Vault 23 Ltd.; trading name – Levelworkspace; is a consulting firm offering support for early-stage businesses and organizations with their fundraising needs.
We operate site Levelworkspace.com and social media channels.
By using our site and/or placing an order for our products or services, we may collect, use, store and transfer different kinds of personal data about you. In respect of all users of our site, the personal data we may collect includes information you send to us when making an enquiry or use the live chat facility and electronic data which is processed when accessing or browsing our site.
If you register for a customer account on either of our websites, we may also collect and store your personal data. We may also collect your personal data if you sign up to receive marketing emails from us, fill out a form, make an enquiry or purchase goods, for example.
Our site and our products and services are not intended for children and we do not knowingly collect data relating to children.
How to contact us
Vault 23 Ltd. is a limited company registered in England and Wales under 12397550. Our registered office is 129A LIVERPOOL ROAD, MANCHESTER, ENGLAND, M3 4JN
The data we collect about you
Personal data, or personal information, means any information relating to an identifiable individual. It does not include any data or information which relates to a person that cannot be identified or where the person’s identity has been removed (i.e. anonymous data). It also does not include information relating solely to a business or other organisation, rather than to a person.
By using our site, or engaging our products and services, we may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
- Identity Data – data which identifies you (including your name, username, title and date of birth)
- Contact Data – contact details (including your delivery address, billing address, telephone numbers and email address)
- Profile Data – data we store in connection with your profile on our site (including your username and password, preferences, interests, feedback and other communications with us)
- Verification Data – data which we are required to process in order to confirm your identity (do we take any of this)
- Financial Data – bank account and payment card details
- Transaction Data – details about payments to and from you and other details of products and services you have purchased from us
- Social Media Data – when you connect with us or like or follow our social media accounts, we may have access to your personal data through the social media platform, including your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts
- Marketing and Communications Data – data which we capture when you sign up to newsletters, including your preferences regarding receiving marketing and communications from us
- Usage Data – information about how you use our site and our services including how you navigate our site and if you encounter any problems
- Technical Data – electronic information which is automatically logged/stored by processing equipment, including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our site
We may also collect other information from you when you visit our site, but which does not personally identify you as an individual and will be not connected with other personal data we hold about you. This may include the following:
- Browser name (e.g., Google Chrome, Mozilla Firefox, Microsoft Edge)
- Type of Computer or Mobile and Operating System (e.g., iPhone IOS 11, Desktop Windows 10)
- Internet Service Provider
How we collect information
Direct interactions: Most of the personal data we hold about you is collected when you interact with us or correspond with us directly (via our site or social media, by phone, email, telephone, or in person either through meetings or at trade events).
This includes personal data you provide when you:
- Place an order for products or services;
- Fill out a form, for example the contact form or the registration form on our site;
- Enquire about our products or services;
- Create a customer account;
- Connect with us, follow us or ‘like’ us on social media
- Subscribe to receiving marketing communications, including our newsletter;
- Use the Live Chat facilities on our site.
The categories of personal data we collect in this way include Identity, Contact, Profile, Verification, Financial, Social Media, Transaction and Marketing and Communications Data.
Automated technologies or interactions: When you interact with our site, our systems will automatically collect Technical Data and Usage Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see the section headed “Cookies” below.
Other third parties and publicly available sources: We may also receive personal data about you from various third parties as set out below:
- Identity, Contact and Financial Data from providers of technical, payment and delivery services such as Stripe and PayPal.
- Identity, Contact and verification Data from public directory enquiry and search information providers such as Royal Mail, the Post Office, BT, 192.com and 118118.com.
- Idenitity, Contact and Social Media Data from the operators of social media platforms, including Facebook, LinkedIn, Twitter, Instagram YouTube and Google+ who are based inside and outside of the EU
- Technical Data from the following parties:
- Analytics providers, such as Google (based outside the EU)
- Advertising networks, such as LinkedIn and Facebook
- Identity, Contact and Verification Data from publicly available sources such as Companies House and the Electoral Register
How and why we use your personal information
We will only collect and process your personal data where we have a legal basis to do so. This legal basis will vary depending on the manner and purpose for which we are collecting your personal information. We will use your personal information as follows:
- Where it is necessary for the performance of our service to which you are a party or to take steps at your request before entering into such a contract;
- Where it is necessary to comply with a legal or regulatory obligation that we are subject to;
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
- Where we have your consent to do so, subject to your right to withdraw consent (further details provided in the section headed “Your rights” below).
We have set out in the table below a description of all the ways we plan to use your personal data, and which of the above legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground, we are relying on to process your personal data where more than one ground has been set out in the table below.
What we use your personal information for
Type of data
Lawful basis for processing including basis of legitimate interest
To liaise with you in connection with providing our services to you as a customer, including responding to your customer service requests and updating you on the progress of your order
Identity, Contact, Profile, Social Media and Transactional Data
•Necessary for our legitimate interests (to conduct our business and improve and maintain good customer service)
•Performance of our contract with you
•Performance of your purchased service
To process financial payments from you for the supply of our products and services
Identity, Contact, Profile, Financial and Transaction Data
- • Necessary for our legitimate interests (to conduct our business, perform our contracts and process payments for our services)
- • Performance of our contract with you
- • Performance of your purchased service
To comply with our legal obligations to prevent and detect money laundering and other fraudulent activity
Identity, Contact, Verification, Transaction and Financial Data
- Necessary to comply with a legal or regulatory obligation.
