Capillary Technologies Privacy and Cookies

Policy

Last Updated: 6 December 2023

Capillary Technologies Europe Limited ("Capillary Technologies”, “we", "us", "our") respects your

privacy and is committed to protecting your personal data. This privacy and cookies policy will inform

you as to how we look after your personal data when you visit our website (regardless of where you visit

it from) and tell you about your privacy rights and how the law protects you. This privacy and cookies

policy is provided in a layered format so you can click through to the speciﬁc areas set out below.

1. About Capillary Technologies and this Privacy and Cookies Policy

2. Data we collect

2.1 How we use your data

2.2 Data where we need your consent

2.3 Processing for legitimate business purposes

3. Why we share your data

3.1 Sharing your data with partners and selected third parties

3.2 Sharing your data within the Capillary Technologies Europe Limited

3.3 Sharing your data with others

3.4 Sharing your data for compliance purposes

4. Cookies and Automatic information

4.1 How we use information we collect through cookies

4.2 More information about cookies

4.3 How we use cookies

4.4 How we use third party cookies for advertising and re-targeting purposes

4.5 Google Analytics

4.6 Web Beacons

4.7 Logﬁles and Internet Protocol (IP) Address

4.8 Third party websites using Cookies

4.9 Clickstream

5. Your rights

5.1 Right to rectiﬁcation

5.2 Right of access, restriction of processing and erasure

5.3 Right to object

6. Security

7. Other important information

7.1 Updates to this Policy

7.2 Transfers

7.3 Retention

7.4 Contact

1. About Capillary Technologies and this Privacy and Cookies Policy

Capillary Technologies is committed to protecting and respecting your privacy. We want you to know

how and why we use any personal data we collect from you, hold about you, you provide to us, or we

otherwise process. This Privacy and Cookies Policy will also explain the choices you have available to

you about your data. In providing your data to us or using our services or our websites you agree to this

Policy and accept the practices outlined in this Policy.

“Personal data” and “your data” mean any information about you which is personally identiﬁable or can

be related back to you such as your name, date of birth, credit or debit card numbers, address,

telephone number, email address, marketing preferences, service selections and queries.

This Policy covers the provision of all our consumer services, our websites and our interactions with you.

These include any services that you enrol in or otherwise subscribe to.

Please refer to your terms and conditions to understand whether we are the Data Controller or Data

Processor of your data.

If you have a concern about your data or a question about this Policy for our Data Protection Oﬃcer,

please contact them by email at guardians@capillarytech.com.

2. Data we collect

Capillary Technologies collects and uses your data for the purpose of providing you with the product

you have signed up to whilst ensuring you have a great and enjoyable experience.

You provide some of this data directly when you sign up to the product/service, via the telephone when

you call our customer service teams for support, when you communicate with us in writing by email or

post and whilst using the product/service.

It is up to you what data we collect and you may decline to provide us with your data. However, if you

choose not to provide us with your data which is necessary to provide you with the product/ service, you

will not be able to use that product/service.

We will only use your personal data when the law allows us to. Most commonly, we will use your

personal data in the following circumstances:

● Where we need to perform the contract we are about to enter into or have entered into with

you.

● Where it is necessary for our legitimate interests (or those of a third party) and your interests

and fundamental rights do not override those interests (Legitimate Business Purpose).

● Where we need to comply with a legal or regulatory obligation.

● Where you have provided your consent.

2.1 How we use your data

The data we collect will depend on the type of product/service you sign up to and the features you use,

your interactions with us, whether you are paying us for the service or receiving the service through a

package oﬀered by one of our partners and the preferences you select. The data we collect for the

provision of products/services may include the following:

● Name and contact data necessary to authenticate your identity, register you to receive the

relevant services including, where applicable, co-ordinating with other partners or relevant

third parties to provide such services and the day to day servicing of your membership. Without

it, we will not be able to sign you up and/or provide you access to use the product or service. In

addition, this data is necessary to detect and if necessary withhold you from re-enrolling in a

product/service where your membership/policy was terminated due to a breach of terms of use

such as misuse of the product/service or fraudulent activity. The speciﬁc legal ground we are

processing your personal data on is under performance of a contract with you.

