Privacy Policy - Effective Date: Jan 01, 2024.

Corporate Commitment to Privacy
At SCHAA Ltd, we are committed to protecting and respecting your privacy and Personal Data in compliance with the United Kingdom General Data Protection Regulation (“GDPR”), the Data Protection Act 2018, and all other applicable laws and regulations of the United Kingdom and Europe.

This Privacy Policy explains how we collect, process, and safeguard your data, outlining your privacy rights and the legal protections in place. It also informs our employees and staff members of their obligations and protocols when processing data.

1.2 Data Controller
SCHAA Ltd is your Data Controller and is responsible for your Personal Data. We are not obliged to appoint a data protection officer under the GDPR and have not voluntarily appointed one at this time. Any inquiries about your data should be sent to us via email at info@scahh.co.uk or by post to SCHAA LTD, C/O Sedulo Liverpool Limited, 5th Floor, Walker House, Exchange Flags, Liverpool, England, L2 3YL.

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We encourage you to contact us first to address any concerns.

1.3 Processing Data on Behalf of a Controller and Processors’ Responsibilities
As a Data Controller, we engage employees (Processors) to handle data on our behalf. The responsibilities of the Data Controller and Processors include:Ensuring all processing of Personal Data is based on legal grounds defined in the GDPR.Maintaining confidentiality commitments and appropriate security measures.Obtaining authorisation before engaging another Processor. Assisting the Controller in fulfilling data subject rights.Providing information for audits and inspections by the Controller or authorised auditors.

2. Legal Basis for Data Collection
2.1 Types of Data / Privacy Policy Scope
"Personal Data" refers to any information identifying an individual. We collect various types of Personal Data, including Profile/Identity Data, Contact Data, Marketing and Communications Data, Billing Data, Financial Data, and Transactional Data. We do not collect Special Categories of Personal Data.

2.2 Legal Basis for Collecting Data
We collect and process Personal Data based on legal grounds outlined in the GDPR, including Consent, Contractual Obligations, Legal Compliance, and Legitimate Interest.

3. How We Use Your Personal Data
3.1 Our Uses
We use Personal Data lawfully and only for specified purposes, including marketing and communication updates.

3.2 Marketing and Content Updates
You will receive marketing and content communications if you opt-in during account creation. We may make suggestions based on your preferences.

3.3 Change of Purpose
We only use Personal Data for the original purpose, unless compatible with a new purpose. We notify you of any unrelated purposes.

4. Your Rights and Protections
4.1 Control Over Your Data
You can delete your account at any time. Your account information is password-protected. You can access your account information at any time.

4.2 Data Protection Measures
We employ security measures to protect your data from unauthorised access. While we strive for security, no transmission over the internet is entirely secure.

4.3 Opting Out Of Marketing Promotions
You can unsubscribe from marketing messages at any time. We retain other Personal Data unrelated to marketing preferences.

4.4 Requesting Your Data
You can request access to your Personal Data without a fee. We may ask for additional information to confirm your identity.

5. Your Data and Third Parties
5.1 Sharing with Third Parties
We may share non-Personal Data and Personal Data with subcontractors, affiliates, or interested parties in specific situations outlined in this Privacy Policy.

6. Retention Period
We retain Personal Data for as long as necessary, considering potential litigation or complaints.

7. Age Limit for Users
Users must be 18 or older. We do not knowingly collect data related to children.

8. International Transfer of Data
Data may be stored and processed outside the UK. By using SCHAA Ltd, you consent to such transfers.

9. Notification of Changes and Acceptance of Policy
This Privacy Policy is dated January 2024. Continued use of SCHAA Ltd constitutes acceptance of any modifications to this Privacy Policy.

10. Interpretation The term "including" means "including but not limited to." Email addresses provided are for specified purposes only.