We have moved! Our new address: 416 Ealing Road, HA0 1JQ London. We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week!
We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week!
We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week! We have moved! Our new address: 416 Ealing Road, HA0 1JQ London We are open 7 days a week!

Privacy Policy

1. DEFINITIONS

This Privacy Policy of Penguins BM Ltd is based on the terminology used by the European Union’s General Data Protection Regulation (GDPR). Our intention is to ensure this policy is clear, transparent, and understandable to the general public, including our customers and business partners. To support this, we provide definitions of the key terms used throughout this document:

a) Personal Data
Personal Data refers to any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

b) Data Subject
A Data Subject is any natural person whose personal data is being processed by a Controller.

c) Processing
Processing means any operation or set of operations performed on personal data, whether or not by automated means. This includes collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of Processing
Restriction of processing means the marking of stored personal data with the aim of limiting its processing in the future.

e) Profiling
Profiling refers to any form of automated processing of personal data used to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects such as performance at work, economic situation, health, preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymisation
Pseudonymisation means the processing of personal data in such a way that the data can no longer be attributed to a specific Data Subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure the personal data is not attributed to an identified or identifiable individual.

g) Controller
The Controller is a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. Where such purposes and means are determined by Union or Member State law, the Controller or the specific criteria for their nomination may be provided for by Union or Member State law.

h) Processor
A Processor is a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Controller.

i) Recipient
A Recipient is a natural or legal person, public authority, agency, or another body to whom personal data is disclosed, whether or not a third party. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

j) Third Party
A Third Party is a natural or legal person, public authority, agency, or body other than the Data Subject, Controller, Processor, or persons who, under the direct authority of the Controller or Processor, are authorised to process personal data.

k) Consent
Consent is any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes, by which they, by a statement or a clear affirmative action, signify agreement to the processing of personal data relating to them.

2.NAME AND ADDRESS OF THE CONTROLLER

The controller, for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in the Member States of the European Union, and other relevant data protection provisions, is:
Penguins BM Ltd.
337 Althon Road
HA0 1EF Londyn
United Kingdom
E-mail: info@penguinbm.com
Website: www.penguinbm.com

3.COOKIES THE INTERNET PAGES OF PENGUINS BM LTD USE COOKIES

The website of Penguins BM Ltd uses cookies to improve the user experience.

What are cookies?
Cookies are small text files that are stored on your device (computer, smartphone, or tablet) by your internet browser when you visit websites. These files contain information such as a unique cookie ID, which allows the website and servers to recognize your browser.

Purpose of cookies
Cookies help us customize the website and offer relevant content and advertisements. They enable us to provide services that would otherwise not be possible without cookie storage. For example, cookies help remember your login details so you do not need to enter them each time you visit the website. Another common example is a shopping cart cookie in online stores, which remembers the items you added.

How cookies work
When you visit our website, a cookie ID uniquely identifies your browser, enabling the website to distinguish you from other users. This recognition allows us to optimize the information and offers on the website specifically for you, making navigation and usage easier and more convenient.

Your control over cookies
You can control and manage cookies at any time by adjusting the settings in your internet browser. You may choose to block cookies completely or delete cookies already stored on your device. Instructions for managing cookies are available in the help section of most popular browsers.

Important note
Please be aware that if you disable or block cookies, some parts of our website may not function properly or be fully accessible.

4.COLLECTION OF GENERAL DATA AND INFORMATION

When a data subject or an automated system accesses the websites of Penguins BM Ltd, a range of general data and information is collected and stored in server log files. These may include, but are not limited to:

a) Browser type and version used

b) Operating system of the accessing device

c) The website from which the user arrived (referrer)

d) Specific sub-pages visited

e) Date and time of access

f) Internet Protocol (IP) address

g) Internet service provider of the accessing device

h) Other similar data and information that may be necessary to detect and prevent attacks on our IT systems

Penguins BM Ltd does not use this general data to draw conclusions about individual data subjects. Instead, this information serves the following purposes:

a) Delivering website content correctly

b) Optimizing website content and advertising

c) Ensuring the long-term functionality and security of our IT systems and website technology

d)Assisting law enforcement authorities in investigating cyber-attacks or criminal offenses

Collected data is analyzed anonymously and statistically to improve data protection and security, ensuring an optimal level of personal data protection. The anonymous server log data is stored separately from any personal data provided by users.