○ The type of data we would collect include ﬁrst name and last name, postal address,

email address, telephone/mobile number, date of birth and other similar contact data.

○ Partners and relevant third parties include credit reference agencies, ﬁnancial

institutions such as your bank and the partner you used to sign up to the

product/service.

○ Day to day servicing of your membership includes communications about order

conﬁrmations, beneﬁt reminders associated with your product/service, renewal notice/

expiry notice, payment issues and maintenance issues.

● Payment data necessary in order to process your payment for the product/service you have

signed up for. Without it, we will not be able to enrol you and/or provide you access to use the

product or service (unless you are receiving the service through a package oﬀered by one of our

partners). In addition, this data is necessary to detect and if necessary withhold you from

reenrolling in a product/service where your membership/policy was terminated due to a breach

of terms of use such as misuse of the product/service or fraudulent activity. The speciﬁc legal

ground we are processing your personal data on is under performance of a contract with you.

○ This may include credit or debit card numbers, expiry date and the associated security

code. We will not store your associated security code (CVV) so you will have to re-enter

this for any future transactions.

● Feedback data where we will process your data for certain legitimate business purposes to

improve our products and services for your continued enjoyment and to assist in the

development of new products and services based on your feedback.

○ This may be through comments and reviews you have left for the product/service,

surveys, updates to your information such as the way you prefer to be contacted, or

through the questions and information you provide to our customer service desk

whether through phone or email.

○ We may also use your data to conduct market research by asking you to participate in a

survey about topical issues, conducted by us, our partners or third parties. If you receive

a survey from us, we will always tell you how any information you provide in the survey

will be used. If you receive a survey from our partner or selected third party, please read

their privacy notice/policy before submitting any of your data.

○ Participation in surveys is voluntary and it is up to you whether to take part.

● Demographic data necessary to ensure you are old enough to use the product/service and in a

country where we oﬀer the product/service. Without it, we will not be able to sign you up and/or

provide you access to use the product or service. There may be instances where demographic

data is optional and this will be made clear to you if we ask for this data. If it is optional, and you

have provided us with such data, we will process it in order to provide you with information

about your product/service such as price changes due to your age or location or to send you

notiﬁcations if you are using the product/service whilst in a diﬀerent country.

○ This may include your age, country or gender.

● Data about Children only when it is necessary for the product/service and you have provided it

to us. This data will not be used for any other purpose other than to provide you the full beneﬁt

of the product/service such as the protection of your child’s bank card, cover for your child

under insurance products or for travel services such as ﬂights, hotels or cruises. Our products

are services and not available to be taken out by persons under the age of 18. The speciﬁc legal

ground we are processing your personal data on is under performance of a contract with you.

● Call recording data where we may collect your data if we record or monitor calls by you to our

customer service desks. We will process your data for legitimate business purposes namely

quality assurance and training purposes and to ensure we have collected and recorded any

consent you provide over the phone. We will always inform you if such recording or monitoring

is taking place.

● Anonymised data and Aggregated data – anonymisation is the process of converting personal

data to anonymised data so that it does not identify you or any individual and will not allow you

or any individual to be identiﬁed through its combination with other data. We collect, use and

share aggregated data such as statistical or demographic data for any purpose. Aggregated

data may be derived from your personal data but it is not considered personal data in law as this

data does not directly or indirectly reveal your identity. In addition to the way we process your

data explained above, we will use anonymised data and aggregated data to improve the quality

of our existing products/services, develop new features, products/services and for overall

research purposes. An example would be where we aggregate your data on how often you use

the product/service to calculate the percentage of users accessing a speciﬁc website feature. As

this data is anonymised and does not identify you, we may share this data with Capillary

Technologies controlled aﬃliates, subsidiaries and our parent company as well as third parties

and partners. However, if we combine or connect aggregated data with your personal data so

that it can directly or indirectly identify you, we treat the combined data as personal data which

will be used in accordance with this privacy policy.

We will also use your data to form a view on what we think you may want or need, or what may be of

interest to you. This is how we decide which products, services and oﬀers may be relevant for you. You

will receive marketing communications from us about similar products and services if you have

requested information from us or purchased goods or services from us or if you provided us with your

details when you entered a competition or registered for a promotion and, in each case, you have not

opted out of receiving that marketing by clicking the unsubscribe link in the email or SMS.

