Terms and Conditions
Terms and Conditions
Our Site
Welcome to notlost.com, a website operated by I’ve Been Found Limited (“We”). We are a limited company registered in England and Wales under company number 09036363 and have our registered office at Carlton House, 19 West Street, Epsom, Surrey KT18 7RL. To contact us, please email . These Terms and Conditions, along with our Privacy Policy, govern the relationship between you, a user of our website, (the “Site”), and us. By using the Site, you confirm that you accept these Terms and that you agree to comply with them. If there is anything in these terms with which you do not agree, please do not use the Site. We recommend that you print a copy of these terms for future reference.
Our Policies
These Terms refer to the following additional terms, which also apply to your use of the Site:
- Our Privacy Policy, which sets out the terms on which we process any personal data we collect from you, or that you provide to us. By using the Site, you consent to such processing and you warrant that all data provided by you is accurate.
- Our Acceptable Use Policy, which sets out the permitted uses and prohibited uses of the Site. When using the Site, you must comply with this Acceptable Use Policy.
- Our Cookie Policy, which sets out information about the cookies on the Site.
Changes to these Terms
We may, from time to time, amend these Terms. Every time you wish to use the Site, please check that these terms have not changed since your last visit and to ensure you understand the terms that apply at that time.
Changes to the Site
We may update and change the Site from time to time to reflect changes to our products, our users’ needs and our business priorities. We will always try to give you reasonable notice of any major changes but the extent to which we can do this will sometime be limited by other factors affecting us outside of our control.
Availability of the Site
The Site is made available to you free of charge. We are unable to guarantee that the Site, or any content on it, will always be available or be uninterrupted. We may suspend or withdraw or restrict the availability of all or any part of the Site for business and operational reasons. We will try to give you reasonable notice of any suspension or withdrawal. You are also responsible for ensuring that all persons who access the Site through your internet connection are aware of these Terms and other applicable terms and conditions, and that they comply with them.
Your Use of the Site
We are the owner or the licensee of all intellectual property rights in the Site, and in the material published on it. Those works are protected by copyright laws and treaties around the world. All such rights are reserved. You may print off one copy, and may download extracts, of any page(s) from the Site for your personal use and you may draw the attention of others within your organisation to content posted on the Site. You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text. Our status (and that of any identified contributors) as the authors of content on the Site must always be acknowledged. You must not use any part of the content on the Site for commercial purposes without obtaining a licence to do so from us or our licensors. If you print off, copy or download any part of the Site in breach of these Terms, your right to use the Site will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.
Reliance on Information on the Site
The content on the Site is provided for general information only. It is not intended to amount to advice on which you should rely. You must obtain professional or specialist advice before taking, or refraining from, any action on the basis of the content on the Site. Although we make reasonable efforts to update the information on the Site, we make no representations, warranties or guarantees, whether express or implied, that the content on the Site is accurate, complete or up to date.
Websites we may link to
Where the Site contains links to other sites and resources provided by third parties, these links are provided for your information only. Such links should not be interpreted as approval by us of those linked websites or information you may obtain from them. We have no control over the contents of those sites or resources.
Other Content
This website may include information and materials uploaded by other users of the Site, including to bulletin boards and chat rooms. This information and these materials have not been verified or approved by us. The views expressed by other users on the Site do not represent our views or values. If you wish to complain about information and materials uploaded by other users please contact us on .
Loss or Damage Suffered by you
Consumers or Business User:
- We do not exclude or limit in any way our liability to you where it would be unlawful to do so. This includes liability for death or personal injury caused by our negligence or the negligence of our employees, agents or subcontractors and for fraud or fraudulent misrepresentation.
- Different limitations and exclusions of liability will apply to liability arising as a result of the supply of any products to you, which will be set out in our Terms of Service.
If you are a Business User:
- We exclude all implied conditions, warranties, representations or other terms that may apply to the Site or any content on it.
- We will not be liable to you for any loss or damage, whether in contract, tort (including negligence), breach of statutory duty, or otherwise, even if foreseeable, arising under or in connection with:
- use of, or inability to use, the Site; or
- use of or reliance on any content displayed on the Site.
- In particular, we will not be liable for:
- loss of profits, sales, business, or revenue;
- business interruption;
- loss of anticipated savings;
- loss of business opportunity, goodwill or reputation; or
- any indirect or consequential loss or damage,
In each case, unless otherwise stated in a separate agreement we have with you
If you are a Consumer User:
- Please note that we only provide the Site for domestic and private use. You agree not to use the Site for any commercial or business purposes, and we have no liability to you for any loss of profit, loss of business, business interruption, or loss of business opportunity.
- If defective digital content that we have supplied, damages a device or digital content belonging to you and this is caused by our failure to use reasonable care and skill, we will either repair the damage or pay you compensation.
Uploading to the Site
Whenever you make use of a feature that allows you to upload content to the Site, or to make contact with other users of the Site, you must comply with the content standards set out in our Acceptable Use Policy. You warrant that any such contribution does comply with those standards, and you will be liable to us and indemnify us for any breach of that warranty. This means you will be responsible for any loss or damage we suffer as a result of your breach of warranty. Any content you upload to the Site will be considered non-confidential and non-proprietary. You retain all of your ownership rights in your content, but you are required to grant us and other users of the Site a limited licence to use, store and copy that content and to distribute and make it available to third parties. The rights you license to us are described below in the section entitled Material you Upload. We also have the right to disclose your identity to any third party who is claiming that any content posted or uploaded by you to the Site constitutes a violation of their intellectual property rights, or of their right to privacy. We have the right to remove any posting you make on the Site if, in our opinion, your post does not comply with the content standards set out in our Acceptable Use Policy. You are solely responsible for securing and backing up your content.
Viruses and Other Malware
We do not guarantee that the Site will be secure or free from bugs or viruses. You are responsible for configuring your information technology, computer programmes and platform to access the Site. You should use your own virus protection software. You must not misuse the Site by knowingly introducing viruses, trojans, worms, logic bombs or other material that is malicious or technologically harmful. You must not attempt to gain unauthorised access to the Site, the server on which the Site is stored or any server, computer or database connected to the Site. You must not attack the Site via a denial-of-service attack or a distributed denial-of service attack. By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use the Site will cease immediately.
Linking to the Site
You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it. You must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link to the Site in any website that is not owned by you. The Site must not be framed on any other site, nor may you create a link to any part of the Site other than the home page. We reserve the right to withdraw linking permission without notice. The website in which you are linking must comply in all respects with the content standards set out in our Acceptable Use Policy. If you wish to link to or make any use of content on the Site other than that set out above, please contact .
Law and Disputes
If you are a consumer, please note that these Terms, their subject matter and their formation, are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland. If you are a business, these Terms, their subject matter and their formation (and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.
Our Trade Marks
The NotLost Logo is a UK registered trademark of I’ve Been Found Limited. You are not permitted to use them without our approval unless they are part of the material you are using as permitted under Material on the Site.
Updated Oct 2022
Product Privacy Policy
Last modified: July 04, 2024
1. Introduction
1.1. We at Notlost are committed to protecting your privacy. This Product Privacy Policy applies to your use of the Notlost Service.
1.2. This Product Privacy Policy applies where we are processing data on behalf of venue clients and where we are acting as a Data Processor only. You should also refer to the Privacy Policy of the venue when considering how and where your Personal Data is being managed.
1.3. You may also refer to the Notlost Privacy Policy.
1.4. This Product Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your Personal Data. It also describes your choices as well as your rights of access and correction of your Personal Data.
1.5. This Product Privacy Policy does not apply to any information or data collected by Notlost as a controller for other purposes, such as information collected on our websites or through other channels for marketing purposes. Please find the Notlost Privacy Policy that covers this information or data by clicking here.
1.6. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
1.7. In this policy, “we”, “us” and “our” refer to I’ve Been Found Ltd. trading as Notlost. For more information about us, see Section 12.
2. Use of the Notlost service
2.1. The Notlost Service is our software as a service platform provided to operators or owners of venues and transport services (‘Clients’). The software provides each Client with the ability to manage the recording of found items and lost item enquiries.
2.2. There are two primary roles through which Personal Data might be entered into the Notlost system for any Client.
2.2.1. By a Client’s customer (‘Customer’ or ‘Seeker’) completing a lost property enquiry form, usually found on the Client’s website
or
2.2.2. By a Client member of staff (‘Operator’) entering the details of a lost or found item directly into the Notlost system
2.2.3. The information recorded (‘Personal Data’) may include:
・Seeker name, email address and contact number
・Location item found or lost;
・Date/time found or lost;
・Item description and category (e.g. Jewellery);
・Item photograph. For found items venue staff may take a picture and upload the image to the Notlost system;
・If an item is found by a member of the public (‘Finder’) then the Finder’s contact details including name, email address and contact number may be recorded
・Operator details are recorded for every action in the Notlost system. This includes name, username (unique system identifier), date/time of entry, update or action.
