Privacy Policy 🔒 – Rated

We've got your data protected 🔒 and what we collect is only so we can give you the best experience on Rated!

Our Privacy Policy

Post Kulture Limited T/A Rated, a company registered in England and Wales under number 08618531 whose registered address is at 4 Perseverance Works, 38 Kingsland Road, London, England, E2 8DD hereinafter referred to as (‘Rated’ ‘We’, ‘Us’ or ‘Our’), have created this privacy statement (‘Statement’) in order to reflect the transparency requirements expected of Us by law and Our own ethics.

In this Statement, references to ‘You’, ‘Your’ ‘User’ and ‘Curator’ are references to User of the App and Platform at www.rated.global.

Your privacy is extremely important, and We are only too happy to comply with the law and provide You with clear and transparent information about how We use Your Personal Data ('PD').

We only process it for the purposes outlined and We process as little of it as possible.

Our aim is not to be intrusive and We undertake not to ask You irrelevant or unnecessary questions.

We will try Our best to keep Your PD accurate and up to date but do try to help Us with this too, please!

We also have robust measures and procedures in place to minimise the risk of unauthorised access and to keep it secure. Also, We only share it with third parties where We have a right to do so and where We are satisfied that the third party shall treat it with the same or higher levels of respect.

This document outlines how We process Your when You use Our Platform or otherwise communicate with us including by email or telephone. We are committed to respecting Your privacy and protecting Your PD. For the purpose of the Data Protection Legislation, We are the Data Controller (ICO registration number: ZA252105).

For all matters relating to privacy and data protection, please contact Our Data Protection Manager (DPM) by email to privacy@rated.global.

This Statement incorporates Our Cookie Policy, Curator Terms and Terms of Use as applicable by this reference. We might make changes to this Statement but if We do, We will, where appropriate, notify You by email, or, when You next log in, the amended version (and specific terms) will be displayed on-screen and You may be required to read and accept them to continue.

In this document, we'll be going over the following:

How do We process Your Personal Data?
How do We use Your Personal Data to communicate with You?
Who has access to Your Personal Data and where is it stored?
What are Your rights under Data Protection Legislation?
How can You submit a query or a complaint?
Do We use cookies?
Changes to this Statement
Definitions & Interpretations

1. How do We process Your Personal Data?

PERSONAL DATA YOU PROVIDE TO US VOLUNTARILY: In order for Us to provide You with Our Services, We need to process some of Your PD. We understand that Your PD belongs to You and You provide it to Us on trust that We will use it lawfully i.e. appropriately, proportionately, only in respect of the stated purpose and We will only hold on to it for as short a time as possible. Most important of all, We must have a valid lawful basis for processing Your PD. Rather than have lots of paragraphs of text where all these transparency requirements are scattered throughout this Statement, We hope You find having most of it all in one eyeshot in Our tables easier to navigate:

