3. How We Use Your Information

We use your personal data for the following purposes:

• Service provision: To create and manage your account, provide our services, and process transactions
• Communication: To respond to enquiries, send service updates, and provide customer support
• Improvement: To analyse usage patterns and improve our services
• Marketing: To send promotional communications (with your consent)
• Legal compliance: To comply with legal obligations and protect our rights
• Security: To detect, prevent, and address technical issues and security threats

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

• Contract performance: Processing necessary to provide our services to you
• Legitimate interests: For business operations, fraud prevention, and service improvement
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legal obligation: Where required by law

5. Data Sharing and Transfers

We may share your personal data with:

• Service providers: Third-party vendors who help us operate our services (e.g., hosting, payment processing, analytics)
• Legal authorities: When required by law or to protect our rights
• Business transfers: In connection with a merger, acquisition, or sale of assets

Some of our service providers are located outside the UK. Where we transfer data internationally, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the UK Information Commissioner’s Office (ICO) or adequacy decisions.

6. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typical retention periods include:

• Account data: Duration of your account plus 2 years
• Transaction records: 7 years (for legal and tax purposes)
• Marketing preferences: Until you withdraw consent
• Analytics data: 26 months

7. Your Rights

Under UK GDPR, you have the following rights:

• Right of access: Request a copy of your personal data
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Request deletion of your personal data
• Right to restrict processing: Request limitation of processing
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing based on legitimate interests
• Rights related to automated decision-making: Not be subject to solely automated decisions

To exercise any of these rights, please contact us at hello@bearworks.co or use our contact form.

8. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include:

• Encryption of data in transit and at rest
• Regular security assessments
• Access controls and authentication
• Employee training on data protection

9. Children’s Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the “Last updated” date. We encourage you to review this policy periodically.

11. Complaints

If you have concerns about how we handle your personal data, please contact us first. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):