Contract for Services Privacy Policy

Updated 05 September 2025

This Privacy Policy is part of our Contract for Services. By choosing to use our Services, you’re agreeing to this policy. If you don’t agree please don’t use or access our Services.

  • This Privacy Policy applies when you use our website and/on contact us and/or when there is a Contract (Subscription Plan Agreement and/or Services Contract) between Turas Engagement Partners Ltd (trading as Flo-culture)) ("Turas”, "we," "us") and the person or entity using our Services ("customer," "you," "your"). This policy governs how we use the information you provide when you get in touch, sign up and use our services.

    We are committed to protecting your privacy and will only use the information that we collect about you lawfully.

  • Before you read the data privacy and security statement, we would like to clarify four important concepts to fully understand this statement. These four concepts are: the 'privacy statement', the 'data subject', the 'personal data', and 'processing'.

    The 'privacy statement' informs, among other things, what personal data is collected, for what purpose, what is done with it, how long this takes place and what rights the data subject has regarding this process.

    The privacy statement is addressed to the person whose personal data will be processed. That person is called the 'data subject'.

    'Personal data' is a very broad concept. It concerns information and data about an identified or identifiable person. This means that the information is directly about a person or can be traced back to a person—for example, someone's name, address, telephone number, email address, or IP address.

    Every action that can be done with personal data is indicated by the word 'process'. This includes collecting, organizing, storing, updating, modifying, retrieving, using, distributing, combining, blocking, erasing, and destroying the data, as well as any other action concerning the processing of personal data.

  • We will process all personal data fairly and lawfully

    We will only process personal data for specified and lawful purposes

    We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.

    We will not keep personal data for longer than is necessary

    We will keep all personal data secure

    We will endeavour to ensure that personal data is only transferred to countries within the European Economic Area (EEAA) with adequate protection.

  • Turas Engagement Partners Ltd (trading as Flo-culture)) is the data controller.

    Full name of Company: Turas Engagement Partners Ltd (trading as Flo-culture), is a company registered in England and Wales with Company number 16634318

    Registered address: Turas Engagement Partners Ltd (trading as Flo-culture), Church Hall, 53 Front Street, East Boldon, NE36 0SD

    Contact address: as above or katherine.pearson@flo-culture.com

    You can contact us with your questions and concerns regarding the procedure and handling of your personal data by us. You can also contact us if you want to exercise any of your rights regarding the personal data we process.

  • Organisations that express an interest in our services

    We collect personal data about your staff or directors for a number of reasons, including communicating with you and responding to requests for information.

    The personal data we collect can include:

    • Name

    • Contact details

    • Records of your communication with us

    Organisations that buy from us (services and subscriptions)

    In addition to the personal data collected above, we may collect further information about directors to process a merchant account application with a selected payment provider.

    The personal data we collect can include:

    • Name

    • Contact details

    • Records of your communication with us

    • Date of birth

    • Private address

    • Copies of identity documents

    Note on payment

    We do not see, collect or store any sensitive payment data whatsoever when processing a card transaction.

    The data required to perform a card transaction will be captured, but all data is encrypted at source and, therefore, not visible to us.

    We may record an anonymised payment token that lets us know if you are a repeat user.

    We may use this to streamline the process when you use the service in future.

  • For individuals who proactively engage with us

    We will process your data for the following reasons:

    • To provide our services

    • To supply you with communications you have requested about our products or services

    • To provide customer support

    • To keep a record of your relationship with us

    • To manage your communication preferences

    • To monitor and mitigate fraudulent and illegal activities

    • To comply with applicable laws and regulations and requests from statutory agencies

    For individuals who are making a payment

    We will process your data for the following reasons:

    • To ensure that the relevant organisation receives the payment and to provide our services to our customers

    • To monitor and mitigate fraudulent and illegal activities

  • Cookies are small bits of data that websites store on your device to improve your browsing experience and track useful analytics and data.  

    Read our Cookie Policy for more information.

  • We need a lawful basis to collect and use your personal data under the General Data Protection Regulation (GDPR) data protection law.

    The law allows for six ways to process personal data (and additional ways for sensitive personal data).

    These are:

    • If the data subject gives explicit consent or the processing is necessary (e.g., payroll payments).

    • To meet contractual obligations entered into by the data subject, e.g. a subscription plan agreement.

