As the ‘controllers’ of the information which we hold about you (your ‘personal data’), we are committed to protecting your privacy and are responsible for how your personal information is processed. ‘Processing’ covers most things that can be done with information, including collection, storage, use and destruction of that information.
For the purposes of the Data Protection Act 2018 (the “Act”), the data controller is the Centre for Governance and Scrutiny Limited of 77 Mansell Street, London E1 8AN – 020 3866 5100 – firstname.lastname@example.org.
2. WHAT WE MEAN BY PERSONAL INFORMATION
Personal information means any data from which you can be identified (including information such as your name and email address) and information which is about you.
‘Special categories’ of data is information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation. The collection and use of these types of data is subject to strict controls. Similarly, information about criminal convictions and offences is also limited in the way it can lawfully be processed.
3. PERSONAL INFORMATION THAT WE COLLECT
If you request information from us, register for events organised by us, or sign up to our newsletter, we ask you for your contact information, for example your name and email address. If we employ you, or work with you in any other capacity, we will collect relevant personal information to be able to effectively manage our relationship with you.
We may collect and process the following data about you:
We may collect information from your computer and browser including your IP address and cookies information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual. Please see Section 9 below for more information.
If you provide us with information about another person you confirm that they have appointed you to act for them, and if consent is required for the processing of their personal information that they have given that consent, and that you have informed them of our identity and the purposes (as set out below) for which their personal information will be processed.
4. HOW WE USE YOUR PERSONAL INFORMATION
We use personal information held about you in the following main ways:
Legal basis for processing
Operating, maintaining and improving our website
This is necessary for our legitimate interest to ensure the smooth functioning of our website and its continuous improvement
Providing you with information you have requested
This is necessary to fulfil our legitimate interest of providing you with the information you have requested.
Providing you with information on our services, courses, events and issues that we believe you will find useful
This is based on our legitimate interest of expanding our business
Employee performance management.
This is necessary for the fulfilment of the employment contract between CfGS and each employee.
This is necessary for the fulfilment of the employment contract between CfGS and each employee. We also have a legal duty to comply with HMRC requirements.
This is necessary to fulfil our legal duty to record accidents and to report serious incidents to the Health & Safety Executive, under RIDDOR (Reporting of Injuries, Diseases and Dangerous Occurrences Regulations)
5. HOW WE SHARE YOUR PERSONAL INFORMATION
We do not sell, trade or rent your information to other parties unless we have first obtained your consent. If you do give us permission, we will only share information with organisations we have carefully selected and believe to be reputable. We may provide statistics about our customer sales, traffic patterns and related site information to third parties, but we will not supply any personal information that would enable you to be identified.
Except in very specific circumstances, we do not disclose any of your information to other parties. In this respect we may need to share your information with our service providers and agents, and bodies such as HMRC in relation to employees, for the above purposes in Section 4.
Otherwise, we reserve the right to give your personal information to a third party without your consent where we believe that such disclosure is (i) required by law or (ii) necessary to assist in the prevention or detection of any criminal action (including fraud) or (iii) is in the overriding public interest and is permitted by law.
Some of our systems may include the transfer of your personal data to other countries, including the use of marketing databases. Your data will only be transferred to other countries which have adequate provision in place to protect personal data to an equivalent level as personal data held in the UK.
6. HOW WE PROTECT YOUR PERSONAL INFORMATION
We are strongly committed to data security and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to seek to safeguard the information you provide to us.
However, owing to the nature of the internet we cannot guarantee the security of any information you transmit to us. We recommend that you take every precaution to protect your personal information while you are using the Website and the internet.
7. HOW LONG WE KEEP YOUR PERSONAL INFORMATION
We will keep and use the personal information for as long as you have requested or registered to receive information, and for up to 5 years afterwards, in order to deal with any consequent queries or complaints you may have. We may retain the personal information for longer than this if there is a legal reason or requirement to keep the information for longer, for example if it is relevant to any current legal proceedings.
Information about employees is kept for up to 7 years after they leave CfGS. Information on other people we work with such as consultants are kept for up to 5 years after they last carry out work for us.
Details of how long we keep personal data in all circumstances are contained in our Data Retention Policy, within which there is a schedule of destruction dates.
9. IP ADDRESSES AND COOKIES
As set out in Section 3 above, we may collect information about your computer, including where available your IP address (which is a unique identifier of the user’s computer or other access device), operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies are small files stored in your computer’s hard drive by your web browser. When you access the Website, if you have enabled cookies, our computer server will access these cookies so that it can recognise your computer. These cookies help us to improve the Website and deliver a better and more personalised service. They enable us:
When you first access the sites, we will give you the option to choose not to receive cookies, or to allow you to be prompted every time a cookie is sent to you. Most web browsers automatically accept cookies, and you can change your cookie settings at any time. Please note that in a few cases some features of the Website may not function if you remove cookies from your browser.
10. YOUR RIGHTS AS A DATA SUBJECT
As a ‘data subject’ (someone whose information we hold), you have the following legal rights in relation to your personal information processed by us:
You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your information. You can contact the ICO via their website https://ico.org.uk/ or by calling their helpline on 0303 123 1113.
If you have any queries about how we use your information, or you wish to exercise any of your rights, you can contact us by emailing email@example.com, or by writing to us at the Centre for Governance and Scrutiny, 77 Mansell Street London E1 8AN, or by calling 020 3866 5100.
Last updated November 2018