For Norfolk Boards, Heddons House, Hewitts Lane, Wymondham, Norfolk, NR18 0JA
This policy sets out how we handle your personal information should you submit any personal details via our website, over the phone or via other means. This policy also sets out data that is collected when you visit any of our websites.
1. The type of personal information we collect
We collect certain personal information about visitors and users of our websites.
The most common types of information we collect include things like: names, email addresses, IP addresses, other contact details, and web analytics data.
2. How we collect personal information
We collect personal information directly when you provide it as well as when you provide it to us automatically as you navigate through our websites.
3. How we use personal information
We will use your personal information:
To reply to a request in particular, in facilitating and processing requests that take place on the websites.
Data collected for those areas that requires a login will be used solely for the purpose of allowing access to those areas.
We will also use your personal data to respond to support tickets and helping facilitate the resolution of any disputes.
We collect cookie information to allow us to carry out technical analysis to determine how to improve the websites and services we provide; monitoring activity on the websites, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the websites; managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
We collect your personal information when you provide it to us when you complete membership registration and buy or provide items or services on our websites, subscribe to a newsletter, email list, submit feedback, send us a communication in other forms.
Where you give us consent we will provide you with marketing information about products and services which we feel may interest you
For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
When we disclose your personal information, it is only to those entities that are required to be involved in order to best serve our attempts to complete our business with you as well as our professional advisers (lawyers, accountants, financial advisers etc.) and regulators and government authorities in connection with our compliance procedures and obligations; also a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
A third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
A third party, in order to enforce or defend our rights, or to address financial or reputational risks;
a rights holder in relation to an allegation of intellectual property infringement or any other infringement; and other recipients where we are authorised or required by law to do so.
4. Where we transfer and/or store your personal information
We are based in the UK so your data will be processed in the UK. In order to protect your information, we take care where possible to work with subcontractors and service providers who we believe maintain an acceptable standard of data security compliance.
5. How we keep your personal information secure
We store personal information on secure servers that are managed by us and our service providers, and occasionally hard copy files that are kept in a secure location in UK. Personal information that we store or transmit is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
6. How you can access your personal information
You can access some of the personal information that we collect about you by contacting us at the address at the top of this policy or by email at email@example.com You also have the right to make a request to access other personal information we hold about you and to request corrections of any errors in that data.
7. Marketing Choices regarding your personal information
Where we have your consent to do so (e.g. if you have subscribed to one of our e-mail lists or have indicated that you are interested in receiving offers or information from us), we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” facility provided in the communication itself.
You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our websites may not work properly in your case.
8. Cookies and web analytics
When you visit our websites, there’s certain information that’s recorded which is generally anonymous information and does not reveal your identity. If you’re logged into an account some of this information could be associated with your account.
Here is a, non-exhaustive, list of some of the items cookies collect:
your IP address or proxy server IP address’;
the domain name you requested;
the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
the date and time of your visit to the website;
the length of your session;
the pages which you have accessed;
the number of times you access our site within any month;
the file URL you look at and information relating to it;
the website which referred you to our websites; and
the operating system which your computer uses.
SEE OUR FULL COOKIE COMPLIANCE INFORMATION HERE
9. Information about children
Although our websites are suitable for children under the age of 16 years, the nature of our business assume that our websites are not normally visited by children under sixteen. However, if you are under 16 we ask that you do not give us your personal information. It’s the responsibility of parents or guardians to monitor their children’s use of our websites.
10. How long we keep your personal information
11. When we need to update this policy
We will need to change this policy from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
When we do change the policy, we’ll make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
12. How a data breach will be reported
Although we and our service providers will take care to keep your data secure and only accessible by those authorised by ourselves to view it should we believe a breach of your data has occurred we will contact the ICO within the required 72 hours. For more information please see the ICO website at https://ico.org.uk .
13. How will you be informed of a data breach at involves you
If we have reason to believe that the personal data we hold regarding you has been accessed by anyone other than an authorised source then we will contact you via email in the first instance.
14. How you can contact us
For the purposes of applicable EU data protection law (including the General Data Protection Regulation 2016/679 (the “GDPR”), we are a ‘data controller’ of your personal information.
15. How you can access your personal information
You are also entitled to ask us to send your personal information to you, to erase it, or restrict its processing. You also have rights to object to some processing that is based on our legitimate interests, such as profiling that we may perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent as more fully described below.
These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent.
Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. In all other cases, provision of requested personal information is optional.
If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
This policy is effective from 25th May 2018 and ongoing until changed or omitted.