Privacy & Data Protection

Info Locker Data Protection Notice

The protection and security of your personal data is important, and we describe below which of your personal data we process, for what purpose, and what rights you have in respect of this data.

Introduction

Last modified 4 May 2025

This Privacy Notice (the “Notice”) describes how Info Locker Ltd will collect, use, share and otherwise process your personal data you provide to us and the information we collect in connection with your use of:

• Info Locker (which was last updated on 30 April 2025) mobile application software (App).

• Any of our services that are accessible through the App (Services), unless such Services state that a separate or additional privacy notice applies to a particular Service, in which case only that privacy notice applies.

This App is not intended for those under 13 and we do not knowingly collect data relating to children.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

Important information and who we are

Info Locker Ltd is the controller and is responsible for your personal data (Info Locker, we, us or our in this notice).

Changes to the privacy notice and your duty to inform us of changes

We keep our privacy notice under regular review.

This version was last updated on 5 May 2025. It may change and, if it does, those changes will be posted on this page and notified to you when you next start the App or log onto your account.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

Third party links and sites

Our App and Services may, from time to time, contain links to and from the websites of third parties, such as Google Commerce. Please note that these websites (and any services accessible through them) are controlled by those third parties and are not covered by this privacy notice. You should review their own privacy notices to understand how they use your personal data before you submit any personal data to these websites or use these services.

This Notice describes:

• The data we collect about you

• How we collect your personal data

• Our lawful basis for using your personal data

• Disclosures of your personal data to third parties

• Keeping your personal data and information secure

• Your choices and rights

• How to contact us

The data we collect about you

We collect, use, store and transfer different kinds of personal data about you. To make it easier for you to use this privacy notice, we group these into the following categories.

• Profile Data: your email address, username and password.

• Transaction Data: billing and delivery addresses, payment card details, history of your payments, purchases, deliveries, returns and refunds and the applicable terms and conditions of your purchases.

• Device Data: the type of device you use, your unique device identifier, mobile network information, your mobile operating system, [time zone setting,

• Content Data: information that you store [or generate] in the App, being [photos, videos and associated metadata, check-ins, posts and messages.

• Usage Data: logs and detail of your use of our Apps and Services, being the dates and times on which you download, access and update the App and our Services, any error or debugging information, and the resources that you access, and the actions we and you take in relation to them.

• Security Data: information we collect about your use of the App, our Services and our Sites in order to ensure your and our other users' safety and security, being Usage Data, and the information provided to us by our payment processing provider.

• Direct Marketing Data: your direct marketing preferences, consents for receiving direct marketing from us and/or our third parties and the history of the direct marketing communications we have sent to you.

• Connected Data: information stored on your Device that you permit the App to connect to, such as login information

• Feedback Data: your feedback and survey responses.

• Personalisation Data: Device Data, Content Data, Transaction Data, Connected Data, Usage Data, Location Data, and the preferences we have inferred you have and use to personalise the App and Services

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

How is your personal data collected?

We collect your personal data in the following ways:

• Registration. We collect your Contact Data when you register your account with us.

• Communications. When you communicate with us via email, telephone, one of our online forms or chat, we collect your Contact Data. If the communication relates to an error or problem you are having with the App or one of our Services, we will also collect Usage Data for diagnosis and improvement.

• Information you generate when using our App and Services. When you access and use our App and Services we collect Content, Device, Personalisation and Usage Data. We collect Content Data where you upload it to the App or interact with the content available on the App.

• Information we collect through monitoring the use of our App, Sites and Services. Each time you access and use our App and Services we collect information about that access and use, being Device, Content, and Usage Data.

• Additional information we otherwise collect through our App, Sites and Services where we have your consent to do so. Where you provide your consent, we collect your Location Data on an ongoing basis while you have the App installed on your device.

• Connected Data. We collect Connected Data when you choose to connect your connected device to your account.

• Unique application numbers. When you want to install or uninstall a Service containing a unique application number or when such a Service searches for automatic updates, that number and information about your installation, for example, the type of operating system, may be sent to us.

How we use the information we collect

We collect your personal data for the following purposes and may do the following with your personal information:

• use it to provide and improve our services and app;

• use it to engage in marketing and business development activity in relation to our services and app. This may include sending you legal updates and other information that may be of interest to you;

• to comply with legal and regulatory obligations that we have to discharge;

• use it to establish, exercise or defend our legal rights or for the purpose of legal proceedings;

• record and monitor your use of our app or our other online services for our business purposes which may include analysis of usage, measurement of site performance and generation of marketing reports;

• use it for our legitimate business interests, such as undertaking business research and analysis, including managing the operation of our app, understanding our relationships with the users of our services, and the administration of our business. Please contact us (using details below) if you wish to manage the purposes for which we use your data;

• use it to look into any complaints or queries you may have; and

• use it to prevent and respond to actual or potential fraud or illegal activities.

