At Second Chance (“we”, “us”, “our”) we want you to feel comfortable on our website and not have to worry about the security of your data. That is why data protection is an important part of our philosophy.

In this Privacy Policy, you will find all the information about which personal data we collect and process and for what purpose. You will also find out what rights you have and how you can assert them.

In this Privacy Policy, you will find all the information about which personal data we collect and process and for what purpose. You will also find out what rights you have and how you can assert them.

The Data Controller

Responsible for the collection and processing of your personal data is:

Second Chance

Web: https://secondchance2arts.co.uk/
E-Mail: contact@secondchance2arts.co.uk

The Supervisory Authority

The competent data protection authority in the UK is:

The Information Commissioner`s Office (ICO)
Wycliffe House, Water Ln,
Wilmslow SK9 5AF, UK
www.ico.org.uk

What is personal data?

According to the UK`s Data Protection Act (DPA) and the EU`s General Data Protection Regulation (GDPR), personal data are “any information relating to an identified or identifiable natural person. This is, for example, name or address data, telephone number, mobile number, bank details or insurance number.

General information on data processing

All personal data that we obtain from you via the website will be processed for the purposes described in more detail below. This is done within the framework of the DPA and GDPR or with your consent. And of course, only when data processing is permitted and if:

• you have given your consent,
• the data is necessary for the fulfilment of a contract / pre-contractual measures,
• the data is necessary for the fulfilment of a legal obligationor
• the data is necessary to protect the legitimate interests of our company, provided that your interests are not overridden.

We process and store your personal data only for the period of time required to achieve the respective processing purpose or for as long as a legal retention period (in particular commercial and tax law) exists. Once the purpose has been achieved or the retention period has expired, the corresponding data is routinely deleted.

What data does Second Chance process?

Second Chance offers you a wide range of services and in the process, various data are always collected. Most of the data we process is provided by you when you use our services or contact us.
Further, we also automatically collect technical device and access data that occur during your interaction with our website. And we collect further data through website analyses in order, for example, to optimise our offers for you personally (e.g., to optimise our offers for you).

1. a) Log files, Hosting and Cookies

Even if you simply browse our website, data is collected and stored and processed by us. Specifically, this requires the IP address of your computer, Date and time of access, Name and URL of the accessed file, Browser used, number of bytes transferred, Status of the page retrieval, Session ID, Referrer URL.
The legal bases for processing are contract and our legitimate interest. The collection and processing of this data is necessary from a technical point of view so that you can use our website.
The hosting services used by us for the purpose of operating this website is Hostinger International, Ltd. In doing so, Hostinger processes inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of our website on the basis of our legitimate interests in an efficient and secure provision of the website in conjunction with the provision of contractual services.
We use so-called cookies on our website. Cookies are pieces of information that are transmitted from our web server or third-party web servers to your web browser and stored there for later retrieval. Cookies may be small files or other types of information storage. There are different types of cookies:

• Essential Cookies

Essential cookies are cookies to provide a correct and user-friendly website.

• Non-essential Cookies

Non-essential Cookies are any cookies that do not fall within the definition of essential cookies, such as cookies used to analyze your behavior on a website (“analytical” cookies) or cookies used to display advertisements to you (“advertising” cookies).

We have refrained from using cookies that are requiring your consent (non- essential cookies). For further information on the strictly necessary cookies used on our website, please contact us. The legal basis for the use of cookies is our legitimate interest.

1. b) Contacting us

You can easily contact us via our contact form, e-mail, or phone. In this case, we store and process the following data from you: Name, e-mail address, telephone number as well as other personal data that you provide when contacting us.
This data is collected and processed exclusively for the purpose of contacting you and processing your request and then deleted, provided there is no legal obligation to retain it. The legal bases for processing are contract and our legitimate interest.

1. c) Processing of Personal Data when using our services

Personal Data will be collected, processed, or used in connection with the services offered. This is always done in compliance with the provisions of the DPA and GDPR. Insofar as we use your Personal Data for a purpose that requires your consent according to the legal provisions, we will always ask for your express consent.

1. d) Administration, financial accounting, office organisation, contact management

We process data in the context of administrative tasks as well as organisation of our operations, financial accounting, payment, and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The processing bases are contract and our legitimate interest and in individual cases your consent.

Integration of third-party services and content

We use the services of third-party providers to integrate their content and services. This always means that the third-party providers become aware of your IP address, as without the IP address the content would not be viewable. The following provides an overview of third-party providers and their content, together with links to their privacy policies, which contain further information on the processing of data and so-called opt-out measures, if any:

• Analytics and Tracking: Google Analytics by Google LLC
• Fonts: Google Font API by Google LLC and Font Awesome by Fonticons Inc,
• Spam protection: reCAPTCHA by Google LLC
• Content Management System: WordPress by Automatic Inc

The legal basis for the data processing is your consent and our legitimate interest.

