Anything World values your trust, particularly when it comes to your personal data/personal information.
Our business is to help you create 3D experiences populated with anything you can think of; not to make money out of your personal data. We don’t market or sell your personal data and we never will. That’s a promise.
This policy explains what data, including personal data, we collect from and about you when you visit the Anything World website and when you subscribe to the Anything World platform.
We appreciate there’s a lot of detail in this policy, but it’s important that you read it to ensure you’re fully informed about how we use your personal data and your rights.
We may need to make changes to this policy occasionally, to reflect any changes to our services or legal requirements. We’ll notify you of any important changes before they take effect.
If you’ve got any questions about this policy, please email us at firstname.lastname@example.org.
Who we are (we’re good people)
We’re Anything World Limited (we/our), a limited company registered in England and Wales under company number 11379076. As required by UK data protection law, we are ICO registered for GDPR with our website operating through Squarespace and payments through Stripe, both or their policies are listed below...
Use of our website and platform by children (not that we’re NSFW)
We don’t knowingly collect personal data about children. For this purpose, a ‘child’ means anyone under the age of 13 or the age of majority where you’re based.
If you hold parental responsibility for a child under the age of 13 or the age of majority where you’re based and are concerned that we’ve collected personal data about your child, please contact us at email@example.com.
The personal data we collect (we keep this to a minimum)
When we talk about ‘personal data’, we mean any data that identifies or can be used to identify you. This doesn’t include data where your identity has been removed (anonymous data). The types of personal data collected by and about you include:
- Biographic data: You’ll provide us with details about you and your organisation (where relevant) when you sign up to our platform
- Contact data: We ask you for your first and last name and email address when signing up to receive our newsletter
- Communications data: This includes any emails that you send to us and any interactions we may have with you through our social media channels
- Transactions data: We don’t store or have any access to your credit or debit card details when you subscribe for any paid content or features, however we can see details of your transactions
Where we get your personal data from (you’ll not be surprised)
As long as you are visiting our website and using our platform, we’ll only collect your personal data from you. If you’re employed or engaged by the organisation that has signed up for our platform, they may set an account up for you to access it.
What we use your personal data for (not for world domination)
This section is important as it explains what we’ll use your personal data for, and the legal grounds relied on by us for those purposes.
Under UK and EU data protection law there are six legal grounds that we may rely upon, the most relevant being where:
- you’ve given your consent to us using your personal data for specific purposes
- use of your personal data is necessary for us to enter into and perform our contract with you
- use of your personal data is necessary to comply with any legal obligation on us
- use of your personal data is necessary to pursue our legitimate interests and those interests are not outweighed by your fundamental rights and interests
We may use your personal data for purposes which are closely related to any of the above purposes. If we want to use your personal data for any unrelated purposes, we’ll let you know about this in advance.
Who we share your personal data with (no-one we don’t need to)
We don’t sell your personal data for marketing purposes and we never will.
The only people that will have access to your personal data include:
- our staff (who are either employed by us or engaged by us under contracts which include strict confidentiality and data protection obligations on them)
- our technical service providers, such as our developers, hosting providers, email marketing tools and analytics providers (all of which will only have the access they need to make our website and our platform work and provide their services to us and will have entered into contacts which include strict confidentiality and data protection obligations on them)
- any regulatory authorities such as HM Revenue & Customs (the UK tax authority)
- any actual or potential buyer of our business
In the very rare situation where we’re asked to disclose personal data in response to any legal request or court order, we’ll take legal advice before making any disclosure to ensure that your rights and interests are considered before responding to such requests.
Where your personal data are stored (as far as we know)
We have set our servers up so that all personal data provided by you is stored within the UK and the EEA. However, several of our technical service providers are based outside those regions (such as Squarespace and Calendly which are based in the USA), which means that your personal data will be transferred outside the UK and the EEA. Whenever we transfer your personal data outside the UK or the EEA, we ensure that a similar degree of protection applies to your personal data.
How we keep your personal data secure (better than lock and key)
We’ve put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We also limit access to your personal data to those of our staff and technical service providers that have a need to access it (based on the principle of ‘least privilege’). They’ll only use your personal data based on our instructions and are required to keep your personal data confidential.
We’ve put in place procedures to deal with any suspected personal data breach and will notify you and the UK Information Commissioner’s Office or any other relevant regulator where we’re legally required to do so.
How long we keep your data for (only as long as we need to)
We’ll only keep your personal data for as long as necessary in connection with the purposes we collected it for and to comply with any legal, accounting or reporting requirements. To determine how long we keep your personal data for, we consider the amount, nature and sensitivity of the personal data, the purposes for which it was collected and the potential risk of harm from us continuing to keep it.
We’ll retain any personal data linked to your account for as long as you’re a subscriber and for 12 months after you’ve ended your subscription (in case you decide to re-activate it within that time). Copies of transactional records will be kept for 6 years.