2.2 Data where we need your consent

We will ask you for your express opt-in consent before we share your personal data with any company

outside Capillary Technologies controlled aﬃliates, subsidiaries and our parent company for marketing

purposes. We will provide you with more information about the categories of these companies at the

time of asking you for your express opt-in consent. This will typically be for products/services oﬀered by

other companies which may be of interest to you based on the product/service you have with us or may

be for another purpose which will also be made clear to you at the time of obtaining your express opt-in

consent.

We will also ask you for your express opt-in consent before we send you marketing communications

about our products/services that are not similar to what you currently have with us.

If you provide your explicit opt-in consent to receive such marketing communications, we may provide

you with further options where you can choose how to receive it, such as email, SMS, physical mail or

telephone and the frequency of such marketing communications. If you have provided your explicit

consent to receive marketing communications but later change your mind, you can edit your

preferences on how you receive them, how often you receive them or even stop receiving them

altogether.You can amend your preferences via the Premier App by going to ‘My Settings’ and toggling

your marketing preferences on or oﬀ.

2.3 Processing for Legitimate Business Purposes

We explain throughout the Policy when and why we process your data for a legitimate business

purpose. A legitimate business purposes means the interests of Capillary Technologies in conducting

and managing our business to enable us to give you the best products and services and the best and

most secure experience. We make sure we consider and balance any potential impact on you (both

positive and negative) and your rights before we process your personal data for our legitimate interests.

We do not use your personal data for activities where our interests are overridden by the impact on you

(unless we have your consent or are otherwise required or permitted to by law). You have the right to

object to this processing if you wish and if you wish to do so please contact our Data Protection Oﬃcer

at guardians@capillarytech.com. If you do object, this may aﬀect our ability to carry out the tasks for

your beneﬁt where we are processing your data for a legitimate business purpose.

3. Why we share your data

We may share your data if it is necessary to do so in order to provide you with your product/service, if

we have a legitimate business purpose for doing so, or if you have given us your explicit consent to do

this.

Please note that when you are redirected to a partner or third party website from our website, if you

provide personal data to any of those partners or third parties, your data will be governed by their

privacy statement/policy. You should read their privacy statement/policy before you submit any of your

data to their websites.

3.1 Sharing your data with partners and selected third parties

The entities we will share your data with include selected third parties such as your bank, credit card

provider, credit agencies, insurers so they can process your payment or provide other ﬁnancial services

(i.e. fraud prevention) or travel related organisations such as airlines, hotels, cruise organisers or

providers of airport parking/lounge services. We will share your data with partners to enable us to

provide you with the product/service in connection with purchases you have made with that partner

(i.e. the provider you have booked your event tickets with, the online retailer you have made a purchase

from, the marketing partner or other partner that signed you up to our product/service or any other

partner relevant to your product/service).

Additionally, third party providers of information security services will have access to your data for the

purposes of monitoring our networks and websites to help keep your data secure. This processing is

undertaken for legitimate business purposes.

3.2 Sharing your data within Capillary Technologies

We may share your data among Capillary Technologies controlled aﬃliates, subsidiaries and our parent

company throughout the world who are acting as our data processor and only processing your data

according to our instructions for legitimate business purposes. We will do this in order to process

transactions and ensure you are able to use the product/service. Your data is still protected in the same

manner as set out in this Policy in line with applicable laws. Go to

https://ico.org.uk/for-organisations/data-protection-and-the-eu to understand our position on the

transfer of data outside of the European Economic Area.

3.3 Sharing your data with others

We may ask your card issuer to update us with any changes to the information they have provided to us,

for example, by providing us with any updated or new card numbers or expiry dates. This is necessary to

ensure a smooth transition for your continued enjoyment of the product/service especially for

products/services where you receive cyber security and fraud detection services.

