1. Unauthorised access. The security of your personal data is important to us. While we take reasonable precautions to safeguard your personal data in our possession or under our control, achieving complete security (whether in transmission or storage of data) is impossible or impractical. We cannot be held responsible for unauthorised or unintended access that is beyond our control, such as hacking or cybercrime.

2. Vulnerabilities. We do not provide any guarantee against security breaches, nor do we make any warranty, guarantee, or representation that your use of our websites and applications is safe and protected from viruses, worms, Trojan horses, and other vulnerabilities. We also do not guarantee the security of data that you choose to send us electronically. Sending such data is entirely at your own risk.

3. Period of retention. We retain your personal data only for as long as is necessary to fulfil the purposes we collected it for, and to satisfy our business and/or legal purposes, including data analytics, audit, accounting or reporting purposes. How long we keep your personal data depends on the nature of the data, e.g. we keep personal data for at least the duration of the limitation period for bringing claims if the personal data may be required to commence or defend legal proceedings. Some information may also be retained for longer, e.g. where we are required to do so by law. Typically, our data retention periods range from 7 to 15 years.

4. Anonymised data. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we are entitled to retain and use such data without restriction.