PRIVACY POLICY

1. Introduction

This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.rebelstroke.co.uk.

Rebel Stroke is the data controller and is responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).

Contact details

Business name: Rebel Stroke
Website: www.rebelstroke.co.uk
Contact page: https://www.rebelstroke.co.uk/contact/

It is important that the information we hold about you is accurate and up to date. Please let us know if your personal information changes by contacting us via our website.

2. What data do we collect about you, for what purpose and on what ground we process it

Personal data means any information capable of identifying an individual. It does not include anonymised data.

We may process the following categories of personal data about you:

Communication data

This includes any communication that you send to us through the contact form on our website, by email, social media messaging or any other method.

We process this data for:

  • Responding to your enquiries

  • Maintaining records

  • Establishing, pursuing or defending legal claims

Our lawful basis for processing this data is legitimate interests, namely to manage communications and protect our business.

User data

This includes data about how you use our website and any online services, together with any information you submit for publication.

We process this data to:

  • Operate and maintain our website

  • Ensure relevant content is provided

  • Maintain security and backups

  • Administer our business

Our lawful basis is legitimate interests.

Technical data

This includes data such as:

  • IP address

  • Browser type and version

  • Time zone setting

  • Device type

  • Page views and navigation paths

  • Time spent on pages

This data is collected via analytics tools such as Google Analytics.

We process this data to:

  • Analyse website usage

  • Improve website performance

  • Protect our business

  • Measure marketing effectiveness

Our lawful basis is legitimate interests.

Marketing data

This includes your preferences in receiving marketing communications and your communication preferences.

We process this data to:

  • Send relevant updates (where applicable)

  • Improve our services

  • Measure advertising effectiveness

Our lawful basis is either consent or legitimate interests.

You may withdraw your consent to marketing at any time.

Sensitive data

Rebel Stroke does not intentionally collect sensitive personal data through this website.

If sensitive data is ever required for a specific service, we will obtain your explicit consent before processing it.

Where we are required to collect personal data by law or under a contract and you do not provide that data, we may not be able to provide services to you.

We will only use your personal data for the purpose for which it was collected or for a reasonably compatible purpose. If we need to use it for another purpose, we will inform you and explain the legal basis.

We may process your personal data without your knowledge or consent where required or permitted by law.

3. How we collect your personal data

We may collect data:

  • When you provide it directly (for example by filling in forms or emailing us)

  • Automatically through cookies and similar technologies

  • From third parties such as analytics providers, advertising platforms or technical service providers

  • From publicly available sources

Please refer to our Cookie Policy for further details.

4. Disclosures of your personal data

We may share your personal data with:

  • IT and hosting providers

  • Professional advisers such as accountants or legal advisers

  • Government authorities where legally required

  • Third parties involved in business restructuring or asset transfers

We require all third parties to respect the security of your data and to process it lawfully.

We do not sell your personal data.

5. International transfers

Some service providers may operate outside the United Kingdom.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including adequacy decisions or approved contractual clauses.

6. Data security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, accessed without authorisation, altered or disclosed.

Access to your personal data is limited to those with a legitimate business need.

We have procedures in place to deal with suspected data breaches and will notify you and any relevant authority where required.

7. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including legal and accounting requirements.

For tax purposes, certain information may be retained for up to six years.

Where possible, we may anonymise data for statistical use.

8. Your legal rights

Under UK data protection law, you have rights in relation to your personal data, including the right to:

  • Request access

  • Request correction

  • Request erasure

  • Request restriction

  • Object to processing

  • Request data portability

  • Withdraw consent

You can find more information at:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you wish to exercise your rights, please contact us via our website.

You also have the right to complain to the Information Commissioner’s Office (ICO).

9. Third-party links

Our website may include links to third-party websites. We are not responsible for their privacy policies and encourage you to review their policies before providing personal data.

10. Cookies

You can set your browser to refuse cookies or alert you when cookies are being used. If you disable cookies, some parts of the website may not function correctly.

Please refer to our Cookie Policy for full details.