The Man Privacy Policy

This Privacy Policy explains how The Man collects, uses, stores and protects personal data of its customers and prospective customers in the area in which it operates. It also explains the rights you have under the General Data Protection Regulation and applicable local data protection laws. This Privacy Policy applies to all The Man customers in the area, as well as individuals who interact with The Man services, products, websites, or customer support channels.

Data Controller

The Man is the data controller responsible for determining the purposes and means of processing your personal data. All references to we, us or our in this Privacy Policy refer to The Man as the data controller.

Categories of Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with us and which services you use. The categories of data we may collect include:

Identification and contact data, such as your name, postal address, billing address, and any other contact details you choose to provide.

Account and profile data, such as usernames, passwords or other authentication details, account preferences, and communication preferences.

Transaction and payment data, such as details of the products or services you purchase, order history, invoicing information, and methods of payment. We do not store full payment card details; these are handled by our payment processors where applicable.

Technical and usage data, such as information about your device, browser type and version, log information, pages visited, time and date of visits, and other diagnostic data generated when you use our online services.

Communication data, such as information contained in messages, enquiries, feedback or complaints that you send to us, and any data we may collect when we respond to you.

Marketing and preference data, such as your consent for receiving marketing communications and details of your interactions with such communications where these are permitted.

Purposes and Lawful Bases for Processing

We process your personal data only where we have a valid lawful basis under the GDPR. Depending on the context, we may process your data for the following purposes and on the following bases:

To provide products and services. We process identification, contact, account, transaction and technical data to set up your account, process your orders, deliver services, manage billing, and provide customer support. The lawful basis is the performance of a contract or taking steps at your request before entering into a contract.

To comply with legal obligations. We may process your data to comply with accounting, tax, regulatory and other legal obligations, such as maintaining accurate records of transactions. The lawful basis is compliance with a legal obligation.

To manage our business and services. We process technical and usage data to maintain and improve our services, ensure security and business continuity, prevent misuse or fraud, and manage our relationship with you. The lawful basis is our legitimate interests in operating and protecting our business, provided that your interests and fundamental rights do not override those interests.

To respond to enquiries and provide support. We process communication and account data to respond to your questions, handle complaints, and provide assistance. The lawful basis is performance of a contract or our legitimate interests in providing effective customer service.

To send marketing communications. Where permitted by law, we may use contact and preference data to send you information about our products, services, offers or events that may be of interest to you. The lawful basis is your consent where required, or our legitimate interests in promoting our services where consent is not legally required. You can opt out of marketing communications at any time.

To protect our rights and interests. We may process personal data where necessary to establish, exercise or defend legal claims, to prevent and investigate fraud or misuse of our services, or to protect the rights, property or safety of The Man, our customers or others. The lawful basis is our legitimate interests and, where applicable, the establishment, exercise or defence of legal claims.

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to meet any legal, accounting or reporting requirements.

Account and profile data are retained for as long as your account is active and for a reasonable period thereafter, in case of queries or disputes, unless you request deletion and we are able to comply without breaching legal obligations.

Transaction and payment data are retained for the duration required by tax and accounting laws and other applicable regulations. This may mean we keep certain records for a number of years even after you cease to be a customer.

Technical and usage data are retained for a shorter period necessary for security, analysis and service improvement, typically only for as long as it is relevant for these purposes.

Marketing and communication data are retained for as long as you remain subscribed to our marketing communications or as long as necessary to respond to your enquiry. We will remove or anonymise data when it is no longer needed for the purposes for which it was collected.

When we no longer need personal data, we will securely delete or anonymise it in accordance with our data retention and deletion procedures.

Data Processors and Sharing of Personal Data

We do not sell your personal data. However, we may share your personal data with selected third parties acting as data processors on our behalf, for the purposes described in this Privacy Policy.

These processors may include providers of payment processing services, cloud hosting and storage services, IT and security services, customer support tools, and professional advisers or consultants assisting us with our operations.

Where we engage a data processor, we ensure that a written data processing agreement is in place, requiring the processor to handle your personal data securely, to use it only in accordance with our documented instructions, and to comply with applicable data protection laws.

We may also share personal data with third parties acting as independent controllers where required by law, such as regulatory authorities, law enforcement bodies, or courts, or where necessary for the establishment, exercise or defence of legal claims. In such cases, the relevant third party is responsible for its own compliance with data protection law.

Where personal data is transferred outside the European Economic Area, we will ensure that appropriate safeguards are in place, such as an adequacy decision or standard contractual clauses, to provide a level of protection for your data that is essentially equivalent to that within the European Economic Area.

Security of Personal Data

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include access controls, security monitoring and procedures designed to ensure ongoing confidentiality, integrity and availability of the data we process.

Despite our efforts, no method of transmission over the internet or method of electronic storage can be guaranteed to be completely secure. We continually review and enhance our security measures to address emerging risks.

Your Data Protection Rights

As a data subject within the scope of the GDPR, you have a number of rights in relation to your personal data, subject to certain conditions and legal limitations. These rights include:

Right of access. You have the right to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of the personal data we hold about you, together with related information.

Right to rectification. You have the right to request the correction of inaccurate personal data and the completion of incomplete data.

Right to erasure. In certain circumstances, you have the right to request that we delete your personal data, for example where the data is no longer necessary for the purposes for which it was collected or where you withdraw consent and no other legal basis applies.

Right to restriction of processing. You may request that we restrict the processing of your personal data in certain situations, such as while we verify the accuracy of the data or assess an objection you have raised.

Right to data portability. Where processing is based on your consent or on a contract and is carried out by automated means, you have the right to receive your personal data in a structured, commonly used and machine readable format and to request that we transmit it to another controller where technically feasible.

Right to object. You have the right to object, on grounds relating to your particular situation, to our processing of your personal data that is based on legitimate interests. We will stop processing the data unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or unless the processing is required for the establishment, exercise or defence of legal claims.

Right to object to marketing. You have the right to object at any time to the processing of your personal data for direct marketing purposes, including profiling related to direct marketing. If you object, we will stop using your data for this purpose.

Right to withdraw consent. Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal.

You also have the right to lodge a complaint with a competent data protection authority if you believe that our processing of your personal data infringes data protection laws. We encourage you to contact us first so that we can address your concerns directly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other factors. Any changes will be posted in the latest version of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we process and protect your personal data.