For the purposes of the EU General Data Protection Regulation 2016/679 (“GDPR”), the controller of your data is Catapult Enterprises Ltd (“Catapult”), a company registered in England and Wales under company number 07057804 whose registered office is at Royle Studios, 41 Wenlock Road, London, N1 7SG. PROPER is the trading name of Catapult.
All your data will be held and used in accordance with the GDPR and any relevant national laws which implement the GDPR and any legislation that replaces it in whole or in part.
How we collect your data.
When you place an order for our products, or send us an enquiry using the email address provided
- When you register an account with us
- When you provide it to us when you use our services
Information we collect about you.
With regard to each of your visits to our site we may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page. We use such information internally to administer and improve our site, including to conduct troubleshooting, data analysis, testing, and research exercises. Such operations allow us to ensure that content is presented in the most effective manner for you and for your computer, and that our site is safe and secure.
Information we receive from other sources.
We may receive information about you from certain third parties we operate in conjunction with (such as sub-contractors in technical, payment and delivery services, analytics providers, and search information providers).
In accordance with the GDPR, the main grounds that we rely upon in order to process your information are as follows:
- Necessary for entering into or performing a contract. In order to perform obligations which arise under any contract we have entered into with you, it will be necessary for us to process your information.
- Necessary for compliance with a legal obligation. We are subject to certain legal requirements which may require us to process your information. We may also be obliged by law to disclose your information to a regulatory body or law enforcement agency.
- Necessary for the purposes of legitimate interests. We will need to process your information for the purposes of our legitimate interests, provided that we have established that those interests are not overridden by your rights and freedoms (including your right to have your information protected). Our legitimate interests include responding to requests and enquiries from you, optimising our website and user experience, informing you about our services and ensuring that our operations are conducted in an appropriate and efficient manner.
Consent. In some circumstances, we may ask for your consent to process your information in a particular way.
Disclosure of your information.
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with you.
- Analytics and search engine providers that assist us in the improvement and optimisation of our site.
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Catapult or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of Catapult, our customers, or others.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will never store your credit/debit card information on our website. All electronic transactions you make to or receive from us will be encrypted using SSL technology via GEOTrust and will be transferred and processed by WorldPay. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet; any transmission is at your own risk.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Where we store your personal data.
To the extent that any of your data is provided to third parties outside the EEA, or accessed by third parties from outside the EEA, we will ensure that appropriate safeguards are in place in accordance with the GDPR (such as the European Commission’s standard contractual clauses, or the EU/US Privacy Shield).
How long we hold your information.
We will only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements. The criteria that we use to determine retention periods will be determined by the nature of the data and the purposes for which it is kept, the sensitivity of the data and the potential risk of harm from unauthorised use or disclosure.
You have certain rights in relation to the personal data that we hold about you. Details of these rights and how to exercise them are set out below. Please note we will require evidence of your identity before we are able to respond to your request.
- Right of access. You have the right at any time to ask us for a copy of the personal information that we hold about you and to check that we are lawfully processing it. Where we have good reason, and if the GDPR permits, we can refuse your request for a copy of your personal information, or certain elements of the request. If we refuse your request or any element of it, we will provide you with our reasons for doing so.
- Right of correction or completion. If personal information we hold about you is not accurate or is out of date and requires amendment or correction you have a right to have the data rectified or completed.
- Right of erasure. In certain circumstances, you have the right to request that personal information we hold about you is erased e.g. if the information is no longer necessary for the purposes for which it was collected or processed or our processing of the information is based on your consent and there are no other legal grounds on which we may process the information.
- Right to object to or restrict processing. In certain circumstances, you have the right to object to our processing of your personal information. For example, if we are processing your information on the basis of our legitimate interests and there are no compelling legitimate grounds for our processing which override your rights and interests. You may also have the right to restrict our use of your personal information, such as in circumstances where you have challenged the accuracy of the information and during the period where we are verifying its accuracy.
- Right of data portability. In certain instances, you have a right to receive any personal information that we hold about you in a structured, commonly used and machine-readable format. In such circumstances, you can ask us to transmit that information to you or directly to a third party organisation. While we are happy for such requests to be made, we are not able to guarantee technical compatibility with a third party organisation’s systems. We are also unable to comply with requests that relate to personal information of others without their consent.
- Right to withdraw consent. In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
You can exercise any of these rights at any time by contacting us using the details in the Contact section below.
If you are unhappy about our use of your information, you can contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Post: Information Commissioner’s Office
If you live or work outside of the UK or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA can be accessed here.
If you have raised a question, comment, request, or complaint with us, we may contact you in response.
Updates to this policy.