Privacy Policy

You know us by our trading name; Critical Situations, but our legal name is actually Critical Situations Ltd ("we", "our", "us" or "Critical Situations").  .  We are committed to protecting the privacy of all users of our website criticalsituations.co.uk ("Service").  Please read the following Privacy Policy which explains how we use and protect your data.  We are the Data Controller of the data we gather and process, unless otherwise stated. 

 

1. CONTACT DETAILS 

If you have any queries, concerns, or requests regarding this Privacy Policy or how we handle your data, you can get in touch with us via email at info@criticalsituations.co.uk.  

​

2. HOW WE COLLECT YOUR DATA 

We collect your data when you interact with us or use our Services.  We also look at how visitors use our Service, to help us improve and optimise our customer experience.  

​

We collect data: 

1. when you create an account with us or you change your account settings; 

2. when you place an order with us; 

3. through your interactions with us or our Service, such as when you request information or when you subscribe to receive marketing, information about Critical Situations initiatives or other communications from us by email, phone, post, SMS, push notification, or via our chat function; 

4. when you participate in a competition, prize draw, promotion or surveys about our Services, or our Partners’ services; and 

5. when you browse or use our Service.  

​

We also collect data from third-party sites, such as advertising and social media platforms and our fraud detection provider.  If you link your social media or your third-party accounts with us, we will keep a record of your social media handle, and the other data that is made available to us according to your Social Media account settings.

​

3. DATA WE COLLECT FROM YOU 

As part of our commitment to the privacy of our customers, and visitors more generally, we want to be clear about the sort of data we will collect from you.  When you use the Service, including any partner website we work with, you may be asked to provide information about yourself including your name, contact details, address, and payment information such as credit/debit card information (though these will be processed securely by our partner payment gateway).  We may also collect information from you when you contact us using the chat function on our Service.  Further, we may collect your date of birth in order to verify your identity and/or age.  We also collect information about your usage of the Service and information about you from any messages you post to the Service or when you contact us or provide us with feedback, including via email, letter, phone or chat.  If you contact us by phone, we may record the call for training and monitoring purposes, and make notes in relation to your call.  We collect technical information from your mobile device or computer, such as its operating system, the device and connection type and the IP address from which you are accessing our Service.  

We also collect technical information about your use of our Services through a mobile device, for example, your network provider, location data and performance data, interaction with other retail technology such as use of NFC Tags, QR Codes and/or use of mobile vouchers.  Unless you have elected to remain anonymous through your device’s settings, this information may be collected and used by us automatically if you choose to access the Service on your mobile device(s) using your mobile's browser or otherwise.

  

4. USE OF YOUR DATA 

We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law.  

We use your data where we need to in order to provide you with the service you have requested or to enter into a contract.  You do not have to provide this information to us, but we may be unable to provide our services to you without the following information: 

1. to enable us to provide you with access to the relevant parts of the Service, we collect necessary cookies from your device; 

2. to supply the goods/services you have requested, we collect your name and contact details

3. to enable us to collect payment from you, we collect your credit/debit card information (though these are not held by us and are only used to process the payment via our partner payment gateway); and 

4. to contact you where necessary concerning our goods/services, such as to resolve issues you may have with your order, we collect the information listed above and any additional information we may need to resolve your issue.  

 

We also process your data where we have a legitimate interest for doing so.  For example, personalisation of our service, including processing data to make it easier and faster for you to find products or services which may be of interest to you.  Why we collect this data is set out in the following non-exhaustive list: 

5. to improve the effectiveness and quality of service that our users can expect from us in the future; 

6. to tailor content that we or our commercial partners display to you, for example so that we can make sure you see the advertising which is most relevant to you, based on your personal characteristics; 

7. to enable our customer support team to help you with any enquiries or complaints in the most efficient way possible and to provide a positive customer experience; 

8. to contact you for your views and feedback on our goods/services and to notify you if there are any important changes or developments to the Service;

9. to send you information by post about our products, services, promotions about Critical Situations initiatives.  If you do not want to receive these, you can let us know by getting in touch using the contact details set out in section 1; 

10. to analyse your activity on the Service so that we can administer, support, improve and develop our business and for statistical and analytical purposes and to help us to identify and prevent fraud; and 

11. to detect, investigate, report and seek to prevent fraud or crime.  

