About this policy
The Posture Revolution Ltd, (Company Number: 11695079), trading as Corefulness (“we/us/our”), respects and values the privacy of everyone who visits www.corefulness.com (“our website”), and we understand that your privacy is important to you and that you care about how your personal data is used. Accordingly, when you use our website, we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Please read this Privacy Policy carefully and ensure that you understand it. If you have any questions or comments about this policy, including about how we use your personal data or how to exercise your rights outlined below, please contact our Data Protection Officer:
- Email: dpo@corefulness.com; or
- Write to us at our registered office:
The Data Protection Officer
The Posture Revolution Limited
Manor Farm Estate
Turnpike
Chilmark
Salisbury
Wiltshire
SP3 5AF
You should also read the following:
To use all features and functions available on our website you may be required to submit or allow for the collection of certain data. By continuing to use corefulness.com you acknowledge that you accept the terms of our Privacy Policy, Cookie Policy and Terms and Conditions. If you do not agree to our Privacy Policy, Cookie Policy, or Terms and Conditions, you should stop using corefulness.com immediately.
We may alter our policies and terms and conditions at any time. You are therefore advised to check these pages each time you visit corefulness.com. In the event of any conflict between the current version of our policies or terms and conditions and any previous version(s), the provisions current and in effect shall prevail unless it is expressly stated otherwise.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the ICO. We would, however, welcome the opportunity to resolve your concerns ourselves before you approach the ICO, so please contact us in the first instance using the contact details above.
Use of our website by children
Individuals under the age of 18 may only use the services provided on our website with the involvement and consent of a parent or legal guardian, under such person’s account and subject to our Terms and Conditions. We do not knowingly collect personal data relating to children.
Links to third-party websites
Our website may contain links to third-party websites, plug-ins or applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. Please note that we have no control over how your personal data is collected, stored, or used by other websites and we advise you to check the privacy policies of every website you visit before providing any personal data to these third-party websites. This Privacy Policy applies only to your use of our website.
What is personal data?
“Personal data” is any information relating to you that identifies you either directly from that information or indirectly, by reference to other information that we have access to.
Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. It does not include data where your identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of data about you, which we have classified as follows:
- Identity Data such as your first name and last name;
- Contact Data such as your name and your email address;
- Business Data such as the name of your employer or business;
- Payment Data such as payment card details and billing address details;
- Profile Data such as your login details, preferences, interests, survey and feedback responses and purchases made by you;
- Technical Data such as IP address, browser type and version, operating system and platform, and other technology on the devices you use to access our website;
- Usage Data such as information about how you use our website, products and services; and
- Marketing and Communications Data such as including your preferences about receiving marketing from us and our third parties and your communication preferences.
We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal you identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic or biometric data). Nor do we collect any information relating to criminal convictions and/or offences.
Personal data we collect from you
We collect personal data directly from you as follows:
- when you create an account on our website;
- when you subscribe to additional service or publications or apply for additional products;
- when you request marketing to be sent to you; when you enter a competition, promotion or survey; and/or
- when you give us feedback or contact us.
Data we collect from third parties
Most of the personal data that we collect from you will be information that you provide voluntarily. In some circumstances, we may also receive information from:
- regulatory bodies;
- credit reference agencies; and/or
- other companies providing services to us.
We will also receive information about you from Google Analytics, a web analytics service provided by Google, Inc. (“Google”) whose servers are in the United States of America. Google Analytics uses cookies to help us analyse how users use our site, so that we can continue to improve the products and services we offer to you. For more information about how Google Analytics processes the information passed to it, visit https://support.google.com/analytics/answer/6004245?hl=en&ref_topic=2919631.
Data we collect automatically
When you visit our website, we will automatically collect, store and use Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
For more information about how we use cookies and other tracking technologies and how you can control the use of cookies, please refer to our Cookie Policy.
Changes to your personal data
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed.
How do you we use your personal data?
We will only use your data fairly and where we have a lawful reason to do so.
We are allowed to use your personal data if we have your consent or another legally permitted reason applies. These include to fulfil a contract with you, when we have a legal duty to comply with, or when we have a legitimate interest.
“Legitimate Interest” means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to do so by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
If we are relying on your consent as the lawful basis for using your personal data, you are free to withdraw that consent at any time. If you withdraw your consent, we may not be able to provide certain products and services to you.
We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and we need to use your personal data for that purpose.
