The Sort website (www.sortyourfuture.com) (the “website”) and associated services are operated by Sort Holdings Ltd (company number: 10454737) registered in England and Wales, with registered office at 1-4 Kings Parade, Lower Coombe Street, Croydon, London, CR0 1AA. When we refer to ‘we’, ‘us’, ‘our’ or ‘Sort’ in this statement, we are referring to Sort Holdings Ltd.
At Sort, we take your privacy and the security of your personal data very seriously.
We need to collect data from you to provide our services to you, and this policy tells you exactly what we collect, how and why it is used, and the steps we take to protect your data and your privacy.
Please make sure you read the information carefully before using the website and any services that we may provide to you, so that you understand the way we use your information.
- If you create a Sort account we may ask you to provide personal and/or organisational information to help us provide you with the most relevant information and services via the website
- We only ask for the information we need to provide the best service we can to site users
- We have put in place security measures to prevent your data from being lost or stolen
- Your data may also be used anonymously as part of our statistical analysis of use of the website
- We will not share personally identifiable information about you with third parties other than for the provision of essential services for the operation of the website (unless you consent to use of your information otherwise)
- We will never sell your personal information to third parties
- You may ask for a copy of the data we hold at any time
- You may ask for your data to be erased from our records at any time
The information we collect
When you use our services, you may provide certain information (such as your name, phone number, email address, and location) to Sort. This information may be securely transmitted, stored, and used by Sort to provide you and other users with our services.
What we do with the information we collect
We use this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- To improve our products and services.
- To periodically send promotional emails about new features, special offers or other information which we think you may find interesting using the email address which you have provided - but we will only do this if you have specifically consented to this.
- To contact you from time to time for market research purposes, and to use information that you provide to customise the website according to your interests.
- To draw up statistical and demographic data rendered anonymous and used for performance monitoring, published reports and data products, and trend forecasting.
- To provide your information to third parties according to our legal obligations.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where you have consented to our processing of your personal information.
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
Where appropriate, we may rely on the following legitimate interests as our lawful basis for processing:
- To recover debts that are due to us in relation to any fees that are owed;
- To study how our users use our services;
- To develop our services and grow our business;
- For running our business.
Use by third parties
We work with a number of third party partners who help us manage and maintain the website. These include web developers, analytics services, customer relationship management services, email services, and payment processing services. All third parties are required to manage your data securely and, where applicable, in accordance with this policy.
Without your explicit consent Sort will not sell, rent or share your personal details to any third parties for marketing purposes. We may provide anonymous information that cannot be traced back to you. In aggregated form, statistics can be provided to providers of data analytics services in order to provide us with statistical analysis of website use and trends. Please be advised that Sort will never share your log-in details, email addresses, passwords, or phone numbers, with third parties, unless it is absolutely necessary to enable the website to provide its services.
Sort may disclose your personal information that we collect to certain third parties and regulatory authorities if we believe that:
- we are obliged to do so pursuant to our legal obligations;
- we are obliged to do so as a result of any legal proceedings;
- it is necessary to protect the personal safety of our users or members of the public; And/or
- it is necessary for the protection of our own rights or property.
We have set out details of those third party partners that may receive your personal data to help provide you with our services:
- MailChimp and Hubspot
- We use MailChimp and Hubspot to manage Sort’s email lists and store customer data for our business customers. This means that your contact information may be transmitted to and stored by these services on their servers in the United States. This data will be processed and held securely by these service providers in accordance with our data processing agreements with them and relevant legislation and will be used by Sort only to manage your account and send emails to you if you have given your permission for us to do this. You may change these permissions at any time by clicking on the ‘Unsubscribe’ link in an email, updating your settings within your account, or by contacting us at firstname.lastname@example.org.
- Braintree and Go Cardless
- If you choose to pay by payment card, we use a secure PCI compliant service to process your information. The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry-mandated requirements for any business that handles, processes, or stores credit cards – regardless of the business's size or location. The PCI Security Standards Council was founded by 5 of the major card brands, and they each share equal responsibilities in the council's work.
- Sort is PCI DSS compliant which means that our security policies, and procedures meet the requisite standard.
- Google Analytics
We are committed to ensuring that your information is secure. We will take reasonable technical and organisational measures to protect the information we collect against loss, misuse or any form of unlawful processing. Information on our servers is stored in a secured manner and access is limited to authorised employees and contractors only. However, it is important to note that we cannot eliminate all security risks associated with data transmission and storage.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- Refusing cookies when prompted as you visit the website
- Email us at email@example.com to:
- request a copy of your personal information;
- request for your personal information to be removed (and we are not otherwise entitled to retain that information);
- request for your personal information to be corrected, if it is inaccurate;
- object to the processing of your personal information;
- request the restriction of processing of your personal information;
- request the transfer of your personal information to another data controller in a structured, commonly used and machine readable format (where applicable); or
- withdraw your consent at any time in relation to any activity for which you have provided consent.
If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the email address provided above. We will promptly correct any information found to be incorrect.
If you wish to raise a complaint on how we have handled your personal information, you can contact our Privacy Officer who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the Information Commissioner’s Office (‘ICO’).
Our Privacy Officer can be contacted at firstname.lastname@example.org.
You can contact the ICO:
- through their website at https://ico.org.uk/make-a-complaint/;
- by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; or
- by phone at 0303 123 1113.
Last update: 11th October 2019