Owner and Data Controller
The SAM Company, Kemp House, 152 – 160 City Road, London, EC1V 2NX
Website: www.thesamcompany.com (referred to as “us” or “we” “our website” in the following text)
Owner contact email: email@example.com
Types of Data collected
We collect several types of Personal Data including Cookies, Usage Data, email address, name, Data communicated while using the service, etc
You’ll find more details on the type of data we collect below. We also tell you during specific transactions.
You can give us your Personal Data freely or, in case of Usage Data, we collect these automatically when you use www.thesamcompany.com.
“We” usually request some mandatory Data and failure to provide this will make it difficult to render services.
Users are responsible for any third-party Personal Data obtained, published or shared through “our website”. Users also confirm that they have the third party’s consent to provide the Data.
Mode and place of processing the Data
“We” take appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of Data.
Data processing is carried out using computers and/or IT-enabled tools, following industry standard GDPR procedures. In addition to the “our website”, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of “our websites” administration, sales, marketing, legal, etc) or external parties (such as third-party technical service providers, mail carriers, hosting providers etc) appointed, if necessary, as Data Processors by the “us”. The updated list of these parties may be requested from the “us” at any time.
The legal basis of the processing
“We” may process Personal Data relating to you if one of the following applies:
Users have given their consent for one or more specific purposes.
Note: Under some legislation, the “we” may be allowed to process Personal Data until you object to such processing (“opt-out”), without having to rely on consent.
This, however, does not apply, whenever the processing of Personal Data is subject to GDPR and EU law.
“We” process the Data is at our operating offices and in any other places where the parties involved in the processing are located.
Depending on your location, data might be transferred to a country other than your own.
If any such transfer takes place, Users can find out more by emailing us at firstname.lastname@example.org
Personal Data will be processed and stored only for the required period.
Personal Data collected for purposes linked to the performance of a contract between “us” and you will be held until such contract has been fully performed.
Personal Data collected for the purposes of “our website” interests shall be retained as long as needed to fulfil such purposes.
Users may find specific information regarding the legitimate interests by emailing us at email@example.com
“We” may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Moreover, “we” may be obliged to retain Personal Data for a longer period whenever required to do so for legal reasons or upon request from the Authority.
Once the retention period expires, Personal Data will be deleted. We will have no further access to the Data and will be unable to fulfil any requests pertaining to the deleted Data.
The purposes of processing
The Data concerning you provide allows the “us” to provide Services. “We” also collect data for Analytics, Handling payments, Contacting the User, Content commenting, Interaction with data collection platforms and other third parties, Interaction with live chat platforms, Managing contacts and sending messages, RSS feed management, Interaction with external social networks and platforms, SPAM protection, Data transfer outside the EU, Registration and authentication and Displaying content from external platforms.
Here’s a breakdown:
Personal Data is collected for the following purposes and using the following services:
The services contained in this section enable “us” to monitor and analyze web traffic and can be used to keep track of User behaviour.
Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilizes the Data collected to track and examine the use of “our website” to prepare reports on activities and share them with other Google services.
Personal Data collected: Cookies; Usage Data.
Contacting the User
Mailing list or newsletter
By registering on the mailing list or for the newsletter, your email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning “our website” and services. Your email address might also be added to this list as a result of signing up to “our website” or after using our service.
Personal Data collected: email address; first name.
Data transfer outside the EU
The Owner is allowed to transfer Personal Data collected within the EU to other countries not part of the EU.
Any such Data transfer is based on one of the legal bases described below.
You can email us at firstname.lastname@example.org to learn which legal basis applies to which specific service.
Your Personal Data will only be transferred from the EU to non-EU countries only if you have given explicit consent to such transfer.
If no other legal basis applies, Personal Data will be transferred from the EU to non-EU countries only if at least one of the following conditions is met:
the transfer is necessary for the performance of a contract between you and “us”
the transfer is necessary for important reasons of public interest;
the transfer is necessary for the establishment, exercise or defence of legal claims;
the transfer is necessary in order to protect the vital interests of the data subject or of other persons, where the data subject is physically or legally incapable of giving consent. In such cases, the “we” will inform you about the legal bases the transfer is based on.
The European Commission adopts adequacy decisions for specific countries whenever it considers that country to possess and provide Personal Data protection standards comparable to those set forth by EU data protection legislation. You can find an updated list of all adequacy decisions issued on the European Commission’s website.
Personal Data collected: various types of Data.
Payment processing services enable “us” to process payments by credit card, bank transfer or other means. To ensure greater security, “we” share only the encrypted information necessary to execute the transaction with the financial intermediaries handling the transaction.
Stripe (Stripe Inc)
Stripe is a payment service provided by Stripe Inc.
PayPal (PayPal Inc.)
PayPal is a payment service provided by PayPal Inc., which allows Users to make online payments.
Managing contacts and sending messages
This type of service makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with you.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
MailChimp (The Rocket Science Group, LLC.)
MailChimp is an email address management and message sending service provided by The Rocket Science Group, LLC.
Personal Data collected: email address; first name.
Registration and authentication
By registering or authenticating, Users allow “us” to identify them and give them access to our services.
Further information about Personal Data
Selling goods and services online
The Personal Data collected are used to provide you with services or to sell goods, including payment and possible delivery.
The Personal Data collected to complete the payment may include the credit card, the bank account used for the transfer, or any other means of payment envisaged. The kind of Data collected by “us” depends on the payment system used. We never collect or store card details. Card payments are securely processed via Paypal or Stripe.
The rights of Users
You may exercise certain rights regarding their Data processed by the Owner.
In particular, you have the right to do the following:
Withdraw their consent at any time. You have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
Object to the processing of their Data. You have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
Access their Data. You have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
Verify and seek rectification. You have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
Restrict the processing of their Data. You have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
Have their Personal Data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
Receive their Data and have it transferred to another controller. You have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
Lodge a complaint. You have the right to bring a claim before their competent data protection authority.
How to exercise these rights
Any requests to exercise your rights can be directed to “us” by emailing email@example.com. These requests can be exercised free of charge and will be addressed by the “us” as soon as possible within 28 days.
Additional information about Data collection and processing
The User’s Personal Data may be used for legal purposes by the “us” in Court or in the stages leading to possible legal action arising from improper use of “our website” or the related Services.
You confirm that you’re aware that “we” may be required to reveal personal data upon request of public authorities.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through “our website” (or third-party services employed by “us”), which can include: the IP addresses or domain names of the computers, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using “our website” who, unless otherwise specified, coincides with the Data Subject.
The person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The real or legal person, public authority, agency or other bodies which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. The Data Controller, unless otherwise specified, is the Owner of “our website”.
The service provided by “us” as described in the relative terms on www.thesamcompany.com/services.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small sets of data stored in the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 GDPR (General Data Protection Regulation).