 

We also process your data to enforce our contractual terms with you and any other agreement, and for the exercise or defence of legal claims and to protect the rights of Critical Situations, our Partners, users, or others (including for the purposes of preventing fraud).  

If you submit any comments and/or feedback regarding the Service, we may use such comments and feedback on the Service and in any marketing or advertising materials.  We will only identify you for this purpose by your name.  Such comments and feedback may also be shared with our Partners to assess and improve their services.  

We may also use your data to comply with any legal obligation or regulatory requirement to which we are subject.  

​

5. COOKIES 

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.  If you disable or refuse cookies, some parts of the Service may become inaccessible or malfunction.

 

6. MARKETING

Where you have given your consent or where we have a legitimate interest for doing so (and are permitted to do so by law), we will use your data to let you know about our other products and services, or Critical Situations initiatives that may be of interest to you and we may contact you by email, post, phone, or push notification.  

We use online advertising to keep you aware of what we are up to and to help you see and find our products.  You may see Critical Situations banners and ads when you are on other websites and apps, such as Social Media.  We manage this through a variety of digital marketing networks.  We also use a range of advertising technologies.  The banners and ads you see are based on information we hold about you, or your previous use of our Service.  We use your customer profile to send you communications that are the most relevant to you.  You have certain rights in relation to this type of processing.  Please see section 11 for more information.  

You can control your marketing preferences by: 

• visiting our website criticalsituations.co.uk

• clicking on "Account" (for our website this is under the drop-down menu); and 

• scrolling down to "Marketing Preferences" 

​

7. AUTOMATED DECISION MAKING 

We conduct fraud checks on all our customers.  Where we believe there may be fraudulent activity, we may block you from using our Service. 

We undertake these checks on all customers because this is necessary to ensure that the goods/services we provide is paid for, and to protect our customers from fraud.  

Given the volumes of customers we deal with, we use automated systems including third party fraud detection providers, which analyse your data in order to make automated decisions as to whether or not we will accept your order.  We find this is a fairer, more accurate and more efficient way of conducting fraud checks since human checks would simply not be possible in the timeframes, given the volume of customers we deal with.  

Some of the checks and decisions made look at various transaction components, in conjunction with any fraud patterns we have detected on our Service.  These generate an automated score indicating the likelihood of a fraudulent transaction.  If our systems indicate a high score for your particular transaction, we may decline your order, or even block you from using our Service.  The specific fraud indicators are dynamic, so these parameters will change depending on the types of fraud that are currently trending at any particular time.  

You have certain rights in respect of this activity, please see section 11 for more information.  As aforementioned, our fraud detection system is in place to protect our customers, our Partners as well as Critical Situations.  

​

8. RETENTION OF YOUR DATA 

We will not retain your data for any longer than is necessary.  Data that we collect will be retained for as long as needed to fulfil the purposes outlined in section 4, in line with our legitimate interest or for a period specifically required by applicable statutes and/or regulations, such as retaining the data for regulatory reporting purposes.  

When determining the relevant retention periods, we will take into account factors including: 

1. our contractual obligations and rights in relation to the data involved; 

2. legal obligation(s) under applicable law to retain data for a certain period of time; 

3. statute of limitations under applicable law(s); 

4. our legitimate interests where we have carried out balancing tests pursuant to section 4; 

5. any disputes; and 

6. guidelines issued by relevant data protection authorities.  

 

9. DISCLOSURE OF YOUR DATA 

The data we collect about you will be transferred to and stored on our servers.  We are very careful and transparent about who else your data is shared with.  We share your data with other Critical Situations group companies only where necessary for the purposes set out in section 4.  We share your information with third party service providers which provide services on our behalf.  The types of third-party service providers whom we share your data with include: 

1. Payment gateways (including online payment providers and fraud detection providers); 

2. IT service providers (including cloud providers); 

3. Customer support partners (including, but not limited to, companies that assist us to provide customer or technical support); and 

4. Marketing and advertising partners.  To learn more about our website data sharing policy please see our Cookie Policy set out in section 6.  Critical Situations also shares your data when we promote a programme or offer a service or product in conjunction with a third-party business partner.  We will share your data with that partner to assist in marketing or to provide the associated product or service.  In most of those cases, the programme or offer will include the name of the third-party business partner, either alone or with ours.  An example of such a business partner relationship would be a business that we partner with for providing services. 

