Introduction
We Make Waves and its subsidiaries and affiliates are committed to protecting your privacy and safeguarding your personal data. This Privacy Policy explains how we collect, use, process, share, and store your personal information. It also outlines your rights and the choices available to you.
This policy applies to all personal data we process, whether it is in hardcopy or digital form, through websites, apps, or other services we provide. Our websites may contain links to other websites. Please note that we are not responsible for the privacy practices of these external websites.
What Personal Information Do We Process?
We collect personal data about you when:
You engage with us directly, e.g., by purchasing our services or making a payment.
You interact with our websites or apps (including via cookies).
You contact us via phone, email, or social media.
The information we collect may include:
Personal and Contact Details: Name, address, email address, phone number, date of birth, gender.
Account Information: Usernames and passwords.
Financial Information: Payment details.
Other Information: Customer data, employee data, or data relating to services you have requested.
Cookies and Website Usage
Our websites use cookies to enhance user experience and functionality. Cookies help us distinguish you from other users and improve security, functionality, and content. When you use our website, you consent to the use of cookies, unless you opt out.
You will always have the choice to opt into marketing communications, and we ensure that any language used for consent is clear and transparent.
Data Collection from Third Parties
We may also collect information from third parties, such as social media platforms, mailing lists, and service providers, as part of our business operations. All third-party data will be gathered in compliance with the UK GDPR. We ensure that any data received from third-party sources has been lawfully obtained and processed.
Children’s Data
Our services are not intended for individuals under 13 years of age, and we do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will promptly delete it.
How Do We Use Your Information?
We use your personal data for the following purposes:
To provide and manage the services or products you have requested.
To process transactions, payments, and orders.
To improve our websites and services based on usage patterns.
To communicate with you, including responding to queries or providing customer support.
To send you marketing communications, where you have explicitly opted in.
We also process non-personal data (e.g., browser types, and aggregated statistics) to help improve our services. You can opt out of these uses if you wish.
Data Retention
We retain your personal information only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law. For example:
Financial data may be kept for up to 7 years in line with legal obligations.
Other personal data will be deleted or anonymised when no longer needed.
You can request more information on our data retention periods by contacting us.
How Do We Share Your Information?
We may share your personal data with trusted third parties to help deliver our services, including:
Service providers: e.g., payment processors, website hosting services, marketing platforms (e.g., Mailchimp, Facebook Ads).
Business partners: as part of joint collaborations or services provided to clients.
Legal or regulatory bodies: if required to comply with legal obligations, such as fraud prevention or credit checks.
We ensure that these third parties adhere to strict privacy and security standards when handling your data. Data transfers outside the UK or EEA are conducted with appropriate safeguards, such as Standard Contractual Clauses, to ensure your rights are protected.
In the event of a business transition, such as a merger or acquisition, your personal data may be part of the assets transferred.
Data Security
We implement appropriate technical and organisational measures to protect your personal data from unauthorised access, loss, or misuse. This includes using encryption for data transmission, secure servers, and regular security audits.
However, no transmission of data over the internet can be guaranteed to be completely secure. While we do our best to protect your data, any transmission is at your own risk.
Your Rights Under the UK GDPR
As a UK resident, you have the following rights regarding your personal data:
Right of Access: You can request a copy of the personal data we hold about you.
Right to Rectification: If your data is inaccurate or incomplete, you can ask us to correct it.
Right to Erasure (Right to be Forgotten): You can request that we delete your personal data, subject to legal or legitimate obligations.
Right to Restrict Processing: In certain cases, you can ask us to limit how we use your data.
Right to Data Portability: You can request a copy of your personal data in a machine-readable format for transfer to another service provider.
Right to Object: You can object to the processing of your data for direct marketing or certain other purposes.
Right to Withdraw Consent: If we are processing your data based on consent, you can withdraw your consent at any time.
To exercise any of these rights, you can contact us at [insert contact details]. We will respond to your request within one month, as required by law.
Data Breach Notification
In the unlikely event of a data breach that compromises your personal data, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware, where required by law. If the breach is likely to result in a high risk to your rights and freedoms, we will also inform you directly.
Automated Decision-Making and Profiling
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you. Should this change, we will update this policy and notify you accordingly.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we do, we will post the updated version on our website and, where appropriate, notify you via email. Please check back periodically to stay informed about any changes.