5.REGISTRATION ON OUR WEBSITE

Users may register on the Penguins BM Ltd website by voluntarily providing personal data through a registration form. The type of personal data collected depends on the specific registration form used.

The personal data provided during registration is collected and stored solely for internal use by Penguins BM Ltd and its authorized processors (e.g., parcel delivery services), who also use the data for purposes attributable to Penguins BM Ltd.

When registering, the IP address assigned by the user’s Internet service provider (ISP), along with the date and time of registration, are also recorded. This data is necessary to prevent misuse of our services and to enable investigations of any offenses, if required. This information is kept confidential and is only disclosed to third parties if there is a legal obligation or if it serves the purpose of criminal prosecution.

Registration enables users to access content and services available only to registered users. Registered users have the right to access, correct, or delete their personal data stored by Penguins BM Ltd at any time, subject to any legal retention requirements.

Penguins BM Ltd is committed to transparency and provides data subjects with access to their stored personal data upon request. The company’s designated Data Protection Officer, along with its employees, is available to assist data subjects with any questions or concerns regarding their personal data.

6.CONTACT POSSIBILITY VIA THE WEBSITE

The website of Penguins BM Ltd provides information that enables quick electronic contact with our company, including a general email address for direct communication.

If a data subject contacts Penguins BM Ltd via email or through a contact form on the website, the personal data voluntarily provided by the data subject will be automatically stored. This personal data is processed solely for the purpose of handling the inquiry or contacting the data subject.

We do not share this personal data with third parties unless we are legally obliged to do so or if it is necessary for the processing of the inquiry (e.g., involving service providers bound by confidentiality).

7.COMMENTS FUNCTION IN THE BLOG ON THE WEBSITE

Penguins BM Ltd provides users with the opportunity to leave individual comments on blog posts published on the company’s website. A blog is a publicly accessible web portal where one or more authors (bloggers) publish articles or entries (blog posts), which can usually be commented on by third parties.

When a data subject leaves a comment on the blog, the content of the comment, the date of posting, and the user’s chosen pseudonym are stored and published. Additionally, the IP address assigned to the user by their Internet Service Provider (ISP) is logged. The IP address is stored for security reasons, particularly to protect the rights of third parties and to enable action against illegal or infringing content posted in the comments.

The storage and processing of these personal data are carried out in the legitimate interest of the data controller to protect against misuse and potential legal violations. Personal data collected through comments will not be disclosed to third parties unless required by law or necessary for the defense of the data controller’s rights.

8.SUBSCRIPTION TO COMENTS IN THE BLOG ON THE WEBSITE

Penguins BM Ltd allows third parties to subscribe to comments made on the blog. In particular, commenters can opt to receive notifications about new comments following their own comments on a specific blog post.

If a data subject chooses to subscribe to this service, the controller will send an automatic confirmation email to verify the subscription using the double opt-in procedure. This ensures that the owner of the specified email address has explicitly consented to receive such notifications.

The subscription to comments can be canceled at any time by the subscriber.

9.ROUTINE ERASURE ANF BLOCKING OF PERSONAL DATA

The data controller processes and stores personal data of the data subject only for as long as necessary to achieve the purpose for which the data were collected, or as long as required by applicable European or national laws and regulations to which the controller is subject.

If the purpose of storage no longer applies, or if the storage period prescribed by the European legislator or another competent authority expires, the personal data will be routinely blocked or erased in accordance with legal requirements.

