We are the data controller and are responsible for your personal data.
Why do you collect data?
We collect personal information including your full name, phone number, business or residential address, email address, submission deadline, your message and any attached supporting documentation via our website through our contact, enquiry and sign up forms.
How do we collect your data?
Subscribe and Sign Up form
Many organisations use website analytics to analyse the performance of their website and its content. However, to do this we need to collect technical information including,
Uniform Resource Locators (URL) and their clickstream to, through and from our website. This informs us of the services or products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information and methods used to browse away from the page.
Please be aware that using a third party in this case Google Analytics it’s also possible for us to identify the name of the company/business/headquarters that you’re Internet Protocol (IP) address is registered to. IP is the address used to connect your computer to the internet and contains information on the browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
How do we use your data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us.
What do we use your data for?
We collect data from website analytics and cookies to improve the efficiency of our website, marketing and customer relationships and experiences, as well as to administer and protect the website.
Disclosure of your data?
We may have to share your personal data with the parties set out below:
- Siteground Ltd acting as processor based in the UK who we disclose all your personal data for the purpose of providing website hosting services.
- MailChimp provided by The Rocket Science Group acting as a processor based in the USA who we disclose your full name, organization name and email address in order to provide email services.
- Google Analytics provided by Google acting as a processor based in the USA who we disclose IP address for the purpose of providing website services.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services or other services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
- Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Many of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
How do we protect your data?
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorised access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our website.
Data is stored securely using third party programs and software including, Google Analytics and Mailchimp. We take reasonable precautions to keep the data safe including using firewalls and anti-virus software which are regularly maintained and updated by our IT support service.
In addition we’ve appointed a designated data controller who is responsible for the process, procedure and safety of the data we collect, use and store. To speak to our data controller please email admin@Includeme.org.uk.
How long do we store your data?
If your enquiry does not covert into a live contract we will delete all your personal data from our system within 60 days of the enquiry data. Unless you have requested we send you our marketing emails and newsletters, in which case we will only retain your full name and email address.
If the enquiry becomes a contracted agreement we will retain your personal information for a maximum of six years post termination. If you become a customer we will also seek permission to add you to our marketing and sales database to enable us to keep you up to date with new products, services, news and industry insights.
If you sign up to our e-news we will retain your name, organisation name and email address until you no longer wish to receive our e-news.
You can ask us at any time to stop sending you marketing messages or our e-news by following the opt-out links on any marketing message sent to you or by contacting us at admin@Includeme.org.uk.
Accessing and removing information
We aim to be transparent and are happy to discuss our policy and procedure with you. If you want to know exactly what personal information we may be storing about you and what we are using it for (if any/anything) you can make a data subject access request (DSAR).
Please note we are required to use reasonable means to verify the identity of any individual making a DSAR.
If we do hold any personally identifiable information about you are entitled to request that we:-
- Let you have a copy of the information;
- Correct any incomplete or inaccurate information;
- Delete or remove the information where there is no good reason for us continuing to process it;
- Stop processing your information where we are relaying on a legitimate interest and the processing impacts on your fundamental rights and freedoms;
- Restrict the processing your information in certain circumstances;
- Transfer the information to you or to a third party.
Third Party websites
Applying for work with us
We are committed to maintaining the security of your personal information and to being compliant with the GDPR. By applying for one of our vacancies, you are consenting to us collecting, storing and processing your personal information for the sole purpose of assessing your suitability for the role.
Unsuccessful candidates will have their data stored on our electronic systems for a period of 6 months following the application being received after which, any personally identifiable data will be deleted.
Changes and updates
This privacy notice was last updated on 21.01.2023.
Scottish Charity No: SC50528
Crail, Fife, Scotland, KY10 3SW
Scottish Charity No: SC50528
Crail, Fife, Scotland, KY10 3SW
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.