Introduction to this Policy
This website www.historiccoventrytrust.org.uk (“our Site”) is brought to you by Historic Coventry Trust (“we”, “us” or “our”), a charity registered in England and Wales under company number 7825870 and charity number 1148237.
We ask that you read this Policy carefully as it governs our use of your information and binds both you and us. If you do not agree with or accept this Policy, you should stop using our Site immediately.
We may update this Policy from time to time and post any changes to it to our site in accordance with the “Changes to this Policy” section below.
References in this Policy to:
- “Data Protection Law” means: the Data Protection Act 1998 (until repealed) (“DPA”), the Data Protection Directive (95/46/EC) (until repealed) and, from 25 May 2018, the General Data Protection Regulation 2016/679 (“GDPR”) or any equivalent provision which may replace the GDPR following the formal political separation of the United Kingdom from the European Union; the Regulation of Investigatory Powers Act 2000; the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699); the Electronic Communications Data Protection Directive (2002/58/EC); the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003); and all applicable laws and regulations which may be in force from time to time relating to the processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction; and
- “Personal Data”, “Data Controller”, “Data Processor” and “processing” shall have the meanings given to them in the DPA or, from 25 May 2018, the GDPR.
For the purposes of applicable Data Protection Law, we, Historic Coventry Trust, are the Data Controller and therefore we are responsible for, and control the processing of, your Personal Data in accordance with applicable Data Protection Law. “Personal Data” has a legal definition but, in brief, it refers to information from which a living person can be identified. Such information must be protected in accordance with Data Protection Law.
Information we may collect about you
We will collect information about you when you visit our Site or do business with us (including requesting quotations and ordering services from us). This information may include your name, your contact details (including postal address, email address and telephone number), your payment details (i.e. relating to any payment you make to us in connection with our services), any other information we request from time to time to enable us to provide our Site to you and to continue to do business with you and any other information you provide to us.
We may occasionally receive information about you from other sources, including:
- credit reference and fraud prevention agencies;
- where you have consented for other organisations to lawfully share data with us; or
- where we receive data from trusted third parties to assist us in our marketing efforts.
We will add this data to any information we already hold about you.
Any of the information or data referred to in this paragraph (together, the “Information”) may or may not constitute or include Personal Data.
Safety of Children
Our services are not intended for and may not permissibly be used by individuals under the age of 16. We do not knowingly collect Personal Data from persons under 16. If it comes to our attention that we have collected Personal Data from such a person, we may delete this Information without notice. If you have reason to believe that this has occurred, please contact firstname.lastname@example.org
How long we keep your Information
We will keep your Information only for as long as we need to hold it for the purposes set out in this Policy.
However, if required we will be entitled to hold your Information for longer periods in order to comply with our legal or regulatory obligations.
Legal basis for processing your Information
From 25 May 2018, under applicable Data Protection Law we may only process your Information if we have a “legal basis” (i.e. a legally permitted reason) for doing so. We will have a legal basis for processing your Information under this Policy if:
- you have given us your consent to process your Personal Data (see below); or
- processing is necessary for the performance of a contract you have entered into (i.e. we need to process your Information in order to provide you with services), or in order to take any preliminary steps that you consider are required before you can enter into such a contract; or
- processing is necessary to allow us to comply with our legal obligations; or
- processing is necessary in order to protect your vital interests; or
- processing is necessary for us to perform tasks that are of public interest or in the exercise of official authority (where applicable); or
- processing is necessary for our legitimate interests, provided that these legitimate interests are not overridden by your fundamental rights.
Your consent to processing
If you have previously given your consent to the processing of your Information, you may freely withdraw such consent at any time. You can do this by notifying us in writing using our contact details below.
If you withdraw your consent, and if we do not have another legal basis for processing your Information (see above), then we will stop processing your Information. If we do have another legal basis for processing your Information then we may continue to do so subject to your legal rights (for which see “Your Rights” below).
Where we are unable to rely on consent, we will rely on the performance of a contract with you or compliance with our legal obligations as the basis for processing your Information, unless we consider that processing is necessary for our legitimate interests (e.g. delivery and/or improvement of our services). Marketing is considered separately below.
How we use your Information
We will use your Information for the following purposes:
- to help us identify you and any account you hold with us;
- administration of your account and any services you order from us;
- to assist us in complying with or enforcing any legal obligations;
- research, statistical analysis and behavioural analysis;
- to provide insights based on aggregated, anonymous data collected through the research and analysis referred to above;
- fraud prevention and detection;
- billing and order fulfilment;
- to improve our services; and
- marketing (see ‘Marketing’ below).
If you have not purchased services from us or enquired about purchasing any of our services and if you have given us prior permission, then we will use the Information we hold about you to contact you by email for the purpose of letting you know about our services. If you prefer not to receive these communications from us, or if you no longer wish to receive them, then you can opt out at any time.
If you are an existing customer of ours, or if you have previously purchased services from us or enquired about purchasing any of our services, we may use the Information we hold about you to contact you by email to provide you with details of similar services to those purchased or enquired about by you. If you prefer not to receive these communications from us, or if you no longer wish to receive them, then you can opt out at any time. We have undertaken a legitimate interests assessment of our marketing practices and we have concluded that legitimate interests is an appropriate basis for those practices, as we consider that it is reasonable to assume that you would expect us to promote our services to you in this manner and that doing so involves relatively little intrusion into your privacy or any disproportionate impact on your fundamental rights; furthermore, because we utilise an email marketing system which allows us to exercise a sophisticated degree of control over your marketing preferences, we do not consider that a less invasive form of processing is available to achieve the same ends.
You have the right at any time to ask us to stop processing your Information for marketing purposes. If you wish to exercise this right, you should contact us by sending an email to email@example.com giving us enough information to identify you and deal with your request. Alternatively you can follow the unsubscribe instructions in emails you receive from us.
We may share your Information with:
- other companies within our group;
- our suppliers, subcontractors, agents and service providers who help us to provide our services (and we will ensure they have appropriate measures in place to protect your Information);
- law enforcement agencies in connection with any investigation to help prevent unlawful activity;
- regulatory bodies, in response to any official request; and
- if our business is sold or integrated with another business, your Information may be disclosed to our advisers and any prospective purchasers and their advisers and will be passed on to the new owners of the business.
Keeping your Information secure
We will use technical and organisational measures in accordance with good industry practice to safeguard your Information. However, while we will use all reasonable efforts to safeguard your Information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any Information that is transferred from you or to you via the internet.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance. Any information that we receive through such monitoring and communication will be added to the information we already hold about you and may also be used for any of the purposes listed in this Policy.
Information about other individuals
If you give us information on behalf of a third party, you confirm that the third party has appointed you to act on his/her/their behalf and has agreed that you can:
- give consent on his/her/their behalf to the processing of his/her/their information;
- receive on his/her/their behalf any data protection notices; and
- give consent to the transfer of his/her/their information abroad (if applicable).
From time to time we may need to transfer your Information to countries outside the European Economic Area, which comprises the EU member states plus Norway, Iceland and Liechtenstein (‘EEA’). Such countries may not have similar protections in place regarding protection and use of your Information as those set out in this Policy. Therefore, if we do transfer your Information to countries outside the EEA we will take reasonable steps in accordance with applicable Data Protection Law to ensure adequate protections are in place to protect the security of your Information.
By submitting your Information to us in accordance with this Policy you consent to these transfers for the purposes specified in this Policy.
This section sets out your legal rights in respect of any of your Personal Data that we are holding and/or processing. If you wish to exercise any of your legal rights you should put your request in writing to us (using our contact details below) giving us enough information to identify you and respond to your request.
- You have the right (which up until 25 May 2018 may be subject to the payment of a small fee) to request information about Personal Data that we may hold and/or process about you, including: whether or not we are holding and/or processing your Personal Data; the extent of the Personal Data we are holding; and the purposes and extent of the processing.
- You have the right to have any inaccurate information we hold about you be corrected and/or updated. If any of the Information that you have provided changes, or if you become aware of any inaccuracies in such Information, please let us know in writing giving us enough information deal with the change or correction.
- You have the right in certain circumstances to request that we delete all Personal Data we hold about you (the ‘right of erasure’). Please note that this right of erasure is not available in all circumstances, for example where we need to retain the Personal Data for legal compliance purposes. If this is the case we will let you know.
- You have the right in certain circumstances to request that we restrict the processing of your Personal Data, for example where the Personal Data is inaccurate or where you have objected to the processing (see below).
- You have the right to request a copy of the Personal Data we hold about you and to have it provided in a structured format suitable for you to be able to transfer it to a different data controller (the ‘right to data portability’). Please note that the right to data portability is only available in some circumstances, for example where the processing is carried out by automated means. If you request the right to data portability and it is not available to you we will let you know.
- You have the right in certain circumstances to object to processing of your Personal Data. If so, we shall stop processing your Personal Data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests.
- You have the right in certain circumstances not to be subject to a decision based solely on automated processing, for example where a computer algorithm (rather than a person) makes decisions which affect your contractual rights. Please note that this right is not available in all circumstances. If you request this right and it is not available to you we will let you know.
If you have any concerns about how we collect or process your Information then you have the right to lodge a complaint with a supervisory authority, which for the UK is the UK Information Commissioner’s Office (‘ICO’). Complaints can be submitted to the ICO through the ICO helpline by calling 0303 123 1113. Further information about reporting concerns to the ICO is available at https://ico.org.uk/concerns/.
When you access our Site, cookies will be used to distinguish you from other visitors to our Site. Cookies are text files placed on your computer to collect standard Internet log information and visitor behaviour information. The information is used to track visitor use of our Site and allows us to:
- provide you with an enjoyable experience when you access our Site;
- improve our Site; and
- compile statistical reports on visitors to our Site and activity on our Site.
Our software will issue cookies to your system when you access and use our Site and you will be asked to consent to this at the time (e.g. when you first visit our Site). Cookies do not affect your privacy and security since a cookie cannot read data off your system or read cookie files created by other sites. You can set your system not to accept cookies if you wish (for example by changing your browser settings so cookies are not accepted), however please note that some of the features of our Site may not function if you remove cookies from your system.
Changes to this Policy
We keep this Policy under regular review and may change it from time to time. If we change this Policy we will post the changes on our Site and place notices on our Site as applicable, so that you may be aware of the Information we collect and how we use it at all times.
This Policy aims to provide you with all relevant details about how we process your Information in a concise, transparent, intelligible and easily accessible form, using clear and plain language. If you have any difficulty in reading or understanding this Policy, or if you would like this Policy in another format (for example audio, large print or braille), please get in touch with us.
Our contact details
We welcome your feedback and questions. If you wish to contact us, please send an email to firstname.lastname@example.org or you can write to us at Historic Coventry Trust, Drapers’ Hall, Bayley Lane, Coventry CV1 5RN