3.4 Sharing your data for compliance purposes

Additionally we reserve the right to access and disclose your information in order to comply with

applicable laws, to comply with lawful requests from governments, law enforcement agencies or parties

whose request we reasonably consider to be justiﬁed in connection with any allegations by any party

about your abuse of our services, to operate our systems properly or to protect ourselves or our users

from any of the scenarios mentioned in this section This includes protecting the rights of Capillary

Technologies through the enforcement of the terms governing the product/service and protecting our

customers from spam or activity which may defraud users of our product/service.

4. Cookies and Automatic Information

This section of the Policy sets out how we use cookies and similar technologies (“cookies”) on and in

connection with this site. Cookies are text ﬁles containing small amounts of information which are

downloaded by your internet browser and stored on your PC/Mac or other device when you visit a

website.

4.1 How we use information we collect through cookies

We store information that we collect through cookies, log ﬁles, clear gifs, and/or third party sources to

create a summary of your preferences. We tie your personally identiﬁable data, and/or your

membership usage history in order to provide tailored promotions and marketing oﬀers, to improve the

content of the site for you and/or to determine your preferences. We may match information collected

from you through diﬀerent means or at diﬀerent times, including, for example, information collected

online and oﬄine, and use such information along with information obtained from other sources,

including third parties. To do this, it is often necessary to share this information with carefully selected

vendors and partners we work with, such as companies that perform marketing services and other

business operations for us.

4.2 More information about cookies

We use strictly necessary cookies – these cookies are essential, as they enable you to move around our

website and use its features. Without these cookies, services you’ve asked for (such as completing an

application form or logging into a secure area of our website) can’t be provided.

In particular, we use session and persistent cookies on this site. A session ID cookie expires when you

close your browser. A persistent cookie remains on your hard drive for an extended period of time. You

can remove persistent cookies and reject persistent and session cookies by following the directions

provided in your Internet browser’s “help” ﬁle or by visiting www.allaboutcookies.org. If you reject

persistent or session cookies, you may still use our site, but you may not be able to access all the site’s

functionality or your access may be limited.

We are continually looking to adopt and implement new practices and technologies in order that we

may improve your user experience. We may update this Cookies Policy from time to time with details of

new cookies.

Details of the cookies we currently use on this website and mobile apps are shown below:

SDK Name

SDK Description

Strictly

necessary

@react-native-async-storage/a

sync-storage

An asynchronous, unencrypted, persistent,

key-value storage system for React Native.

@react-native-community/coo

kies

A website cookie manager for React Native

Webviews

@react-native-community/neti

nfo

React Native Network Info API for Android, iOS,

macOS & Windows. It allows you to get information

on connection type and connection quality.

@react-native-community/pus

h-notiﬁcation-ios

React Native Push Notiﬁcation API for iOS.

axios

A promise based HTTP client for the browser and

node.js

Core Graphics

The Core Graphics framework is based on the

Quartz advanced drawing engine. It provides

low-level, lightweight 2D rendering with unmatched

output ﬁdelity..

Core Image

Core Image is an image processing and analysis

technology that provides high-performance

processing for still and video images.

dayjs

A minimalist JavaScript library that parses,

validates, manipulates, and displays dates and

times for modern browsers with a largely

Moment.js-compatible API.

Exponea Push Notiﬁcations

A remote notiﬁcation service to deliver push

notiﬁcations to clients.

formik

Used to build forms in React.

Image I/O

The Image I/O programming interface framework

allows applications to read and write most image

ﬁle formats.

Local Authentication

Authenticate users biometrically or with a

passphrase they already know.

moment

A JavaScript date library for parsing, validating,

manipulating, and formatting dates.

react

A JavaScript library for building user interfaces.

react-native

Used to create native apps for Android and iOS

using React.

react-native-add-calendar-eve

This package allows you to start an activity

(Android) or show a modal window (iOS) for adding,

viewing or editing events in the device's calendar.

react-native-date-picker

A cross platform date picker component for android

and ios.

react-native-device-info

Device Information for React Native.

react-native-fast-image

A library that handles loading pictures at a very fast

speed.

react-native-gesture-handler

React Native Gesture Handler provides

native-driven gesture management APIs for

building best possible touch-based experiences in

React Native.

react-native-keyboard-aware-s

croll-view

A ScrollView component that handles keyboard

appearance and automatically scrolls to focused

TextInput.

react-native-keychain

A library to store sensitive data in native encrypted

keychain.