We’ll retain personal data relating to email marketing until you unsubscribe, or your email address has become permanently unavailable.
We’ll retain any analytical data collected about your use of our website which identifies you for a period of 12 months.
We may retain any data that doesn’t identify you indefinitely.
Cookies (not the edible kind, unfortunately)
Our website uses small text files, called cookies, which are stored on your device when you access and use our website. Apart from those cookies which are strictly necessary for us to provide you with access to our website, we’ll only store cookies on your device if you’ve consented to this when you first access our website and every 30 days thereafter.
As cookies are unique, we can use them to distinguish you from other users for the purposes described above, however we’ve configured our analytical cookies so that your IP address is anonymised. To find out more about cookies, how to refuse them and how to change your device’s cookie settings, you should visit the ICO Cookie Guidance.
Our website uses the following types of cookies:
- Strictly necessary cookies: these cookies are required for the operation of our website (we don’t need your consent for these cookies – but if you delete them, the website may not function as it should)
- Analytical cookies: these cookies allow us to recognise new and returning visitors to our website and see how users engage with it
- Functionality cookies: these cookies are used to remember your preferences or customise your experience
The cookies we use are as follows:
As required by the laws of the State of California, our Website responds to Do Not Track (DNT) signals.
[Marketing (we’re transparent, just like tracking pixels)
We use Mailchimp to manage our email marketing campaigns. Mailchimp uses tiny invisible images called ‘pixels’ that are contained within emails to enable us to see:
- whether you opened an email
- where in the world the device used to open the email was located (based on your device’s IP address)
- whether you marked the email as spam
- your overall level of engagement with our email marketing campaigns]
Your rights (you have a few of them and we respect them all)
Under UK and EU data protection laws, you have the following rights in relation to your personal data:
- Access: You’ve the right to be informed if your personal data is being used and the right to request a copy of the personal data held about you together with certain information about the processing of such personal data to check that are holding it lawfully
- Correction: You’ve the right to ask us to correct any inaccurate or incomplete personal data held about you
- Deletion: You’ve the right to ask us to delete or remove any personal data held about you where there is no good reason for us to continue holding it or where you have exercised your right to object
- Restriction: You’ve the right to ask us to restrict how we hold your personal data, for example, to confirm its accuracy or our reasons for holding it
- Objection: You’ve the right to object to our holding of any personal data about you which is based on our legitimate interests or those of a third party based on your particular circumstances. You’ve also the right to object to our holding your personal data for direct marketing purposes
- Portability: You’ve the right to receive or request that we transfer a copy of the personal data we hold about you in an electronic format where the basis of our holding such information is your consent or the performance of a contract and the information is processed by automated means
- Complaints: You’ve the right to complain to the UK Information Commissioner’s Office (ICO) or any other EU supervisory authority in relation to how we collect and use your personal data
You won’t have to pay any fee to exercise any of the above rights, although we may charge a reasonable fee or refuse to comply with your request if any request is clearly unfounded or excessive. Where this is the case, we’ll let you know.
To protect the confidentiality of your personal data and other members of our community, we may need to ask you to verify your identity before fulfilling any request in relation to your personal data.
California Consumer Privacy Act (CCPA)
This section of the policy applies if you reside in the State of California.
Definitions: Any references in this policy to personal data include references to personal information as defined under the CCPA.
Rights of access and deletion: The right of access described in the previous section is limited to the personal data we’ve collected from and about you over the past 12 months. The rights of access and deletion described in the previous section will be subject to the exceptions set out under the CCPA.
Right to opt-out of the sale of personal information: Although you’ve the right to opt-out of the sale of your personal information, this isn’t something we do.
Right to non-discrimination: You’ve the right not to be discriminated against for having exercised your rights under the CCPA. This means that we won’t deny you access to our website; charge you a different price for any content available within our platform; deny you any benefits or charge you any penalties; or provide you with a different user experience to any other users.
Sale of personal information within the past 12 months: We haven’t sold any personal data in the past 12 months.
Disclosure of personal information within the past 12 months: The CCPA describes many of the activities we routinely undertake in relation to personal information as disclosures to third parties for a ‘business purpose’. We enter into contracts with such third parties which require them to keep your personal information confidential and not use it for any purpose other than to provide their services to us. In the past 12 months, we’ve disclosed all of the categories of personal information listed earlier in this policy to our technical service providers for the purposes of auditing the use of our website, detecting and protecting against security incidents, debugging to identify and repair errors and undertaking internal research for developing the website.
Exercising your rights under the CCPA: To exercise any of your rights under the CCPA you, or another person registered with the California Secretary of State that has been authorised by you, should email firstname.lastname@example.org.
Questions or comments
If you’ve got any questions or comments regarding this policy, please email us at email@example.com.