Introduction

  1. Purpose of this Privacy PolicyStep Digital London Limited (referred to in this Privacy Policy as “Step Digital”, “we”, “us” or “our”), a company incorporated and existing under the laws of England and Wales, is committed to respecting and protecting your privacy.

    This Privacy Policy (together with our end-user licence agreement as set out at www.stepyourworld.com (“EULA”) and any additional terms of use incorporated by reference into the EULA, (together our “Terms of Use”) applies to your use of:

    1. the “Step: Your World” mobile application software (“App”), available on or website hosted on www.stepyourworld.com (“App Site”) or a third-party app store or platform, once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (“Device”); and
    2. any of the services accessible through the App (“Services”) that are available on the App Site or other sites of ours (“Services Sites”).

    This Privacy Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.

    The App and the App Site are not intended for children and we do not knowingly collect data relating to children.

    Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

  2. Data ControllerStep Digital is a “data controller” of your personal data.

    This means that we

    1. “control” your personal data, including making sure that it is kept secure;
    2. make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or as otherwise permitted by law

Contact Information and Complaints

If you have any questions about this Privacy Policy or any questions regarding our use of your personal data, please contact our data privacy manager at info@stepyourworld.com. Our full contact details are:

Step Digital London Limited
Flat 10,
32 Roland Gardens,
London SW7 3PL,
United Kingdom

You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues or other competent supervisory authority of an EU member state if the App is downloaded outside the United Kingdom.

We would, however, appreciate the chance to deal with your concerns before you approach your country’s supervisory authority, so please contact us in the first instance.

  1. Changes to this Privacy Policy and Personal DataThis Privacy Policy is regularly reviewed and was last updated on 04.03.2020. We may amend or update our Privacy Policy from time to time. If the Privacy Policy is updated, these changes will be notified to you by email or when you next start the App or log onto one of the Services Sites. The new Privacy Policy may be displayed on-screen and you may be required to read and accept the changes to continue your use of the App or the Services.

    It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

What information do we collect?

The types of personal data we collect, use and store about you will depend on the services you have requested from us and/or the nature of your interaction with us. When using the App and the Services Sites, we may collect and process the following personal information about you:

  1. your first name, last name, maiden name, username or similar identifier, marital status, title, date of birth, nationality and gender (“Identity Data”);
  2. your billing address, delivery address, email address and telephone numbers (“Contact Data”);
  3. your bank account and payment card details (“Financial Data”);
  4. details about payments to and from you and other details of in-App purchases, products and/or services you have purchased from us (“Transaction Data”);
  5. the type of device you use, your IP address, your login data, a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the App and the Services Sites (“Technical Data”);
  6. your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses (“Profile Data”);
  7. information stored on your device, including friends’ lists, login information, photos, videos or other digital content and check-ins (“Content Data”);
  8. your current location disclosed by GPS technology (“Location Data”);
  9. information about how you use our App or visits to any of our Services Sites including, but not limited to, traffic data and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access (“Usage Data”); and
  10. your preferences in receiving marketing from us and our third parties and your communication preferences (“Marketing and Communications Data”).

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

How we collect your data?

  1. Direct InteractionsThis is information (including Identity Data, Contact Data, Financial Data, and Marketing and Communications Data) you consent to giving us about you by filling in forms in the App and the Services Sites, or by corresponding with us (for example, by email or chat). This includes personal data you provide when you:
    1. apply for our products or services;
    2. register to use any Services Site;
    3. download or register our App;
    4. subscribe to our newsletter;
    5. subscribe to any of our services;
    6. search for an App or service;
    7. make an in-App purchase;
    8. share data via the App’s social media functions;
    9. request other marketing material to be sent to you;
    10. enter a competition, promotion or survey;
    11. give us feedback or contact us in any way or form; or
    12. report a problem with the App, our services, or any of our Services Sites.
  2. Automated Technologies and InteractionsEach time you visit one of Services Site or use the App we will automatically collect personal data including Device Data, Content Data and Usage Data. We collect this data using cookies and other similar technologies.
  3. Location DataWe also use GPS technology to determine your current location. Some of our location-enabled Services require your personal data for the feature to work. You can withdraw your consent at any time by disabling Location Data in your settings.
  4. Third PartiesWe are also working closely with third parties (including, for example, business partners, sub-contractors in technical and payment services, advertising networks, analytics providers or search information providers) and may receive information about you from them.

How do we store and maintain your personal information?

All of our employees are subject to obligations of confidentiality regarding information which they have access to in the course of their employment including the personal information of customers. All personal information is held in secure computer storage facilities. We take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our App or the Services Sites – any transmission is at your own risk. Once we have received your information we will use our strict procedures and security features to protect it.

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

How do we use the information we collect?

We will only use your data for a lawful purpose. We plan to use your personal data for the following purposes:

Purpose

Type of Data

Lawful basis for processing

App installation and registration as a new App user

Identity Data;

Contact Data;

Financial Data;

Technical Data.

Your consent.

To process in-App purchases and deliver services including managing payments and collecting money owed to us

Identity Data;

Contact Data;

Financial Data;

Transaction Data;

Technical Data;

Marketing and Communication Data;

Location Data.

Your consent.

Performance of a contract with you.

Necessary for our legitimate interests (to recover debts due to us).

