Privacy Policy

1. Introduction

The following information explains how we process personal data when you use:

  • our website uk.holy.com, and/or

  • our social media profiles.

Personal data means any information that can be linked to an identifiable living individual, for example their name or IP address.

1.1. Who We Are

HOLY Softdrinks Ltd, Suite 1, 7th Floor, 50 Broadway, London, SW1H 0DB, United Kingdom (Registered in England and Wales with company number: 16880464) is the data controller responsible for this website and responsible for the personal data we collect from you. Being the data controller means we are responsible for deciding why and how we use personal data in our business. When we mention HOLY, "we", "us" or "our" in this privacy policy, we are referring to HOLY Softdrinks Ltd. Our legal representative is Daniel Jon Macken.

You can contact us by email at: hello@uk.holy.com.

We have appointed a Data Protection Officer who is responsible for looking after questions about this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details provided above.

1.2. Scope of Processing, Purposes, and Legal Bases

We set out the scope of processing, purposes and legal bases in detail below. The legal bases on which we process personal data are generally as follows:

  • UK GDPR Article 6(1)(a) serves as our legal basis where we obtain consent for processing.

  • UK GDPR Article 6(1)(b) is the legal basis where processing personal data is necessary for the performance of a contract, for example when a website visitor purchases a product or we provide a service to them. This legal basis also applies to processing required for pre-contractual steps, such as enquiries about our products or services.

  • UK GDPR Article 6(1)(c) applies where we process personal data to comply with a legal obligation, for example in the context of tax law.

  • UK GDPR Article 6(1)(f) serves as the legal basis where we can rely on legitimate interests for processing personal data, for example for cookies that are strictly necessary for the technical operation of our website.

1.3. Data Transfers Outside the UK

Where we transfer data to service providers or other third parties outside the United Kingdom, the security of such transfers is ensured as follows:

  • Where the UK Government has recognised a country as providing adequate protection for personal data (UK adequacy regulations), we rely on that adequacy decision as the legal basis for the transfer. This applies to transfers to EU/EEA countries, Canada and Israel, among others.

  • For transfers to service providers in the USA, the legal basis for the transfer is the UK-US Data Bridge (the UK Extension to the EU-US Data Privacy Framework), where the service provider is certified under that framework.

  • In other cases (e.g. where no adequacy decision exists), the legal basis for the transfer is, unless we indicate otherwise, the International Data Transfer Agreement (IDTA) or an Addendum to EU Standard Contractual Clauses, as approved by the UK Secretary of State. These mechanisms form part of our contract with the relevant third party and ensure an equivalent level of protection for personal data transferred outside the UK. Many providers offer additional contractual guarantees beyond these mechanisms, for example encryption commitments or obligations to notify individuals if law enforcement seeks access to their data.

1.4. Retention Periods

Unless otherwise expressly stated in this privacy policy, data we store will be deleted once it is no longer required for its intended purpose and where no statutory retention obligations prevent deletion. Where data is not deleted because it is required for other lawful purposes, its processing will be restricted, meaning the data will be blocked and not processed for other purposes. This applies, for example, to data we are required to retain for commercial or tax law reasons.

1.5. Your Rights

You have the following rights in relation to your personal data:

  • Right of access

  • Right to rectification or erasure

  • Right to restriction of processing

  • Right to object to processing (see below for detail)

  • Right to data portability

  • Right to withdraw any consent given at any time

You also have the right to lodge a complaint with a data protection supervisory authority. In the United Kingdom, this is the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; https://ico.org.uk.

Right to Object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) of the UK GDPR; this also applies to profiling based on those provisions within the meaning of Article 4(4) of the UK GDPR.

1.6. Obligation to Provide Data

In the context of a business or other relationship with us, customers, prospective customers or third parties are only required to provide the personal data that is necessary for the establishment, performance or termination of that relationship, or which we are legally required to collect. Without this data, we will generally be unable to enter into a contract or provide a service, or continue an existing contract or other relationship.

Required fields are marked as such.

1.7. No Automated Individual Decision-Making

We do not generally use fully automated decision-making as referred to in Article 22 of the UK GDPR to establish or conduct a business or other relationship. If we use such processes in individual cases, we will notify you separately where legally required.

1.8. Contact

When you contact us, for example, by email, telephone or via social media, we store the information you provide (e.g. name and email address) in order to respond to your enquiry. The legal basis for processing is our legitimate interest (UK GDPR Article 6(1)(f)) in responding to enquiries directed to us. Where your enquiry relates to an existing or prospective contractual relationship, processing is carried out for the performance of pre-contractual or contractual measures pursuant to Article 6(1)(b) of the UK GDPR. We delete data arising in this context once storage is no longer necessary, or restrict processing where statutory retention obligations apply.

