“Controller” makes decisions about what personal data is used, what it is used for and how it is used. A “Processor” processes personal data on the written instructions of a Controller. “Personal data” is any information that relates to an identifiable individual or which can be used to identity an individual. Data Protection Legislation means the Data Protection Act 2018 and the UK GDPR. Any reference to “use” of personal data has the same meaning as “processing” which means anything that is done in relation to personal data including all use of personal data from its creation or collection to its destruction.
We expect that Google may collect, store, generate and use your personal data including the categories that we have listed below (more information can be found in Google’s privacy notice).
· Email Address;
· Age Group;
· IP Address;
· Device Characteristics;
· Language Preferences;
· The number of times that you have visited the Website and for how long; and
· Any links that you may click on from our Website.
If you ask us to erase any of your personal data, we may be unable to comply with your previous instructions to us about your personal data. For example, if we erase records of your instruction not to email you, you may receive an email from us if we then lawfully get your email address from a third party.
To place cookies on each device that you use to visit our website, enabling Google to detect your visit by reading the cookies
To enable Google to provide its Google Analytics service, including by transferring personal data that it holds about you (such as from our website cookies) from the UK (which is where our website is located) to other countries around the world: see below, “Where do we use your personal data?”
Basis of Use
With your consent (which we request on-screen via our website)
With your consent (which we request on-screen via our website).
Who do we share your personal data with?
Third parties who use personal data for their own purposes
• Any employee or other member of staff within organisations who are our suppliers or service providers.
• Our regulated service providers, such as banks, auditors, professional advisers and financial services providers, who are required to carry out compliance monitoring and reporting.
• Our insurers for the purposes of us taking out or renewing insurance, notifying the insurers, and dealing with actual or potential claims.
• Courts, central Government departments, law enforcement authorities including HM Revenue and Customs, the Police, public bodies and authorities.
• Third party individuals, companies or groups that wish to evaluate or complete and effect the purchase or sale of, or merger with, us or our business or assets.
We may disclose your personal data to other third parties if we have lawful grounds to do so, or are under a legal obligation to disclose or share it with them, or in order to establish, exercise or defend our legal rights or to protect the rights or safety of our staff. For example, we will disclose your personal data, if necessary, to your suppliers or service providers, contractors or sub-contractors, as well as to those appointed by us.
4. WHERE DO WE USE YOUR PERSONAL DATA?
We hold your personal data that we acquire via our website in the United Kingdom. In some cases, however, we may transfer your personal data (particularly in electronic format) to a location that is outside the United Kingdom, and even outside the European Economic Area (“EEA”).
Google is a global company and if you consent to our website’s use of the Google Analytics cookies, Google is likely to transfer your personal data outside the UK and even outside the European Economic Area, to any country in the world where Google has data processing facilities. Some of those countries may not protect your personal data as well as the UK, and some may not protect it at all. Please review Google’s privacy documentation using the link above. If you would like more information, such as information about the safeguards that Google has put in place to protect your personal data and your rights in the locations where Google uses your personal data, or if you would like a copy of the safeguards, please follow the instructions in Google’s privacy notice to ask Google for a copy of its safeguards.
In determining the appropriate period for the retention of your personal data, we consider the amount, nature and sensitivity of that data, the purposes for which we process your personal data and whether we can achieve these purposes by other means, as well as the applicable legal requirements.
What rights do you have?
In certain circumstances and by law, you have the right to:
· Withhold or withdraw consent: Where we have asked for consent, you may withdraw it at any time.
· Request access: to your personal data that we hold about you. This is commonly referred to as a “subject access request”. This enables you to receive a copy of the personal data we hold about you and to check we are lawfully processing it.
· Request Correction: of your personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
· Request Erasure: of your personal data. This enables you to ask us to delete or remove personal data where: (i) there is no good reason for us continuing to process it; (ii) you have withdrawn your consent, if any, to our processing; (iii) you have exercised your right to object to processing (see below) and no exception permits us to keep using it; (iv) it is established that we did not have the lawful right to process your personal data; or (v) the law requires us to erase your personal data.
· Object to processing: of your personal data where we are relying on a legitimate interest (or those of a third party) and where there is something about your particular situation which makes you want to object to the processing on this ground and there is no exception which applies to permit us to keep using it.
· Request the restriction of processing of your personal data: This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for our processing it or you consider we no longer need to use your personal data for the purposes for which it was collected or used (but you need it to be preserved for the purposes of legal claims). You may also ask us to restrict processing if you have exercised your right to object to our use of your personal data and no exception applies to permit us to keep using it.
· You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection matters.
If you want to review, verify, correct, or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us using the contact details set out at the beginning of this notice.
No fee is usually required
You will not pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with your request in such cases.
What we may need from you
We may need specific information from you to help us to confirm your identity and ensure your right to access the information (or to exercise any other right). This is another appropriate security measure to ensure that the personal data is not disclosed to someone who is not entitled to receive it.