Privacy Policy

This Privacy Policy explains how Access Experiences Limited (company number 14554147, trading as "FanCircles," "we," "us," or "our"), with its registered office at 50 Micklegate, Selby YO8 4EQ, United Kingdom, processes your personal data.

We are registered with the Information Commissioner's Office (ICO) under registration number ZB506911.

By using the FanCircles PushPass system (the "Service"), you agree to the collection, use, and processing of your personal data as described in this policy.

1. Our Roles: Data Controller vs. Data Processor

Under the UK General Data Protection Regulation (UK GDPR), we have two distinct roles in relation to personal data:

1.1. Data Controller: We are the Data Controller for the personal data we collect directly from you, our client (the company or individual subscribing to our Service). We determine the purposes and means of processing this data.

1.2. Data Processor: We are the Data Processor for the personal data of your subscribers (the "Subscribers"). You, our client, are the Data Controller for this data, and we only process it on your behalf and in accordance with your instructions.

2. Personal Data We Collect and How We Use It

We collect and process different types of personal data depending on your relationship with us.

2.1. Data We Collect from Our Clients (where we are the Data Controller):

We collect a variety of personal data from you when you register for and use our Service. This may include:

  • Contact Information: Your full name, email address, physical address (for billing), and phone number.
  • Company Information: Your business name and any other company details provided during registration.
  • Billing Information: Payment details, such as credit card information, processed securely by our third-party payment provider.

Our Legal Basis for Processing this Data: We process this data under the legal basis of Contractual Necessity. We require this information to provide the Service, manage your account, process payments, and fulfill our contractual obligations to you.

2.2. Data We Process on Behalf of Our Clients (where we are the Data Processor):

You, as the Data Controller, are responsible for ensuring you have a lawful basis for collecting the personal data of your Subscribers. We act solely on your instructions and only process the data you upload or that is collected via the Service.

The types of Subscriber data we process on your behalf may include:

  • Identifying Information: Device IDs, IP addresses, phone numbers, names, business names, addresses, and postcodes.
  • Digital Pass Content: Graphics, images, and other materials used to build the digital passes.
  • Usage Data: Analytics related to the pass, such as open rates, click-through rates, and sales tracking.

We do not use this data for our own purposes. It is stored on our systems for your use only, similar to a data hosting service.

3. Data Sharing with Third Parties

We will only share your personal data with third parties to the extent necessary to provide and maintain the Service. This includes:

  • 3.1. Payment Processors: To securely handle all subscription and billing payments.
  • 3.2. Hosting Providers: To store the data necessary for the Service to function.
  • 3.3. Analytics Providers: We use services like Google Analytics to track and analyze traffic to our website and improve the Service. This involves the sharing of data such as IP addresses and device information.

We require all third-party service providers to respect the security of your personal data and to treat it in accordance with the law.

4. Data Retention

We will not keep your personal data for longer than is necessary for the purposes for which it was collected.

4.1. Client Data: We retain your personal data for the duration of your subscription and for a period of 90 days after your account is terminated. This allows for administrative and billing record-keeping and provides a grace period for you to reactivate your account. After this period, your data will be permanently deleted from our systems.

4.2. Subscriber Data: As the Data Processor, we delete all Subscriber data from our systems 90 days after your account is terminated, as outlined in our Terms and Conditions. You are responsible for exporting or downloading this data at any time during your active subscription.

5. Your Rights as a Data Subject

Under the UK GDPR, you have the right to:

  • 5.1. The Right to be Informed: To be informed about how your data is being used. This privacy policy serves that purpose.
  • 5.2. The Right of Access: To request a copy of the personal data we hold about you.
  • 5.3. The Right to Rectification: To have any inaccurate data corrected.
  • 5.4. The Right to Erasure: To request the deletion of your personal data in certain circumstances.
  • 5.5. The Right to Restrict Processing: To request a temporary halt to the processing of your data.
  • 5.6. The Right to Data Portability: To receive your personal data in a structured, commonly used, and machine-readable format.
  • 5.7. The Right to Object: To object to the processing of your data in certain situations.

To exercise any of these rights, please contact us using the details below.

6. Contact Information

If you have any questions or concerns about this privacy policy or our data practices, please contact us.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO).