1. Introduction and Credit
1.1 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors.
1.2 This policy complies with the provisions of the General Data Protection Regulation applicable in the UK and the EU.
1.3 This document was created using a template from SEQ Legal LLP.
2. How we use your personal data
2.1 In this Section 2 we have set out:
- the general categories of personal data that we may process;
- the purposes for which we may process personal data; and
- the legal bases of the processing of personal data.
2.2 We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, internet service provider, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our server log files. This usage data may be processed for the purposes of analysing the use of the website and services statistically, with the aim of increasing data protection and data security, and to ensure an optimal level of protection for the personal data we process. The anonymous data on the server log files are stored separately from all personal data provided by a data subject. The legal basis for this processing is our legitimate interests, namely to deliver the content of our website correctly, optimise the content of our website, ensure the long-term viability of our information technology systems and website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
2.3 We may process all information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is communications with users.
3. Providing your personal data to others
3.1 We may disclose your personal data to any member of our group of companies insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
3.2 In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
4. Retaining and deleting personal data
4.1 This Section 4 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
4.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
4.3 Notwithstanding the other provisions of this Section 4, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5. Your rights
5.1 In this Section 5, we have summarised the rights that you have under data protection law. Some of the rights are complex. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
5.2 Your principal rights under data protection law are:
- the right to access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to object to processing;
- the right to data portability;
- the right to complain to a supervisory authority;
- and the right to withdraw consent.