About Data Protection
We are required by law to tell you about your rights and our obligations regarding how we collect and process any personal information you provide to us. We have a range of policies and procedures to ensure that any personal information you supply is only with your consent and will always be held securely and treated confidentially and lawfully.
We regret that, if there are any points in this policy with which you are not happy, your only course of action is to leave our website immediately.
We take seriously the protection of your privacy and your confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party. We do not share or disclose to a third party any information you have explicitly given us or we have collected through our website.
Our policy complies with the UK law accordingly, including that required by the EU General Data Protection Regulation (GDPR).
How we use information and the legal basis
We are allowed to use your data only if we have a proper reason to do so such as:
To fulfil a contract we have with you:
- When you sign up to our newsletter, we use your information to fulfil our contract with you.
- We take information to communicate with you, check your identity and provide you with information on our news and services.
When it is in our legitimate interest to run our business:
- A legitimate interest is when we have a business or commercial reason to use your data. This involves us making an assessment of when we can rely on our legitimate interests.
- Our legitimate interests include keeping our records up to date, fulfilling our legal, compliance and contractual duties, working out which of our services may interest you, improving our website and services, developing new products and services, and telling you about them.
When you consent to allow us to use your data:
- We have set out below how and why we may use your personal information and the legal basis we rely on.
- Therefore, this is a notice to inform you about the information that we collect from you, what we do with it and how we keep your information safe. It sets out the conditions under which we may process any information that we collect from you or that you provide to us. It covers information that could not identify you (“non-personally-identifiable information”) and information that could (personally-identifiable information). In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
Non-personally-identifiable information (Non PII)
Non-PII is simply data that is anonymous. This data can not be used to distinguish or trace an individual’s identity such as their name, social security number, date and place of birth, bio-metric records etc. As a result, this data does not require encryption before it is transmitted as there is no scope for misuse that would result in harm to any individual.
Non-PII typically includes data collected by browsers and servers using cookies. Device type, browser type, plugin details, language preference, time zone, screen size are a few examples of non PII data.
We collect non-PII of the kind that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request.
The purpose in collecting non-PII is to gather statistics about the behaviour of our visitors, in order to better understand how they use our website. From time to time, we may release non-PII in the aggregate format, e.g., by publishing a report on trends in the usage of our website or to monitor the performance of a particular web page. Where we provide information for statistical purposes, the information is aggregated and provided anonymously so that there is no privacy risk involved in its use.
Gathering of Personally-Identifiable Information (PII)
Certain visitors to our website choose to interact with us by telephone, by email or by completing and submitting an enquiry form where they need to provide a name and an email address. In this situation the visitors provide their consent to us to collect and process the data they give us in order to enable us to reply to them with the information required.
We also record their request and our reply in order to increase the efficiency of our communication with them. We keep personally identifiable information associated with their messages, such as their name and email address so we can track our communications with them.
We also collect potentially personally-PII like internet protocol (IP) addresses. However, we do not use such information to identify the visitors and do not disclose such information to third parties.
Protection of Certain Personally-Identifiable Information
We take all measures necessary to protect against the unauthorised access, use, alteration, or destruction of potentially PII data.
The new GDPR grants the following fundamental rights to users:
- Breach notification. We must inform you within 72 hours if any breach occurs that might compromise your data.
- Right to access. You have the right to access the information we have about you.
- Right to be forgotten. You have the right to ask us to delete your account and all personal information about you. We will also need to cease sharing that information with third-party services (if any).
- Privacy by design. We may be held liable for any data breaches if our system is not secure by design or we fail to take precautions to protect all user information.
Our website and electronic systems are maintained by qualified professionals to ensure they meet all privacy standards and comply with our general data protection security and protection policies. We only process data within the UK.
How your personal information held by us can be accessed
If you have any queries or requests regarding the data we hold on you, you can send your request to firstname.lastname@example.org. We will respond to your request within 30 days. We have procedures in place to enable any service user whose personal information we collect and process, to be aware of their right to access their information on request at any time.
How long we keep information
There are strict protocols in place that determine how long we will keep your information. We will not keep your information any longer than we need to or are required to in line with relevant legislation and regulations.
We continue to process your information on the basis outlined above until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
You may withdraw your consent at any time by instructing us at email@example.com. However, if you do so, you may not be able to use our website or our services further.
If we plan to make more significant changes, such as using personal data for a new purpose, we will update our privacy information and will communicate the changes to individuals before starting any new processing.
We are a registered charity (Charity number 1044777).
If you have any concerns or questions about privacy, please contact us at firstname.lastname@example.org