Privacy Policy
Privacy Policy - 18th March 2024
Introduction
The Iliad website and Marketplace provide a web-based e-commerce marketplace platform that allows participating customers, to access, solicit and place orders and proposals for purchase and receipt of Digital Twins and models of the Ocean data products and services, from vendors (that list, solicit and accept at such platform, orders and proposals for sale and provision of products and services (the “Service”). The Service is operated in connection with the implementation of the Iliad project and is operated by Blue Lobster IT Limited (UK), in its capacity as a partner in the Iliad project and manager of the Iliad website and Marketplace.
We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR).
This Privacy Policy (“Policy”) explains how we collect and use your information when you use the Service as a user of the ILIAD Marketplace, for purposes of reviewing possible or actual purchase of products or services ("User").
This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
Contact us
If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at digital@bluelobster.co.uk
What we collect and why
Scenario | Purposes | Categories of information processed |
|---|---|---|
Registering and creating your profile on our Service and payment information. | Providing you with the functionality of the Service and enable you to make payments; Contacting you regarding administrative issues related to the Services, this Policy, our Terms of Use, support and maintenance | Mobile phone number; email address; full name, payment information We refer to this as ''Registration Information''. Registering to the Service is mandatory, but you do not have a legal obligation to do so. |
Contacting us with an enquiry through our email; | Responding to your enquiry; our business development | Name, Organisation, Email address; the subject and text of your inquiry. We refer to this as “Enquiry Information”. |
Collecting information about your interaction with products and services available through Iliad Marketplace | Enabling you to evaluate and purchase of products and services from third-party vendors through the Iliad Marketplace We use your personal information to take and handle orders, track delivery of products and services, process payments, and communicate with you about orders, products and services, and promotional offers Information as to products and services ordered by vendors through the Iliad Marketplace | Information as to products and services ordered by vendors through the Iliad Marketplace |
Providing us with your feedback and reviews | Responding to your feedback and reviews; our business development | Email address; the contents of the feedback or review. We refer to this as “Feedback”. |
Use of cookies on the Service | Facilitate a Service feature that the user specifically requested; analyse the Service usage to evaluate and improve its performance; improve user experience on the Service; inform and serve personalised ads more relevant to user interests | IP address from which you access the Service, time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service |
Methods and sources for collecting your personal information
We collect the personal information from several sources:
- Directly from you when you register to our Service, when you provide us with your feedback or when you contact us with an enquiry.
- From our service providers helping us to operate the Service.
- From third party vendors who offer and sell products and services through the Iliad Marketplace.
- Through the device you use to access our Service, including through third party cookies and analytics tools, such as Google Analytics;
You are not legally obligated to provide us with your personal information, but if you choose not to do so, we will not be able to fulfil your request to register or to use our Service functionalities, or handle or respond to your enquiry and feedback.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
Scenario | Purposes | Third parties involved |
|---|---|---|
We will share your information with our service providers who assist us with the internal operations of the Service. These companies are authorised to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes | Operating the Service and our business | MongoDB; Google Web services |
We will share your information with third parties who are offering for sale and selling products or services through the Iliad Marketplace | Facilitating your purchase of products and services from vendors through the Iliad Marketplace We use your personal information to take and handle orders, track delivery of products and services, process payments, and communicate with you about orders, products and services, and promotional offers | Third parties who are offering for sale and selling products or services through the Iliad Marketplace |
If you abused your rights to use the Service or violated any applicable law while doing business with us | Responding to, handling, and mitigating suspected violations of law in connection with our business | Competent authorities, legal counsels, and advisors |
If a judicial, governmental, or regulatory authority requires us to disclose your information | Complying with a binding request from a competent authority | Competent authorities |
If the operation of the Service or our business is organised within a different framework, or through another legal structure or entity | Enabling a structural change in the operation of the Service and our business. | The target entity of the merger or acquisition, legal counsels, and advisors |
Data retention and security
We retain your information for as long as needed to operate the Service, and thereafter as needed for record-keeping matters.
We will retain your information for as long as needed to operate the Service. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 10 years.
We implement measures to secure your information
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information, such as WAF, anti-malware, MFA, SSH, data encryption and more. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
Additional information for individuals in EU and UK
Controller, GDPR and UK representatives
Blue Lobster IT Limited is the data controller of your personal information collected via the Service.
Name | Address | EU GDPR Representative | UK GDPR Representative |
|---|---|---|---|
Blue Lobster IT Limited (UK) | Mynachlog, Tyn y Gongl, Gwynedd, LL74 8SG, UK. | Simon Keeble | Simon Keeble |
International data transfers
To facilitate processing your information through the Service and by our service providers, we will transfer your information also to countries. We do so under an adequacy decision or under the terms of a data transfer agreement which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
Legal basis for processing your personal data
Purpose or Scenario | Legal Basis |
|---|---|
Registering to our Service | Our legitimate interests in providing you with the Service you requested, contacting you regarding administrative issues related to the Service, this Policy or our Terms of Use, or providing you with support and maintenance. |
Responding to your enquiry | Our legitimate interests in responding to your enquiry. |
Responding to your feedback and reviews | Our legitimate interest in developing and enhancing our business and the Service; responding to your feedback or reviews. |
Use of analytical information on the Service | Our legitimate interest in developing and enhancing our business and the Service. |
Responding to, handling, and mitigating suspected violations of law in connection with our business | Our legitimate interests in defending and enforcing against violations and breaches that are harmful to our business. |
Complying with a binding request from a competent authority | Our legitimate interests in complying with mandatory legal requirements imposed on us. |
Enabling a structural change in the operation of the Service and our business | Our legitimate interests in our business continuity. |
Data subject rights
If you are in the EU or the UK, you have the following rights under the GDPR:
- Right to Access and receive a copy of your personal information that we process.
- Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
- Right to easily and at any time withdraw your consent to us processing your personal data to email you marketing materials and our newsletter. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to easily and at any time withdraw your consent to the use of non-essential cookies on our Service. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
- Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
- Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
- Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
- Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such a request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defence of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
- When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. If we are not able to provide you with the information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work, or place of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.