VERSION 1 – 1 JUNE 2018
2. IMPORTANT INFORMATION AND WHO WE ARE
2.4 It is important that the personal data we hold about you is accurate and current. Please just drop us an email if your personal data changes during your relationship with us.
3. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
3.1 Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
3.2 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
(a) Identity Data: includes first name and last name; and
(b) Contact Data: includes email address.
4. HOW IS YOUR PERSONAL DATA COLLECTED?
We collect data from you through direct interactions where you give us your Identity and Contact Data by filling in the subscribe form on our site or by corresponding with us by email or otherwise.
5. HOW DO WE USE YOUR PERSONAL DATA?
5.1 We will only use your personal data when the law allows us to. Most commonly, we will use your personal data to:
(b) deliver relevant website content and email marketing to you and measure or understand the effectiveness of the email marketing we serve to you; and
(c) where we need to comply with a legal obligation.
5.2 We strive to provide you with choices regarding certain personal data uses, particularly around email marketing. We have established the following control mechanisms:
(a) marketing from us - you will receive marketing communications from us if you have subscribed on our contact form on the site; and
(b) opting out - you can ask us to stop sending you marketing emails at any time by contacting us at email@example.com.
6. DISCLOSURES OF YOUR PERSONAL DATA
6.1 We may share your personal data with the parties set out below for the purposes outlined in clause 5 above.
(a) external third parties including HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances; and
6.2 We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
7. INTERNATIONAL TRANSFERS
We do not transfer your personal data outside the European Economic Area.
8. DATA SECURITY
8.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
8.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
9. HOW LONG WILL WE KEEP YOUR PERSONAL DATA FOR?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. Rest assured, when we no longer need your personal data, we will delete it or destroy it.
10. WHAT LEGAL RIGHTS DO YOU HAVE TOWARDS YOUR PERSONAL DATA?
10.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data, for example, the right to request access to your personal data or request corrections to the personal data that we hold. If you wish to exercise any of the rights set out above, please contact us at firstname.lastname@example.org.
No fee usually required
10.2 You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
10.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
10.4 We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Your right to complain
10.5 You do have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, really appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.