Personal Data (‘PD’)	Source	Purpose	Lawful Basis for general processing Article 6 GDPR	Retention
If you are a User: Your name, (Username, User ID) email, d.o.b., delivery address, passwords, login details, Your followers who You are following, In App Message conversations. We will also see your product posts, videos, what categories you have liked, which products you’ve added to your wishlist, the clicks you have made to retail partners, if you’ve abandoned a product in a shopping cart, how you have Rated products.	User	To enable you to register an account on Rated. To enable you to view content and purchase products either directly from our Curators or from retail partners which are promoted in our Curators’ videos. (to see more information about Retail Partners, see section 2.7) To enable you to message Curators and other Users. To enable you to Rate your favourite products. To enable you to enter Raffles organised by our Retail Partners. To enable us to communicate with you. To enable us to contact you in the case of an abandoned cart. To enable us to provide you with marketing messages, unless you opt out. To enable us to improve our platform and detect fraud or illegal activity. We collect your D.O.B. to ensure that you are permitted to access our platform according to your local Data Protection legislation, and if you are using a Payment Provider that you are either 18 and over or have parental consent to do so.	(1) Contract (2) Legitimate Interest	We will retain personal Data whilst you are subscribed to Rated and then for a further for 6 years
If you are one of Our Curators: As Users (above)	Curator	To enable you to sell your own products and advertise products from Our Partner Brands. To enable you to engage with other Curators and Users via Instant Message. To enable you to sell products to other Users. To enable us to track which products you sell.	Contract	We will retain personal Data whilst you are subscribed to Rated and then for a further for 6 years
If you have Enquiries and you are not a User or Curator	Enquirer	So that we can respond to your enquiry and answer your questions. You can contact us via email at hello@rated.global, via the live messenger on Rated.Global or via our various social media channels.	Legitimate Interest	Same as above
If you sign up for Our Pre-Registration email marketing	Prospective User	So that We can inform You about registering on the Rated App and send You marketing information.	Consent	Same as above
If you check in as a Guest: User ID, (if purchasing) Name, Delivery Address, Email, phone number.		You are welcome to check in as a Guest and remain anonymous to us. However, if you purchase an item from one of our Curators, We will process Your contact and financial data. If you purchase an item from one of Our Brand Partners when You click on the Affiliate link please see section 2.7	(1) Contract (2) Legitimate Interest	We will retain personal Data whilst you are subscribed to Rated and then for a further for 6 years
Technical Data (as defined)	User, Curator, Enquirers and Prospective Users.	To monitor the effectiveness of the Platform and Our Marketing Communications/ Non-Marketing Communications	Legitimate Interests	Please see our Cookie Notice for information regarding retention periods.
Financial/ Accounting Transactions	Users and Curators	To facilitate and record sales/ purchases made whilst on Rated We use Stripe, PayPal and Apple Pay to facilitate payments. Therefore, We don’t store Your card details.	Legal Obligation	6 years from the end of the relevant tax year.

OUR RETENTION RIGHTS:

How long we keep your personal data depends on the context in which you provide it and the purpose for which we use it.

See the last column in the table above.

We need to retain sufficient information about you in compliance with certain legal or statutory requirements, for example, in the event of a legal or insurance claim in the future so that We can identify you.

Where we state that we rely on consent to process your personal data for a particular purpose, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing carried out by us which was based on consent before its withdrawal.

TECHNICAL DATA WE MAY PROCESS WHEN YOU USE OUR SERVICES:

This typically relates to Technical Data involving the use of cookies and other technologies.

This data is typically processed via the use of first-party cookies, or third-party cookies (e.g. where we use third-party services by way of plugins or other software licensed to us by a third party e.g. analytics related to the use of our own Platform OR cookies set by operators of a third-party service such as social media and file-sharing networks e.g. Instagram and Tik Tok).

The types of data obtained about you may include your e.g. visits to the Platform; page views, downloads, navigation and exit; IP address; geographical location; browser type and version; operating system; referral source; length of your visit (‘Technical Data’).

This enables your online activity to be tracked and for advertisements to be targeted to you (subject to your cookie consent management preference settings).

To learn more, please see our Cookie Policy.

In-App messaging is our secure form of communication and your personal data is not visible to anyone and encrypted on our servers.

We do have the right to read and review messages as set out in Our Service Terms.

2. HOW DO WE US YOUR PERSONAL DATA TO COMMUNICATE WITH YOU?

NON-MARKETING COMMUNICATIONS:

You acknowledge that your personal data may be used by us (or a Service Provider on our behalf) to contact you when necessary in connection with your use of the platform and to access our Services as follows:

Non-Marketing Communications

Method of receipt

Lawful Basis for general processing

Emails to inform you of the purchase you have made.

Emails to inform you of a refund accepted.

Emails to reset login information such as a password.

Product updates and offers

Confirmation of account creation

Email subscribe -landing page – register of interest in Rated to be noticed when the app is availed to download.

Emails, In-App Notification

Contract as set out in Article 6 GDPR

MARKETING COMMUNICATIONS:

From time to time and with your lawful (express or implied) permission, we (or a Service Provider on our behalf) send you Marketing Communications (and monitor whether you have opened the communication and clicked on any included links which will enable us to understand your level of engagement/interest in the communication we are sending to you).

Marketing Communications

Method of receipt

Lawful Basis for general processing (based on Article 6 GDPR)

How can You opt out?

These are some of the types of messages you’ll receive if (plus examples!)

Notification when a Curator has uploaded a video )

When received a message (New message from DaisyShoeman)

When item is sold

Someone likes/favourites your item.

Someone started following you

Email, In App Notification

Consent or (2) Legitimate Interest.

You will be able to log in to your account at any time to amend Your preference. You can also amend your preference by clicking on the link at the bottom of any email communication.

MARKETING COMMUNICATIONS FROM US:

If you agree to receiving any of the above Marketing Communications but later change your mind, you can opt out at any point, by amending your account preferences.

Alternatively, you can use the ‘unsubscribe’ link at the end of any electronic communication received by you or simply respond to our prompt in all of our communications to you. If you opt out of our communications, we will retain your personal data on our suppression list so that we comply with your wishes not to be contacted again.

LEGITIMATE INTERESTS TO PROCESS YOUR PERSONAL DATA:

We may process personal data about you where we rely on “legitimate interests” as Our lawful basis.

Where this is the case, We will have carried out an assessment to determine that we have valid and lawful rights to do so.

You have the right to object to any of the processing we undertake by completing Our Data Subject Rights Request Form.

PROFILING: We may from time to time use demographic information to determine who we target for specific events or marketing campaigns so as to avoid contacting individuals unnecessarily.

This means that we may send you marketing based on your preferences.

You have the right not to be subject to a decision based solely on automatic processing (Article 22).

We undertake profiling when you have visited our Platform, social media channels or have interacted with one of our email marketing campaigns or In App notifications.

Where this is a result of cookie activity, you can manage your cookie preferences via Our Cookie Preference Management Tool.

RESEARCH & STATISTICS:

We may use communications information to compile anonymous statistical reports showing information like the number and type of query and how each has been resolved.

Occasionally we will use information provided to develop case studies for learning and development purposes. We will be very careful to ensure that any information that could re-identify a person is removed or changed to preserve anonymity.

OTHER WEBSITES OR APPLICATIONS & THEIR POLICIES: T

he Platform may contain links to other websites or applications, such as the Brands Partners, and Retailers we work with. We are not responsible for the privacy practices or policies or for the content of such websites or applications of such third parties, so you should be careful to read and understand those policies independently.

3. WHO HAS ACCESS TO YOUR DATA AND WHERE IS IT STORED?

THIRD PARTIES:

We may engage or collaborate with a Third Party for a variety of different reasons.

This may be in relation to the performance of Our business and daily operational functions on Our behalf to enable us to fulfil our Services only (including making improvements to our Services).

Where it is necessary to share your personal data , we will limit the personal data that we share to the minimum required to provide the Service and the Data Processor (or Data Controller) will only be able to use it for the specific purposes for which it was shared.

If we stop using the service of a Data Processor, we will ensure your personal data is deleted or securely returned to us.

The last column relates to where the personal data goes and what safeguards are in place in the recipient territory where it is transferred/ stored. It will be one or more of the following:

WHERE	INFO AROUND SAFEGUARDS
United Kingdom	We may store some or all of the PD in the United Kingdom only. Should We need to transfer Your PD outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Statement.
Within the EEA	We may store some or all of the PD in the EEA. Should We need to transfer Your PD outside of the EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Statement.
Outside EEA	We may store some or all of the PD in a country outside of the UK and EEA. We will not transfer Your PD to any Third Parties based in other countries outside the EEA unless there is a European Commission adequacy decision, EU Commission approved Standard Contractual Clauses or Binding Corporate Rules are in place.

If You would like more information about any of the transfer safeguards We implement please contact Us using the details as set out at Clause 5 of this Statement.

