Your privacy really matters to us.
While using our Site, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to your name ("Personal Information").Like many site operators, we collect information that your browser sends whenever you visit our Site ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, and the pages of our Site that you visit, the time and date of your visit, the time spent on those pages and other statistics.
All personally identifiable information gathered can be disclosed to judicial or other government agencies subject to warrants, subpoenas or other governmental orders.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
The security of your Personal Information is important to us, however no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
All personally identifiable information gathered will be destroyed in the event that the business declares bankruptcy or ceases trading.
The basis upon which we process personal data.
Under the new data protection law starting in May 2018 we have a number of lawful reasons that we can use (or 'process') your personal information. One of the lawful reasons is called 'legitimate interests'.
Broadly speaking Legitimate Interests means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
So, what does this mean? We use your personal details for our legitimate business interests. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
Some typical examples of when we might use the approach are for, direct marketing, maintaining the security of our system, data analytics, enhancing, modifying or improving our services, identifying usage trends and determining the effectiveness of our campaigns.
Direct Marketing: We will endeavour to make sure our postal marketing is relevant for you, and tailored to your likely interests.
Analytics: To process your personal information for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us to provide you with the most relevant information as long as this does not harm any of your rights and interests.
Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
Article 6(1)(f) in the GDPR gives legitimate interests as a lawful basis of processing where: “processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
The ICO Guide to GDPR adds: “A wide range of interests may be legitimate interests. They can be your own interests or the interests of third parties, and commercial interests as well as wider societal benefits. They may be compelling or trivial, but trivial interests may be more easily overridden in the balancing test.”
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you.
Your Rights Explained
The ICO has been very clear that implementation of the GDPR will require organisations to observe and uphold the public’s strengthened data rights. It has provided a list, with brief explanations, of what these rights are:
The right to be informed encompasses our obligation to provide “fair processing information”, typically through a privacy notice. It emphasises the need for transparency over how we use personal data.
The right of access allows individuals the right to access their personal data and supplementary information. This enables individuals to be aware of and verify the lawfulness of the processing.
The right to rectification gives individuals the right to have personal data rectified. Personal data can be rectified if it is inaccurate or incomplete.
The right to erasure enables an individual to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
The right to restrict processing. Individuals have a right to “block” or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it. We can retain just enough information about you to ensure that the restriction is respected in future.
The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
The right to object allows individuals the right to object to processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling); direct marketing (including profiling); and processing for purposes of scientific/historical research and statistics.
Rights in relation to automated decision-making and profiling. The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.