1.9. Prize Draws and Competitions

We occasionally offer prize draws and competitions via our website or otherwise. We process the data collected in connection with these (e.g. name, email address, postal address, date of birth, and where applicable a photo) in order to enable participation, determine winners, notify them and send prizes. The legal basis is Article 6(1)(b) of the UK GDPR (performance of a contract). Where winners are publicly announced (e.g. by name or photo), this is done exclusively on the basis of prior consent pursuant to Article 6(1)(a) of the UK GDPR. Following conclusion of the competition and notification of winners, personal data will be deleted unless statutory retention obligations apply or further consent (e.g. to publish) has been given.

1.10. Customer Surveys

We periodically conduct customer surveys to better understand our customers and their preferences. We collect the data requested in each survey. Our legitimate interest in better understanding our customers serves as the legal basis for the associated data processing pursuant to Article 6(1)(f) of the UK GDPR. Data is deleted once the survey results have been evaluated.

2. Newsletter and Marketing Emails

We reserve the right to send customers who have already used our services or purchased products from us information about our offerings by email or other means from time to time, unless you have opted out. The legal basis for this processing is Article 6(1)(f) of the UK GDPR. Our legitimate interest lies in direct marketing (UK GDPR Recital 47). Customers may object to the use of their email address for marketing purposes at any time and free of charge, for example via the unsubscribe link at the bottom of any email or by emailing us at the address provided above.

Prospective customers may subscribe to our free newsletter. We process the data provided at sign-up exclusively for the purpose of sending the newsletter. Sign-up is effected by selecting the relevant field on our website, ticking the relevant box on a paper form, or by another unambiguous action through which you express your consent to the processing of your data. The legal basis is therefore Article 6(1)(a) of the UK GDPR. Consent may be withdrawn at any time, for example by clicking the relevant link in the newsletter or by notifying us at the email address above. Processing carried out prior to withdrawal remains lawful.

On the basis of recipients' consent (Article 6(1)(a) of the UK GDPR), we also measure open and click rates for our newsletters in order to understand which content is relevant to our subscribers.

We send newsletters using Klaviyo, provided by Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111, USA. The provider processes content, usage, meta/communications data and contact data in the USA. Further information is available in the provider's privacy policy at https://www.klaviyo.com/privacy/policy. Transfer to the USA is based on the UK-US Data Bridge: Klaviyo is certified under this framework.

3. Data Processing on Our Website
3.1. Note for Website Visitors

Our website stores information on the end devices of website visitors (e.g. cookies) or accesses information already stored on those devices (e.g. IP addresses). The specific information involved is described in the sections below.

Such storage and access takes place on the following basis:

  • Where it is strictly necessary for us to provide a service on our website that you have explicitly requested (e.g. to operate a chatbot or to maintain the IT security of our website), it takes place on the basis of Regulation 6(1) of the Privacy and Electronic Communications Regulations 2003 (PECR), as those regulations apply in the UK.

  • In all other cases, such storage or access takes place on the basis of your consent pursuant to Regulation 6(1) PECR.

Subsequent processing of that data is governed by the following sections and by the UK GDPR.

3.2. Informational Use of the Website

When you browse our website without actively providing us with information, we collect the personal data transmitted by your browser to our server in order to ensure the stability and security of our website. This is our legitimate interest, and the legal basis is therefore Article 6(1)(f) of the UK GDPR.

These data are:

  • IP address

  • Date and time of the request

  • Time zone difference from Greenwich Mean Time (GMT)

  • Content of the request (specific page accessed)

  • Access status / HTTP status code

  • Volume of data transferred

  • Website from which the request originates

  • Browser

  • Operating system and interface

  • Language and version of the browser software

This data is also stored in log files. It is deleted when it is no longer needed, at the latest after 14 days.

3.3. Web Hosting and Website Provision

Our website is hosted by GoDaddy. The provider is GoDaddy Netherlands B.V., 's-Gravelandseweg 696, 3119 RG Schiedam, Netherlands. The provider processes personal data transmitted via the website (e.g. content, usage, meta/communications or contact data) in the EU. Further information is available at https://www.godaddy.com/en-uk/legal/agreements/privacy-policy. Transfer to the EU is based on UK adequacy regulations.

Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes personal data transmitted via the website (e.g. content, usage, meta/communications or contact data) in the EU. Further information is available at https://www.shopify.com/legal/privacy. Transfer to the EU is based on UK adequacy regulations.

We also use the Shopify Content Delivery Network. The provider is Shopify International Limited, as above. The provider processes meta/communications data and contact data in the USA. Transfer to the USA is based on the IDTA / UK Addendum to EU Standard Contractual Clauses. Further information is available at https://www.shopify.com/legal/privacy.

The legal basis for all of the above processing is Article 6(1)(f) of the UK GDPR. Our legitimate interest is in making our website available.

3.4. Contact Form

When you contact us via our website contact form, we store the data requested in the form and the content of your message. The legal basis for processing is our legitimate interest in responding to enquiries directed to us pursuant to Article 6(1)(f) of the UK GDPR. Data arising in this context is deleted once storage is no longer necessary, or processing is restricted where statutory retention obligations apply.

3.5. Job Listings

We publish job listings on our website, on pages connected to our website, or on third-party websites. Data provided in connection with an application is processed for the purpose of conducting the recruitment process. Where such data is necessary for our decision on whether to enter into an employment relationship, the legal basis is Section 10(3) of the Data Protection Act 2018 in conjunction with Schedule 2, Paragraph 1 of the Act. Required data fields are indicated as such. If applicants do not provide this data, we will be unable to process the application.

Additional data is voluntary. Where applicants provide further information, the legal basis is their consent (UK GDPR Article 6(1)(a)).

We ask applicants not to include information about political opinions, religious beliefs or similarly sensitive data in CVs or covering letters. Such information is not necessary for an application. If applicants nonetheless provide such information, we cannot prevent its processing in the course of reviewing the application; processing will then also be based on the applicant's consent (UK GDPR Article 9(2)(a)).

Where applicants have consented to us processing their data for future recruitment processes, we do so on the basis of Article 6(1)(a) of the UK GDPR.

Applicant data is shared with relevant HR personnel, recruitment processing service providers, and other employees involved in the recruitment process.

If an employment relationship is established following the recruitment process, data is retained until the employment relationship ends. Otherwise, data is deleted no later than six months after an applicant is notified of an unsuccessful application.

Where applicants have consented to the use of their data for future recruitment processes, their data is retained for one year from receipt of the application.

3.6. Customer Accounts

Visitors to our website may create a customer account. We process the data requested in connection with account creation on the basis of the visitor's consent. The legal basis is therefore Article 6(1)(a) of the UK GDPR. Consent may be withdrawn at any time using the contact details provided in this privacy policy. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. Where consent is withdrawn, we will delete the data unless we are required or entitled to retain it.

3.7. Sale of Products

We sell products through our website. In processing your order, we process the following data: name, address, telephone number (optional), email address.

Processing is necessary for the performance of the contract for the purchase of goods concluded with you (UK GDPR Article 6(1)(b)).

We share the above data with our fulfilment and logistics service provider Hive Technologies GmbH, Karl-Liebknecht-Str. 14, 10178 Berlin, Germany, to the extent necessary for processing your order. Transfer to Germany/EU is based on UK adequacy regulations. Further information is available at https://www.hive.app/legal/privacy-policy.

3.8. Rewards Programme

Where customers participate in our Rewards Programme, we process the personal data necessary for this purpose, including in particular:

  • Master data (e.g. name, email address)

  • Customer account data

  • Transaction data

  • Programme data (e.g. coins, level status, redeemed rewards)

  • Activity and communications data

Processing is carried out for the administration and operation of the Rewards Programme, including registration and management of participation, crediting, managing and redeeming coins, calculating and displaying level status, providing rewards and benefits, and communications about programme status, coin expiry or programme changes.

The legal basis is Article 6(1)(b) of the UK GDPR where processing is necessary for the performance of the Rewards Programme participation. Where we process data to prevent and detect misuse or manipulation, the legal basis is Article 6(1)(f) of the UK GDPR — our legitimate interest in ensuring the functioning, fairness and security of the programme. Where statutory retention obligations apply, the legal basis is Article 6(1)(c) of the UK GDPR.

3.9. Payment Service Providers

We use payment processors to process payments. These processors are independent data controllers within the meaning of Article 4(7) of the UK GDPR. Where they receive data entered during the order process and payment data, this is necessary for the performance of our contract with customers (Article 6(1)(b) of the UK GDPR).

These payment service providers include:

  • Amazon Payments Europe s.c.a., Luxembourg

  • American Express Europe S.A.

  • Apple Inc., USA (for Apple Pay)

  • Google Ireland Limited, Ireland (for Google Pay)

  • Klarna Bank AB (publ), Sweden ("Pay Later")

  • Klarna Bank AB (publ), Sweden ("Pay Now")

  • Mastercard Europe SA, Belgium

  • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg

  • Shopify Inc., Canada (for Shop Pay)

  • Stripe Payments Europe, Ltd., Ireland

  • Visa Europe Services Inc., United Kingdom

  • Amazon Pay

3.10. Strictly Necessary Cookies

Our website uses cookies. Cookies are small text files stored in the web browser on a visitor's device. Cookies help to make the service more user-friendly, efficient and secure. Where cookies are necessary for the operation of our website or its functions ("strictly necessary cookies"), the legal basis for the associated data processing is Article 6(1)(f) of the UK GDPR. Our legitimate interest is in providing a functional website to customers and other visitors.

We specifically use strictly necessary cookies for the following purposes:

  • Cookies that retain language settings

  • Cookies that save the shopping cart

  • Cookies that store login data

  • Cookies set by payment providers for payment processing that do not analyse user behaviour

  • Flash cookies set to play media content

3.11. Third-Party Providers

In addition to the service providers already listed in this privacy policy, we use in particular the following third-party providers:

3.11.1. Hive

We use Hive for fulfilment. The provider is Hive Technologies GmbH, Karl-Liebknecht-Str. 14, 10178 Berlin, Germany. The provider processes content data, contact data and meta/communications data in the EU. The legal basis is Article 6(1)(f) of the UK GDPR. Transfer to the EU is based on UK adequacy regulations. Further information: https://www.hive.app/legal/privacy-policy

3.11.2. CookieFirst

We use CookieFirst for consent management. The provider is Digital Data Solutions B.V. (CookieFirst), Plantage Middenlaan 42a, 1018 DH, Amsterdam, Netherlands. The provider processes meta/communications data in the EU. The legal basis is Article 6(1)(c) of the UK GDPR. Transfer to the EU is based on UK adequacy regulations. Further information: https://cookiefirst.com/legal/privacy-policy/.

3.11.3. Klar

We use Klar for analytics. The provider is Klar Insights GmbH, Marktstr. 18, 80802 Munich, Germany. The provider processes usage data, contact data and meta/communications data in the EU. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the EU is based on UK adequacy regulations. Further information: https://www.getklar.com/data-protection.

3.11.4. Google Web Fonts

We use Google Web Fonts for fonts on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Processing takes place on our own servers only. The legal basis is Article 6(1)(f) of the UK GDPR. Further information: https://policies.google.com/privacy.

3.11.5. Shopify

We use Shopify for our online shop. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes meta/communications data in the EU. The legal basis is Article 6(1)(f) of the UK GDPR. Transfer to the EU is based on UK adequacy regulations. Further information: https://www.shopify.com/legal/privacy.

3.11.6. Lifetimely

We use Lifetimely for analytics. The provider is Lifetimely Oy, Revontulentie 11, 02100 Espoo, Finland. The provider processes contract data, usage data and master data in the EU. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the EU is based on UK adequacy regulations. Further information: https://www.lifetimely.io/policies/privacy-policy

3.11.7. Hotjar

We use Hotjar for analytics. The provider is Hotjar Ltd., Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's, STJ 3141, Malta. The provider processes usage data and meta/communications data in the EU. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the EU is based on UK adequacy regulations. Further information: https://www.hotjar.com/legal/policies/privacy/.

3.11.8. Google Analytics

We use Google Analytics for analytics. The provider is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The provider processes usage data and meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Google is certified under this framework. Further information: https://policies.google.com/privacy.

3.11.9. Google Web Fonts (hosted externally)

We use Google Web Fonts for fonts on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Google is certified under this framework. Further information: https://policies.google.com/privacy.

3.11.10. Meta Pixel

We use Meta Pixel for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Meta is certified under this framework. Further information: https://www.facebook.com/policy.php.

3.11.11. Google Conversion Tag

We use Google Conversion Tag for conversion tracking. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Google is certified under this framework. Further information: https://policies.google.com/privacy

3.11.12. TikTok Pixel

We use TikTok Pixel for analytics and advertising. The provider is TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. The provider processes meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the IDTA / UK Addendum to EU Standard Contractual Clauses. Further information: https://www.tiktok.com/legal/privacy-policy

3.11.13. Facebook Conversion API

We use the Facebook Conversion API for analytics. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data and meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Meta is certified under this framework. Further information: https://www.facebook.com/policy.php.

3.11.14. Google Marketing Platform

We use Google Marketing Platform for analytics and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data and meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Google is certified under this framework. Further information: https://policies.google.com/privacy.

3.11.15. Google Tag Manager

We use Google Tag Manager for analytics and advertising. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes usage data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Google is certified under this framework. Further information: https://policies.google.com/privacy.

3.11.16. Reviews.io

We use Reviews.io for customer reviews. The provider is Liquid New Media Limited, 29 St Nicholas Place, Leicester, LE1 4LD, United Kingdom. The provider processes usage data in the United Kingdom. As a UK-based provider, no international transfer of personal data takes place. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Further information: https://www.reviews.io/front/user-privacy-policy.

3.11.17. Klaviyo

We use Klaviyo for email marketing and customer relationship management. The provider is Klaviyo, Inc., 125 Summer St, Floor 6, Boston, MA 02111, USA. The provider processes meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Klaviyo is certified under this framework. Further information: https://www.klaviyo.com/privacy/policy.

3.11.18. Google Merchant Center

We use Google Merchant Center for our online shop. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The provider processes meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Google is certified under this framework. Further information: https://policies.google.com/privacy.

3.11.19. Facebook Custom Audiences

We use Facebook Custom Audiences for advertising. The provider is Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The provider processes usage data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the UK-US Data Bridge: Meta is certified under this framework. Further information: https://www.facebook.com/policy.php.

3.11.20. Shoplift.ai

We use Shoplift.ai as a CRO platform for our online shop. The provider is Plurality Web Technologies, LLC, 117 Oaks Blvd, Bay Saint Louis, MS 39520, USA. The provider processes meta/communications data in the USA. The legal basis is Article 6(1)(a) of the UK GDPR (consent). Transfer to the USA is based on the IDTA / UK Addendum to EU Standard Contractual Clauses. Further information: https://www.shoplift.ai/privacy-policy.

4. Data Processing on Social Media Platforms

We maintain profiles on social media networks to present our organisation and services. The operators of these networks regularly process their users' data for advertising purposes, including creating user profiles based on their online behaviour, which are used to display interest-based advertising on and off the platforms. Platform operators store information about user behaviour in cookies on users' devices and may combine this with other data. Further information, including on how users can object to processing by platform operators, is available in the privacy policies of the respective operators listed below. Platform operators or their servers may be located outside the United Kingdom, resulting in data being processed in those countries, which may carry risks for users, including difficulties in enforcing their rights or the risk of government access.

Where users of these networks contact us via our profiles, we process the data provided in order to respond to enquiries. Our legitimate interest in doing so serves as the legal basis pursuant to Article 6(1)(f) of the UK GDPR.

4.1. Facebook

We maintain a profile on Facebook. Operator: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy: https://www.facebook.com/policy.php. Ad preferences: https://www.facebook.com/settings?tab=ads

On the basis of an agreement pursuant to Article 26 of the UK GDPR, we are joint controllers with Facebook for the processing of data from visitors to our profile. Facebook explains the data processed at https://www.facebook.com/legal/terms/information_about_page_insights_data. Data subjects may exercise their rights against both us and Facebook; under our agreement with Facebook, however, we are required to forward requests to Facebook. Accordingly, data subjects will receive a faster response by contacting Facebook directly.

4.2. Instagram

We maintain a profile on Instagram. Operator: Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Privacy policy: https://help.instagram.com/519522125107875

4.3. Snapchat

We maintain a profile on Snapchat. Operator: Snap Inc., 3000 31st Street, Santa Monica, California 90405, USA. Privacy policy: https://snap.com/en-GB/privacy/privacy-policy

4.4. TikTok

We maintain a profile on TikTok. Operator: TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland. Privacy policy: https://www.tiktok.com/legal/privacy-policy.

4.5. YouTube

We maintain a profile on YouTube. Operator: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Privacy policy: https://policies.google.com/privacy.

4.6. X (formerly Twitter)

We maintain a profile on X. Operator: X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Privacy policy: https://twitter.com/en/privacy. Ad preferences: https://twitter.com/personalization.

4.7. LinkedIn

We maintain a profile on LinkedIn. Operator: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. Privacy policy: https://www.linkedin.com/legal/privacy-policy. Ad preferences: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

5. Changes to this Privacy Policy

We reserve the right to amend this privacy policy with future effect. The current version is always available here.

6. Questions and Comments

For questions or comments about this privacy policy, please contact us using the details provided above.