2.3. The Notlost service is operated by our Clients and Notlost does not control how Personal Data is recorded or accessed.
2.3.1. The Personal Data is controlled by our Clients. How this data is used, disclosed and protected by them is according to their privacy policies. Notlost processes Personal Data as directed by our Clients and in accordance with our agreements with each Client. See section 3 for more information on the retention periods;
2.3.2. The agreements with our Clients prohibit us from using the Personal Data except as necessary to provide and improve the Notlost Service, as permitted by this Product Privacy Policy, and as required by law;
2.3.3. We have no direct relationship with individuals who provide personal information to our Clients. Each Client controls and is responsible for correcting, deleting or updating information they have collected using the Notlost Service;
2.3.4. We may work with our Clients to help them provide notice to their Customers about their data collection, processing and usage.
2.4. In addition to data captured through the use of the system Notlost will also collect data about each visit to the Notlost platform including visits by Seekers. This data will include the following:
2.4.1. Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
2.4.2. Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), products you viewed or searched for’, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
3. How we use your personal data
3.1. In this Section 3 we have set out:
3.1.1. the general categories of Personal Data that we may process;
3.1.2. in the case of Personal Data that we did not obtain directly from you, the source and specific categories of that data;
3.1.3. the purposes for which we may process Personal Data; and
3.1.4. the legal bases of the processing.
3.2. We may process data about your use of our services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is the Notlost service and Google Analytics. This usage data may be processed for the purposes of analysing the use of the Services. The legal basis for this processing is legitimate interest, namely monitoring and improving our Services.
3.3. We may process your account data (“account data”). The account data may include your name, phone number, email address and other data described in section 2.4. of this document. The source of the account data is you, or any organisation you have reported a lost or found item to. The account data may be processed for the purposes of providing our services, ensuring the security of our services, maintaining back-ups of our databases and communicating with you with regard to an item you have lost or found. The legal basis for this processing is legitimate interest.
3.4. We may process information provided to us through a lost or found item report (“Item report data”). This data may include your name; address; telephone number; email address; found/lost item report information such as the category of the item you have reported, its location or potential location, the time it was lost or found, and relevant additional information to help identify you as the owner. The source of this data is will be you, a member of the public who found the item, or a Client Operator recording the found or lost item data. This data may be processed to help find an item or match a found item to a seeker. The legal basis for this processing is legitimate interest.
3.5. Our Clients receive training on what personal data they are allowed to capture (and what they should not capture) when creating a found or lost item report, this includes what can be photographed. This data may be processed to help find an item or match a found item to a seeker. The legal basis for this processing is legitimate interest.
3.6. We may process any of your Personal Data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is legitimate interest, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.7. We may process any of your Personal Data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is legitimate interest, namely the proper protection of our business against risks.
3.8. In addition to the specific purposes for which we may process your Personal Data set out in this Section 3, we may also process any of your Personal Data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.9. Please do not supply any other person’s Personal Data to us, unless we prompt you to do so.
4. Providing your personal data to others
4.1. We may disclose your Personal Data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.2. We may share some or all of the Personal Data with our third-party service providers where it is relevant to the services, we are providing you. This may include:
4.2.1. Amazon Web Services. The Notlost service runs on Amazon servers hosted in the Republic of Ireland. The data is secure, and Amazon Web Services cannot read any of the data stored by Notlost.
4.2.2. Stripe Inc,. Notlost uses Stripe credit card processing services to process payments on behalf of Clients, this is usually when a Customer is paying for the secure return of a verified found item. When paying a Customer will enter payment details directly into Stripe’s system. Notlost will only receive and store confirmation of payment.