react-native-linear-gradient

A library that allows gradients on buttons.

react-native-modal

A library that allows an enhanced, animated and

customizable react-native modal.

react-native-push-notiﬁcation

React Native Local and Remote Notiﬁcations for

iOS and Android.

react-native-reanimated

For Animations - a more comprehensive, low level

abstraction for the Animated library API to be built

on top of and hence allow for much greater

ﬂexibility especially when it comes to gesture based

interactions.

react-native-restart

Allows developers to reload the app bundle during

app runtime.

react-native-safe-area-context

A ﬂexible way to handle safe area, which is the area

on the top and bottom of the notched iPhones.

react-native-screens

This library exposes native navigation container

components to React Native.

react-native-splash-screen

A splash screen API for react-native which can

programmatically hide and show the splash screen.

Works on iOS and Android.

react-native-webview

A cross-platform WebView for React Native needed

to display websites in the app.

react-navigation

Provides routing and navigation for your React

Native apps.

react-navigation-drawer

A component that allows a “drawer” or “burger

menu” item that the user can interact with.

react-navigation-stack

A stack navigator for use on iOS and Android.

react-navigation-tabs

A component for displaying the tab bar on the

bottom of the app.

rn-fetch-blob

A library that makes ﬁle access and data transfer

easier and more eﬃcient for React Native

developers.

tenerity-cookie-popup-mobile-

sdk

OneTrust SDK is used to show a Privacy Banner and

Preference Centre to collect and save users' consent

as per privacy regulations.

UIKit

The UIKit framework provides the required

infrastructure for your iOS or tvOS apps.

yub

A library to deﬁne and create schema objects.

Performance

Firebase Crashlytics

A tool to track, prioritize and ﬁx crashes faster.

Firebase Performance

Allows capturing length of time spent on page and

api call length in order to better the performance of

the application.

Matamo

A powerful web analytics platform.

4.3 How we use cookies

We use cookies to:

● remember choices you have made and personalise your use of the site;

● store your password(s) for and keep you logged into the site so that you don’t have to enter

passwords more than once per visit;

● remember and recognise you on subsequent visits to the site;

● identify how you use this site, including tracking how you use the site, such as information on

where you came from, what content you viewed on the site, and the duration of your visit;

● deliver content and advertising more relevant to you and your interests. This allows us to serve

you more relevant content and advertising when you use our products and services and not to

serve you content or oﬀers you may already have opted-out of. This includes cookies used by

advertising networks, which may be subject to a separate privacy policy on how the advertising

network uses information they collect. Please see the How we use third party cookies for

advertising and re-targeting purposes below for further information. We link the information

we obtain from or store in cookies to any data we gather about you (see How we use

information we collect through cookies above).

4.4 How we use third party cookies for advertising and re-targeting purposes

We may also use cookies to enable the use of advertising technology to serve you advertisements that

we feel may be relevant to you when you visit search engines, our site and/or third party sites upon

which we advertise. This technology uses information about your previous visits to our site and the third

party sites upon which we advertise to tailor advertising to you. In the course of serving these

advertisements, a unique third-party cookie may be placed or recognised on your browser to enable us

to recognise you

4.5 Google Analytics

This site also uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google

Analytics uses cookies to help analyse how visitors use the site. Information about your use of this site

(including your IP address) will be transmitted to and stored by Google on servers in the US, and Google

will use this information to evaluate your use of the site, compile reports on website activity for us, and

provide other services relating to website activity and internet usage, but will not associate your IP

address with any other data held by Google. For more information on the use of Google Analytics visit:

http://www.google.co.uk/intl/en/analytics/privacyoverview.html To opt out of Google Analytics, visit

https://tools.google.com/dlpage/gaoptout?

4.6 Web Beacons

We use web beacons, provided by our ad serving partner, to help manage our online advertising. These

web beacons allow us and/or our ad serving partner to access individual cookies when a browser visits

the site. This allows us to identify which advertisements or listings served by our ad serving partner

bring users to our website. Web beacons are tiny graphics with a unique identiﬁer, similar in function to

cookies, and are used to track the online movements of web users. In contrast to cookies, which are

stored on a user’s computer hard drive, clear gifs are embedded invisibly on webpages and are about

the size of the period at the end of this sentence. We link the information gathered by clear gifs to your

data (see How we use information we collect through cookies above).