Please contact our Data Protection Officer if you have any questions about how we collect and use your personal data using the contact details above.
| Uses of personal data | Our lawful basis for the use of your personal data |
|---|---|
| Registering you on our website | Where we have your consent and so that we can create a unique user account for you. |
| Providing and managing your account | Where you have consented; or where it is appropriate to our business relationship with you and/or fulfil contract(s) with our customers. |
| To maintain security and manage access to our systems and website | To comply with legal obligations, and because we have a legitimate interest in maintaining the security of our website and networks, including those of our service providers |
| To provide news and information services, including newsletters | Where you have consented and expressed a preference to receive such marketing communications; or where it is appropriate and relevant to our business relationship with you. |
| To send you details of surveys, campaigns or other initiatives that we co-ordinate | Where you have consented and expressed a preference to receive such marketing communications; or where it is appropriate and relevant to our business relationship with you. |
| To operate suppression lists to ensure that you do not receive communications if you object or unsubscribe | To respect your rights and comply with our legal obligations. |
| To understand how you interact with our services so that we can improve our website and services and personalise our communications with you | Where we have your consent or where it is necessary so that we can deliver our website and online services effectively. |
| To provide the products and/or services that you apply for/subscribe to, to manage our business relationships, including communicate with our customers, to manage billing and payment and to keep records | Where you have consented; or where it is appropriate and relevant to our business relationship with you. To fulfil our contract(s) with our customer(s) and to comply with legal and regulatory obligations, including accounting, tax and data privacy. |
| To manage our supply chain/service providers | Where necessary for the efficient running of our business. |
| Enforcing our Terms and Conditions, including website terms of use and other policies | To protect our legal interests. |
| Sharing personal data in connection with the sale, transfer, merger, of all or part of, our business or assets | To comply with legal obligations and to facilitate the transaction. |
| Other purposes that we have identified at the point of collection | Where we have your consent. |
Marketing
With your permission and/or where permitted by law, we may use your personal data for marketing purposes, which may include contacting you by email with information, news, and offers on our products and/or services. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us.
Where you opt out of receiving marketing messages, this will not apply to personal data provided to us as a result of registering on our website, where we have provided a product or service to you or any other transaction.
How long do we keep personal data?
We do not keep your personal data for any longer than is necessary to fulfil the purpose for which we collected it, or to comply with any legal, regulatory or reporting obligations or to assert or defend against legal claims. For more information about how long we keep your personal data, please contact our Data Protection Officer.
Sharing and transferring your personal data
We will not share your personal data with third parties, subject, when necessary, to the following exceptions:
- suppliers and service providers used by us including IT and systems administration services;
- professional advisers including lawyers, bankers, auditors, insurers, market research providers, fraud prevention agencies and insurers who provide consultancy, banking, legal, insurance, accounting and fraud prevention services to us;
- law enforcement and regulatory authorities or in connection with any legal proceedings; and/or
- if we sell, transfer, or merge, all or part of, our business or assets.
We will only transfer your personal data outside of the European Economic Area under the following circumstances:
- where the transfer is to a country or other territory which has been assessed by the European Commission (or an equivalent UK body) as ensuring an adequate level of protection for personal data;
- with your consent; or
- on the basis that the transfer is compliant with the GDPR and other applicable laws.
How do we protect your personal data?
The security of your personal data is essential to us, and to protect your data, we take a number of important technical and organisational measures, including the following:
- limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality; and
- procedures for dealing with personal data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.
What are my rights?
You have have the right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but please contact us if you want any further details. (Right to be informed)
You may also have the right, in certain circumstances to:
- request access to the personal data we hold about you, as well as supplementary information – this is commonly referred to as “subject access request”. (Right of access)
- request that we update or correct any inaccurate personal data, or to complete any incomplete personal data. If you do, we will take reasonable steps to check the accuracy of, and correct the information. (Right to rectification)
- request that your personal data is erased. This is also known as the “right to be forgotten”. (Right to erasure)
- request the restriction or suppression of your personal data, so that you can limit the way that we use your personal data, usually for a certain period of time. (Right to restrict processing)
- receive personal data, which you have provided to us and that we are processing by automated means with your consent or for the performance of a contract, in a structured, commonly used and machine readable format and to request that we transmit this data directly to another service provider. (Right to data portability)
- object to us processing your personal data for a particular purpose or purposes. You have an absolute right to ask us to stop processing your personal data for direct marketing purposes at any time. (Right to object)
We will try to respond to all legitimate requests within one month. Occasionally it could take us longer than one month if your request is particularly complex or you have made a number of requests, in which case we will notify you and keep you updated.
We generally do not make any charge for dealing with these requests, however in some cases, if a request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding or we may refuse to deal with a request. In either case, we will explain our reasons to you.
You can exercise the above rights by contacting our Data Protection Officer, whose details are set out at the beginning of this policy. We will require you to provide satisfactory proof of your identity in order to ensure that your rights are respected and protected and that your personal data is disclosed only to you.
Further information about your rights can also be obtained from the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