    • To comply with the data controller’s legal obligations, e.g. if we need to process personal data to comply with a common law or statutory obligation.

    • To protect the data subject’s vital interests. This basis applies if it’s necessary to process personal data to protect someone’s life. (This applies to any life – not just the data subject’s life.)

    • For tasks carried out in the public interest or exercise of authority vested in the data controller, e.g. when we must process personal data “for the performance of a task carried out in the public interest” or “in the exercise of official authority”.

    For the purposes of legitimate interests pursued by the data controller, e.g. when processing is necessary for the purposes of the legitimate interests pursued by us or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Numerous interests can be legitimate, including our own, third parties and commercial interests. This may include:

    • Processing client or employee data

    • Processing conducted for marketing purposes

    • Processing that helps prevent fraud

    • Intra-group transfers of personal data

    • Processing for IT security purposes

    • Our legitimate interests

    Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as that interest is not overridden by the privacy rights of the individual whose data is being used. If you want to change our use of your personal data, please contact us using the details in the “How to contact us” section below.

  • We do not share, sell or rent your information to third parties for marketing purposes.

    We will not otherwise disclose your personal information unless required to do so by a regulatory agency or law or unless we have consent from you.

    We may allow our staff, consultants, and/or external providers acting on our behalf to access and use your information for the purposes you have provided us (e.g., to analyse data or process payments).

    We ensure your information is treated with the same level of care as if we were handling it directly.

    There may be service delivery circumstances when we share your personal data with third parties. Only relevant personal data is shared. In addition, personal data is only shared if this is required based on one or more of the legal grounds mentioned above.

  • Employees of Turas Engagement Partners Ltd (trading as Flo-culture) who have access to personal data of data subjects are not allowed to use this data for personal purposes. This includes all actions concerning the personal data of data subjects for personal purposes.

  • We ensure that appropriate physical, technical and managerial controls are in place to protect your personal details. All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted.

    Where we have given you (or where you have chosen) a password that enables you to access certain uses of our services, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

    Please note that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website and/or AR Digital Tours Platform; any transmission is at your own risk.

    Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  • We will keep your personal data for no longer than is necessary for the purposes for which it is processed in accordance with our policies or applicable regulations.

  • Every data subject has rights under UK GDPR to guarantee a correct privacy policy. You can contact the controller if you want to exercise one or more of these rights (see How to contact us below). If you seek contact with the controller, the controller is obliged to provide you with a reply within one month. No charge will be made for a data subject’s request for information or action under these rights.

    The right to be informed

    Every data subject has the right to be provided with clear and concise information about what is done with their personal data.

    Right of access by the data subject

    Every data subject has the right to access and receive a copy of personal data that this app has processed from you.

    Right of rectification

    Every data subject has the right to rectify inaccurate personal data that the app has processed about you if this data turns out to be incorrect or incomplete. We will respond to such requests within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

    Right of erasure (the right to be forgotten)

    Every data subject has the right to request that the data subject’s personal data be deleted from our possession. We must delete this data upon your request and within one month. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

    Right to object

    Every data subject has the right to object to the processing of the subject personal data. You must state what your specific reasons are for objecting. If you object to direct marketing, direct marketing will immediately be discontinued.

    Right to restrict

    Every data subject has the right to restrict the processing of personal data if, for example, the data subject believes the information is inaccurate and is verifying its accuracy. We will notify any third parties with whom we have processed user data of the data subjects exercise of this right.

    Right of portability

    Every data subject has the right to receive personal data that we have processed from the data subject in a readable form.

    If you are unhappy with how we handled your personal data, please get in touch with us using the details below. You are also entitled to make a complaint to the Information Commissioner’s Office at ico.org.uk

  • This policy and any dispute or claim arising out of it or in connection with it or its subject matter shall be governed by and construed in accordance with the laws of England and Wales, and the parties irrevocably agree that the courts of England have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with this policy or its subject matter.

  • This privacy statement has been compiled with care. We keep a close eye on developments in the field of privacy law and may periodically update this privacy policy to comply with changes.

    At the top of this document, we will always place the date on which the document was last edited so that you can see if this has been updated since your last visit.

  • If you have any questions regarding our Privacy Policy, please get in touch.

    Email katherine.pearson@flo-culture.com or write to Katherine Pearson,

    Flo-culture, Church Hall, 53 Front Street, East Boldon, NE36 0SD.