Last updated: 11th Sept 2019
Share Somewhere is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you in accordance with data protection law. Please read it carefully.
Data protection law says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely
1 INFORMATION ABOUT US
1.1 We are Share Somewhere powered by The Mix. We are registered in England and Wales under charity number 1048995 and have our registered office at The Mix, 8 Glentworth Street, NW1 5PG.
1.2 This privacy notice relates to our operation of https://sharesomewhere.org and associated activities. Our general privacy notice which relates to other activities of The Mix is available at https://www.themix.org.uk/about-us/privacy-policy.
1.3 If you have any questions about this notice or how we collect and use personal information about you, you can contact us via the “Contact Us” page on our site http://sharesomewhere.org/contact-us.
1.4 Our site is used to provide a free service so that organisations or individuals can list their property or premises for rental, whether free of charge or for a price and provide details of available rentals including address, nature of the premises, and size of any available spaces with a view to finding persons who may require use of that property or premises.
1.5 Payments for rentals are made through a third party service provider, who will be directly responsible to you for their service and use of your information. We do not operate a payment service or collect any payment information. Our current payment provider is Stripe, details of their privacy notice are available at https://stripe.com/gb/privacy and details of their terms and conditions which will apply to your use of their service are available at https://stripe.com/gb/legal.
2 ACCOUNT INFORMATION AND CORRESPONDENCE
2.1 If you are an individual, when you create an account with us we need your name and email address to administer that account and you must provide this in order to enter create an account with us, if you do not, you will not be able to create an account.
2.2 Other correspondence or interaction (for example by email, telephone, post, SMS or via our website) between you and us, will include personal information (such as names and contact details) in that correspondence. This may include enquiries, reviews, follow-up comments or complaints lodged by or against you and disputes with you or your organisation (although we are not responsible for administering or resolving disputes between users of our site).
2.3 We will keep and use that information to provide our services to you (if applicable), and to comply with any legal requirements for us to maintain certain records, and/or for our legitimate interests in preventing fraud, dealing with a complaint or enquiry and administering your (or your organisation's) account and any services we offer, as well as to review and improve our offerings, including troubleshooting, data analysis, testing, research, statistical and survey purposes. We may also need to send you emails about your account, or bookings made through our website. These are administrative or operational emails, and we will not send you any marketing without your consent.
2.4 Where your information relates to an account, it is kept until your account is closed.
2.5 Any other information set out above such as initial enquiries or correspondence which doesn't relate to a customer is kept until the relevant correspondence is finished.
3 WEBSITE INFORMATION
3.1 We may collect information about you and your use of our website via technical means such as cookies, webpage counters and other analytics tools. This may include log or error reports, your IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access a website. We use this as necessary for our legitimate interests in administering and improving our website and its content, to ensure it operates effectively and securely, and to develop our services. We may also create aggregate statistical data from that information (for instance, overall numbers of website visitors) which is not personal information about you.
3.3 What is a cookie? A cookie is a small text file stored by your web browser on your computer or mobile device. Some cookies are essential for a website to work and help us provide you with relevant information. They also allow us to recognise your computer (but not specifically who is using it) when you access our site and to improve the usability and performance of our site.
3.5 You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Cookie Name||Persistent or Session||More information|
|XSRF-TOKEN||Session||Protects against Cross-site Request Forgery attacks. Cross-site request forgeries are a type of malicious exploit whereby unauthorised commands are performed on behalf of an authenticated user|
|Laravel_session||Session||Cookie to store user information if required. Currently only used for authenticated users but new session cookie is generated for every new visitor.|
All of the following cookies are used by Stripe to provide a gateway for handling payments from our platform. These cookies will only be used when making a payment. All can be found at: https://stripe.com/cookies-policy/legal#stripe-cookies
Stripe also follows GDPR and has their own guidelines with regards to payments: https://stripe.com/gb/guides/general-data-protection-regulation
3.6 Turning off and deleting cookies. When you use our site, we’ll give you the opportunity to consent to all of the cookies we’ve listed above (except for essential “Session Cookies”). You can also refuse to accept any cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If you select this setting you may be unable to access certain parts of our sites. If you use different devices to view and access our sites (for example, your computer, smart phone, tablet etc.) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences. If you disable the cookies that we use, this may impact your experience while on the sites.
3.7 Blocking cookies. You can also block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
3.8 More information. For more detailed information about cookies please visit www.allaboutcookies.org which provides guidance on how to control cookies.
3.9 Except for strictly necessary cookies, all cookies will expire after a maximum of 12 months. We keep this website information about you for up to 12 months from when it is collected or the relevant cookie expires.
3.10 Third party websites. Our website may, from time to time, contain links to third party websites, plug-ins and applications.Clicking on those links or enabling those connections may allow third parties to collect or share data about you.We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
4 PHOTOS, Content AND PROMOTIONAL MATERIAL
4.1 This is information about you which you provide to us (whether through our website or otherwise), or images or recordings of you which you allow us (or someone on our behalf) to take (including at our premises or events), for publication or display. This may include reviews, comments, testimonials, photographs (including stock photos and advertising material) and videos.
4.2 We may display and publish this content (and, if relevant, attribute it to you) on our platforms as necessary for our legitimate interests in providing content and for promotional purposes (or, in some circumstances, because you have specifically consented to us doing this). This information is kept and published or displayed by us for as long as we consider it relevant for those purposes. You can ask us to remove or delete your content at any time (subject to any agreements about our right to use it) by contacting us. If we are displaying or publishing the information based on your consent, you have the right to withdraw that consent at any time.