10.RIGHTS OF THE DATA SUBJECT

a) Right of confirmation

Each data subject has the right under European law to obtain confirmation from the controller as to whether personal data concerning them is being processed. To exercise this right, the data subject may contact the Data Protection Officer or another employee of Penguins BM Ltd at any time.

b) Right of access

Each data subject has the right to obtain, free of charge, information about their personal data stored by the controller, as well as a copy of this data. This includes information on:

– The purposes of processing

– The categories of personal data concerned

– The recipients or categories of recipients to whom the data have been or will be disclosed, including recipients in third countries or international organizations

– The envisaged storage period or criteria used to determine it

– The existence of rights to rectification, erasure, restriction of processing, or objection

– The right to lodge a complaint with a supervisory authority

– The source of data, if not collected directly from the data subject

– The existence of automated decision-making, including profiling, and meaningful information about its logic and consequences

The data subject also has the right to know whether their data is transferred to a third country or international organization and about the safeguards applied.

To exercise this right, the data subject may contact our Data Protection Officer or another employee at any time.

c) Right to rectification

Each data subject has the right to obtain without undue delay the correction of inaccurate personal data concerning them, and to have incomplete data completed, including by providing a supplementary statement.

To exercise this right, the data subject may contact our Data Protection Officer or another employee at any time.

d) Right to erasure (Right to be forgotten)

Each data subject has the right to request the deletion of personal data concerning them without undue delay if one of the following applies, and the processing is no longer necessary:

– The data are no longer needed for the purposes they were collected

– Consent has been withdrawn, and there is no other legal basis for processing

– The data subject objects to processing, and no overriding legitimate grounds exist

– The data have been unlawfully processed

– There is a legal obligation to erase the data

– The data relate to a child under the age of consent in relation to information society services

If the controller has made the data public, reasonable steps will be taken to inform other controllers processing the data of the erasure request, taking into account available technology and implementation costs.

Requests for erasure can be made at any time to the Data Protection Officer or other employees.

e) Right to restriction of processing

– The data subject has the right to obtain restriction of processing where one of the following applies:

– The accuracy of the data is contested, for a period allowing the controller to verify accuracy

– Processing is unlawful, and the data subject opposes erasure but requests restriction instead

– The controller no longer needs the data, but the data subject requires it for legal claims

– The data subject has objected to processing pending verification of legitimate grounds

– To request restriction, contact our Data Protection Officer or other employees.

f) Right to data portability

The data subject has the right to receive personal data provided to the controller in a structured, commonly used, and machine-readable format, and to transmit these data to another controller, where processing is based on consent or contract and carried out by automated means.Where technically feasible, data can be transmitted directly between controllers, provided this does not harm others’ rights and freedoms.To exercise this right, contact our Data Protection Officer or another employee.

g) Right to object

The data subject can object at any time, on grounds related to their particular situation, to processing based on legitimate interests or tasks in the public interest, including profiling. Penguins BM Ltd will then cease processing unless overriding legitimate grounds exist or processing is for legal claims.

For direct marketing, the data subject can object to processing for such purposes at any time; processing will then cease immediately.

Objections can be made directly to the Data Protection Officer or other employees, or by automated means where applicable.

h) Automated decision-making including profiling

The data subject has the right not to be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects, except when:

– Necessary for entering or performing a contract

– Authorized by law with safeguards

– Based on explicit consent

In such cases, Penguins BM Ltd implements safeguards including human intervention and the right to express their view and contest decisions.

To exercise rights related to automated decisions, contact our Data Protection Officer or other employees.

i) Right to withdraw consent

The data subject may withdraw consent to processing of personal data at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

To withdraw consent, contact our Data Protection Officer or another employee.

11.DATA PROTECTION FOR APPLICATIONS AND THE APPLICATION PROCEDURES

Penguins BM Ltd collects and processes personal data of job applicants solely for the purpose of handling the application process. This processing may also be conducted electronically, especially if an applicant submits application documents via e-mail or through a web form on the company’s website.

If Penguins BM Ltd enters into an employment contract with the applicant, the submitted data will be stored and processed for the duration of the employment relationship in compliance with applicable legal requirements.

