Privacy policy

1. IMPORTANT INFORMATION AND WHO WE ARE
1.1 Purpose of this privacy notice
This privacy notice aims to provide you with information on how we collect and process your personal data when you engage us to provide services, use our website (picster.com), or interact with us in other ways.
It is important that you read this privacy notice together with any other privacy or fair processing notices we may provide on specific occasions when we are collecting or processing personal data about you. This is to ensure you are fully aware of how and why we are using your data. This notice supplements other such notices and is not intended to override them.
1.2 Controller
The ONLINE MONITORING LIMITED, a private limited company incorporated in England and Wales (company number 16144945), with its registered office at The McLaren Building, 46 The Priory Queensway, Birmingham, B47LR, is the controller and responsible for your personal data (collectively referred to as “we”, “us”, and “our” in this notice).
If you have any questions about this privacy notice or wish to exercise your legal rights, please contact us:
Email: support@picster.com
Postal Address:The McLaren Building, 46 The Priory Queensway, Birmingham, B4 7LR
You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection (www.ico.org.uk). However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
1.3 Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and up to date. Please keep us informed if your personal data changes during your relationship with us.
1.4 Third-party links
Our website may include links to third-party websites, plug-ins, and applications. Clicking those links or enabling such connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy notice of every website you visit.
2. THE DATA WE COLLECT ABOUT YOU
“Personal data” (or “personal information”) refers to any information about an individual from which that person can be identified. It does not include anonymous data (i.e., data where identity has been removed).
We may collect, use, store, and transfer different kinds of personal data, which we group as follows:
• Identity Data – Includes first name, last name, username or similar identifier, and date of birth.
• Contact Data – Includes your email address.
• Financial Data – Includes your payment card and bank account details.
• Technical Data – Includes IP address, login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
• Transaction Data – Includes details about payments to and from you and other details of services you have purchased from us.
• Profile Data – Includes services you have engaged us for in the past, your interests, preferences, feedback, and survey responses.
• Usage Data – Includes information about how you use our website and services.
• Marketing and Communications Data – Includes your preferences in receiving marketing from us and third parties, and your communication preferences.
We also collect, use, and share Aggregated Data, such as statistical or demographic data, for various purposes. Aggregated Data may be derived from your personal data but is not legally considered personal data, as it does not reveal your identity. If we combine Aggregated Data with your personal data so it can identify you, we treat the combined data as personal data.
We do not collect any Special Categories of Personal Data (e.g., race, religion, health data, sexual orientation, political opinions, etc.) or data relating to criminal convictions and offences.
2.5 If you fail to provide personal data
If we need to collect personal data by law or under a contract we have with you and you fail to provide it when requested, we may not be able to perform the contract or provide services to you. We will inform you at the time if this is the case.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you, including through:
• Direct interactions – You may provide Identity Data, Contact Data, Financial Data, Profile Data, Marketing and Communications Data, and Transaction Data when you:
– Instruct us to provide services.
– Provide information to enable us to deliver our services.
– Subscribe to publications or information on our website.
– Request marketing to be sent to you.
– Respond to surveys.
– Give feedback.
• Automated technologies or interactions – As you interact with our website, we may automatically collect Technical Data using cookies and similar technologies.
• Third parties or publicly available sources – We may receive personal data from analytics providers such as Google and Meta, or from public sources.
4. HOW WE USE YOUR PERSONAL DATA
We will only use your personal data when the law allows us to. Most commonly, we use your data:
• To perform the contract we are entering into or have entered into with you.
• Where it is necessary for our legitimate interests and your interests and rights do not override those interests.
• Where we need to comply with a legal or regulatory obligation.
For detailed purposes and legal bases, please refer to the table in the original privacy notice (section 4.2).
4.3 Marketing
We aim to provide you with choices around marketing and advertising.
4.4 Promotional Offers
We may use various types of personal data to determine what services may be relevant to you. You will receive marketing communications if you have engaged our services and not opted out.
4.5 Third-party marketing
We will obtain your express opt-in consent before sharing your personal data with third parties for their marketing.
4.6 Opting-out
You can opt out of marketing messages at any time via the opt-out links or by contacting us directly.
4.7 Cookies
You can set your browser to refuse cookies. Disabling cookies may affect the functionality of our website.
4.8 Change of purpose
We will only use your personal data for the purposes it was collected for, unless we reasonably consider we need to use it for another compatible reason. If not, we will notify you and explain the legal basis.
5. DISCLOSURES OF YOUR PERSONAL DATA
We may share your personal data with the following parties for the purposes set out above:
• Internal Third Parties – Other companies within our corporate group who assist in providing services.
• External Third Parties – As detailed in the glossary, including service providers, professional advisers, authorities, and social media platforms.
• Third parties involved in a business transfer – In the event of a merger, acquisition, or sale, your personal data may be transferred to the new owner.
We require all third parties to respect your personal data and comply with applicable laws. They may only use your data for specified purposes and according to our instructions.
6. INTERNATIONAL TRANSFERS
When transferring your personal data outside the UK, we ensure it is protected by implementing appropriate safeguards, such as:
• Transferring to countries with adequate protection as determined under UK data protection law.
• Using approved contracts that provide personal data the same protection it has under UK law.
7. DATA SECURITY
We implement appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed.
Access is restricted to employees, agents, contractors, and third parties with a business need to know, who are subject to confidentiality obligations.
We have procedures in place to deal with any suspected data breach and will notify you and any relevant regulator where legally required.
8. DATA RETENTION
8.1 How long will you use my personal data for?
We will retain your personal data only as long as necessary to fulfil the purposes we collected it for, including satisfying any legal, accounting, or reporting requirements.
Retention period considerations include the nature, sensitivity, and amount of data, potential harm from unauthorised use or disclosure, the processing purposes, and whether these can be achieved by other means.
You may request details of our retention periods by contacting us. In some cases, you may request deletion of your data (see Section 9).
We may anonymise your data for research or statistical purposes, in which case we may use it indefinitely without further notice to you.
9. YOUR LEGAL RIGHTS
Under certain circumstances, if you are an individual, you have rights under data protection laws in relation to your personal data. These include the right to:
• Request access – to receive a copy of your personal data and check that we are lawfully processing it.
• Request correction – to have any incomplete or inaccurate data we hold corrected.
• Request erasure – to ask us to delete or remove personal data where there is no good reason for us to continue processing it.
• Object to processing – where we are relying on a legitimate interest or for direct marketing purposes.
• Request restriction – to ask us to suspend the processing of your personal data in specific scenarios.
• Request transfer – to receive your data in a structured, commonly used, machine-readable format or to request the transfer to another party.
• Withdraw consent – at any time where we are relying on consent to process your data. This will not affect the lawfulness of processing before consent withdrawal.
If you wish to exercise any of the above rights, please contact us as outlined in section 1.2.2.
9.3 No fee usually required
You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). We may charge a reasonable fee if your request is unfounded, repetitive or excessive.
9.4 What we may need from you
We may request specific information to verify your identity and ensure your right to access your personal data. This is a security measure to prevent disclosure to unauthorised individuals.
9.5 Time limit to respond
We aim to respond to all legitimate requests within one month. If your request is complex or you have made multiple requests, we will inform you of any delay.
10. GLOSSARY
• Comply with a legal obligation – Processing necessary for compliance with a legal or regulatory obligation.
• Internal Third Parties – Other companies in our corporate group that may assist in service delivery.
• External Third Parties – Includes service providers, professional advisers, government bodies, and social media platforms used for advertising.
• Legitimate interest – Our interest in conducting and managing our business to provide the best service securely and efficiently. We consider and balance any potential impact on you and your rights.
• Performance of a contract – Processing your data where necessary to fulfil a contract or take steps at your request before entering into a contract.