4.2.3. Parcel2Go.com Limited. Notlost uses Parcel2Go’s services to enable a Customer to select a courier for the postal return of their item. This is only when a Customer is paying for the secure postal return of a verified found item. When a Customer enters their delivery address these details pass directly into Parcel2Go’s system to retrieve available delivery services. Notlost record the delivery address and selected service chosen by a customer and this data is used only to generate a delivery label and to provide the return service. Please refer to Parcel2Go’s privacy policy for further information: https://www.parcel2go.com/privacy-policy
4.2.4. OpenAI Ireland Ltd. Notlost uses their API services to provide image recognition capabilities. This is only when a Venue uploads a photo of a found item, and should not include any personal data, but in rare cases may inadvertently. The processing is in compliance with the written instructions received from NotLost, which is always to only identify the item of lost property. Please refer to OpenAI Irelands Ltd’s privacy policy for further information: https://openai.com/policies/data-processing-addendum/
4.2.5. Neo4j AuraDB™. NotLost uses their infrastructure as as service to provide a database with enterprise-class security and compliance. Please refer to Neo4j’s privacy policy for further information: https://neo4j.com/privacy-policy/
4.3. We may disclose your Personal Data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.4. We may disclose your “Account Data” and “Item Report Data” to an organisation that is using Notlost to manage their found items, if there is a statistical likelihood (over 60% match in terms of location, time and date, and item details) that the item you have reported in your “Item Report Data” matches to an item they have found insofar as reasonably necessary for them to contact you to enable the return of the item.
4.5. In addition to the specific disclosures of Personal Data set out in this Section 4, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject.
5. International transfers of your personal data
5.1. In this Section 5, we provide information about the circumstances in which Personal Data may be transferred to countries outside the United Kingdom and the European Economic Area (EEA).
5.2. We have offices and facilities in England and Bulgaria Only. We will not transfer Personal Data to countries outside of the United Kingdom and the EEA.
5.3. The hosting facilities for our Services are located in the Republic of Ireland, and are maintained by Amazon Web Services.
5.4. The data that we collect from you will be transferred to, and stored at, a destination within the United Kingdom or the European Economic Area (“EEA”). It will also be processed by staff operating within the United Kingdom or the EEA who work for us or for one of our suppliers. By submitting your Personal Data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
5.5. All information you provide to us is stored on our secure servers. All interactions with the Notlost platform are encrypted using SSL technology (HTTPS). Any payment transactions are encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
5.6. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect all data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
6. Retaining and deleting personal data
6.1. This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of Personal Data.
6.2. Personal Data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Our retention of Personal Data is linked to your actions. We define a ‘Service Action’ as any of the following: reporting a lost or found item; opening a Service notification; opening a Service email; or logging into a Service account.
6.3. The retention of data processed by Notlost as part of the service provision and as a result of your Service Actions is defined in the table in section 6.3.1, unless otherwise agreed with the client in accordance with their specific privacy policy. We define ‘Active Period’ as the time period after which a Found or Lost item is Expired or Returned.
6.3.1.
Type of data | Retention period defined in data retention policy |
Usage Data | 24 months after your last Service Action |
Account Data | 24 months after your last Service Action |
Item Report Data | 24 months after your last Service Action |
6.4. Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. Your rights
7.1. In this Section 7, we have summarised the rights that you have under current data protection legislation. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the Information Commission’s Office (www.ico.org.uk) for a full explanation of these rights.
7.2. You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
7.2.1. The supply of appropriate evidence of your identity for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address.
7.3. Your principal rights under data protection law are:
7.3.1. the right to access;
7.3.2. the right to rectification;
7.3.3. the right to erasure;
7.3.4. the right to restrict processing;
7.3.5. the right to object to processing;
7.3.6. the right to data portability;
7.3.7. the right to complain to a supervisory authority; and
7.3.8. the right to withdraw consent.
7.4. You have the right to confirmation as to whether or not we process your Personal Data and, where we do, access to the Personal Data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Data concerned and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your Personal Data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
7.5. You have the right to have any inaccurate Personal Data about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Data about you completed.
7.6. In some circumstances, you have the right to the erasure of your Personal Data without undue delay. Those circumstances include: the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
7.7. In some circumstances you have the right to restrict the processing of your Personal Data. Those circumstances are: you contest the accuracy of the Personal Data; processing is unlawful but you oppose erasure; we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your Personal Data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
7.8. You have the right to object to our processing of your Personal Data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
7.9. To the extent that the legal basis for our processing of your Personal Data is:
7.9.1. consent; or
7.9.2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your Personal Data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
7.10. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the United Kingdom or in an EU member state of your habitual residence, your place of work or the place of the alleged infringement.
7.11. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
7.12. You may exercise any of your rights in relation to your Personal Data by emailing in addition to the other methods specified in this Section 8.
