Privacy Policy

This policy applies on and from 25 May 2018
(for reference, you can view the previous policy here)

KEEPING YOUR DATA SAFE

Diversiti UK is committed to keeping your personal data safe and secure, and handling it in accordance with our legal obligations. This Privacy Policy sets out in detail the purposes for which we process your personal data, who we share it with, what rights you have in relation to that data and everything else we think it’s important for you to know.

If you are asked to provide information when enquiring about our products or services or using our website it will only be used in the ways described in this policy.

If you have any questions about this policy email enquiries@diversiti.uk or mail us at:
Data Protection Officer, Diversiti UK, 60 Gold Street, Northampton, NN1 1RS

1 WHAT DATA DO WE COLLECT AND WHERE FROM?

1.1 We collect some data directly from you when you contact us via the contact form (Contact Data). This includes:
1.1.1 your name;
1.1.2 your email address;
1.1.3 your phone number;

1.2 We collect information about how you use this website using cookies and similar technology. This includes your viewing history, IP addresses, device identifiers and information about how long you have stayed on certain pages or what pages you have clicked on (Behavioural Data).

1.3 We collect booking data via a third-party application (Booking Hound) when you register for safeguarding training (Booking Data). This includes:
1.3.1 your full name;
1.3.2 your date of birth;
1.3.3 contact information – address, postcode, email, phone number;
1.3.4 licensing information – unique ref, badge number, employer, licensing district

2 WHAT DO WE USE YOUR DATA FOR?

2.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.

2.2 Contacting you about our services
2.2.1 We use your Contact Data to send you information you request or which we believe will be of interest or useful to you.
2.2.2 We use your Contact Data to contact you by phone or email with promotional initiatives or for market research purposes.
2.2.3 We use your Contact Data to enable us to respond to queries, complaints or comments that you have, and to make sure that these are appropriately dealt with.

2.3 Improving our services
2.3.1 We use Behavioural Data to improve your experience when using our website, by recording your preferences when using the site, and by tailoring our content based on your use of browser or geographical location.
2.3.2 We use Contact Data and Behavioural Data to help us monitor, analyse and improve our website and our services. We use this data to help us understand which content and services are most interesting and enjoyable for our users and to help us identify errors and test features. This helps us to make sure that we are providing you with the best possible products and services.

2.4 Administering safeguarding training on behalf of Oxfordshire County Council
2.4.1 We use your Booking Data in order to provide safeguarding training on behalf of Oxfordshire County Council.
2.4.2 The Booking Data we collect is used to inform Oxfordshire County Council who is attending the safeguarding training, and their licensing details.
2.4.3 On occasion, we may use this Booking Data to contact you by phone or email regarding your booking, in order to request further information required by Oxfordshire County Council, or to inform you of any changes to the training (such as a change of time, venue, or cancellation).
2.4.4 We archive your Booking Data to keep a record of who has taken our safeguarding training and whether they passed or failed the training. This allows us to answer any queries about who has booked for or attended our training.
2.4.5 We do not use your Booking Data for marketing purposes, unless you have explicitly given us permission to do so.

3 HOW DO WE USE YOUR DATA FOR MARKETING PURPOSES?

3.1 Email marketing
3.2.1 We will use your email address to send you email marketing (including our newsletter and information about new products and services) where you have signed up to receive this from us.
3.2.2 You can opt out of receiving marketing emails at any time by following the instructions to unsubscribe in any of our email marketing communications.

4 WHAT IS OUR LEGAL BASIS FOR USING YOUR DATA?

4.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.

Purpose: Contacting you about our services
Legitimate interests: To ensure our customers enjoy the best experience possible, and to help us deliver our services to you.

Purpose: Improving our services
Legitimate interests: To make sure that we continue to improve our service and provide our users with the best and most effective service possible.

Purpose: Administering safeguarding training on behalf of Oxfordshire County Council
Public Interest: To aid Oxfordshire County Council in the administration of taxi driver, coach driver, and passenger assistant licensing.

4.2 You have the right to object to us processing your personal data for the purposes set out above. Unless we can show that we have a compelling legitimate reason to continue processing your personal data, we will stop processing it.

4.3 In respect of the use of your email address for email marketing purposes, we process this on the basis that we have your consent to do so. You can withdraw your consent at any time by following the instructions to “unsubscribe” in any email marketing communications.

5 WHO DO WE SHARE YOUR DATA WITH?

5.1 We do need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us. The third party suppliers we share your personal data with are as follows:
5.1.1 third party service providers who help us to manage our booking system;
5.1.2 other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure; and
5.1.3 third party marketing agencies to ensure our marketing is delivered effectively in accordance with this Privacy Policy.

5.2 We share Booking Data with Oxfordshire County Council as it is within their remit to collect this data.
5.2.1 under data protection law, Oxfordshire County Council is considered the “collector” for this data, and we are considered a “processor” for this data.

5.3 We will also share your personal data with third parties in the following circumstances:
5.3.1 where you have specifically consented to us sharing your data with a particular third party; and
5.3.2 where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.

5.4 We do not transfer or store your personal data outside the European Economic Area (EEA). If we do carry out any further transfers of your data outside the EEA, we will inform you and we will ensure that the recipient provides an adequate level of protection of your personal data.

6 WHAT RIGHTS DO YOU HAVE?

6.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.

6.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information.

6.3 A right to access your information
6.3.1 You have a right to ask us to send you a copy of all personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to: enquiries@diversiti.uk or to: Data Protection Officer, Diversiti UK, 60 Gold Street, Northampton, NN1 1RS

6.4 A right to object to us processing your information
6.4.1 You have a right to object to us processing any personal data that we process where we are relying on legitimate interests as the legal basis of our processing. This includes all of your personal data that we process for all of the purposes set out in this Privacy Policy, with the exception of our use of your email address to send you marketing communications with your consent (but you can withdraw your consent to this at any time).
6.4.2 If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
6.4.3 You can exercise this right by emailing enquiries@diversiti.uk.

6.5 A right to ask us not to market to you
6.5.1 You can ask us not to send you direct marketing. You can do this by opting out using the “unsubscribe” option in any of our email marketing communications.

6.6 A right to have inaccurate data corrected
6.6.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.

6.7 A right to have your data erased
6.7.1 You have a right to ask us to delete your personal data in certain circumstances, for example if we have processed your data unlawfully or if we no longer need the data for the purposes set out in this Privacy Policy.
6.7.2 By data protection law, this right does not apply to Booking Data we hold on behalf of Oxfordshire County Council as it is held for the purposes of Public Interest.
6.7.3 If you would like to make a request to exercise this right, please contact enquiries@diversiti.uk. If we are required by law to comply with your request, we will delete or fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.

6.8 A right to have processing of your data restricted
6.8.1 You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
6.8.2 Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.

7 SECURITY

7.1 We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.

7.2 We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR).

8 HOW CAN YOU CONTACT US?

8.1 If you have any questions or concerns about this Privacy Policy and/or our processing of your personal data, you can get in touch with our Data Protection Officer using: enquiries@diversiti.uk.

9 WHAT IF YOU HAVE A COMPLAINT?

9.1 You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
9.2 You can find out how to do this by visiting ico.org.uk (opens in a new window).

10 WHAT IF THIS POLICY CHANGES?

10.1 We may make changes to this Privacy Policy from time to time. Any changes we make will be posted on this page.

Policy updated on 24 May 2018

Who we are

Our website address is: http://dev.marqwebdesigns.com/diversiti.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements