The SWEET Project (“we”, ”our”, “us”) respect the privacy of our website users (“you”) and we recognise the need for appropriate protections and management of your personal information.
When we, and our service providers, collect and use your personal information and special category data, we are the data controller for the purposes of Data Protection Legislation (defined below).
We have prepared this Privacy Notice to assist you in understanding what information we collect about you and how that information is used by us and by third parties.
When we refer to Data Protection Legislation, we mean the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”); the Data Protection Act 2018 and any legislation implemented by the UK to give effect to the derogations permitted under the GDPR.
personal information is information that can be used to identify or contact a specific individual, such as a name, address, telephone number, email address, etc., and also online identifiers and location data such as IP addresses and mobile device IDs.
special category data means personal information revealing your racial or ethnic origin; religious beliefs; data related to your health; and criminal convictions or involvement in criminal proceedings.
A data controller is someone who decides why personal data is to be collected and how it will be used and treated.
If you have any questions regarding the Privacy Notice you can contact us at:
The Sweet Project CIC
or by email to firstname.lastname@example.org by telephone on 0121 458 2270.
If you are unhappy with how we handle your personal information you can write to us using the contact details noted above; and / or notify the Information Commissioner’s Office (ICO) (please see: https://ico.org.uk/concerns/ for more information).
HOW DO WE USE YOUR PERSONAL INFORMATION?
Information you provide to us when you enter a contract for our goods or services, for example, subscribing to our mailing list or signing up to one of our events: this may include your name, address, contact details, and where you sign up to an event, your dietary requirements.
Information that we collect about you when you sign up to our newsletters or direct marketing services: this may include your name and contact details.
Information that we collect about you by way of cookies. This includes your IP address, browser type and operating system.
WHY WE COLLECT IT
Entering a contract: If you enter a contract with us to provide you with any of our goods or services, we will collect your personal information to enable us to provide those goods or services to you, for example to receive payment for the services or to contact you in relation to the event you are attending.
Dietary requirements: If you are attending one of our events, we may ask you about your dietary requirements in order for us to provide you with suitable catering. This information could contain special category data, for example, it could relate to your religion.
Newsletters / marketing communications: Where you sign up to our newsletters or other direct marketing communications, we will collect your personal information in order to be able to send you these newsletters or communications.
Cookies: We collect this information in order to improve your experience of using our website and to enable us to assess how our websites are used to ensure our services and advertisements are relevant. For further information in relation to cookies, please see the cookies information tool displayed in the footer of each of our websites which you visit.
- On the basis that this is necessary to fulfil our contractual obligations to you.
- We will only collect this information on the basis of your consent.
- We will only collect this information and contact you in this way when you have provided your consent for us to do so. You may withdraw your consent to this type of communication at any time by contacting us or clicking on the unsubscribe button where relevant.
- We will retain this information for the duration of our contract with you. Once our contract has ended we will retain your personal information for up to 6 years in accordance with legal and accounting requirements. Where you have signed up to one of our events, we will retain your contact details for a period of two years thereafter in order to inform you of further related events. We do this on the basis of that it is in our and your legitimate interests to notify you of events which you may wish to attend.
If we do not hear from you during this period, we will delete your personal information.
- We will delete this information within 1 month of the event being held.
- If you respond to opt out, we will delete your information within 1 month of your response.
- Where you no longer wish to hear from us, we will retain a minimal amount of your personal information on a “suppression list” to ensure we do not contact you again.
- Please see our cookies information tool for further information.
UPDATING YOUR PERSONAL INFORMATION
Please contact us at email@example.com as soon as possible after there is any change to your personal details, including your contact details. Where possible, we aim to contact you on a regular basis to ensure the personal details we hold about you are accurate.
SHARING YOUR PERSONAL INFORMATION
We contract with third party service providers and suppliers to deliver certain services. We have contractual arrangements in place with each of these providers so that they are obliged to protect your personal information.
The following third parties may have access to your personal information for the purposes noted below:
Software providers: we use a range of software providers in order to administer our business, these providers include the host of our website, the providers of our call recording system, email system, automated email marketing system and customer databases.
Event organisers: where we hold events, we may share your personal information with third party organisers of the event including caterers and venues, for example, we may share your name with the venue for the purposes of administering a guest list.
Cookies providers: for example, Google Analytics and 1PlusXAG, please see our cookies information tool for further information.
any other person who is authorised to act on your behalf;
regulators, government departments, law enforcement authorities, tax authorities, accountants, insurance companies, lawyers and other professional advisers;
any relevant dispute resolution body or the courts; and
persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business.
Some of these entities may also be data controllers under the Data Protection Legislation. However in the first instance you should contact us using the contact details above if you have any queries.
Except as provided above, we will not share personal information with any other third parties without informing you beforehand, unless required by, or in connection with, law and / or regulatory requirements.
We will not sell, trade or lease your personal information to others.
EUROPEAN ECONOMIC AREA
The information we collect from you may be stored inside the UK, the European Economic Area (“EEA”) or outside the EEA.
If you live or work outside of the UK or the EEA, we may need to transfer your personal information outside of the UK or the EEA to correspond with you. Where this applies, we will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this privacy notice.
We also transfer personal information outside the UK or the EEA where our service providers host, process, or store personal information outside the UK or the EEA. Where this is the case we use contractual arrangements and safeguards to protect this personal information, these safeguards include:
The country to which the personal information will be transferred has been deemed to provide an adequate level of protection for personal information by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal information the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to non-EU countries.
Where we use providers based in the US, we may transfer personal information to them if they are part of the Privacy Shield which requires them to provide similar protection to personal information shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
You have certain rights under the Data Protection Legislation which can be exercised by contacting us at: firstname.lastname@example.org including:
the right to access the personal information held about the you by making a subject access request in accordance with the Data Protection Legislation. We may charge a reasonable fee when a request is manifestly unfounded or excessive;
the right to have your personal information rectified if it is inaccurate or incomplete;
the right to request to have your personal information deleted in certain specific circumstances as set out in the Data Protection Legislation;
the right to request to restrict the processing of your personal information in certain specific circumstances as set out in the Data Protection Legislation;
the right to ask us not to process your personal information for marketing purposes or for purposes based on our legitimate interests;
the right to ask us to not undergo automated decision making; and
where you have provided consent, to request to withdraw such consent at any time.
Please note that if you choose to exercise your rights to have personal information restricted or deleted, then we may not be able to provide you with our services.
Further details about your rights can be found on the ICO’s website https://ico.org.uk