8. About cookies
8.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
8.2. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
8.3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
8.4. See our Cookie Policy for:
8.4.1. For detailed information on the cookies we use and the purposes for which we use them
8.4.2. For detailed information on the cookies that our service providers use and the purpose for which they are used
8.4.3. For detailed information on how to manage cookies in your browser.
9. Our details
9.1. The Notlost Service is owned and operated by I’ve Been Found Ltd.
9.2. We are registered in England and Wales under registration number 09036363, and our registered office is at Carlton House, 19 West Street, Epsom, Surrey, KT18 7RL.
9.3. Our principal place of business is in Carlton House, 19 West Street, Epsom, Surrey, KT18 7RL.
9.4. You can contact our data protection officer using
10. Changes to our privacy policy
10.1. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Website Privacy Policy
Last modified: October 31, 2022
1. Introduction
1.1. We at Notlost are committed to protecting your privacy.
1.2. This policy applies where we are acting as the Data Controller with respect to the personal data of our website visitors, prospects and clients; in other words, where we determine the purposes and means of the processing of that personal data.
1.3. This policy does not apply where we are processing data on behalf of our clients and where we act as the Data Processor. Please see the Notlost Product Privacy Policy that covers this information.
1.4. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy.
1.5. In this policy, “we”, “us” and “our” refer to I’ve Been Found Ltd; trading as NotLost. For more information about us, see Section 13.
2. Information we collect from you
2.1. We will collect and process the following data about you:
2.1.1. Information you give us. Information about you that you give to us by corresponding with us by phone, e-mail or otherwise. It includes information you provide when you search for a product, place an order on our site, participate in discussion boards or other social media functions on our Site, enter a competition, promotion or survey and when you report a problem with our site. The information you give to us may include your name, job title, company address, e-mail address and phone number.
2.1.2. Information we collect about you. With regard to each of your visits to our site we will automatically collect the following information:
2.1.2.1. Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
2.1.2.2. Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our Site (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
3. How we use your personal data
3.1. In this Section 3 we have set out:
3.1.1. the general categories of personal data that we may process;
3.1.2. in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
3.1.3. the purposes for which we may process personal data; and
3.1.4. the legal bases of the processing.
3.2. We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is the NotLost website (notlost.com), our online chat service accessed via the NotLost website and provided by Drift.com, inc., and usage analysis provided by Google Analytics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is legitimate interest, namely monitoring and improving our website and services.
3.3. We may process information contained in any enquiry you submit to us regarding goods and/or services (“enquiry data”). The enquiry data may be processed for the purposes of offering, marketing and selling relevant goods and/or services to you. The legal basis for this processing is Consent and this is provided by you selecting to Opt-In to this processing via business enquiry process.
3.4. We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may include the communication content and metadata associated with the communication. Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is legitimate interest, namely the proper administration of our website and business and communications with users.
3.5. Information we receive as enquiry data or as correspondence data is captured, stored and processed in our online customer management tool provided by HubSpot.com, Inc. The data is secured by HubSpot and access is limited to NotLost staff only. The legal basis for this processing is legitimate interest namely the proper administration of our website and the proper management of client and prospective client personal data.
3.6. We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is legitimate interest, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.7. We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is legitimate interest, namely the proper protection of our business against risks.
3.8. In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
4. Providing your personal data to others
4.1. We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
4.2. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.3. In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject.
5. International transfers of your personal data
5.1. In this Section 5, we provide information about the circumstances in which your personal data may be transferred to countries outside the United Kingdom or the European Economic Area (EEA).
5.2. The hosting facilities for our website are situated in Ireland and are maintained by Amazon Web Services.
5.3. The hosting of third-party analytical services including Google Analytics is stored in the United States and other territories.
5.4. Personal Data stored in HubSpot is stored on Amazon Web Servers in the United States and other territories.
5.5. With the exceptions stated in 3 & 5.4 the data that we collect from you will be transferred to, and stored at, a destination within the United Kingdom or the European Economic Area (“EEA”). It will also be processed by staff operating within the United Kingdom or the EEA who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of any payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
5.6. All information you provide to us is stored on our secure servers. All interactions with the NotLost website and platform are encrypted using SSL technology (HTTPS). Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website or service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
5.7. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.
6. Retaining and deleting personal data
6.1. This Section 6 sets out our data retention policies and procedures for your Personal Data, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Our retention of your personal data is linked to your actions. We define a ‘Service Action’ as any of the following: corresponding with NotLost; opening a Service email; or using the website.
6.3. We will retain your personal data as follows:
Type of data | Retention period defined in data retention policy |
Usage Data | 24 months after your last Service Action |
Enquiry Data | 72 months after your last Service Action |
Correspondence Data | 72 months after your last Service Action |
6.4 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7. Amendments
7.1. We may update this policy from time to time by publishing a new version on our website.
7.2. We may notify you of changes to this policy by email.
8. Your rights
8.1. In this Section 8, we have summarised the rights that you have under current data protection legislation. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the Information Commission’s Office (www.ico.org.uk) for a full explanation of these rights. You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
8.1.1. The supply of appropriate evidence of your identity for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus an original copy of a utility bill showing your current address.
8.2. Your principal rights under data protection law are:
8.2.1. the right to access;
8.2.2. the right to rectification;
8.2.3. the right to erasure;
8.2.4. the right to restrict processing;
8.2.5. the right to object to processing;
8.2.6. the right to data portability;
8.2.7. the right to complain to a supervisory authority; and
8.2.8. the right to withdraw consent.
8.3. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
8.4. You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
8.5. In some circumstances, you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
8.6. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
8.7. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
8.8. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
8.9. To the extent that the legal basis for our processing of your personal data is:
8.9.1. consent; or
8.9.2. that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
8.10. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
8.11. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8.12. You may exercise any of your rights in relation to your personal data by emailing in addition to the other methods specified in this Section 8.
9. About cookies
9.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
9.2. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
9.3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
10. Our details
10.1. The Notlost service is owned and operated by I’ve Been Found Ltd.
10.2. We are registered in England and Wales under registration number 09036363, and our registered office is at Carlton House, 19 West Street, Epsom, Surrey, KT18 7RL.
10.3. Our principal place of business is in Carlton House, 19 West Street, Epsom, Surrey, KT18 7RL.
10.4. You can contact our data protection officer using
11. Changes to our privacy policy
11.1. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Accessibility Statement
Accessibility Statement
I’ve Been Found Ltd. trading as NotLost are committed to providing you a website that is accessible to the widest possible audiences, including those with sight, audio and motor impairment restrictions. We are continuously working to meet the best practices available to achieve this, including the AA standards in the Web Content Accessibility Guidelines (WCAG).
Compliance Status
Conforming with WCAG guidelines helps us make sure that our content is accessible to people with disabilities.
The NotLost admin application and customer enquiry form (self-service portal) have been tested to ensure a minimum of WCAG 2.1 AA compliance.
Specifically:
All pages of our application and enquiry form were analyzed and improved until they obtained a high compliance score on all tests that were carried out with our tools thus ensuring a high degree of conformity with the relevant standards
- Our content is presented without loss of information or functionality, and without requiring scrolling in two dimensions for vertical scrolling at a width equivalent to 320 CSS pixels and for horizontal scrolling at a height equivalent to 256 CSS pixels
- All functionality of the content is operable through a keyboard interface without requiring specific timings for individual keystrokes, except where the underlying function requires input that depends on the path of the user’s movement and not just the endpoints
- Web pages do not contain anything that flashes more than three times in any one-second period, or the flash is below the general flash and red flash thresholds
- Web pages have titles that describe the topic or purpose.
- In the form submission, when users are asked to provide personal information such as name, email and phone number if any of these fields are incorrectly completed we alert the user and clearly show which is the incorrect field.
- Color is not used as the only visual means of conveying information, indicating an action, prompting a response, or distinguishing a visual element.
We aim to use a web font so all text is easy to read.
- We have appropriate ALT tags for images to convey information for people with images switched off, or who use a screen reader.
- We ensure that navigation through our websites works in a consistent way.
- We do not rely on just colour as the only way of giving information.
- We avoid the use of images of text to replace actual text wherever possible, and provide appropriate ALT tags if images do contain words that are important to the understanding of the website.
- The site uses Cascading Style Sheets (CSS) to control all of the presentation and layout.
The content has been written and formatted to make it as accessible as possible. For example:
- Headings highlight sections of text.
- Sentences are short with the meaning at the beginning.
- We try to ensure that link text makes sense out of context and that it accurately describes the page or page section to which it points.
- Forms can be navigated using the tab key.
Browser Compatibility
NotLost application is designed to be compatible with all browsers given they are updated to the latest versions. NotLost application is not compatible with unsupported browsers such as Internet Explorer 11.
