Privacy Notice

We take your privacy very seriously. Please read this privacy notice carefully as it contains important information on who we are, how and why we collect, store, use and share any information relating to you and your Personal Data in connection with your use of our website.

It also explains your rights in relation to your personal data and how to contact us or a relevant regulator in the event you have a complaint.  

Personal data we collect about you 

The personal data we collect about you depends on the particular activities carried out through our website. We will collect and use the following personal data about you: 

Via our contact form: 

  • your name, and contact information, including email address and telephone number  and job title 
  • details of any information or other matters that you provide to us  

Via Cookies: 

Indirectly, such as through your browsing activity while on our website.  Our website uses cookies and other tracking technologies. Cookies are small text files sent to your browser from the websites you visit. You can find out more about how we manage cookies in our Cookie Notice. 

If you do not provide the Personal Data we ask for, it may prevent us from providing services to you. 

We collect and use this personal data for the purposes described in the section ‘How we use your personal data’ below. 

How we use your personal data 

Under data protection law, we can only use your personal data if we have a proper reason to do so.  

We use the information you provide directly to us via our contact form to assist us with managing and responding to your enquiry. This information is processed on the basis of our legitimate interest as a business. Below is a summary of the purposes we may use your Personal Data for together with the legal basis relied on.

Purpose Personal Data Applicable Legal Bases
To manage our relationship with you or our customers. This can include:
(a) administration of customer account;
(b) communication about customer accounts, updates to our terms, policies and services.
  • Personal details and contact information
  • Customer admin account data
 Performance of a contract.
For marketing purposes, and marketing communication
  • Personal details and contact information
  • Marketing, event and communications preferences
  • Cookies data
  • Feedback data
 Consent, or where not based upon your consent, Legitimate interest.
To respond to your queries and enquiries and customer queries and enquiries (such as through our webforms and other communications)
  • Personal details and contact information
  • Other communications data and enquiry/query details
 Legitimate interests. Performance of contract.
To detect, prevent and address technical issues across our services, excluding Customer queries and specific support requests relating to Customer accounts. 
  • Usage data
  • Web session data
 Legitimate interests.
To promote safety, integrity and security of our services, such as:

  • preventing security incidents
  • securing our services 
  • investigating suspicious activity
  • maintaining the integrity of our services.
  • Usage data
  • Cookies data
 Legitimate interests.
To understand what our users and Customers want and their experiences with our services and website including by


(a) creating de-identified and aggregated data from personal data such as Usage Data;


(b) analysing usage of our services and website, using de-identified and aggregate data;


(c) analysing and addressing technical issues experienced with our services; and


(d) analysing any feedback.
  • Cookies data
  • Usage data, such as performance metrics and usage statistics (in de-identified aggregate form)
  • Web session data
 Legitimate interests.
To comply with our legal obligations, such as:

  • complying with requests to provide data from law enforcement agencies in relation to an investigation or to take steps to report information to law enforcement where required;
  • complying with our obligations under tax law and companies legislation
 All data Compliance with a legal obligation.

 

Who we share your personal data with 

We routinely share Personal Data with: 

  • third parties we use that provide support services to our business, eg website hosts, website analytics providers;
  • third parties providing appliance maintenance services.

We may occasionally also need to share Personal Data with: 

  • external auditors, eg in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations 
  • professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations 
  • law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations 
  • other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations 

If you would like more information about who we share our data with and why, please contact us (see ‘Contact us’). 

Legal basis of processing

FiveStones may process Personal Data relating you where one of the following applies:

  • You have given your consent for one or more specific purposes. Note: Under some legislations FiveStones may be allowed to process Personal Data until you object to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law; 
  • Provision of Data is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; 
  • Processing is necessary for compliance with a legal obligation to which FiveStones is subject; 
  • Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in FiveStones; 
  • Processing is necessary for the purposes of the legitimate interests pursued by FiveStones. 

In any case, we will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Location of Processing

Your Personal Data may be processed by FiveStones at any of our offices located across multiple jurisdictions across Southeast Asia, Australia and /or the UK, and therefore may be transferred to and maintained on servers and computers that may be located outside of your state or country.

Where we transfer your Personal Data to a country outside the EEA/UK or to any international organisation, where these transfers are necessary for the management of our operations, we will ensure that appropriate and relevant safeguards have been put in place. These measures are designed to ensure that the transfer of your Personal Data to a country outside the EU/UK are subject to adequate controls including the security controls.

Countries which are outside the EEA/UK may not offer the same level of data protection as your home country. Therefore, we rely on Standard Contractual Clauses which have been approved by the European Commission and on the European Commission’s adequacy decisions on certain countries to transfer your information from the EEA/ UK. For instance, we rely on the UK adequacy decision for transfers of Personal Data between the EEA and the UK.