4.7 Log ﬁles and Internet Protocol (IP) Address

Like many websites, we gather certain information relating to website use automatically and store it in

log ﬁles. This information includes internet protocol (IP) addresses, browser type, internet service

provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use

this information, which does not by itself identify individual users, to analyse trends, to administer the

site, to track users’ movements around the site and to gather demographic information about our user

base as a whole. After collection, during our processing of the data, we link this automatically-collected

data to the data we hold about you.

Where you are using our websites, we may use your IP address to help diagnose problems with our

server and to administer our website. Your IP address may also be used to help identify you for the

duration of a session and to gather broad demographic information. Your IP address will never be linked

to any personally identiﬁable data unless you are in the process of making a purchase, in which case the

link between this information will terminate upon your ﬁnal purchase.

4.8 Third party websites using Cookies

Our websites may contain links to third party websites some of which may also use cookies. This Policy

does not cover third party websites which will be subject to their own privacy and cookies policies.

Capillary Technologies does not have access to or control over cookies or other features used by such

sites. Please contact them directly for more information about their privacy practices.

4.9 Clickstream

As you use the internet, a trail of electronic information is left at each website you visit. This

information, which is sometimes referred to as “clickstream data”, can be collected and stored by a

website’s server. Clickstream data can tell us the type of computer and browsing software you use, the

address of the website from which you linked to our website, and, in some instances, your email

address. We may use clickstream data to determine how much time visitors spend on each page of our

site, how visitors navigate throughout the site and how we may tailor our web pages to better meet the

needs of visitors. This information will only be used to improve our websites. Any collection or use of

clickstream data will be anonymous and aggregated and will not contain any of your identiﬁable data

except where you have selected an email address that identiﬁes your name.

5. Your Rights

5.1 Right to rectiﬁcation

You can update and amend your data held by us if inaccurate or incomplete by emailing us at

customerservice@capillarytech.com, writing to Capillary Technologies Privacy Policy, Building 1000,

Lakeside North Harbour, Western Road, Portsmouth, Hampshire, PO6 3EZ or visiting your proﬁle page

if you have an online account with the product/service.

5.2 Right of access, restriction of processing and erasure

If you would like to see the data we process on you, restrict the processing of your data or have it

deleted you can contact our Data Protection Oﬃcer at guardians@capillarytech.com who will

investigate the matter and take you through the necessary steps to provide you with the data you

requested or to delete it. If you would like it deleted, in particular any data which is necessary for us to

process to provide you with the product/service, you will no longer be able to use the product/service. If

applicable, our Data Protection Oﬃcer will explain any circumstances where we are not be able to erase

your data such as the exercise or defence of a legal claim and situations where you can restrict the

processing of your data. Our Data Protection Oﬃcer at guardians@capillarytech.com will respond to

your query within 30 days of receiving your request.

5.3 Right to object

You can edit or remove your information from our marketing database by emailing, writing or calling us

using the contact details above, specifying your name, the email or other address/ telephone number

you used to register with us and, if referring to a web registration, your user name in the email. You may

also do this online if you have an online account by visiting your preferences page.

In addition, if you have provided us with your explicit consent to receive marketing communications via

email, you will normally ﬁnd an unsubscribe link at the bottom of the marketing emails you receive,

which you can use to tell us if you no longer wish to receive marketing communications from that

source.

If you object to us processing your data based on a legitimate business purpose, please contact our

Data Protection Oﬃcer at guardians@capillarytech.com who will investigate and take action on the

matter.

