Personal information or data means any data which relates to an individual and identifies that individual either directly or indirectly.
Our collection and use of your personal information
We collect personal information about you when you access our website, contact us or provide us with services and products.
We collect this personal information from you either directly or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).
The personal information we collect about you depends on how we interact with you. Such information may include:
- your name, address and contact details
- your bank account or payment details
- details referring to your geographical location when visiting our website
We use this personal information to:
- verify your identity
- receive goods and services from you
- administer and manage our contractual relationship with you
- respond to enquiries you have made
- monitor usage of and improve our website
We do not knowingly collect or use personal information relating to children.
Our legal basis for processing your personal information
When we use your personal information, we are required to have a legal basis for doing so. These include:
- consent: where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
Who we share your personal information with
We may share certain categories of personal data (e.g. your name and contact details) with third parties where necessary, (for example, IT and financial service providers) for business management purposes. This data sharing enables them to provide, for example, network security and payroll services to us.
Some of those third-party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Transfer of your information out of the EEA
Wherever possible, we will not transfer your personal data outside of the European Economic Area (EEA). However, some of our third party contractors and suppliers are based outside of the EEA and there may be occasions when the processing of your personal data requires it to be transferred to regions outside of the EEA, in particular to the United States of America (USA). Personal data transfer outside of the EEA is carried out in accordance with the requirements of the General Data Protection Regulation (GDPR) and in doing so, we aim to ensure a similar degree of protection is afforded to your data by abiding by the following safeguards:
- We will only transfer your personal data to non-EU countries that have been deemed to provide an equivalent level of protection by the European Commission (For more information, see here).
- When collaborating with providers based in the USA, we may transfer data to them if they are part of the Privacy Shield framework, which aims to provide companies in the USA with a mechanism to comply with the data protection requirements of the European Union. (For more information, please see here).
If you would like further information, please contact us (see ‘How to contact us’ below).
A cookie is a small text file which is placed onto your device (e.g. computer or smartphone) when you use our website. A session cookie is formed when you access our website and is erased whenever you close your browser. A cookie is also formed to help recognise you and your device and store some information about your preferences or past actions, as well as provide browsing information for Google Analytics.
We use Google Analytics to collect information about the use of our website. Google Analytics collects information such as how often users visit our website, which pages they view, and how they arrived at our website. Google Analytics collects only an IP Address from users accessing our website, which can be used to determine the approximate geographical location from which our website is being viewed. The IP address collected by Google Analytics is not linked to any identifying information, such as your name, and we do not combine this IP Address with any personally identifiable information. Only Google may use the cookies associated with Google Analytics. To find out more about Google Analytics and for the option to opt-out of this service, please click here.
We do not use your personal information for marketing purposes. If this changes, we will update this policy to let you know.
You have a number of important rights under the GDPR:
- Right of access – You have the right to ask us for copies of your personal information.
- Right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
- Right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
- Right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. However, we may charge a reasonable fee if your request for access is unfounded or excessive – we may also refuse your request in such circumstances. If you make a request, we have one month to respond to you.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Further information or queries
Please contact our Privacy Manager Dr Edward Littler, firstname.lastname@example.org if you have any questions about this policy, and we will do our best to answer them. You also have a right to lodge a complaint with a supervisory authority. In the UK, the supervisory authority is the Information Commissioner, who may be contacted at https://ico.org.uk/concerns/
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113