If no employment contract is concluded, the application documents will be automatically deleted two months after the applicant has been informed of the rejection decision, unless there are overriding legitimate interests on the part of Penguins BM Ltd that prevent deletion. Such legitimate interests may include, for example, the obligation to retain data for evidence purposes in claims under the General Equal Treatment Act (AGG).

12.LEGAL BASIS FOR THE PROCESSING

The legal basis for the processing of personal data depends on the specific purpose of the processing:

Consent: If we have obtained the data subject’s consent for a specific processing purpose, the processing is based on Article 6(1)(a) GDPR.

Performance of a Contract: If the processing is necessary for the performance of a contract to which the data subject is a party — for example, for the delivery of goods or provision of services — the legal basis is Article 6(1)(b) GDPR. This also applies to processing necessary to carry out pre-contractual measures, such as inquiries about our products or services.

Legal Obligation: If our company is subject to a legal obligation requiring the processing of personal data (e.g., for fulfilling tax or accounting obligations), the processing is based on Article 6(1)(c) GDPR.

Vital Interests: In rare cases, processing may be necessary to protect the vital interests of the data subject or another natural person. For example, if a visitor is injured on our premises and we need to pass on their name, age, or health insurance data to a doctor or hospital. In such cases, the legal basis is Article 6(1)(d) GDPR.

Legitimate Interests: Finally, processing may be based on Article 6(1)(f) GDPR if it is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data. This legal basis is often used for processing not covered by the other grounds and is considered valid, for example, when the data subject is a client of the controller (Recital 47, second sentence, GDPR).

13.THE LEGITIMATE INTERESTS PURSUED BY THE CONTROLLER OR BY A THIRD PARTY

Where the processing of personal data is based on Article 6(1)(f) GDPR, the legitimate interests pursued by Penguins BM Ltd include:

a) the proper operation and development of our commercial activities,

b) maintaining customer satisfaction and communication,

c) ensuring the security of our IT systems and infrastructure,

d) the prevention of fraud and abuse,

e) the establishment, exercise or defense of legal claims,

f) internal administrative purposes (e.g. accounting, internal reporting),

g) direct marketing (provided that the data subject has not objected).

These interests are balanced against the fundamental rights and freedoms of the data subjects, and processing is carried out only when those rights do not override our interests or the interests of a third party.

14.PERIOD FOR WHICH THE PERSONAL DATA WILL BE STORED

The period for which personal data is stored depends on the purpose of the processing and applicable legal obligations.

Personal data will be retained only for as long as is necessary to fulfil the purpose for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When determining the appropriate retention period, we consider the following criteria:

a) the necessity of the data to perform a contract or provide a service;

b) the existence of statutory retention obligations (e.g. tax or commercial laws);

c)the potential need to retain the data to protect our legal interests (e.g. in case of legal disputes);

d)whether the data subject has given consent for longer retention.

Once the relevant retention period expires or the data is no longer necessary for the purposes for which it was collected, it will be securely deleted or anonymized, unless further storage is required by law.

15.PROVISION OF PERSONAL DATA AS A LEGAL OR CONTRACTUAL REQUIREMENT

In some cases, the provision of personal data is required by law (e.g. tax regulations) or may be necessary due to contractual obligations (e.g. information required to enter into a purchase agreement).

In particular, providing personal data may be necessary for the conclusion and performance of a contract. For example, when entering into a contract with Penguins BM Ltd, the data subject may be required to provide certain personal data. Failure to provide such data may result in our inability to enter into or perform the contract.

Before submitting any personal data, the data subject may contact our Data Protection Officer to clarify:

a) whether the provision of the data is legally or contractually required;

b) whether it is necessary for the conclusion of a contract;

c) whether there is an obligation to provide the data;

d) and the possible consequences of failure to provide such data.

EXISTENCE OF AUTOMATED DECISION-MAKING

As a responsible organization, Penguins BM Ltd does not use any form of automated decision-making or profiling that produces legal effects concerning data subjects or similarly significantly affects them, as described in Article 22 of the GDPR.