Transfer of Personal data

We will not disclose or otherwise distribute your Personal data to third parties unless this is necessary for the performance of our services, you have consented to the disclosure, or the disclosure of data is permitted by relevant legal provisions.

However, we are entitled to outsource the processing of your Personal data in whole or in part to external service providers acting as processors for us within the framework of the DPA and the GDPR. External service providers support us, for example, in the technical operation and support of the website, data management, the provision and performance of services as indicated above, as well as the implementation and fulfilment of reporting obligations.

The service providers commissioned by us process your data exclusively in accordance with our instructions. We remain responsible for the protection of your data, which is ensured by strict contractual regulations, technical and organisational measures, and additional controls by us.

Personal data may also be disclosed to third parties if we are legally obliged to do so e.g., by court order or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to fulfil our legitimate interests.

How is my data protected?

We want you to feel and be safe on our website. Therefore, we take various measures to meet both the legal requirements and our own very high standards of data protection and data security.

Second Chance takes the protection of your personal data seriously. All data is handled and processed in accordance with the DPA and GDPR, which ensures the highest standards of data protection.
Our data processing is subject to the principle that we only process the personal data that is necessary for the sensible and economic use of our offer. In doing so, we take great care to ensure that your privacy and the confidentiality of all personal data are always guaranteed.

All transmitted data is protected by TLS encryption. Transport Layer Security (TLS) is a protocol used to ensure secure data transmission on the Internet. The public-private key procedure is used here. This means that data encrypted with a publicly accessible key can only be decrypted again with a separate private key.

Second Chance uses technical and organisational security measures (TOMs) throughout the company to protect the data we manage from you against accidental or intentional manipulation, loss, destruction or against access by unauthorised persons. For example, we regularly train all employees on current IT security topics.

Duration of data storage

We store personal data on our secure server and only for as long as it is necessary for the purposes for which it is processed or for as long as any consent you have given us has been revoked by you. Insofar as statutory retention obligations must be observed, the storage period for certain data may be up to 6 years, irrespective of the processing purposes.

Marketing

Insofar as you have also given us your separate consent to process your data for marketing and advertising purposes, we are entitled to contact you via the communication channels you have given your consent.

You may give us your consent in several ways including by selecting a box on a form where we seek your permission to send you marketing information, or sometimes your consent is implied from your interactions or contractual relationship with us. Where your consent is implied, it is on the basis that you would have a reasonable expectation of receiving a marketing communication based on your interactions or contractual relationship with us.

Direct Marketing generally takes the form of e-mail but may also include other less traditional or emerging channels. These forms of contact will be managed by us, or by our contracted service providers. Every directly addressed marketing sent or made by us or on our behalf will include a means by which you may unsubscribe or opt out.

Your data subject rights

These rights are standardized in the DPA and GDPR. These include:

• the right to information,
• the right to rectification,
• the right to erasure,
• the right to restriction of data processing,
• the right to data portability,
• the right to object to data processing,
• the right to revoke any consent you have given, and
• the right to lodge a complaint with the competent supervisory authority.

Please contact us at any time with questions and suggestions regarding data protection and to enforce your rights as a data subject.

We encourage you to contact us if you have any information requests, requests for information or objections about data processing or concerns. However, you also have the right to file a complaint with your local supervisory authority. However, we would appreciate it if you would contact us with your concerns before turning to a supervisory authority.

Updating your information

If you believe that the information, we hold about you is inaccurate or that we are no longer entitled to use it and want to request its rectification, deletion, or object to its processing, please do so by contacting us. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can answer the above requests.

Keep in mind, that we may reject requests for certain reasons, including if the request is unlawful or if it may infringe on trade secrets intellectual property, or the privacy of another user. Also, we may not be able to accommodate certain requests to object to the processing of Personal Data, notably where such requests would not allow us to provide our service to you anymore.

Withdraw your consent

You may withdraw your consent and request us to stop using and/or disclosing your Personal Data for any or all of the Purposes by submitting your request to us. Should you withdraw your consent to the collection, use or disclosure of your Personal Data, it may impact our ability to proceed with your transactions, agreements, or interactions with us. Prior to you exercising your choice to withdraw your consent, we will inform you of the consequences of the withdrawal of your consent. Please note that your withdrawal of consent will not prevent us from exercising our legal rights (including any remedies) or undertaking any steps as we may be entitled to at law.

Personal Data and children

Our services are aimed at people aged 18 and over. We will not knowingly collect, use or disclose Personal Data from minors under the age of 18 without first obtaining consent from a legal guardian through direct offline contact.

Changes to this Privacy Policy

We are constantly developing and improving our website – and as a result, some of the information in this Privacy Policy is likely to change. We therefore recommend that you read this Privacy Policy again from time to time so that you are informed about the current status. This Privacy Policy was last updated on Wednesday, 7 February 2024.

Do you have any questions?

Please contact us if you have any comments or questions about this policy and/or our use of your Personal Data.