This Privacy Notice applies to individuals who provide information directly to The Sidmouth Trust (we, our or us), including any personal data provided through our website www.sidmouthtrust.com (our site) or social media channels, or whose information The Sidmouth Trust obtains in other ways.
The Sidmouth Trust is committed to protecting and respecting your privacy and ensuring best practice compliance with data protection laws. Our Privacy Notice gives you information about how we collect, use and protect any personal data that you provide to us, including any personal data provided through our site. It is important that you read our Privacy Notice.
Any changes we may make to our Privacy Notice in the future will be posted on this page, so you will always know what personal data we collect about you, the purposes we might use it for and to whom we might disclose it.
This version of our Privacy Notice was published in March 2020 and applies to the collection and use of personal data by us from 2 March 2020. It aligns with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Personal data is any information about an individual which can identify that person. It does not include any information where the individual’s identity has been removed (this is known as anonymous data), which we may collect, use and share for any purpose.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
- where we need to comply with a legal or regulatory obligation.
Generally we do not rely on consent as a legal basis to use your personal data, other than where you have agreed that your personal data may be used by us or any third party to send you marketing information. You have the right to withdraw your consent to such uses at any time.
Set out below is a description of all the ways we plan to use your personal data. We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Please note that we may use your personal data without your knowledge or consent where this is required or permitted by law.
Personal data you give to us or that we collect about you
We may use personal data in the following ways:
- to allow you to access our site;
- to provide you with information that you may request from us;
- to provide you with other information that is similar to that which you have already enquired about or that we feel may interest you;
- to improve our site and ensure that content from our site is presented in the most effective manner for you and for your computer;
- to monitor and administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in any interactive features of our service, when you choose to do so;
- to deal with any enquiries submitted by you (see How does The Sidmouth Trust share your data? for further details);
- as part of our efforts to keep our site safe and secure; and
- for internal record keeping.
Personal data we receive from other sources
- combine personal data we receive from other sources with the personal data you give to us or that we collect about you; and
- use personal data we receive from other sources and/or combined personal data for the purposes set out above in this section of our Privacy Notice (depending on the types of personal data we receive).
We will not use your personal data for marketing purposes without your explicit consent. We will inform you (before collecting your personal data) if we intend to use, or disclose to any third party, your personal data for such purposes. Where you have provided your consent to receive marketing information from us or any third party, you will be given the opportunity to opt out of receiving any future marketing information by checking certain boxes on the forms we use to collect your personal data or unsubscribing from marketing emails via the hyperlink provided in such emails. You may also opt out of receiving any future marketing information at any other time by contacting us using the contact information set out in the How to contact us section of our Privacy Notice.
You may provide your personal data to us by filling in forms via our site or linked third party websites (including social media channels), or by corresponding with us by phone, e-mail or otherwise.
We may collect the following personal data about you:
- Personal data you give us: The personal data you give us may include your name, address, e-mail address, social media handles and phone number.
- Personal data we collect about you: With regard to each of your visits to our site, we may automatically collect the following personal data:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from our site.
- Personal data we receive from other sources: We may receive personal data about you if you use any of the other websites operated by EEG member organisations. We may also receive personal data about you from:
- commercial data providers;
- research partners and project collaborators (including prospective research partners and project collaborators); and
- publicly available sources.
With third parties
We may share your personal data with selected third parties, including:
- business partners and service providers in connection with the performance of any contract we enter into with them or you;
- third parties who provide email delivery, customer relationship management and helpdesk services, or any other services which we choose to outsource;
- IT hosting services;
- research partners and project collaborators (including prospective research partners and project collaborators); and
- analytics and search engine providers that assist us in the improvement and optimisation of our site
We may also share your personal data with other third parties:
- if we are under a duty to disclose or share your personal data with any regulatory or law enforcement authorities and are required to do so;
- in order to exercise or defend our legal rights or in connection with any legal proceedings or anticipated legal proceedings; and
- in order to comply with any other legal obligation or enforce or apply our Website Terms and Conditions and any other agreements.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes and in accordance with our instructions.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data, whether we can achieve those purposes through other means and applicable legal requirements.
The majority of the personal data we collect will be stored and used in the UK at our offices and in our secure data centres. We will only transfer your data outside of the European Economic Area (EEA) where it is necessary for us to do so because there are no reasonable and commercially appropriate alternatives based in the EEA.
We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a need to know. They will only use your personal data for specified purposes and are required to keep your personal data confidential.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our site; any transmission is at your own risk.
Our site may, from time to time, include links to third party websites (including social media platforms), plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third party websites, plug-ins or applications and are not responsible, and do not accept any liability, for their compliance with data protection laws.
When you leave our site, we encourage you to read the privacy policies of every website you visit or plug-in or application you download, in particular before submitting any personal data to those websites, plug-ins or applications.
In certain circumstances, you have legal rights under GDPR in relation to your personal data which are known as data subject rights. Those rights are:
- The right to be informed of processing.
- The right to access personal data by making a subject access request.
- The right to rectification where personal data is inaccurate or incomplete.
- The right to erasure, sometimes called ‘the right to be forgotten’.
- The right to restrict processing.
- The right to data portability.
- The right to object to processing.
- The right not to be subject to a decision based solely on automatic processing.
Where you seek to exercise any of your data subject rights, we may need to request specific information from you to help us confirm your identity and establish your right to exercise such rights. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to exercise your data subject rights to speed up our response. Your legal rights do not apply in all instances. We will inform you if, in the context of your request, we do not consider that your legal rights apply.
If you wish to exercise any of your data subject rights set out above, please contact us using the contact information set out in the How to contact us section of our Privacy Notice.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to make a complaint at any time to the ICO regarding our collection and use of personal data. However, we would appreciate being given the chance to help you with your concerns before you approach the ICO, so please contact us using the details below in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you have any questions or would like more information about the collection and use of personal data by The Sidmouth Trust , you can contact us by sending an email to firstname.lastname@example.org] or by writing to us at 30 High Street, Sidmouth, Devon, EX10 8EA.