We respect the privacy of our website’s users and are committed to the security of your personal data as well as it’s fair, lawful and transparent use.
The aim of this policy is to inform you of the reasons we collect data, how we collect, secure and process the data collected, as well as your legal rights under UK and EU law.
This policy lays out our compliance with the UK Data Protection Act 2018 and the European Union General Data Protection Regulation (throughout this policy referred to as “GDPR”).
If you have any queries or concerns about this policy, or the use of your data, or wish to exercise any of your legal rights regarding the data we may hold, you can do so by contacting us in writing at the address below in the ‘Who we are’ section, or email us at [email protected] using the subject line ‘WorldWaitWhat Data Compliance Query‘.
1. Who we are.
WorldWaitWhat.com is a website owned, published and managed by P 1 4 Media (throughout this policy referred to as “WorldWaitWhat”, WorldWaitWhat.com, or “the website”).
P 1 4 Media is a web publishing and content generation company based in the United Kingdom (throughout this policy referred to as “we”, “us”, “our”, and “the company”). We provide digital content based services globally, but are mainly subject to UK and EU laws due to our physical location. We also comply with relevant US laws and regulations when it is necessary for our company’s legal operation and access to our websites within the United States of America.
P 1 4 Media is the data controller and responsible for the security of your personal data and the reasons for it’s processing.
2. What personal data we collect, how, and why we collect it.
The editorial content on this website is free to use, browse and interact with, without the need to collect any personal data.
We will collect personal data from you when entering a competition or making a purchase to fulfil our legal obligations.
Personal data means any information about an individual which can be used to identify that individual and does not include data where identifying information has not been collected.
Anonymous data for us, usually relates to analytical data used for performance monitoring and statistical purposes, such as bulk traffic data where no individual IP addresses (or other identifying data) is present.
2a. The data we collect about you.
We may collect, use, store and otherwise process personal data about an individual for specific reasons only. The data we collect will fall into one of the following categories. A data type listed here does not mean we will collect such data, only that we may if there is a specific requirement.
- Identity data: Includes first and last names, maiden names, usernames or other chosen identifiers, title, marital status, date of birth and gender.
- Contact data: Includes billing and delivery addresses, email address, telephone numbers, and social media or other messaging app names.
- Financial and transaction data: Includes bank and payment card details, payment data relating to any products or services purchased from us and accounting data for any payments made from the company for any specific reason.
- Technical data: Includes internet protocol (IP) address, login details where applicable, browser type and version, timezone and location, operating system or device types and other technical data relating to how you may be accessing the website.
- Profile data: Includes your username and password for any user accounts registered on the website, purchase details and history, user preferences and interests.
- Marketing and Communications data: Includes your preferences on how and when you would like to receive marketing or other non individual communications from WorldWaitWhat.com or P 1 4 Media, as well as your preferences regarding the passing of your contact details to selected third parties.
- Regarding special category data: We do not collect any data regarded as special category data under GDPR from the users of WorldWaitWhat.com. (This includes information regarding your race, ethnic origin, political views, religion, trade union memberships, genetics, biometric data, health, sex life or sexual orientation). We also do not collect data relating to criminal convictions or offences.
In general, we do not collect data from and regarding people under the age of 18.
We will never collect personal details of children under the age of 13 for any reason and request you contact us in writing, using the contact details at the top of this policy, if you suspect such data has been collected in error so we can remove it from our systems.
2b. How and why your personal data is collected.
We may obtain your data through different methods and process your data for different reasons. Normally the method through which your data is collected relates to how your data will be used. As above, a collection method listed here does not mean we will use such a method, only that we may if it is necessary for the operation of a website or service.
Interacting with the website:
If the website allows commenting, it may also use a service called Gravatar which is a global Avatar service operated by Automattic. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are a member the service. After approval of your comment, your Gravatar profile picture is visible to the public in the context of your comment.
Why we collect this data: To ensure WorldWaitWhat operates and maintains a working comments system that enhances the user experience whilst protecting against malicious use.
- Uploading media and posts: If the website allows you to upload media or create posts, you will be required to enter login details, or your name and email address. As per the comments system, these details will not be used for any marketing activities.
It is your responsibility to ensure all personal data is removed. We can not guarantee the security of your data if it is uploaded by yourself to a publicly available area on the website. Specifically, if you upload images, you should avoid uploading those containing embedded location data (EXIF GPS tags). Visitors to the website could download and extract location data from these images. If you upload anything containing personal data by mistake please contact us using the details at the top of this policy so we may remove your data from being publicly visible. Please note this may result in the complete deletion of your upload.
Why we collect this data: To ensure the proper use of the website while allowing external uploading, and to protect other users from malicious content.
While leaving comments, you may opt-in to saving your name, email address and/or website details in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment.
If you have an account and you log into the website, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we may also set up several cookies to save your login information and your screen display choices.
Why we collect this data: We collect data via cookies for various reasons relating to the proper operation of the website. These include remembering your login preferences, ensuring our e-commerce systems operate properly, analysing and understanding our website traffic to provide a better user experience and to provide targeted and non targeted advertising services which help us to fund the website.
Why we collect this data: We do not directly collect data via embedded content but would advise you to read the privacy policies of any embedded content provider we may use.
Direct interaction with us:
Through directly interacting with our website forms, e-commerce systems or entering into other correspondence with us via email, phone or post, you may provide us with personal data. We will only ever ask for information needed for the specific reason we are requesting it.
- Creating a user account: The website may allow users to create user profiles and accounts. To do this we may need to collect data such as your name, email address, physical address, username or other identifying data.
Why we collect this data: We would need to collect this data to ensure the secure and safe operation of your profile or account.
- Subscription to services, publications and marketing: You may provide us with personal data in relation to any subscription services we may provide, notification of updates or publications and for marketing purposes. This data may include your name, address, email address and other contact and account preference information. We only provide these services on an opt-in basis. You can opt out of these services at any time.
Why we collect this data: To provide the services to which you have subscribed.
- Competitions, promotions, surveys and feedback: We may occasionally collect personal data in relation to promotions, competitions, surveys, and when asking for feedback on our services. The data we request in these circumstances will be specific to the reason for it’s collection. Any data collected under these circumstances will be subject to each promotion or competition’s individual terms and conditions which will explain how the collected data is to be used in more detail, including if the data is being collected for and by ourselves, by us on behalf of a third party (ie. a competition sponsor), or directly by a third party through embedded forms, links or email thus bypassing us altogether.
Why we collect this data: To gather the necessary information needed to fulfil the requirements of any optional competition, promotion, survey or feedback campaign we may run.
- Collecting payment and financial data: This website may occasionally offer paid entry routes to competitions and other products or services for public sale. This is done through an online e-commerce system which uses third party payment gateway providers to process payments. Our main payment processing gateway currently is Paypal, although we may offer other providers from time to time. Regardless of the payment provider used, we can not see, do not store, and DO NOT have access to your payment card details in any way. When you make a purchase, you are routed through a secure payment gateway, and it is the payment processor that gathers and processes your payment details.
If you are the winner of a cash prize offered in a competition on this website which is run directly by us, we may ask for bank details and proof you are the account holder in order to electronically transfer your prize. We will only ever ask for the minimum details required to enable an ingoing transaction, and for proof that you are the account holder. These details will be destroyed and deleted as soon as we have verified receipt of your prize.
We will NEVER ask for passwords or PIN numbers. We will also NEVER ask you to provide us with bank account details through Facebook messenger, or any other social media or insecure message system, or in an unsolicited phone call.
If you receive any such request, DO NOT REPLY. Instead contact us using the main P 1 4 email address at the top of this policy immediately.
2c. Failure to provide personal data.
We will only collect personal data which is required for specific reasons such as the operation of the website or the fulfilment of services provided. You are under no obligation to provide us with any information requested, however please be aware that if you fail to provide information when requested, we may not be able to provide you with services offered or fulfil any contract we have or are trying to enter into with you.
Examples of this include but are not limited to: Not being able to fulfil a competition ticket or other purchase order without contact and payment details. Not being able to process a request for a website user account without contact details. Not being able to enter you into any competitions or promotions without the requested details for the promotion being supplied.
3. How we use your personal data.
- We will only use your personal data in accordance with the UK Data Protection Act 2018 and the EU GDPR.
- We will only collect, use, and process your personal data if we have a specific legitimate and lawful business requirement for which the processing of your data is a part.
- We most commonly use your data for the fulfilment of contracts we may have with you, the proper operation of services which we may provide you, and to generate a better understanding of how to improve our services.
- We will only use your data where it does not override your fundamental legal rights regarding the use of such data.
- We may use your data to contact you with marketing emails or to provide you with other subscription services by email, post, or phone. We will only do this with your specific opt-in permission.
- We may use your data to register you as a new client or to set up a website user account.
- We may use your data to process any online orders placed and to deliver any products or services to you.
- We may use your data to enable you to partake in competitions, promotions, surveys and to provide us with feedback.
- We may use your data to manage and protect our business and websites. Including data analysis, troubleshooting, system testing, traffic analysis, spam and malicious activity protection.
- We may use your data to provide you with relevant website content, links, and advertising. As well as helping us understand the effectiveness of the advertising we serve you.
- We may include your data in analytics which enable us to improve our websites and services and to provide a better user experience.
3a. Who we may share your data with.
We will only share your directly collected personal data outside of our company for selected specific reasons.
- Third party marketing: We will obtain your express consent to share your details with third party companies for marketing purposes, such as sponsored competitions and promotions.
- Debt recovery: We reserve the right to transfer your contact and transaction details to a third party collection agency in the event any funds due to us for services or items provided, or contracts breached are not received after all other reasonable attempts at recovery have been exhausted. In this instance we will provide you with adequate warning in writing by post and/or email.
- Law enforcement: We will pass your details onto any relevant law enforcement agencies only if it is required of us to do so by UK or EU law. If such requests are made by any agency outside of the UK, we will seek legal advice from relevant UK authorities immediately.
- Company, website and asset transfers: We may transfer your details to a third party company in the event our company is sold or merged with another company, or a company asset or website to which your details are linked is sold or transferred. We will contact you to inform you of any such instance and direct you to the new company privacy policies. You may also choose to have us delete your data before any such sale or transfer is completed.
- Third party service providers: Your data may be indirectly shared with third party companies which we use to gather such data on our behalf, or whose services we use on our websites. These can be companies such as analytic service providers whose systems gather usage data on the website, or advertising providers who gather their own data through ads which may appear on our websites. A list of services we use which may affect your privacy is at the bottom of this policy.
3b. International transfers.
In certain, very rare, circumstances we may be required to transfer your data to third parties outside of the European Economic Area (EEA). This will usually be due to a promotion offered to our users from a US or other foreign company. We will try to inform you wherever possible if this is going to be the case when we are collecting your data.
We follow very strict rules if we have to transfer data in this way, such as never transferring data to countries which do not provide levels of protection deemed adequate by the European Commission and only transferring data to US third parties if they comply and are part of the EU-US and Swiss-US Privacy Shield framework which requires US companies to provide EU level protection to personal data shared between the EU and the US.
You can learn more about Privacy Shield by clicking here.
4. How long we retain your data.
- We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. This includes the additional purposes of satisfying any reporting, accounting or legal requirements under UK, EU or US (where applicable) law.
- When determining appropriate data retention periods we take into account the reason for us obtaining the data, the amount of data obtained, the nature and sensitivity of the data and the potential risk from any unauthorised use or disclosure.
- Some data we are legally obliged to keep for a specific period of time, such as basic information about e-commerce or service customers including contact, financial and transaction data. We must retain this data for at least 6 years for UK tax purposes.
- If you have any queries regarding the retention period of your data please use the contact details at the top of this policy.
- If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
- For users that register on the website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username).
5. How we secure your data.
- We have in place appropriate security measures to prevent the accidental loss or unauthorised access of your data.
Access to your personal data is restricted to a need to know basis for both company employees as well as contractors and third parties. If a person or agent does not have a need to know they will not be issued authorised access to your data.
- All digital data will be stored securely in password protected encrypted systems.
- Where data is kept on or transferred to physical formats, for example printed delivery notes or certain legal contracts. This data will be kept in secure access restricted and locked areas unless in immediate use.
- We have procedures in place to deal with any suspected data breach and will notify both you and any applicable regulator where we are legally required to do so.
- Data sent to us through the website is encrypted and secured. Our SSL security certificate and website security is provided by Cloudflare Inc. You can check this by ensuring every page you visit on our website begins with “https” and the padlock icon next to the URL in your browser is green or closed. (Depending on browser). In most browsers you may click on the icon to view the full details of the website’s security certificate.
6. Your legal rights
As a company we operate under the laws of the United Kingdom and European Union. As such we will treat all personal data the same, whether your country of residence is within the EU or not.
As an individual Under GDPR you have 8 specific legal rights.
You can click on the titles of each right for more detailed information from the ICO.
- The right to be informed.
- The right of access.
This is your right to know about, and obtain, any of your personal data we may hold. Commonly refereed to as ‘subject access’. It also includes your right to know specifics of how we are processing each element of data, how long we will keep it and the data’s source.
- The right to rectification.
This is your right to have inaccurate data corrected or incomplete data completed.
- The right to erasure.
Otherwise known as ‘the right to be forgotten’. This is your right to have your personal data completely erased. However, this right is not absolute, and only applies in certain circumstances. We can refuse your request if we are required to keep your data to comply with other legal obligations or if your request is manifestly unfounded, excessive or repetitive.
- The right to restrict processing.
This is your right to request a suppression of your personal data, where it can be stored but not processed. Usually whilst you are contesting the accuracy of the data or you no longer wish for your data to be processed but require it to be held for legal reasons.
- The right to data portability.
This is your right to obtain and reuse your personal data for your own purposes.
- The right to object.
This is your right to object to the processing of your data in certain circumstances, such as stopping your data being used for direct marketing purposes.
- Rights in relation to automated decision making and profiling.
These are an additional set of rights which cover the use of your data in decision making or individual profiling activities without human involvement.
If you wish to exercise any of your legal rights you can do so verbally or in writing, however we would prefer you use the contact details at the top of this policy in the first instance to help us in tracking your request.
If you chose to exercise your rights, we will have 1 month to reply and can not charge a fee. However if your request is considered manifestly unfounded, excessive or repetitive, we can charge a reasonable administrative fee.
If you are exercising your right to access, we can extend the period to process your request by a further 2 months if you make multiple requests or your request is complex. We will inform you of this within the first month.
We also have the right to ensure the correct individual is making the request by asking for further ID. If this is the case, the time limit for processing your request begins when the required further information is received.
We will always endeavour to fulfil our obligations with your data, and appreciate the chance to deal with any concerns you may have directly. However, you also have the right to complain at any time to the Information Commissioner’s Office (ICO) who are the UK supervisory authority for data protection issues at ico.org.uk.
In this final section you will find brief descriptions of other websites we may link to on a regular basis, as well as technology providers we use to run and operate our websites. We have no control over the privacy policies of external companies so recommend you read the policies of these companies to ensure you are happy with their use of your data. We have included links to relevant privacy policies wherever possible.
Disclaimer: This may not be a complete list of all services and technologies we use throughout this website. The inclusion of any company on this list does not automatically mean that company has access to your data through this website. Also, the inclusion of any service on this list does not automatically mean we are currently using such services on the website.
This list is for information purposes only.
- Facebook: Data Policy: Social media linking, tracking and analytics, embedded content and advertising services.
- Youtube: Policies and safety: Embedded videos. Owned by Google.