PRIVACY POLICY 

Opia Limited (collectively referred to as "Opia Limited", "we", "us" or "our" in this privacy policy), is responsible for your personal data collected via this website. 

We ask that you read this privacy policy carefully, as it contains important information on who we are, how and why we collect, store, use and share your personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint or would like further information on any of the above. 

How to Contact Us 

You can contact us in relation to this privacy policy in one of the following ways: 

  1. using our online form at www.opia.com/contact-us; 
  1. via email at: security@opia.com; 
  1. via post at: 184 Shepherds Bush Road, W6 7NL, London, UK. 

Application of this Policy 

This privacy policy relates to your participation of an applicable Promotion where Opia is designated as joint Promoter. 

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit. 

What is Personal Information? 

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). 

The Data we Collect about You 

We collect personal information about you when you take part in a Promotion, via the form presented during the Claim process. 

We collect this personal information from you either directly (i.e. when making a claim under the Promotion) or indirectly, such as your browsing activity while on our website (see 'Cookies' below). 

We use this personal information to: 

  1. Fulfilment of the applicable Promotion and related services to Participants. 
  1. improve our services 
  1. Notify you of further Promotions. 

This website is not intended for use by children and we do not knowingly collect or use personal information relating to children. 

Our Legal Basis for Processing your Personal Information 

When we collect and/or use your personal information, we are required to have a legal basis for doing so. There are various legal bases upon which we may rely, dependant on what personal information is being processed and why. 

The legal bases we may rely on include: 

  1. Consent: where you have given us clear consent for us to process your personal information for a specific purpose. Generally, we will not rely on consent as a legal basis for processing your personal information although we will get obtain consent before sending direct marketing communications to you via email or other medium You have the right to withdraw consent to marketing at any time by contacting us via one of the methods listed above. 
  1. Legal Obligations: where our use of your personal information is necessary for us to comply with the law 
  1. Legitimate Interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us. 

Sharing your Information 

We routinely share your personal information with third parties. These third parties process data on behalf of Opia for us to in turn provide services to you in the form of our website. As per our agreements with such sub processors they shall process your data in full accordance with this Privacy Policy. 

Some of those third-party recipients may be based outside the European Economic Area - for further information including on how we safeguard your personal data when this occurs, see 'Transfer of your information out of the EEA'. 

We will share personal information with law enforcement or other authorities if required by applicable law. 

We will not share your personal information with any other third party not mentioned above. 

Transfer of your Information out of the EEA 

We will not routinely share your personal information with parties located outside the European Economic Area (EEA). If we do so, we will always rely upon a European Commission adequacy decision, as set in art.45 of the General Data Protection regulation or to appropriate safeguards, as set n art.46 of the GDPR. 

If you would like further information, please contact us at security@opia.com. 

We will not otherwise transfer your personal data outside of the EEA. 

Cookies and Similar Technologies 

A cookie is a small text file which is placed onto your device when you use our website. We use cookies and other similar tracking technologies on our website. These help us recognise you and your device and store some information about your preferences or past actions. 

For further information specifically relating to Opia's use of cookies, please see our [insert link to Cookie Policy]. 

For further information on cookies generally, please visit www.aboutcookies.org or www.allaboutcookies.org. 

Marketing 

We would like to send you information relating to our services which may be of interest to you. Where we have your consent, or it is in our legitimate interests to do so, we may email you to send such information. 

If you no longer wish to be contacted in such way, you can unsubscribe at any time by: 

-contacting us at marketing@opia.com 

-using the 'unsubscribe' link in emails. 

For more information on your rights in relation to marketing, see 'Your Rights' below. 

Your Rights 

Under data protection law, you may have certain rights dependant on the circumstance. Those include rights to the following: 

  1. Request access to your personal data; 
  1. Request correction of your personal data; 
  1. Request erasure of your personal data; 
  1. Object to processing of your personal data; 
  1. Right to withdraw consent. 

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner's Office (ICO) on individuals' rights under the General Data Protection Regulation. 

If you would like to exercise any of those rights, please: 

  1. Email us at security@opia.com 
  1. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 
  1. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. 

Keeping your Personal Information Secure 

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

How to Complain 

We hope that we can resolve any query or concern you raise about our use of your information. 

The General Data Protection Regulation (and equivalent UK law) also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/. 

Changes to this Privacy Policy 

This website privacy policy was last updated on the 4th February 2021. 

We may change this website privacy policy from time to time, when we do, we will inform you via email.