- Necessary for our legitimate interests (to prevent fraudulent transactions and to conduct a legally compliant business)
To manage our relationship with you which will include notifying you about changes to
Identity, Contact, Profile, Social Media and Marketing and Communications Data
- • Necessary for our legitimate interests (to conduct our business
Marketing communications from us: We may send you marketing communications if you have consented to receiving marketing communications from us. If you decide to opt-in to our mailing list, you will receive emails that may include company news, updates, related product or service information and special offers.
Optingout: If at any time you would like to unsubscribe from receiving future emails or update your preferences, you can do so by using the detailed instructions at the bottom of each email.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we consider that we need to use it for another reason and that reason is compatible with the original purpose and having a legitimate reason. If we wisht o use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you fail to provide personal data
Where we need to collect personal data from you to comply with our legal obligations, our product and/or service performance, or to perform a contract we have with you and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to provide you with products and services). In this case, we may have to cancel the relevant contract.
How we protect your personal data
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our site. Where appropriate (such as for the exchange of Financial Data) we use a SSL secured communication channel and is encrypted and protected with digital signatures.
Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site or via email; any transmission is at your own risk.
In addition, the personal information you provide to us is only available to authorised personnel of the business who need to access the information in order to fulfil their duties. They will only process your personal information on our instructions, and they shall be subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Once we no longer require your personal information, we will take reasonable steps to destroy it in a secure manner.
How long we hold your personal data for
We will only hold your personal information for as long as necessary to fulfil the purposes we collected it for.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
If we have a contractual relationship with you, we will retain your personal data for the duration of that relationship. Typically, we will minimise the personal data we hold about you so far as possible and only retain that information which cannot be deleted without compromising the purpose for which we collected the personal data or our other legal obligations.
We shall be entitled to retain our business records, which may contain your personal data, in our automatic archiving and backup procedures and to comply with applicable laws and bona fide internal compliance and audit policies and procedures. We may also retain personal data for the purpose of exercising, defending or establishing legal claims. In particular, we are required to keep your Verification Data, along with your Identity and Transaction Data for a period of five years from the date of the relevant transaction.
In some circumstances, we may be entitled to retain your data for a longer period where we are under a legal or regulatory obligation to do so, for example in the event of a legal dispute or to comply with HM Revenue & Custom require mentsor anti-money laundering regulations. We will also need to keep a record of your contact details if you have opted-out of receiving marketing communications from us to ensure that we do not send these to you in future.
We shall not have any liability whatsoever to you for the deletion of personal data in accordance with our data retention policy.
Sharing your personal information with third parties
We do not sell your personal information to third parties.
We require third parties to respect the security of your data, keep it confidential, and to treat it in accordance with the law.
We may share your personal data with the following third parties in order to perform a contract with you, comply with a legal obligation or in our legitimate interests of conducting our business:
- Third party service providers including hosting, IT support service, order and payment processing, stock control, analytics and marketing and advertising providers. These third-party service providers are only permitted to process personal data for specified purposes and, where they are processing data on our behalf, in accordance with our instructions.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any agreements, or to protect the rights, property or safety of our business, our customers or others. This includes exchanging information with other companies and
- organisations for the purposes of fraud protection and credit risk reduction, with HM Revenue & Customs, the police, regulators and other authorities and public bodies where we are required to do so by law.
- Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accountancy services.
We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as set out in our data sharing agreements.
From time to time, we may use external third-party services based outside the Economic European Area (EEA) and in these cases, your personal data may be transferred and otherwise processed outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details see European Commission: Adequacy of the protection of personal data in non EU countries
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are a part of the Privacy Shield which requires the, to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by uswhen transferring your personal data outside the EEA.
For more information about the cookies we use and the reasons why we use them, please see our cookies policy at: Levelworkspace.com/cookies-policy.
Links to third party websites
Our site may contain links to third party websites, including the websites of our partner networks, advertisers and affiliates. We do not control the content or links that appear on these third-party websites and we are not responsible for the practices employed by websites linked to or from our site. If you access these third- party websites, the operators of these third-party websites may collect information from you which will be used by them in accordance with their own privacy policies. We would encourage you to read these privacy policies.
You have the following rights in respect of the personal data that we process about you(where we determine the purpose and means for which that personal data shall be processed):
- the right to request access to your personal data that we hold and to receive certain information relating to that data;
- the right to ask us to rectify inaccurate data or to complete incomplete data;
- a right to receive or ask for your personal data to be transferred to a third party (note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);
- the right to request the erasure of personal data where there is no good reason for us continuing to process it (note, however, that we may not always
- be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
- the right to object to how we process your personal data where we believe we have a legitimate interest in processing it (as explained above) (note that in some cases we may demonstrate that we have compelling legitimate grounds to process your data which override your rights and freedoms);
- the right to restrict processing of your personal data in certain scenarios, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it (note that when processing is restricted, we are allowed to retain sufficient information about you to ensure that the restriction is respected in future; and
- where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law. If you withdraw your consent, we may not be able to provide certain services to you.
If you wish to make a subject access request please email us at firstname.lastname@example.org or write to us at 129A LIVERPOOL ROAD, MANCHESTER, ENGLAND, M3 4JN
We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. We may also contact you to ask you for further information in relation to your request to speed up our response. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. You also have the right to request a copy of the information we hold about you.
You have the right to complain at any time to the Information Commissioner’s Office(ICO), the UK Supervisory authority for data protection issues (www.ico.org.uk).We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.