6. Security

Securing your personal and non-personal information is very important to us. All customer databases

are held in a secure environment and (except for law enforcement authorities in limited circumstances),

only those Capillary Technologies employees or other persons who need access to your data in order to

perform their duties are allowed such access. Any of these employees or persons who violate our

privacy and/or security policies may be subject to disciplinary action, including possible termination and

civil and/or criminal prosecution. Where you are using our websites, we take proactive steps to put

safeguards in place to provide for the secure transmission of your data from your computer to our

servers. However, due to the inherent open nature of the Internet, we cannot guarantee that

communications between you and Capillary Technologies, and Capillary Technologies and you, will be

free from unauthorised access by third parties, such as hackers. We have implemented all necessary and

reasonable technical and organisational measures to protect your data including:

● data minimisation and encryption of personal data;

● the ability to ensure the ongoing conﬁdentiality, integrity, availability and resilience of

processing systems and services;

● the ability to restore the availability and access to personal data in a timely manner in the event

of a physical or technical incident; and

● a process for regularly testing, assessing and evaluating the eﬀectiveness of technical and

organisational measures for ensuring the security of the processing.

Our websites utilise Standard SSL encryption on pages where secure information is transmitted over

the Internet. We also use Verisign as our Certiﬁcate of Authority. If you would like more information on

our Verisign Certiﬁcate, please visit https://www.verisign.com/? dmn=verisign.co.uk

7. Other important information

7.1 Updates to this Policy

We may update this Policy when necessary to reﬂect changes in our products/services. Please check the

last updated date at the top of this Policy to ensure you are reviewing our most current version and

understand how we protect your data. If there are any material changes to this Policy which change the

way we collect and use your personal data, we will let you know by either posting on this website a

notice of the changes we are making before they take eﬀect or by sending you a notiﬁcation.

7.2 Transfers

As part of the services oﬀered to you, for example through our website, the information you provide to

us will be transferred to and processed in countries inside and outside of the European Economic Area

(EEA) in particular to the US for the purposes of payment processing, ad hoc application maintenance

and systems support. If we transfer or store your personal data outside the EEA in this way, we will take

steps with the aim of ensuring that your privacy rights continue to be protected, as outlined in this

Regulation. If you use our service while you are outside the EEA, your personal data may be transferred

outside the EEA in order to provide you with these services. Where you have used our services to make

travel arrangements such as booking ﬂights, hotels or cruises, your data will be transferred to the third

party in the country where you have made the arrangements.

Whenever we process or transfer your personal data out of the EEA, we always ensure that an adequate

level of protection is aﬀorded to it. It is the case for example when we process or transfer your personal

data to countries that have been deemed to provide an adequate level of protection for personal data

by the European Commission (to see the list, please visit: http://ec.europa.eu/

justice/data-protection/international-transfers/adequacy/index_en.htm). Whenever our aﬃliates or

providers based in the US process your data, we include relevant mechanisms (such as standard

contractual clauses approved by the European Commission, so-called EC model clauses) in contracts

and agreements with them. If you would like to know more about our parent company’s privacy policy

contact our Data Protection Oﬃcer at guardians@capillarytech.com. When providers or aﬃliates based

in other countries that have not been deemed to provide an adequate level of. protection for personal

data by the European Commission process your data, we always use EC model clauses in contracts and

agreements with them to maintain a similar level of protection as if your data was processed within the

EEA.

You can contact our Data Protection Oﬃcer at guardians@capillarytech.com if you want further

information on the speciﬁc mechanism used by us when transferring your personal data out of the EEA.

7.3 Retention

We retain your data for as long as you continue to use the product/service for the purposes explained in

Section 2 above. When you cease your membership of the product/service, we will retain your data for

as long as necessary to comply with our legal obligations, to resolve disputes and defend claims, as well

as, for any additional purpose based on the choices you have made such as to receive marketing

communications that you provided your consent to. In particular, we will retain call recordings, the data

you supplied when joining the product, including complaints, claims (for insurance products) and any

other data you supplied during the duration of your contract with us for your product/service for a

period of 7 years from termination or expiry of your service in line with industry standards and UK

statutory limitation periods for the defence of contractual claims.

7.4 Contact

If you have a concern about your data or a question about this Policy for our Data Protection Oﬃcer,

please contact them by email at guardians@capillarytech.com. If you are not happy with the response

you received or believe your data has not been used in accordance with this policy and therefore not

processed in line with applicable laws, you may lodge a complaint with the Information Commissioner’s

Oﬃce (ICO), the UK Supervisory authority. We would, however, appreciate the chance to deal with your

concerns before you approach the ICO so please contact us in the ﬁrst instance.