ensure that your data is processed as per European law.
Third party suppliers include: Google, Mailchimp, Santander, Xero.
Wherever we can, we protect data in our systems with strong encryption, both when the data is at rest and when it is being transferred. We only allow access to our systems via strong authentication protocols, such as TLS and ssh, and administrative access is limited to key individuals. Where possible, we use two-factor authentication for all access.
We act on relevant security advisories to minimize the risk to our systems and the data they contain.
We choose system suppliers who implement appropriate technical and organisational measures that are at least as good as our own.
We may retain and disclose your personal information if legally required to do so. For example, if required by law or by a Court order or if we believe that action is necessary to prevent fraud or cyber-crime or to protect Icebreaker One or the rights, property or personal safety of any person.
All such requests are assessed and we will challenge the basis of the request if it is not made by an officer with proper authority, the request lacks a proper statutory basis or appears too broad or vague as to its scope or purpose.
If we have been unable to resolve a query relating to this privacy notice, or if you are unhappy with how we have used your data, you can also contact the UK’s Information Commissioner’s Office:
Information Commissioner’s Office
Helpline number: 0303 123 1113