INTRODUCTION

This is the privacy notice of People, Place and Participation Ltd. In this document, “we”, “our”, or “us” refer to People, Place and Participation Ltd.

This privacy notice aims to inform you about how we collect and process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information. It tells you about your privacy rights and how the law protects you.

We are committed to protecting your privacy and the confidentiality of your personal information. Our policy is not just an exercise in complying with the law, but a continuation of our respect for you and your personal information.

We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.

Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR).

The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at http://www.knowyourprivacyrights.org

THE BASES ON WHICH WE PROCESS INFORMATION ABOUT YOU 

The law requires us to determine under which of the defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.

If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

Information we process because we have a contractual obligation with you

When you buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.

In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.

We may use it in order to:

  • verify your identity for security purposes
  • sell products to you
  • provide you with our services

We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.

We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.

Information we process with your consent

Through certain actions when otherwise there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business or our products and services, you provide your consent to us to process information that may be personal information.

We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed that your consent no longer exists.

You may withdraw your consent at any time by instructing us [at email address or webpage]. 

Information we process for the purposes of legitimate interests

We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.

Where we process your information on this basis, we do after having given careful consideration to:

  • whether the same objective could be achieved through other means
  • whether processing (or not processing) might cause you harm
  • whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so

For example, we may process your data on this basis for the purposes of:

  • record-keeping for the proper and necessary administration of our People, Place and Participation Ltd
  • responding to unsolicited communication from you to which we believe you would expect a response
  • protecting and asserting the legal rights of any party
  • protecting your interests where we believe we have a duty to do so

Information we process because we have a legal obligation

Sometimes, we must process your information in order to comply with a statutory obligation.

For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order.

This may include your personal information.

Information provided on the understanding that it will be shared with a third party

Our website allows you to post information with a view to that information being read, copied, downloaded, or used by other people.

Examples include:

  • posting a message on our website or social media accounts
  • tagging an image
  • clicking on an icon next to another visitor’s message to convey your agreement, disagreement or thanks

In posting personal information, it is up to you to satisfy yourself about the privacy level of every person who might use it.

We do not specifically use this information except to allow it to be displayed or shared.

We do store it, and we reserve a right to use it in the future in any way we decide.

Once your information enters the public domain, we have no control over what any individual third party may do with it. We accept no responsibility for their actions at any time.

Provided your request is reasonable and there is no legal basis for us to retain it, then at our discretion we may agree to your request to delete personal information that you have posted. You can make a request by contacting us at [email address or webpage]. 

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION

  • We have a duty of care to the people within our data
  • Data is a liability, it should only be collected and processed when absolutely necessary
  • We loathe spam as much as you do!
  • We will never sell, rent or otherwise distribute or make public your personal information

2.0 RELEVANT LEGISLATION

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact us for clarification.

3.0 PERSONAL INFORMATION THAT THIS WEBSITE COLLECTS AND WHY WE COLLECT IT

Personal data means data (whether stored electronically or in hard copy) relating to a living individual who may be identified directly or indirectly from that data (or from that data and other information in our possession).  

Processing is any activity that involves use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. 

The law requires us to determine under which of the defined bases we process different categories of your personal information, and to notify you of the basis for each category.

If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.

If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.

Processing also includes transferring personal data to third parties. 

Sensitive personal data includes personal data about a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic, biometric, physical or mental health condition, sexual orientation or sexual life. It can also include data about criminal offences or convictions. Sensitive personal data can only be processed under strict conditions, including with the consent of the individual. 

This website collects and uses personal information for the following reasons:

3.1 Site visitation tracking

Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website. Although GA records data such as your geographical location, device, Internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address, which could be used to personally identify you, but Google does not grant us access to this. We consider Google to be a third party data processor (see section 5.0 below). GA makes use of cookies, details of which can be found on Google’s developer guides.

3.1.1 Cookies

Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.

Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

When you first visit our website, we ask you whether you wish us to use cookies. If you choose not to accept them, we shall not use them for your visit except to record that you have not consented to their use for any other purpose.

If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.

We use cookies in the following ways:

  • to track how you use our website
  • to record whether you have seen specific messages we display on our website
  • to keep you signed in our site
  • to record your answers to surveys and questionnaires on our site while you complete them
  • to record the conversation thread during a live chat with our support team

3.2 Contact forms and email links

Should you choose to contact us using the contact form on the bottom of our website, the contact us page, or an email link like this one, none of the data that you supply will be stored by this website. Information from the contact form on the bottom of our website, and the or the contact us page, will be passed directly to Mailchimp via a secure form (Mailchimp is a third party data processors outlined in section 5.0). Contacting us via an email link will open up your default email client. We accept no responsibility for the security of your email client. We would suggest that you always consider email as an insecure medium and not include personal, confidential or otherwise sensitive information within an email.

3.3 Email newsletter

3.3.1 MailChimp

If you choose to join our email newsletter via the contact form on the bottom of our website or the contact us page, the email address that you submit to us will be captured by MailChimp, which provide us with email marketing services.

3.4 Membership of Flo’s

If you choose to become a member of Flo’s, you can do so via an embedded and secure form. This form links to the membership platform, Membermojo. Membermojo is a GDPR compliant third party, which will store your membership data securely.

3.5 Online Purchases

We collect and process data when you register or place and order for any of our products or services. We engage third parties, iZettle and Calendly, to process your order.

4.0 ABOUT THIS WEBSITE’S SERVER

This website is hosted by Gyroscope a UK-based hosting company.  All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS. The Gyroscope hosting operations team is responsible for patching and resolving security vulnerabilities identified on customer sites. Their priorities include:

  • Patching software vulnerabilities to exceed security standards
  • Creating and maintaining documentation around malware patterns and protection efforts
  • Scanning for, identifying, and cleaning up malware
  • Ensuring operational security during every update, patch, and process
  • Notifying customers of identified vulnerabilities and necessary updates
  • Detecting outdated WordPress themes, plugins, or other services with vulnerabilities

5.0 OUR THIRD PARTY DATA PROCESSORS

We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0. All 3 of these third parties are based in the UK or USA and are GDPR and EU-US Privacy Shield compliant.

6.0 DATA BREACHES

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

7.0 DATA CONTROLLER AND YOUR DATA PROTECTIONS RIGHTS

The data controller of this website is: People, Place & Participation Ltd, a Charitable Community Benefit Society reg. Number 7713, whose registered office is: 21 Cornwallis Road, Oxford OX4 3NP.

Our company would like to make sure that you are fully aware of all of your data protections rights, which are the following:

  • The right to access – you have the right to request copies of your personal data that we hold. We may charge you a small fee for this service.
  • The right to rectification – you have the right to request that we correct any information that we hold which you believe is inaccurate or incomplete. 
  • The right to erasure – you have the right to request that we erase any personal data we hold about you.
  • The right to restrict processing – you have the right to request that we restrict the processing of your personal data.
  • The right to object to processing – you have the right to object to us processing your personal data. 
  • The right to data portability – you have the right to request that we transfer the data that we have collected to another organisation or directly to you.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us info@flosoxford.org.uk.

8.0 COMPLAINTS

When we receive a complaint, we record all the information you have given to us.

We use that information to resolve your complaint.

If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.

9.0 CHANGES TO OUR PRIVACY POLICY

This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the change log below.