What type of PD is shared with Third Parties by Us?	What is Our role? DC or DP	What is the Third Party’s specific name? OR category of Third Parties?	Third-Party Role: JDC or IDC or DP	What is the Purpose of sharing the PD?	What Lawful Basis do We rely on to transfer the PD?	Where is the PD transferred to? What safeguards are in place?
All PD related to the purpose	DC	Brand Partners	DC	We provide You with affiliate links to brands We are working with. We won’t share Your PD with them. When You click on the links in Our Curator videos You will be transferred to Our Brand Partners’ websites and then under their terms and privacy policies. We share anonymised and aggregated data to Our Brand Partners to	Contract	We advise You to check the terms and privacy policies of Our Brand Partners to ensure that You are happy to view their websites and purchase from them.
All PD related to the purpose	DC	Payment Providers – Stripe PayPal Apple Pay	DC	So that You are able to make payment on Our Platform. In order to take Your payment, Stripe and PayPal will collect Your PD according to their terms.	Contract	Stripe and PayPal are global companies with data centres in the US. Please see their Privacy Notice for more information https://stripe.com/en-gb/privacy PayPal rely on Binding Corporate Rules to safeguard PD transfers. Please see their Privacy Notice for more information https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev Apple Pay has Data Centres in Europe. Please see their Privacy Notice for more information. https://support.apple.com/en-gb/HT203027
All PD related to the purpose	DC	Accountant	DC	Accounting	Contract & Legal obligation	Our Accountants are based in the UK
All PD related to the purpose	DC	Legal Advisors & Legal Authorities/ Enforcement bodies	DC	To enforce the terms under which You transact or communicate with Us/ to assist law enforcement	Contract & Legal obligation	Our Legal Advisors are based in the UK
All PD related to the purpose	DC	Amazon Web Services	DP	To store PD on secure servers	Contract	Hosted in Dublin, Ireland https://aws.amazon.com/blogs/security/aws-gdpr-data-processing-addendum/
All PD related to the purpose	DC	Microsoft Inc https://www.microsoft.com/en-gb/	DP	To use Outlook email/ store documents on OneDrive	Contract
All PD related to the purpose	DC	Google LLC https://drive.google.com/drive/	DP	To store documents in GoogleDrive	Contract	This third party is relying on Standard Contractual Clauses while We await further guidelines when We may transition to an alternative transfer mechanism Google Privacy Statement
All PD related to the purpose	DC	SEO Consultant	DP		Contract
All PD related to the purpose	DC	Digital Marketer	DP		Contract
Name and email	DC	Email Marketing Platform - MailChimp	DP	Direct electronic mailings & consent management including creation of suppression lists to ensure a User/ Customer/ Member who objects to processing is excluded in the future.	(1) Consent or (2) Legitimate Interest	This third party is relying on Standard Contractual Clauses while We await further guidelines when We may transition to an alternative transfer mechanism. MailChimp Privacy Statement
Name, contact details and any other PD that is placed on Facebook by You and made accessible to Us	DC	Facebook	JDC	So that the Data Subject can be a part of the Facebook Page community. More information can be found on Facebook here.	Consent Where You share Your own Special Category Data rely on the additional condition that the PD is manifestly made public (We are defining ‘public’ as in the Facebook Audience and this is in accordance with Facebook’s Ts & Cs) (Article 9(2)(e) GDPR)	This third party is relying on Standard Contractual Clauses while We await further guidelines when We may transition to an alternative transfer mechanism. Facebook Privacy Statement

Transfer of Personal Data in the Event of the Sale of Post Kulture Limited or its Assets.
In the event that Post Kulture Limited is sold or transfers some of its assets to another party, your personal data could be one of the transferred assets. If your personal data is transferred, its use will remain subject to this statement. Your personal data will be passed on to a successor in the event of a liquidation or administration.

4. WHAT ARE YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION?

You have a number of rights that you can exercise free of charge and on request in certain circumstances, however, if your requests are unfounded or excessive, we reserve the right to charge a reasonable fee or to refuse to act. You have the right:

to be informed about the collection and use of your personal data. This is what this Statement fulfils;
to access your personal data and supplementary information (‘DSAR’);
to have inaccurate your personal data corrected, or completed (if it is incomplete);
to have your personal data erased;
to restrict our processing of your personal data
to receive a copy of your personal data you have provided to us, in a machine-readable format, or have this information ported to a third party;
to object AT ANY TIME to processing of your personal data for direct marketing purposes;
to object in certain other situations to the continued processing of your personal data.

For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide.

If you wish to exercise any of these rights, please complete Our Data Subject Rights Request Form.

We will respond to you within one month from when we receive your request, unless the complexity and number of requests we receive means that we need more time.

