Clonewolf's Privacy and Data Protection Policy
We respect that your privacy is important and that you care about how your personal data is used. As such, we will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
This policy is kept up to date with any necessary changes, for example if the law changes, or if we change our business in a way that affects personal data protection. You will always find the latest version published on this page. If you have any questions regarding this policy or personal data that we hold, please contact us.
What Is Personal Data?
Personal data is defined by the GDPR as:
“Any information relating to an identifiable person who can be directly or indirectly identified in particular reference to an identifier”.
In simpler terms, this means any information about you that enables you to be identified. Personal Data or Personally Identifiable Information (PII) covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers and online identifiers.
What are my rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data.
- The right to have your personal data rectified if anything held by us is inaccurate or incomplete.
- The right to be forgotten and to ask us to delete or to dispose of your personal data.
- The right to restrict the processing of your personal data.
- The right to object to us using your personal data for a particular purpose.
- The right to data portability, meaning that you can ask for a copy of your personal data we may be automatically processing to use with another service or business to perform our contract to you.
- Regarding your rights relating to automated decision-making and profiling, we do not use your personal data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Personal Data We Collect
To register on our site and hold an account you will only be asked to enter a valid email address. This is the bare minimum we require in order for us to provide our service to you (see terms of service). We do not ask for your full name although this may be indicated in your email address.
How We Use Your Personal Data
We do not sell, trade, or otherwise transfer your email address to outside parties. If you provide any further personal information to us in emails or letters, any records pertaining to these communications will be destroyed within 30 days. Your personal data will only be stored in the UK with full protection under the GDPR.
Under the GDPR, we must always have lawful purposes for using personal data. For us these are:
- Providing and managing your account
- Supplying our services to you
- Communicating with you
- Supplying you with information that you have opted-in to
You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
We will not keep your personal data for any longer than is necessary, and only for the purpose of managing your account with us. The information contained within your scans is stored for your account to access at any given time. If you choose to delete your account, we will delete your stored profile with all scan data immediately. This means we are unable to restore any account data should you register an account with us at a later date with the same email address.
Your account and all personal data will be automatically deleted if we detect no activity for a consecutive period of 2 years. You may also contact us if you wish to delete your account at any time.
In some limited circumstances, we may be legally required to share your personal data if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
A cookie is a small file placed on your computer's hard drive. It enables our website to identify your Internet browser as you view different pages on our website. It also enables us to establish how many people use the website and what pages they visit.
- Identify your Internet browser once you're logged in to provide account information
- Track the number of site visitors using Google Analytics to help with our marketing and service improvements
We contract with PayPal to supply payment processing services to you. For payment and refund processing purposes (as described in our terms of service) we do not share any of your personal data and handle all transactions through invoice numbers.
Our website has top level data protection security (certified by Mozilla) and is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible. All financial transactions are processed through a payment gateway provider (PayPal) and are not stored or processed on our servers. Our transaction records, held in a database, store only the PayPal transaction invoice numbers and corresponding Clonewolf account email addresses.
We believe in full transparency and providing excellent customer service. If you would like any clarification on personal data we process or store, or if you want to make a ‘subject access request’ for a full copy of all of your personal data, please send us an email.
There is not normally any charge for a subject access request however if repeated or excessive requests are made, a fee may be charged to cover our administrative costs in responding. We will aim to respond to your request within 3 working days and a further complete response with the copy of your personal data within one month. In some cases, if your request is more complex, we may require up to a maximum of 3 months to action this, however you will be kept fully informed of our progress.