If you submit any comments and/or feedback regarding the Service or our partners, we may share such comments and/or feedback with our partners.  Critical Situations will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable laws when it is transferred to any third-party. 

If our business enters into a joint venture with, purchases or is sold to or merged with another business entity, your data may be disclosed or transferred to the target company, our new business partners or owners or their advisors.  

​

We may also share your data: 

5. if we are under a duty to disclose or share your data in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement.  This includes exchanging information with other companies and other organisations for the purposes of identifying and preventing fraud, and with law enforcement for the purposes of crime prevention; 

6. in order to enforce our contractual terms with you and any other agreement; 

7. to protect the rights of Critical Situations, or others, including to prevent fraud; and 

8. with such third parties as we reasonably consider necessary in order to prevent crime, for example, the police or other law enforcement agencies.  

 

In some cases, the personal data we collect from you might be processed outside the United Kingdom, such as in the European Economic Area (“EEA”), the United States, and the countries in which Critical Situations operates.  These countries may not have the same protections for your personal data as the UK or EEA has.  However, we are obliged to ensure that the personal data that is processed by us and our suppliers outside of the UK or EEA is protected in the same way as it would be were it was processed within those jurisdictions.  There are therefore certain safeguards in place when your data is processed outside of the UK or the EEA.  We ensure a similar degree of protection by ensuring at least one of the following safeguards is implemented:

9. your personal data is transferred to countries that have been deemed to provide an adequate level of protection for personal data by the Secretary of State; and/or

10. we use any Secretary of State approved data transfer mechanisms.  Please contact us using the contact details set out in section 1 if you require further information on the countries to which personal data may be transferred and the specific mechanism used by us when transferring your personal data out of the UK or the EEA.  

​

10. SECURITY 

We adopt robust technologies and policies to ensure the personal data we hold about you is suitably protected.  We take steps to protect your data from unauthorised access and against unlawful processing, accidental loss, destruction and damage.  

Where you have chosen a password that allows you to access certain parts of the Service, you are responsible for keeping this password confidential.  We advise you not to share your password with anyone.  Unfortunately, the transmission of data via the internet is not completely secure.  Although we will take steps to protect your data, we cannot guarantee the security of any data transmitted to the Service and any transmission is done so at your own risk.  Once we have received your data, we will use strict procedures and security features to combat unauthorised access.  

​

11. YOUR RIGHTS 

Subject to applicable law, you may have a number of rights concerning the data we hold about you.  If you wish to exercise any of these rights, please contact us using the contact details set out in section 1.  For additional information on your rights, please see the Information Commissioner’s Office website at: https://ico.org.uk/your-data-matters/.  

If you wish to exercise any of the following rights, please get in touch using the contact details set out in section 1: 

1. The right to be informed – You have the right to be provided with clear, transparent and easily understandable information about how we use your data and your rights.  This is why we’re providing you with the information in this policy.  

2. The right of access – You have the right to obtain access to your data (if we’re processing it).  This will enable you, for example, to check that we’re using your data in accordance with data protection law.  

3. The right to rectification – You are entitled to have your data corrected if it is inaccurate or incomplete.  

4. The right to erasure – This is also known as 'the right to be forgotten' and, in simple terms, enables you to request the deletion or removal of certain data that we hold about you.  This right is not absolute and only applies in certain circumstances.  

5. The right to restrict processing – You have rights to 'block' or 'suppress' further use of your data in certain circumstances.  When processing is restricted, we can still store your data, but we will not process it any further.  

6. The right to data portability – You have the right to obtain your personal data in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers.  This is not an absolute right however and there are numerous exceptions.  

7. The right to log a complaint – You have the right to log a complaint about the way we handle or process your information with a competent data protection authority, please see section 14.  

8. The right to withdraw consent – If you have given your consent to anything we do with your data, you have the right to withdraw that consent at any time.  Withdrawing consent will not; however, make unlawful our use of your data before you withdraw consent.  

9. The right to object to processing – You have the right to object to certain types of processing, including processing for direct marketing and profiling.  You also have the right not to be subject to a decision based solely on automated processing.  

 

12. CHANGES TO OUR PRIVACY POLICY 

We update this Privacy Policy from time to time, so remember to check back in case anything has changed and, where appropriate, we may also notify you of the changes.  

 

13. COMPLAINTS

If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you may make a complaint to the Information Commissioner’s Office (ICO) using the following details:  

Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF  

Website: www.ico.org.uk.