• Also, we may collate, process and share any statistics based on an aggregation of information held by us provided that any individual is not identified from the resulting analysis and the collation, processing and dissemination of such information is permitted by law.

Grounds for using your personal data

We will only use your personal data when we have a lawful basis to do so. Our lawful basis for each purpose for which we use your personal data is specified below. Most commonly we will use your personal data in the following circumstances:

• Consent. Where you have freely consented before the processing in a specific, informed and unambiguous indication of what you want. You can withdraw your consent at any time by contacting us (see Your legal rights below).

• Performance of a contract. Where we need to process your personal data to perform a contract with you or where you ask us to take steps before we enter into a contract with you. Where we rely on performance of a contract and you do not provide the necessary information, we will be unable to perform your contract.

• Legitimate interests. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

• Legal obligation. Where we need to use your personal data to comply with a legal or regulatory obligation. Where we rely on legal obligation and you do not provide the necessary information, we may be unable to fulfil a right you have or comply with our obligations to you, or we may need to take additional steps, such as informing law enforcement or a public authority or applying for a court order.

Disclosures of your personal data to third parties

We may share your personal data with the following third parties:

• Your Appstore Provider and mobile network operator to allow you to install the App.

• Service providers acting as processors based in the UK who provide IT and system administration services, hosting services for our App, delivery and logistics services, payment processing, fraud and identity verification providers, customer service support, email delivery and administration, and data storage and analysis.

• Third party partners where you have expressly subscribed to receive marketing from or with them.

• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

• HM Revenue and Customs, regulators, law enforcement, public authorities or other third parties acting as controllers based in the UK where necessary to exercise our rights or comply with a legal obligation.

International transfers

Where we transfer your personal information outside the UK or the EU/EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:

• the country to which we send the personal information may be approved by the European Commission;

• the recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information; or

In other circumstances, the law may permit us to otherwise transfer your personal information outside the UK or the EU/EEA or outside another relevant location (e.g. the location in which your personal information was collected). In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.

You can obtain more details of the protection given to your personal information when it is transferred outside the UK or the EU/EEA (including a sample copy of the model contractual clauses) by contacting us using the details set out below.

Keeping your personal data and information secure

All information you provide to us is stored on secure servers located in the UK. Any payment transactions carried out by us or our chosen third-party provider of payment processing service Google Commerce (Privacy Policy – Privacy & Terms – Google) will be encrypted using Secured Sockets Layer (SSL) technology. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our App or Services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone not explicitly authorised to access and administer your account and data.

Once we have received your information, we will use strict procedures and security features to protect your personal data from loss, unauthorised use or access.

We use technical and organisational security measures to ensure that your data is protected against loss, inaccurate alteration or unauthorised access by third parties. Moreover, for our part in every case, only authorised persons have access to your data, and this only insofar as it is necessary within the scope of the above-stated purposes. The transmission of all data is encrypted.

We have put in place procedures to detect and respond to personal data breaches and notify you and any applicable regulator when we are legally required to do so.

Data retention

We process your data, provided that this is necessary for the respective purpose. In some circumstances you can ask us to delete your data: see Your legal rights below for further information.

If statutory retention obligations exist, we will have to store the data affected thereby for the duration of the retention obligation. After the expiry of the retention obligation, we will check whether there is any further necessity for processing. If there is no longer any necessity, your data will be deleted.

Once we no longer have a legal right to hold your personal data, we will delete it.

In the absence of an active, paid subscription plan, if you do not use the App for a period of 2 years then we will treat the account as expired and delete your personal data.

Your choices and rights

You have a number of legal rights in relation to the personal data and information that we hold about you and you can exercise your rights by contacting us using the details set out below.

Depending on applicable law, these rights may include:

• obtaining information regarding the processing of your personal information and access to the personal information which we hold about you;

• requesting that we correct your personal information if it is inaccurate or incomplete;

• requesting that we erase your personal information in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal information but we are legally entitled to retain it;

• objecting to, and requesting that we restrict, our processing of your personal information in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal information but we are legally entitled to refuse that request;

• in some circumstances, receiving some personal information in a structured, commonly used and machine-readable format and/or requesting that we transmit that information to a third party where this is technically feasible. Please note that this right only applies to personal information which you have provided to us;

• withdrawing your consent, although in certain circumstances it may be lawful for us to continue processing without your consent if we have another legitimate reason (other than consent) for doing so; and

• lodging a complaint with the relevant data protection authority, if you think that any of your rights have been infringed by us.

• we can, on request, tell you which data protection authority is relevant to the processing of your personal information.

You can exercise any of these rights at any time by contacting us at administrator@info-locker.com.

How to contact us

Our contact details are:

• Full name of legal entity: Info Locker Ltd

• Name or title of DPO: Data Protection Officer – Info Locker

• Email address: administrator@info-locker.com

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues.