This policy applies on and from 25 May 2018
(for reference, you can view the previous policy here)
KEEPING YOUR DATA SAFE
If you are asked to provide information when enquiring about our products or services or using our website it will only be used in the ways described in this policy.
If you have any questions about this policy email firstname.lastname@example.org or mail us at:
Data Protection Officer, Diversiti UK, 60 Gold Street, Northampton, NN1 1RS
1 WHAT DATA DO WE COLLECT AND WHERE FROM?
1.1 We collect some data directly from you when you contact us via the contact form (Contact Data). This includes:
1.1.1 your name;
1.1.2 your email address;
1.1.3 your phone number;
1.2 We collect information about how you use this website using cookies and similar technology. This includes your viewing history, IP addresses, device identifiers and information about how long you have stayed on certain pages or what pages you have clicked on (Behavioural Data).
1.3 We collect booking data via a third-party application (Booking Hound) when you register for safeguarding training (Booking Data). This includes:
1.3.1 your full name;
1.3.2 your date of birth;
1.3.3 contact information – address, postcode, email, phone number;
1.3.4 licensing information – unique ref, badge number, employer, licensing district
2 WHAT DO WE USE YOUR DATA FOR?
2.1 It is important that you understand how and why we use the personal data that we collect about you. This section sets out the different purposes for which we process personal data and which types of personal data we need for each purpose.
2.2 Contacting you about our services
2.2.1 We use your Contact Data to send you information you request or which we believe will be of interest or useful to you.
2.2.2 We use your Contact Data to contact you by phone or email with promotional initiatives or for market research purposes.
2.2.3 We use your Contact Data to enable us to respond to queries, complaints or comments that you have, and to make sure that these are appropriately dealt with.
2.3 Improving our services
2.3.1 We use Behavioural Data to improve your experience when using our website, by recording your preferences when using the site, and by tailoring our content based on your use of browser or geographical location.
2.3.2 We use Contact Data and Behavioural Data to help us monitor, analyse and improve our website and our services. We use this data to help us understand which content and services are most interesting and enjoyable for our users and to help us identify errors and test features. This helps us to make sure that we are providing you with the best possible products and services.
2.4 Administering safeguarding training on behalf of Oxfordshire County Council
2.4.1 We use your Booking Data in order to provide safeguarding training on behalf of Oxfordshire County Council.
2.4.2 The Booking Data we collect is used to inform Oxfordshire County Council who is attending the safeguarding training, and their licensing details.
2.4.3 On occasion, we may use this Booking Data to contact you by phone or email regarding your booking, in order to request further information required by Oxfordshire County Council, or to inform you of any changes to the training (such as a change of time, venue, or cancellation).
2.4.4 We archive your Booking Data to keep a record of who has taken our safeguarding training and whether they passed or failed the training. This allows us to answer any queries about who has booked for or attended our training.
2.4.5 We do not use your Booking Data for marketing purposes, unless you have explicitly given us permission to do so.
3 HOW DO WE USE YOUR DATA FOR MARKETING PURPOSES?
3.1 Email marketing
3.2.1 We will use your email address to send you email marketing (including our newsletter and information about new products and services) where you have signed up to receive this from us.
3.2.2 You can opt out of receiving marketing emails at any time by following the instructions to unsubscribe in any of our email marketing communications.
4 WHAT IS OUR LEGAL BASIS FOR USING YOUR DATA?
4.1 Data protection law says that we have to tell you the legal basis that we rely on to process your personal data for the purposes that we have notified to you. This section tells you what that legal basis is in relation to each of the purposes set out above.
Purpose: Contacting you about our services
Legitimate interests: To ensure our customers enjoy the best experience possible, and to help us deliver our services to you.
Purpose: Improving our services
Legitimate interests: To make sure that we continue to improve our service and provide our users with the best and most effective service possible.
Purpose: Administering safeguarding training on behalf of Oxfordshire County Council
Public Interest: To aid Oxfordshire County Council in the administration of taxi driver, coach driver, and passenger assistant licensing.
4.2 You have the right to object to us processing your personal data for the purposes set out above. Unless we can show that we have a compelling legitimate reason to continue processing your personal data, we will stop processing it.
4.3 In respect of the use of your email address for email marketing purposes, we process this on the basis that we have your consent to do so. You can withdraw your consent at any time by following the instructions to “unsubscribe” in any email marketing communications.
5 WHO DO WE SHARE YOUR DATA WITH?
5.1 We do need to share your personal data with some third parties in some circumstances. This includes where we use third party suppliers to perform various services for us. The third party suppliers we share your personal data with are as follows:
5.1.1 third party service providers who help us to manage our booking system;
5.1.2 other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure; and
5.2 We share Booking Data with Oxfordshire County Council as it is within their remit to collect this data.
5.2.1 under data protection law, Oxfordshire County Council is considered the “collector” for this data, and we are considered a “processor” for this data.
5.3 We will also share your personal data with third parties in the following circumstances:
5.3.1 where you have specifically consented to us sharing your data with a particular third party; and
5.3.2 where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.
5.4 We do not transfer or store your personal data outside the European Economic Area (EEA). If we do carry out any further transfers of your data outside the EEA, we will inform you and we will ensure that the recipient provides an adequate level of protection of your personal data.
6 WHAT RIGHTS DO YOU HAVE?
6.1 You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
6.2 We will respond to any requests to exercise your rights as soon as we can and in any event within one month of receiving your request and any necessary proof of identity or further information.
6.3 A right to access your information
6.3.1 You have a right to ask us to send you a copy of all personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a “subject access request” and must be made in writing to: email@example.com or to: Data Protection Officer, Diversiti UK, 60 Gold Street, Northampton, NN1 1RS
6.4 A right to object to us processing your information
6.4.2 If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
6.4.3 You can exercise this right by emailing firstname.lastname@example.org.
6.5 A right to ask us not to market to you
6.5.1 You can ask us not to send you direct marketing. You can do this by opting out using the “unsubscribe” option in any of our email marketing communications.
6.6 A right to have inaccurate data corrected
6.6.1 You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
6.7 A right to have your data erased
6.7.2 By data protection law, this right does not apply to Booking Data we hold on behalf of Oxfordshire County Council as it is held for the purposes of Public Interest.
6.7.3 If you would like to make a request to exercise this right, please contact email@example.com. If we are required by law to comply with your request, we will delete or fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.
6.8 A right to have processing of your data restricted
6.8.1 You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it so that you can exercise your own legal rights.
6.8.2 Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent or we need to process the data to exercise a legal claim or to protect a third party or the public.
7.1 We will always hold your information securely. To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
7.2 We also follow stringent procedures to ensure we work with all personal data in line with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR).
8 HOW CAN YOU CONTACT US?
9 WHAT IF YOU HAVE A COMPLAINT?
9.1 You have a right to complain to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK, if you are unhappy with how we have processed your personal data.
9.2 You can find out how to do this by visiting ico.org.uk (opens in a new window).
10 WHAT IF THIS POLICY CHANGES?
Policy updated on 24 May 2018
Who we are
Our website address is: http://dev.marqwebdesigns.com/diversiti.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.