Date of posting: 24/05/18
Welcome to Shotley Heritage Charitable Community Benefit Society Ltd (the Society). This policy explains how we handle and use your personal information and your rights in relation to that information. Under data protection law, the Society is the controller of that information and responsible for its use and protection.
The Society is committed to protecting and respecting your privacy.
This policy describes the way we handle and use the personal information that we obtain from all the different interactions you may have with us as a business, including when you visit our offices, social media pages or website currently located at www.shotleypier.co.uk (Site) or when you contact us or take part in any of our activities or promotions.
We, the Society, are the controller in relation to the processing activities described below. This means that we decide why and how your personal information is processed. Please see the section at the end of this policy for our contact and legal information.
We may collect personal information from you if you pledge or buy community shares. The use of that information during and after the campaign (e.g. to keep in contact with you about progress of the project and key achievements) are uses of your information.
We refer to ‘investors’, ‘shareholders’ and ‘pledges’ throughout this document.
This policy was last updated on the date that appears at the top of this page.
- How and when we collect personal information about you
We receive personal information about you that you give to us, that we collect from your use of our Site and social media pages and that we obtain from other sources. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.
Personal information that you give to us
This is personal information about you that you give to us when:
- submitting personal information via our Site
- following us, interacting with us and posting on our social media pages including our Facebook, Twitter and LinkedIn pages
- participating in surveys for research purposes
- you visit our registered office or the pier
- we interact with you at events
- corresponding with us by phone, email or in another way.
This information is provided by you entirely voluntarily.
This includes information provided on the Site at the time of registering as a member, using any of the communication tools we provide for our members, pledging funds on the Site or cancelling a pledge and when generally using our Site. For example you may give us your personal information by filling in forms, uploading profile information and other content to the Site, managing your account online, engaging in correspondence with us by phone, email or otherwise and meeting with us at events (e.g. you may provide us with your business card). We may also ask you for information when you report a problem with our Site or when you exercise your legal rights.
If we do not receive this information, you may be unable to register as an investor with the Site, pledge funds, communicate with other members or communicate with us effectively or allow us to comply with our own obligations.
Information that we collect about you
We may automatically collect the following information:
- details of your visits to our site, including, but not limited to traffic data, location data, weblogs and other communication data, and the resources you access;
- technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- details regarding when and how you consented to receive marketing communications from us (including the time and date you provided your consent).
We may also view any personal information which you allow to be shared, such as the information you upload to the Site (such as your profile or application for goods or services such as our Celebratory Plaques), and information you share on third party social networks.
When you visit our social media pages we collect:
- the information you post on those pages;
- information regarding your interactions with the content we post; and
- statistical information regarding all our followers’ activities (but from which we cannot identify you as we only have access to this information in aggregated form).
Personal information we may receive from other sources:
We may obtain certain personal information about you from other sources (including those outside of our business) which may include our suppliers and our clients. The third parties that may send us personal information about you are as follows:
|Source of personal information||The circumstances in which we may obtain personal information about you from this source|
|Other members||Members of the Site may share personal information about you with us, for example if you misuse the Site or breach our guidelines.|
|Our partners||We may receive your personal information from our partners if you have indicated to them that you would like us to contact you about opportunities.|
|Social media networks (publicly available source)||We may view your social media profile registration data where you choose to register with our Site using your existing social media profile and log-in details|
Please note we do not knowingly collect personal information about children or personal data that is ‘sensitive data’ from a legal perspective or that relates to criminal convictions or offences. Please do not provide this information to us whether directly or by posting it to the Site. If we receive this type of information, we will promptly delete it.
- Categories of personal information we use about you
We process different types of personal information about you. To make it easier to understand the information that we use about you, we have categorised this information in the table below and provided a short explanation of the type of information each category covers.
