We are Blue Sky Friday Ltd (“we” or “us”) and we are registered with the UK Information Commissioner’s Office with registration number [ZB292165]. This Privacy Policy governs the manner in which we collect, use, store, maintain and disclose information collected about you (whether directly or indirectly) and through any services offered on our website www.blueskyfriday.com or associated subdomains (together the "Site").
This Privacy Policy was last updated on [14] February 2022.
This Site is not intended for children and we do not knowingly collect data relating to children.
We act as both a Data Controller and Data Processor
We collect and use personal data from anyone who uses the Site and/or our service (including Blueskyers).
In respect of the data that we need to collect from you in order to provide our service, we act as a Data Controller for the purposes of the UK’s laws on data protection. This means that we make independent decisions about how that data is processed in order to provide our services to you. More detail about the types of information we collect in our capacity as Data Controller are set out at below.
Once you have become a Blueskyer, and where you choose to submit any post or communicate with any other Blueskyer, you will be in control of this information (the “Posted Information”) and we will simply act as a platform to enable this. We will only hold and use this Posted Information for that specific purpose and you can choose to delete it at any time. In accordance with the UK data protection laws, this makes us a Data Processor of this type of information and we will ensure that we comply with all relevant obligations in that regard.
If you have any questions about this notice or you wish to exercise any of your legal rights in respect of the personal data that we hold about you, please contact us using the details set out below:
Contact Details
Email address: hello@blueskyfriday.com
Postal address: 5-6 Kendrick Mews, London, SW7 3HG
You have the right to make a complaint about us to the Information Commissioner’s Office (the “ICO”) which is the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the opportunity to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we will do our best to address your concerns.
Personal information where we are the Data Controller
We collect personal information from Blueskyers when you fill out forms on the Site or if you correspond with us by telephone, email or otherwise. On the Site, we request information from you when you register to use the Site, subscribe to our service, search for an item, post an item on the Site and/or when you report a problem with the Site.
As a Data Controller, we may collect, use, store and transfer different kinds of personal data about you where we have a lawful justification for doing so as follows:
Data type | Data specifics | Lawful justification |
Contact data | Name, address, phone number, email address of existing Blueskyers and prospective Blueskyers | To provide you with our service |
Profile data | For example, a Blueskyer's Instagram handle, star sign, last supper, etc. | Consent - provision of such information is voluntary |
Identity data | Date of birth of Blueskyer | Legitimate interest of identifying you and ensuring you are over 18 |
Marketing data | Your consent (if you choose to give it) to receive marketing information from us about our business | Consent – this is optional and any consent given can be withdrawn at any time |
Technical and usage data | Typically collected through cookies (see below) in respect of the manner in which you use our website and may also include: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Site | Consent through the cookie pop-up notice on the Site |
Introduced member's contact data | Name and email address of individuals that Blueskyers may want to refer to become Blueskyers | Consent. We will assume that a Blueskyer has provided any prospective member’s contact details with their consent. We will contact anyone that you introduce to our service as soon as possible with our Privacy Policy and they may delete their information at any time. |
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Non-personal information
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data, but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Non-essential cookies
The Site uses certain non-essential "cookies". We currently use [Google Analytics] (as many companies do) so that we can understand and analyse the activity of those who visit the Site. The cookies collect this information in aggregate form for us to view.
Cookies work by placing a small piece of information onto your device for the purposes of logging in or to help track analytical information. You can change your web browser settings to disallow any non-essential cookies at any time. Different web browsers have different protocols for changing these settings. Information about most web browsers’ protocols is set out here: https://www.allaboutcookies.org.
Sharing your personal information
We do not sell, trade or otherwise provide your personal information to others. You may choose to share your personal information with other Blueskyers, for example if you contact another Blueskyer to make or respond to an enquiry about an item that has been posted on the Site.
As most companies do, we use third party service providers to assist us in operating our business and to offer IT and other support services. As you would expect, these services include, but are not limited to, analytical data collection and IT provision and support, such as those services provided by Microsoft, Mailchimp, Linux and GoDaddy. We may share your information with these third parties only so that we can operate our service to you.
We may also share your personal information with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
International transfers of your personal data
Where our service providers are based outside the UK or the European Economic Area, we ensure that any transfer of personal data to them is done in accordance with current UK data protection laws so that you have the comfort that your data will be protected even outside the UK/EEA. Should you have any specific questions about this, please do let us know.
Changes to this Privacy Policy and your personal information
We may update this Privacy Policy at any time. When we do so and the update is significant, a notification will be placed on the main page of the Site. We strongly encourage you to check this page frequently for any changes and to stay informed about how we utilise your data. You acknowledge and agree that it is your responsibility to review this Privacy Policy occasionally and to familiarise yourself with any modifications.
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
In some circumstances, you can ask us to delete your data: see below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
For more information about your rights under data protection laws (including your rights of access to the data we hold about you), please see: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
If you wish to exercise any of your rights under the data protection laws, please contact us.
You will not typically have to pay a fee to access your personal data (or to exercise any of your other rights).
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. If that is not possible, we will notify you and keep you updated.