Limitations
Despite our best effort, there are areas of our website that do not adhere to the standards for accessibility and usability:
- On the public enquiry form, the contrast ratio between text labels and input fields is not above 4.5 – the recommended score that makes text easier to read. This will be updated before end of Oct 22
Further help
The following links are to further browser and operating system specific information and advice about accessibility.
Advice from the BBC showing users how to make full use of accessibility settings in browsers and operating systems.
PDF files
Some of the information on our website may be in Portable Document Format (PDF). You will need Adobe Acrobat Reader to read PDF files. Adobe Acrobat Reader can be downloaded free of charge from the Adobe website. Later versions of this software provide a number of features that improve access for users.
Contact information to report accessibility problems
We are continually improving our user experience and strive to make it more inclusive for everyone. NotLost follows an agile scrum development process and is aware that conformance to the WCAG 2.1 standard is an ongoing process.
As new features are developed they are tested to ensure compliance. If there are issues reported by users, we will prioritise them to ensure we maintain our compliance with the standard. If you notice other areas of our website that are not fully accessible, get in touch:
Email:
Acceptable Use Policy
Our Site
Welcome to notlost.com, a website is operated by I’ve Been Found Limited (“We”). We are a limited company registered in England and Wales under company number 09036363 and have our registered office at Carlton House, 19 West Street, Epsom, Surrey KT18 7RL.
This Policy, along with our Website Terms and Conditions and Privacy Policy, govern the relationship between you, a user of our website, (the “Site”), and us. By using the Site, you confirm that you accept this Policy and that you agree to comply with them.
If there is anything in these terms with which you do not agree, please do not use the Site.
We recommend that you print a copy of these terms for future reference.
Our Terms
Our Website Terms and Conditions also apply to your use of our Site.
Changes to this Policy
We amend these terms from time to time. Every time you wish to use our Site, please check these terms to ensure you understand the terms that apply at that time.
Prohibited Uses
You may use our Site only for lawful purposes. You may not use our Site:
- In any way that breaches any applicable local, national or international law or regulation.
- In any way that is unlawful or fraudulent, or has any unlawful or fraudulent purpose or effect.
- For the purpose of harming or attempting to harm minors in any way.
- To send, knowingly receive, upload, download, use or re-use any material which does not comply with our content standards.
- To transmit, or procure the sending of, any unsolicited or unauthorised advertising or promotional material or any other form of similar solicitation (spam).
- To knowingly transmit any data, send or upload any material that contains viruses, Trojan horses, worms, time-bombs, keystroke loggers, spyware, adware or any other harmful programs or similar computer code designed to adversely affect the operation of any computer software or hardware.
You also agree:
- Not to reproduce, duplicate, copy or re-sell any part of our Site in contravention of the provisions of our Website Terms and Conditions.
- Not to access without authority, interfere with, damage or disrupt:
- any part of our Site;
- any equipment or network on which our Site is stored;
- any software used in the provision of our Site; or
- any equipment or network or software owned or used by any third party.
Breach of this policy
When we consider that a breach of this acceptable use policy has occurred, we may take such action as we deem appropriate.
Failure to comply with this acceptable use policy constitutes a material breach of the Website Terms and Conditions upon which you are permitted to use our Site, and may result in our taking all or any of the following actions:
- Immediate, temporary or permanent withdrawal of your right to use our Site.
- Immediate, temporary or permanent removal of any Contribution uploaded by you to our Site.
- Issue of a warning to you.
- Legal proceedings against you for reimbursement of all costs on an indemnity basis (including, but not limited to, reasonable administrative and legal costs) resulting from the breach.
- Further legal action against you.
- Disclosure of such information to law enforcement authorities as we reasonably feel is necessary or as required by law.
We exclude our liability for all action we may take in response to breaches of this acceptable use policy. The actions we may take are not limited to those described above, and we may take any other action we reasonably deem appropriate.
Which country’s laws apply to any disputes?
If you are a consumer, please note that the terms of this policy, its subject matter and its formation are governed by English law. You and we both agree that the courts of England and Wales will have exclusive jurisdiction except that if you are a resident of Northern Ireland you may also bring proceedings in Northern Ireland, and if you are resident of Scotland, you may also bring proceedings in Scotland.
If you are a business, the terms of this policy, its subject matter and its formation (and any non-contractual disputes or claims) are governed by English law. We both agree to the exclusive jurisdiction of the courts of England and Wales.
Updated Oct 2022