- the “Step: Your World” mobile application software (“App”), available on or website hosted on www.stepyourworld.com (“App Site”) or a third-party app store or platform, once you have downloaded or streamed a copy of the App onto your mobile telephone or handheld device (“Device”); and
- any of the services accessible through the App (“Services”) that are available on the App Site or other sites of ours (“Services Sites”).
The App and the App Site are not intended for children and we do not knowingly collect data relating to children.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
- Data ControllerStep Digital is a “data controller” of your personal data.
This means that we
- “control” your personal data, including making sure that it is kept secure;
- make certain decisions on how to use and protect your personal data, but only to the extent that we have informed you about the use or as otherwise permitted by law
Contact Information and Complaints
Step Digital London Limited
32 Roland Gardens,
London SW7 3PL,
You have the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues or other competent supervisory authority of an EU member state if the App is downloaded outside the United Kingdom.
We would, however, appreciate the chance to deal with your concerns before you approach your country’s supervisory authority, so please contact us in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What information do we collect?
The types of personal data we collect, use and store about you will depend on the services you have requested from us and/or the nature of your interaction with us. When using the App and the Services Sites, we may collect and process the following personal information about you:
- your first name, last name, maiden name, username or similar identifier, marital status, title, date of birth, nationality and gender (“Identity Data”);
- your billing address, delivery address, email address and telephone numbers (“Contact Data”);
- your bank account and payment card details (“Financial Data”);
- details about payments to and from you and other details of in-App purchases, products and/or services you have purchased from us (“Transaction Data”);
- the type of device you use, your IP address, your login data, a unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your mobile operating system, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access the App and the Services Sites (“Technical Data”);
- your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses (“Profile Data”);
- information stored on your device, including friends’ lists, login information, photos, videos or other digital content and check-ins (“Content Data”);
- your current location disclosed by GPS technology (“Location Data”);
- information about how you use our App or visits to any of our Services Sites including, but not limited to, traffic data and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access (“Usage Data”); and
- your preferences in receiving marketing from us and our third parties and your communication preferences (“Marketing and Communications Data”).
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we collect your data?
- Direct InteractionsThis is information (including Identity Data, Contact Data, Financial Data, and Marketing and Communications Data) you consent to giving us about you by filling in forms in the App and the Services Sites, or by corresponding with us (for example, by email or chat). This includes personal data you provide when you:
- apply for our products or services;
- register to use any Services Site;
- download or register our App;
- subscribe to our newsletter;
- subscribe to any of our services;
- search for an App or service;
- make an in-App purchase;
- share data via the App’s social media functions;
- request other marketing material to be sent to you;
- enter a competition, promotion or survey;
- give us feedback or contact us in any way or form; or
- report a problem with the App, our services, or any of our Services Sites.
- Automated Technologies and InteractionsEach time you visit one of Services Site or use the App we will automatically collect personal data including Device Data, Content Data and Usage Data. We collect this data using cookies and other similar technologies.
- Location DataWe also use GPS technology to determine your current location. Some of our location-enabled Services require your personal data for the feature to work. You can withdraw your consent at any time by disabling Location Data in your settings.
- Third PartiesWe are also working closely with third parties (including, for example, business partners, sub-contractors in technical and payment services, advertising networks, analytics providers or search information providers) and may receive information about you from them.
How do we store and maintain your personal information?
All of our employees are subject to obligations of confidentiality regarding information which they have access to in the course of their employment including the personal information of customers. All personal information is held in secure computer storage facilities. We take steps to protect the personal information we hold from misuse, loss, unauthorised access, modification or disclosure.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our App or the Services Sites – any transmission is at your own risk. Once we have received your information we will use our strict procedures and security features to protect it.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
How do we use the information we collect?
We will only use your data for a lawful purpose. We plan to use your personal data for the following purposes:
Type of Data
Lawful basis for processing
App installation and registration as a new App user
To process in-App purchases and deliver services including managing payments and collecting money owed to us
Marketing and Communication Data;
Performance of a contract with you.
Necessary for our legitimate interests (to recover debts due to us).
Management of our relationship with you
Marketing and Communication Data.
Performance of a contract with you.
Necessary for our legitimate interests (to keep records updated and to analyse how customers use our products/ services).
Necessary to comply with legal obligations (to inform you of any changes to our terms and conditions).
Enabling you to partake in a prize draw, competition or complete a survey
Marketing and Communication Data.
Performance of a contract with you.
Necessary for our legitimate interests (to analyse how customers use our products/services and to develop them and grow our business).
Administration and Protection of our business, App and Services Sites
(including troubleshooting, data analysis, testing, system maintenance, support reporting and hosting of data)
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security).
To deliver content and advertisements to you.
To make recommendations to you about goods or services which may interest you.
To measure and analyse the effectiveness of the advertising we serve you.
To monitor trends so we can improve the App.
Marketing and Communication Data;
Necessary for our legitimate interests (to develop our products/services and grow our business).
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures of your personal data
When you consent to providing us with your personal data, we will also ask you for your consent to share your personal data with the third parties set out below for the purposes set out in the table:
- other companies in the Step Digital Group acting as joint controllers or processors and who are based in the United Kingdom and provide general administrative services, IT and system administration services and undertake leadership reporting.
- external third parties such as:
- professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services; and
- HM Revenue and Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances;
We do not transfer your personal data outside the European Economic Area.
All information you provide to us is stored on our secure servers. Any payment transactions carried out by us or our chosen third-party provider of payment processing services will be encrypted using appropriate encryption technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of Services Sites or the App, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Once we have received your information, we will use strict procedures and security features to try to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way.
We will collect and store personal data on your device using application data caches and browser web storage (including HTML5) and other technology.
Certain services include social networking, chat room or forum features. Ensure when using these features that you do not submit any personal data that you do not want to be seen, collected or used by other users.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator when we are legally required to do so.
By law we have to keep basic information about our customers (including Contact Data, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
In some circumstances we will anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under certain circumstances you have the following rights under data protection laws in relation to your personal data.
You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You also have the right to ask us not to continue to process your personal data for marketing purposes.
You can exercise any of these rights at any time by contacting us at firstname.lastname@example.org
Cookies – what are they and how do we use them?
A cookie cannot give us access to your computer or to information beyond what you provide us and we don’t store personally identifiable information such as your name or address in cookies we create, but we do use encrypted information gathered from them to help improve your experience on our Site. If you do not wish to enable cookies, you’ll still be able to browse the Site and use them for research purposes.
- simplify the logging on process for registered users;
- help ensure the security and authenticity of registered users;
- provide the mechanisms for online shopping;
- enable monitoring of traffic and usage patterns;
- to report aggregate information to our advertisers; and
- remember the settings of any profile you set up on the Services Sites.
Whilst you do not need to allow your browser to accept cookies in order to browse much of the Services Sites or to access many of our services, you must have cookies enabled if you wish to shop online or access any areas reserved for registered users. Most browsers allow you to turn off the cookie function. If you want to know how to do this please look at the help menu on your browser, but this may restrict the use of some parts of the Services Sites.
Web beacons – what are they and how do we use them?
We or third parties on our behalf may use web beacons in combination with cookies on the Services Sites, in our emails or in our advertisements. Web beacons help us understand how visitors interact with the Services Sites and enable us to measure the effectiveness of the Services Sites and our advertising, for example by counting the number of individuals who have visited the Services Sites via a particular advert.
A web beacon is typically an electronic image that is placed on a site, email or advert which allows a website to record the simple actions of the user opening the page that contains the beacon. Web beacons provide us with details of how the Services Sites are navigated, how many individuals visit specific pages, the time material was viewed, the types of browsers and computer operating systems used and the Internet Protocol addresses from which you connect to the Services Sites. This is information that is available to any web server you visit and web beacons do not give any extra information away. Web beacons are simply a convenient way of gathering simple statistics and managing cookies and by being able to recognise you this allows us to improve your experience on the Services Sites by enabling us to tailor and personalise your visit.
Where web beacons are used in connection with cookies then they may be rendered ineffective by either opting out of the cookies or changing the cookie settings in your browser.
You can find out more about the way web beacons work on www.allaboutcookies.org.
Our Service Sites and the App may contain links to other websites, partner networks, advertisers, plug-ins and applications. Clicking on those links may allow third parties to collect or share data about you, such as Contact Data and Location Data. We do not control these third-party websites and are not responsible for their privacy statements.
Please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these. We recommend that you read the privacy statements immediately on entering other websites.