If we do need more time (up to two further months), We will tell you why within the first month. If you live in California, please see section 6.

5. HOW CAN YOU SUBMIT A COMPLAINT OR QUERY?

QUERY:

We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. For all matters relating to privacy and data protection, please contact Our DPM.

COMPLAINT: We try to meet the highest standards when processing your personal data. For this reason, we take any complaints we receive very seriously and we encourage you to bring it to our attention.

While we hope to be able to resolve any concerns you have about the way that we are processing your personal data, You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) (or with the supervisory authority of the European Member State where you work, normally live or where the alleged infringement of data protection laws occurred) if you believe that your personal data has been processed in a way that does not comply with the Data Protection Legislation or have any wider concerns about our compliance. You can do so by calling the ICO helpline on 0303 123 1113 or via their website here

6. If You are a resident of California

The California Consumer Privacy Act (CCPA) gives You enhanced rights over Your PD. You have a right to opt out of Your PD being sold to a third party.

You also have a right to know
What information We have about You
What categories of PD We have collected
Where We have sourced this PD
What categories We may have sold or disclosed about You for Our business purposes
What categories of third parties We may have sold or disclosed Your PD to
The reason We collected or sold Your PD

Rated does not sell PD to third parties and You are able to find out information about who We share Your PD with, and for what purposes in section 3.1.

If you would like to make a ‘Request to Know’ or ‘Request to Delete’, please contact us by email at privacy@rated.global and complete Our Data Subject Rights Request Form.

We will then comply within the mandated 45 days or inform You if an additional 45 days if needed.

Please see Our Cookie Consent Preference Management Centre for details on Do Not Track.

7. DO WE USe COOKIES?

For information about cookies and how they are used on the Platform, please visit Our Cookie Consent Preference Management Centre accompanied by Our Cookie Policy.

8. CHANGES TO THE STATEMENT

We keep Our Statement under regular review and will update, in line with the CCPA, every 12 months.

This Statement was last updated on 20/04/2022.

9. Definitions & Interpretations

Data Controller or DC or JDC or IDC: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of PD (Article 4(7)); Data Processor or DP: means a natural or legal person, public authority, agency or other body which processes PD on behalf of the Data Controller (Article 4(8));
Data Protection Legislation: means, as applicable to either Party:

the General Data Protection Regulation 27 April 2016;
the Data Protection Act 2018;
the Privacy and Electronic Communications (EC Directive) Regulations 2003;
any other applicable law relating to the processing, privacy and/or use of PD, as applicable;
any laws which implement any such laws; and,
any laws that replace, extend, re-enact, consolidate or amend any of the foregoing.

Data Protection Manager (DPM): Contactable at privacy@rated.global

Data Subject Access Request or ‘DSAR’: refers to the right of access as further described in Clause 4.

EEA: refers to the European Economic Area which consists of all EU member states, plus Norway, Iceland, Liechtenstein.

Electronic Mail: includes but is not limited to email, text, video, voicemail, picture and answerphone messages (including push notifications).

General Data Protection Regulation or GDPR: the General Data Protection Regulation ((EU) 2016/679). PD is subject to the legal safeguards specified in the Data Protection Legislation including the GDPR.

Marketing Communication(s): refers to any communication whether by an Electronic Mail method or otherwise that We send to You (either directly or via a Service Provider) which may include but are not necessarily limited to relevant newsletters and magazines, information about opportunities, products, services and events and relevant information.

Non-Marketing Communication(s): refers to any communication which is functional/ administrative only as distinct from Marketing Communications.

Personal Data or PD: has the meaning set out in the Data Protection Legislation and shall include Special Category Data (as applicable).

Service Provider(s): refers to a Third Party with whom We work with from time to time as a necessary part of providing Our Services and with whom We may need to share Your PD.

Services: refers to Our Services We may provide to You.

Special Category Data: has the meaning set out in the Data Protection Legislation.

Technical Data: refers to that at Clause 1.5 which is capable of being considered PD.

Third Party: refers to a Data Processor or Data Controller with whom We may need to share Your PD. This includes Service Providers as applicable.

Contains public sector information from https://ico.org.uk licensed under the Open Government Licence v3.0 [[http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/]].

Related articles