5 Information ABOUT PROFESSIONAL CONTACTS
5.1 If you work for one of our customers, suppliers or business partners, the information we collect about you may include your contact information, details of your employment and our relationship with you. This information may be collected directly from you, or provided by your organisation.Your organisation should have informed you that your information would be provided to us, and directed you to this policy. We use this as necessary for our legitimate interests in managing our relationship with your organisation. If we have a business relationship with you or your organisation, we may receive information about you from your organisation.
5.2 We keep this information for up to seven years after the end of our relationship with your organisation.
6 Legal Claims
6.1 Where we consider there to be a risk that we may need to defend or bring legal claims, we may retain your personal information as necessary for our legitimate interests in ensuring that we can properly bring or defend legal claims. We may also need to share this information with our insurers or legal advisers. How long we keep this information for will depend on the nature of the claim and how long we consider there to be a risk that we will need to defend or bring a claim.
7 WHY ELSE DO WE USE YOUR INFORMATION?
7.1 Common uses of your information. We will only use your personal information when the law allows us to do so. Although in limited circumstances we may use your information because you have specifically consented to it, we generally use your information in the ways set out in this notice because:
- 7.1.1 we need to perform a contract we have entered into with you.
- 7.1.2 we need to comply with a legal obligation.
- 7.1.3 it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those interests.
- 7.1.4 we need to protect your interests (or someone else's interests) or where it is needed in the public interest (although these circumstances are likely to be rare).
7.2 Change of purpose. We will only use your personal information for the purposes for which we collected it as set out in this notice, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
8 SHARING YOUR INFORMATION
8.1 We never sell your data to third parties. But we may need to share your information with third parties, including third-party service providers and other entities in our group. Third parties are required to respect the security of your personal information and to treat it in accordance with the law.
8.2 Why might we share your personal information with third parties? As part of our service, your email address will be shared as part of any booking you make or receive with the other user who is receiving or making the booking. If you are listing a rental on our site and include any personal information in that listing, this will also be shared on our site as part of the listing (unless and until we or you decide to remove it). We may share your personal information with third parties if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply our agreements with you, or to protect the rights, property, or safety of us, our customers, or others or where we have another legitimate interest in doing so.
8.3 Which third-party service providers process your personal information? Other than in relation to payments, (as described above) in relation to which you will provide information directly to payment service providers, we may need to share your personal information with third-party service providers (including contractors and designated agents) so that they can carry out their services. In particular, we use The Mix, Reason Digital and Amazon Web Services as service providers in order to provide our services.
8.4 How secure is your information with third-party service providers? All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information. Where third parties process your personal information on our behalf as "data processors" they must do so only on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
8.5 What about other third parties? We may also need to share your personal information with a regulator or to otherwise comply with the law.
9 WHERE WE STORE YOUR INFORMATION
9.1 Our office headquarters and main data centre are based in London. However, where required to perform our contract with you or for our wider business purposes, the information that we hold about you may be transferred to, and stored at, a destination outside the UK and the EU. It may also be processed by staff operating outside the UK and EU who work for us or for one of our service providers.
9.2 We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
9.3 Some countries or organisations outside of the UK and the EU which we may transfer your information to will have an "adequacy decision" in place, meaning the EU considers them to have an adequate data protection regime in place. These are set out on the European Commission website: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
9.4 If we transfer data to countries or organisations outside of the UK and the EU which the EU does not consider to have an adequate data protection regime in place, we will ensure that appropriate safeguards (for example, model clauses approved by the EU or a data protection authority) are put in place where required. To obtain more details of these safeguards, please contact us.
10 DATA SECURITY
10.1 As well as the measures set out above in relation to sharing of your information, we have put in place appropriate internal security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
10.2 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where necessary.
11 HOW LONG WILL WE KEEP YOUR INFORMATION FOR?
11.1 We have set out above indications of how long we generally keep your information. In some circumstances, it may be necessary to keep your information for longer than that in order to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
11.2 To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
11.3 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
12 YOUR RIGHTS
12.1 Data protection law gives you a number of rights when it comes to personal information we hold about you. The key rights are set out below. More information about your rights can be obtained from the Information Commissioner's Office (ICO). Under certain circumstances, by law you have the right to:
- 12.1.1 Be informed in a clear, transparent and easily understandable way about how we use your personal information and about your rights. This is why we are providing you with the information in this notice. If you require any further information about how we use your personal information, please let us know.
- 12.1.2 Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- 12.1.3 Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- 12.1.4 Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it (for instance, we may need to continue using your personal data to comply with our legal obligations). You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- 12.1.5 Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to us using your information on this basis and we do not have a compelling legitimate basis for doing so which overrides your rights, interests and freedoms (for instance, we may need it to defend a legal claim). You also have the right to object where we are processing your personal information for direct marketing purposes.
- 12.1.6 Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- 12.1.7 Request the transfer of your personal information to another party where you provided it to us and we are using it based on your consent, or to carry out a contract with you, and we process it using automated means.
- 12.1.8 Withdraw consent. In the limited circumstances where we are relying on your consent (as opposed to the other bases set out above) to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another compelling legitimate interest in doing so.
- 12.1.9 Lodge a complaint. If you think that we are using your information in a way which breaches data protection law, you have the right to lodge a complaint with your national data protection supervisory authority (if you are in the UK, this will be the ICO).
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw your consent to the processing of your personal information or request that we transfer a copy of your personal information to another party, please contact us at http://sharesomewhere.org/contact-us.
12.2 No fee usually required. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
12.3 What we may need from you. We may need to request specific information from you to help us understand the nature of your request, to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. If we request any identification from you for this purpose, it is on the basis that it is necessary to comply with our legal obligations, and we will only keep and use this until your identity has been verified.
12.4 Timescale. Please consider your request responsibly before submitting it. We will respond to your request as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will let you know.
13 CHANGES TO THIS PRIVACY NOTICE
Any changes we make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by e-mail or otherwise. Please check back frequently to see any updates or changes to our privacy notice.