Management of our relationship with you

(i.e. notifications about changes to Privacy Policy, asking you to leave a review or take a survey, or notifying you of changes to the App or any services)

Identity Data;

Contact Data;

Financial Data;

Profile Data;

Marketing and Communication Data.

Your consent.

Performance of a contract with you.

Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ services).

Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions).

Enabling you to partake in a prize draw, competition or complete a survey

Identity Data;

Contact Data;

Profile Data;

Technical Data;

Usage Data;

Marketing and Communication Data.

Your consent.

Performance of a contract with you.

Necessary for our legitimate interests (to analyse how customers use our products/services and to develop them and grow our business).

Administration and Protection of our business, App and Services Sites

(including troubleshooting, data analysis, testing, system maintenance, support reporting and hosting of data)

Identity Data;

Contact Data;

Technical Data.

Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security).

To deliver content and advertisements to you.

To make recommendations to you about goods or services which may interest you.

To measure and analyse the effectiveness of the advertising we serve you.

To monitor trends so we can improve the App.

Identity Data;

Contact Data;

Profile Data;

Technical Data;

Content Data;

Usage Data;

Marketing and Communication Data;

Location Data:

Technical Data.

Consent.

Necessary for our legitimate interests (to develop our products/services and grow our business).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please feel free to contact us any time.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Disclosures of your personal data

When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out in the table:

  1. other companies in the Step Digital Group acting as joint controllers or processors and who are based in the United Kingdom and provide general administrative services, IT and system administration services and undertake leadership reporting.
  2. external third parties such as:
    1. professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services; and
    2. HM Revenue and Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances;
  3. third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

International transfers

We do not transfer your personal data outside the European Economic Area.

Data security

All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using appropriate encryption technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of Services Sites or the App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way.

We will collect and store personal data on your device using application data caches and browser web storage (including HTML5) and other technology.

Certain services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.

Data retention

By law we have to keep basic information about our customers (including Contact Data, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data: see your legal rights below for further information.

In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Your legal rights

Under certain circumstances you have the following rights under data protection laws in relation to your personal data.

You have the right to:

  1. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  3. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  5. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
    1. if you want us to establish the data’s accuracy;
    2. where our use of the data is unlawful but you do not want us to erase it;
    3. where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
    4. you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  6. Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  7. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

You also have the right to ask us not to continue to process your personal data for marketing purposes.

You can exercise any of these rights at any time by contacting us at info@stepyourworld.com

Cookies – what are they and how do we use them?

“Cookies” are small bits of electronic information that a website can transfer to your hard drive to help tailor and keep records of your visit to that website. If you visit the Site, cookies are used to allow us to better customise your visit to your individual preferences, helping us provide you with the best possible service on the Site. This is statistical data about our users’ browsing actions and does not identify any individual. Most major websites use cookies and their use is standard on the Internet.

A cookie cannot give us access to your computer or to information beyond what you provide us and we don’t store personally identifiable information such as your name or address in cookies we create, but we do use encrypted information gathered from them to help improve your experience on our Site. If you do not wish to enable cookies, you’ll still be able to browse the Site and use them for research purposes.

We use cookies to:

  1. simplify the logging on process for registered users;
  2. help ensure the security and authenticity of registered users;
  3. provide the mechanisms for online shopping;
  4. enable monitoring of traffic and usage patterns;
  5. to report aggregate information to our advertisers; and
  6. remember the settings of any profile you set up on the Services Sites.

On visiting our Services Sites, you will be sent anonymous cookies to keep track of your browsing patterns and build up a demographic profile. In addition, if you have clicked on a Step Digital advertisement on another site that links to the Services Sites you may be sent an anonymous cookie that will allow us to analyse advertising effectiveness and manage our relationship with our associated websites. Please note that our advertisers may also use cookies, over which we have no control.

Whilst you do not need to allow your browser to accept cookies in order to browse much of the Services Sites or to access many of our services, you must have cookies enabled if you wish to shop online or access any areas reserved for registered users. Most browsers allow you to turn off the cookie function. If you want to know how to do this please look at the help menu on your browser, but this may restrict the use of some parts of the Services Sites.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Web beacons – what are they and how do we use them?

We or third parties on our behalf may use web beacons in combination with cookies on the Services Sites, in our emails or in our advertisements. Web beacons help us understand how visitors interact with the Services Sites and enable us to measure the effectiveness of the Services Sites and our advertising, for example by counting the number of individuals who have visited the Services Sites via a particular advert.

A web beacon is typically an electronic image that is placed on a site, email or advert which allows a website to record the simple actions of the user opening the page that contains the beacon. Web beacons provide us with details of how the Services Sites are navigated, how many individuals visit specific pages, the time material was viewed, the types of browsers and computer operating systems used and the Internet Protocol addresses from which you connect to the Services Sites. This is information that is available to any web server you visit and web beacons do not give any extra information away. Web beacons are simply a convenient way of gathering simple statistics and managing cookies and by being able to recognise you this allows us to improve your experience on the Services Sites by enabling us to tailor and personalise your visit.

Where web beacons are used in connection with cookies then they may be rendered ineffective by either opting out of the cookies or changing the cookie settings in your browser.

You can find out more about the way web beacons work on www.allaboutcookies.org.

Links

Our Service Sites and the App may contain links to other websites, partner networks, advertisers, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you, such as Contact Data and Location Data. We do not control these third-party websites and are not responsible for their privacy statements.

Please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these. We recommend that you read the privacy statements immediately on entering other websites.