Retention time

Different retention periods apply to different types of Personal Data. Further details on this are available in our Data Retention Policy and Schedule which we can summarise for you upon reasonable request.  

Personal Data shall be processed and stored for as long as required for the purpose they have been collected for. Therefore, Personal Data collected for purposes related to the performance of a contract between FiveStones and you shall be retained until such contract has been fully performed.

Personal Data collected for the purposes of our legitimate interests shall be retained as long as needed to fulfil such purposes. You may find specific information regarding the legitimate interests pursued by FiveStones within the relevant sections of this document or by contacting FiveStones. 

We may be allowed to retain Personal Data for a longer period whenever you have given consent to such processing, as long as such consent is not withdrawn. 

We may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority. 

Once the retention period expires, Personal Data shall be deleted. 

The Rights of Users

Users may exercise certain rights regarding their Data processed by us. In particular, you have the right to do the following: 

  • Withdraw your consent at any time: Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. Please note that the lawfulness of any processing undertaken prior to your withdrawal of consent shall not be affected by the withdrawal.
  • Right to object (marketing): You have the right to object to processing for direct marketing purposes at any time.
  • Right to object (legitimate interest): Where we process your Personal Data based on legitimate interests, you can object to this processing in certain circumstances. Unless we have compelling legitimate grounds or where it is needed for legal reasons, we will cease processing your personal data when you object.
  • Access your Personal Data: Users have the right to learn if Personal Data is being processed by FiveStones, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Personal Data. 
  • Verify and seek rectification: Users have the right to verify the accuracy of their Personal Data and ask for it to be updated or corrected. 
  • Restrict the processing of their Data: Users have the right, under certain circumstances, to restrict the processing of their Data, provided there are valid grounds for doing so. In this case, FiveStones will not process your Personal Data for any purpose other than storing it. 
  • Have their Personal Data deleted: Users have the right, under certain circumstances, to request that we delete your Personal Data, provided there are valid grounds for doing so and subject to applicable law. 
  • Receive their Personal Data and have it transferred to another data controller: Users have the right to receive their Personal Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another data controller without any hindrance. This provision is applicable provided that the Personal Data is processed by automated means and that the processing is based on the User’s consent, or on a contract which the User is part of or on pre-contractual obligations thereof.
  • Lodge a complaint: Users have the right to bring a claim before their local Supervisory Authority for data protection. 

How to exercise these rights

Any requests to exercise your rights can be directed by email, telephone or writing to FiveStones using the contact details provided above in the Contact Us section. Please provide the following:

  • provide enough information to identify yourself (eg your full name, address and customer or matter reference number) and any additional identity information we may reasonably request from you, and 
  • let us know which right(s) you want to exercise and the information to which your request relates to.

These requests can be exercised free of charge and will be addressed by us as early as possible and always within one month.

For any further information on each of those rights, including the circumstances in which they do and do not apply, please contact us on the email address above in the Contact us section. You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR. 

Additional information about Data collection and processing

Legal actions

Your Personal Data may be processed for bringing or defending of a legal action by FiveStones whether in Court or in the stages leading to any potential legal action.  

Personal Data may also be disclosed upon request of public, law enforcement or regulatory bodies, in certain circumstances. However, FiveStones will not voluntarily share your Personal Data with law enforcement or regulatory bodies. We require a valid legal process before we would provide any data to law enforcement or other public or regulatory bodies.

Marketing 

We may use your Personal Data to send you updates (by email, text message, telephone or post) about our services where you have provided your consent to receive this type of marketing communication from us. 

We may also have a legitimate interest in processing your Personal Data for marketing purposes (see above ‘How we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly. 

You have the right to opt out of receiving marketing communications at any time and can do so by: 

We will always treat your Personal Data with the utmost respect and never share it with other organisations for marketing purposes. 

For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘The Rights of Users’ above.

System logs and maintenance

For operation and maintenance purposes, this website and other third-party services may collect files that record interaction with this website (System logs) and use other Personal Data (such as the IP Address). Cookies and similar technologies as described in our Cookie Policy

Keeping your personal data secure 

We implement technical and organisational measures designed to ensure a level of security for the personal data which is appropriate to the risks to individuals that may result from the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the personal data.   

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of any data security breach where we are legally required to do so. 

If you want detailed information on how to protect your personal data and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses. 

How to complain 

Please contact us if you have any queries or concerns about our use of your personal data (see ‘Contact us’). We hope we will be able to resolve any issues you may have. 

For UK residents: 

You also have the right to lodge a complaint with the Information Commissioner in the UK. 

The Information Commissioner may be contacted at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113. 

Changes to this privacy policy

FiveStones reserves the right to make changes to this privacy notice at any time by giving notice to you, its users and website visitors on this page and possibly on this website. It is strongly recommended you check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of your consent, FiveStones shall collect new consent from you as required.

 

Version control

Updated on 21.02.2024