General Privacy Notice
1. What is the purpose of this document
Archangel Imaging builds smart machines to work alongside people to protect people, animals and environments. We build and integrate smart cameras, robots, drones and sensors to augment teams in responding to distributed incidents in challenging geographical areas.
Archangel Imaging is the data controller and responsible for deciding how we process (collect, store and use) your personal data. This privacy notice tells you how we, Archangel Imaging, will collect and use your personal data for service provision, correspondence purposes, fulfilling legal obligations, and other legitimate interests.
Archangel Imaging commits to protecting the privacy and security of your personal information by following these data protection law and principles, which means that your data will be:
Used lawfully, fairly and in a transparent way.
Collected only for valid, lawful purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
Relevant to the purposes we have told you about and limited only to those purposes.
Accurate and kept up to date.
Kept only as long as necessary for the purposes we have told you about.
2. Roles and responsibilities
2.1 We have appointed a data protection officer (DPO) who is responsible for ensuring that this notice is made available to data subjects prior to Archangel Imaging collecting/processing their personal data and for overseeing questions in relation to this privacy notice.
2.2 All Employees/Staff of Archangel Imaging who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
All prospective, current and former visitors, product/service users, captured data subjects whose personal data is collected, in line with the requirements of the General Data Protection Regulation (GDPR).
Our website, products and services are not intended for children and we do not knowingly collect data relating to children.
What is personal data?
Under the GDPR, personal data is defined as: “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
It does not include data where the identity has been removed (anonymous data).
3.2 How and why we use and collect your personal data
3.2.1 How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise.
Automated technologies or interactions. As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.
3rd parties authorised by you
3.2.2 Your consent
Consent not always required
Generally, we do not rely on consent as a legal basis for processing your personal data; although we will get your consent before sending third party direct marketing communications to you via email or text message. We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
We do not need your consent if we use your personal information, in accordance with GDPR, to carry out legal or contractual obligations with you.
You may withdraw any previous consent and/or opt out of receiving marketing messages at any time by
contacting firstname.lastname@example.org. Where you opt out of receiving marketing messages, this will not apply to personal data provided to us in order to fulfil other purposes such as product/service purchase, warranty registration, product/service experience or other transactions.
3.2.3 The personal data we would like to collect from / process on you is:
Personal data type
- First name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Identity documents such as driving licence, passport
Photographs, CCTV footage and other information obtained through electronic means such as swipe card records
billing address, delivery address, email address and telephone numbers
bank account and payment card details
details about payments to and from you and other details of products and services you have purchased from us
internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
Direct and automated
- how you use our website, products and services
- how you use of our information and communications systems
Direct and automated
Marketing and Communications Data
your preferences in receiving marketing from us and our third parties and your communication preferences
Direct and automated
Special categories of personal data concerned
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic and biometric data, information about criminal convictions and offences).
3.2.4 The purposes, legitimate interests, and legal basis for processing your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Where we need to perform the contract we are about to enter into or have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Where we need to comply with a legal obligation.
We only process particularly sensitive personal data in the following circumstances:
With your explicit written consent (Given consent can be withdrawn at any time)
Where we need to carry out our legal obligations or exercise rights in connection with employment
Where it is needed in the public interest, such as for equal opportunities monitoring or in relation to our occupational pension scheme
Where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public
Type of data
Lawful basis for processing including basis of legitimate interest
Correspondence and service provision
To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
(e) Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you
(f) Marketing and Communications
Necessary for our legitimate interests (to develop our products/services and grow our business)
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you, in order to decide which products, services and offers may be relevant for you (we call this marketing).
To enable you to partake in a prize draw, competition or complete a survey
(e) Marketing and Communications
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To report crimes
- Necessary to comply with a legal obligation
- Necessary for our legitimate interests (provide our core product / services as part of a contract)
3.2.5 Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
3.2.6 Automated Decision-Making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
We do not envisage that any decisions will be taken about you using automated means.
This position might change if:
- it is necessary to perform the contract with you, you have given explicit written consent, or it is justified in the public interest, and
- appropriate measures are in place to safeguard your rights, and
- you have been notified and given 21 days to request a reconsideration.
3.3 Keeping your data secure
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
3.4 Disclosure, sharing and transfers
3.4.1 Sharing with third parties
We may pass your personal data on to third-parties where required by law or where they are contracted to help us fulfil the purposes above, such as individual consultants, accounting firms, solicitor firms, other service providers and other entities within our group of related Archangel companies.
If we wish to pass your sensitive personal data onto a third party, other than designated individuals within our group, we will only do so once we have obtained your consent, unless we are legally required to do otherwise.
3.4.2 Safeguarding measures
In addition to the security measures outlined above, any third parties that we may share your data with are obliged to
keep your details securely using equivalent measures eg using authenticated access and/or data encryption as appropriate.
use them only to fulfil the service they provide you on our behalf.
dispose of the details in line with Archangel Imaging’s procedures when they no longer need your data to fulfil this service.
3.4.3 International transfers
Whenever we transfer your personal data out of the EEA, we also ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
3.5 Retention period
Archangel Imaging will store the personal data for as long as necessary to fulfil the above purposes and to comply with legal obligations, such as information needed for income tax and audit purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements. While following recommended practices on retention periods, personal data may be held in addition to these periods depending on individual business needs, as per our Retention of Records Procedure.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use and store such information indefinitely without further notice to you.
3.6 Your duty and rights as a data subject
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform our legal obligations, perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
3.6.2 Overview of your rights
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access (commonly known as a “data subject access request”) – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records eg where there is no good reason for us continuing to process it or where you have exercised your right to object to processing
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing. . In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing, automated processing, including profiling as well as to the legal effects of automated processing or profiling.
Right to judicial review: in the event that Archangel Imaging refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in clause 3.6 below.
If you would like to exercise any of these rights, or believe that the company has not complied with your data protection rights, please contact the Data Protection Officer.
All of the above requests will be forwarded on should there be a third party involved (as stated in 3.4 above) in the processing of your personal data.
3.6.3 Making Subject Access Requests
Archangel Imaging at your request, can confirm what information we hold about you and how it is processed. If Archangel Imaging does hold personal data about you, you can request the following information:
Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU/UK.
Contact details of the data protection officer, where applicable.
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of Archangel Imaging or a third party, information about those interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU and/or the UK has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
Identity verification needed
Archangel Imaging accepts the following forms of ID when information on your personal data is requested: Passport, driving licence, birth certificate, utility bill (from the last three months), etc."
No fees usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
3.7 Getting in touch
In the event that you wish to enquire, exercise your rights or make a complaint about how your personal data is being processed by Archangel Imaging (or third parties as described above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Archangel Imaging’s data protection representatives Data Protection Officer. We would appreciate the chance to deal with your concerns before you approach the supervisory authority so please contact us in the first instance.
The details for each of these contacts are:
Supervisory authority contact details for UK is the Information Commissioner’s Office (ICO).
Address (Head office): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Email / webchat / contact form: https://ico.org.uk/global/contact-us/
Telephone: 0303 123 1113
Data Protection Officer and related represencontact details:
Address: 168 Maxwell Avenue, Didcot, OX11 0QT, UK.