We process the following categories of personal information about you:
|Category||Personal information included in this category|
|Behavioural||your activities, actions and behaviours|
|Biographical||your life experiences|
|Contact||information which can be used to address, send or otherwise communicate a message to you|
|Billing/Banking||information used to receive funds from you|
|Fraud||information relating to the occurrence, investigation or prevention of fraud|
|Identity||information that verifies your identity including formal identification documents or unique identification numbers linked to you|
|Legal||information relating to legal claims made by you or against you or the claims process|
|Fundraising||information relating to your pledges and fundraising|
|Marketing Preferences||your preferences in respect of any marketing communications form us from time to time in relation to products or services which we believe may be of interest to you|
|Correspondence||information contained in our correspondence or other communications with you about projects and other activities on our Site, our services or our business|
- Use of your personal information
We use your personal information for a variety of reasons. We rely on different legal grounds to process your personal information, depending on the purposes of our use and the risks to your privacy. You will only receive unsolicited marketing communications from us if you have consented and can opt-out of receiving them at any time. We do NOT share your personal information with companies that would send their marketing to you.
We use your personal information in the following ways:
4.1 Where you have provided CONSENT
We may use and process your personal information for the following purposes where you have consented for us to do so:
- to contact you via email with marketing information about our milestones, progress of project, opportunities to volunteer, events and other activity relating to our business;
You may withdraw your consent for us to use your information in any of these ways at any time
4.2 Where necessary for us to carry out PRE-CONTRACT STEPS you have requested or for the performance of our CONTRACT
We will use your personal information where this is necessary for us to perform our contract with you or to carry out any pre-contract steps you’ve asked us to so that you can enter into that contract, for the following purposes:
- to register and set you up as a member on our Site;
- to publish details of your pledges, anonymously unless you choose to pledge publicly, participation in public aspects of the project;
- to process your pledges and share your details with our payment processors so that payments can be made from you;
- to share your anonymised personal information with our funding partners to obtain funding;
- to run our competitions and promotions that you enter from time to time and to distribute prizes.
4.3 Where necessary to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations:
- to keep a record relating to the exercise of any of your rights relating to our processing of your personal information;
- to perform anti-money laundering and related checks where the law requires these;
- to anonymise, pseudonymise and destroy your personal information in accordance with our retention policies and data protection law;
- to handle and resolve any complaints we receive relating to the services we provide.
4.4 Where necessary for us to pursue a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
Processing necessary for us to promote our business, brand and activities and measure the reach and effectiveness of our campaigns
- for analysis and insight conducted to inform our marketing strategies, and to enhance and your visitor experience;
- to tailor and personalise our marketing communications based on your attributes;
- to identify and record when you have received, opened or engaged with our website or electronic communications.
Processing necessary for us to support our members with their enquiries
- to respond to correspondence you send to us and fulfil the requests you make to us.
Processing necessary for us to respond to changing market conditions and the needs of our guests and visitors
- to analyse, evaluate and improve our Site and other services so that your visit and use of our Site, fundraising support and other services and social media pages, are more useful and enjoyable (we will generally use data amalgamated from many people so that it does not identify you personally);
- to undertake market analysis and research (including contacting you with surveys) so that we can better understand you as a guest or investor;
- for the purposes of developing new initiatives and features on our Site (for example new types of fundraising options or support.
Processing necessary for us to operate the administrative and technical aspects of our business efficiently and effectively
- to administer our Site and our social media pages and for internal operations, including troubleshooting, testing, statistical purposes;
- for the prevention of fraud and other criminal activities;
- to verify the accuracy of data that we hold about you and create a better understanding of you as an investgor or visitor;
- for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access, including to archive, destroy, pseudonymise or anonymise your personal information;
- to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- for efficiency, accuracy or other improvements of our databases and systems, for example, by combining systems or consolidating records we hold about you;
- to enforce or protect our contractual or other legal rights or to bring or defend legal proceedings;
- to inform you of updates to our terms and conditions and policies; and
- for other general administration including managing your queries, complaints, or claims, and to send service messages to you.
Marketing communications: If you give your consent, we may use your personal information to contact you by email to send you newsletters or to notify you with details of projects, new products, services and competitions. We try to adapt any marketing material that we send to you, for example by notifying you of projects that apply to your interests and in your location. If you do not wish to receive email communications from us, please inform us by email or post to our registered office. In some emails there will be an unsubscribe link, or if you have a registered account on our Site, by changing your Profile settings from within your account.
If you opt-out of receiving marketing communications from us, we keep your email address on our suppression list for a defined period to ensure that we comply with your wishes.
- Disclosure and sharing of your personal information by us
We only disclose and share your personal information outside our business in limited circumstances. If we do, we will put in place a contract that requires recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.
We may disclose your information in an anonymised format to the following:
- Our funding partners with whom we work. Our partners include private sector organisations such as banks, retailers, media companies and also organisations in the public sector such as local councils. We also administer and promote competitions with some of our partners from time to time. When we do so we and the relevant partner may make joint decisions regarding how we use your personal information in connection with those competitions and will provide a further notice to you explaining the relationship between us;
- Our third party service providers, agents and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf, including the operation and maintenance of our Site and social media pages. Our Suppliers can be categorised as follows:
|Recipient / relationship to us||Industry sector (& sub-sector)|
|Accountants and legal and security advisers and consultants||Professional Services (Accountancy, Security & Legal)|
|Advertising, PR, digital and creative agencies||Media (Advertising & PR)|
|Banks, payment processors and financial services providers (Stripe, PayPal, ESLCU Ltd)||Finance (Banking & Payment Processing)|
|Business intelligence and performance services||IT (Business Performance)|
|Cloud software system providers, including database, email and document management/monitoring providers (Mailchimp, Google Docs, Dropbox)||IT (Cloud Services)|
|Customer support services tool||Customer Services (Support)|
|Customer relationship management services||IT (Customer Relationship Management)|
|Delivery and mailing services providers [(Royal Mail]||Logistics (Delivery Service)|
|Event booking service provider (Eventbrite)||Events (Booking)|
|Facilities and technology service providers including scanning and data destruction providers||IT (Data Management)|
|Fraud and identity verification services (Stripe, Paypal, ESLCU Ltd)||IT (Verification)|
|Tax administration (HMRC)||Government (Tax Administration)|
|Health and safety claims administrators and consultants||Health & Safety (Claims)|
|Insurers and insurance brokers||Insurance (Underwriting & Broking)|
|Market and customer research providers||Media (Market Research)|
|Online survey platforms and services (Survey Monkey)||IT (Survey)|
|Social media platforms (Facebook, Twitter and LinkedIn)||Media (Social Media)|
|Team and remote collaboration tools and services ( Google Docs)||IT (Collaboration)|
|Website and data analytics platform providers, and website performance tools (Google Analytics)||IT (Data Analytics)|
|Website and App developers||IT (Software Development)|
|Website marketing, search and integration services (WordPress)||IT (Software Development and Marketing)|
|Website hosting services providers (WordPress)||IT (Hosting)|
|File and data transfer providers (WeTransfer, Google Docs)||IT (Cloud)|
The Suppliers above are located in the European Economic Area.
When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information safe and secure.
We may disclose personal information to other third parties as follows:
- if we are under a duty to disclose or share your information in order to comply with any legal or regulatory obligation or request, including by the police, courts, tribunals or regulators.
- Transfers of your personal information outside of Europe
Except in a rare number of cases, we do not transfer personal information outside of Europe. Where we do, we take measures to protect your personal information.
All the personal information collected about you by us or on our behalf may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen where any of our group companies are located in a country outside of the EEA or if any of our servers or those of our third party service providers are from time to time located in a country outside of the EEA. These countries may not have similar data protection laws to the UK and so they may not protect the use of your personal information to the same extent.
If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipients of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. For example, those of our third party service providers who receive your personal information in the USA may subscribe to the “EU-US Privacy Shield” framework. Where they do not, we ensure that we impose contractual obligations on them that are broadly equivalent as required by UK data protection law. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
- Security and links to other websites
We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our Site may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.
We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage. Although we will do everything possible to protect your personal information, we cannot guarantee the security of any personal information during its transmission to us online. You accept the inherent security implications of using the internet and will not hold us responsible for any breach of security unless we are at fault.
In addition, if you linked to our Site from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
- The periods for which we retain your personal information
We will not hold your personal information in an identifiable format for any longer than is necessary for the purposes for which we collected it. For certain purposes we retain your personal information for a very short period whilst for others we retain it for a period of 6 years after the information is no longer required for business reasons so that we can deal with any legal proceedings that could arise.
We retain your personal information for the following periods:
|Type of personal information||How long do we keep your personal information?|
|Registration information||6 years from the date your account is closed for any reason.|
|Identity documents||If we require these for financial or fraud verification purposes, 7 years. If we require these to share with our payment processors for client verification purposes, 6 months. If we require these to verify your identity for a request by you in connection with your rights over your personal information (see below), 2 years.|
|Web traffic and device information||26 months from the date of collection.|
|Social media handles||Until you stop following our social media account or page.|
|Marketing preferences||For as long as you have not opted-out and if you opt-out, indefinitely after we place you on our suppression list to ensure we honour your wishes.|
|Complaints and queries||2 years, except where these relate to legal claims, in which case 7 years.|
The only exceptions to the periods mentioned above are where:
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- you exercise your right to require us to retain your personal information for a period longer than our stated retention period;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible;
- we archive the information, in which case we will delete it in accordance with our deletion cycle; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
- Your rights in relation to your personal information
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to verify your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received full details of your request.You have the following rights, some of which may only apply in certain circumstances:
9.1. To be informed about the processing of your personal information (this is what this policy sets out to do);
9.2. To have your personal information corrected if it is inaccurate and to have incomplete personal information completed;
The accuracy of your information is important to us and we make it easy for you to review and correct the personal information that we hold about you in your Profile. If you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, you can let us know by contacting us in any of the details described at the end of this policy.
9.3. To object to processing of your personal information;
Where we rely on our legitimate interests as the legal basis for processing your personal information for particular purposes, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.
9.4. To withdraw your consent to processing your personal information;
Where we rely on your consent as the legal basis for processing your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can also do so using our unsubscribe tool.
You can also opt out of receiving our newsletter at any time by emailing or posting a request to our registered address.
You can choose to receive or opt-out of future marketing.
Please note that our standard receipt emails and notifications or a Project closing successfully or unsuccessfully contain important financial information regarding your pledge and so cannot be turned off.
If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
9.5. To restrict processing of your personal information;
You may ask us to restrict the processing your personal information in the following situations: where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
9.6. To have your personal information erased;
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
9.7. To request access to your personal information and information about how we process it;
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
If you wish to make a Subject access request please email firstname.lastname@example.org or post a request to our registered address. We will then, in adherence with the ICO guidelines , respond to your request.
9.8. To electronically move, copy or transfer your personal information in a standard, machine-readable form;
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with a contract in place directly with you, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file or PDF.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
9.9. Rights relating to automated decision making, including profiling.
We do not envisage that any decisions that have a legal or significant effect on you will be taken about you using purely automated means, however we will update this policy and inform you if this position changes.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website, where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.
Please check this page regularly for changes to this policy. We will email you with changes if we hold a valid email address for you.
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our Site and, where appropriate, by contacting you by email. Any changes will take effect 7 days after we post the modified terms on our Site or after the date we notify you by email. We recommend you regularly check this page for changes and review this policy each time you visit our Site.
- Contact and legal information
You can contact us with your queries in relation to this policy or for any other reason using our email address email@example.com or by post.
The Society’s company registration number is 7843 and registered office address is Redlands, Main Road, Chelmondiston, Suffolk, IP9 1DX