brought to you by
Privacy and Data Protection
We value the trust you place in us by giving us your personal information. We will always use your personal information in a way that is fair and worthy of that trust. That means letting you know what information we collect and why, how we use it and who to contact if you have any concerns. We will also do everything we can to protect the data we hold about you.
General principles
We adhere strictly to the Principles of Data Protection, as set out in the General Data Protection Regulation (GDPR). This includes the obtaining, holding, using or disclosing of such data and covers computerised records, as well as manual filing systems and card indexes.
We will hold the minimum personal data necessary. All such data is confidential and will be treated with due care.
We have proper safeguards to protect all personal data we hold. It will be kept safe from unauthorised access, accidental loss or destruction.
All data we hold about you will be obtained for a specified and lawful purpose, and processed fairly and lawfully in accordance with your rights.
We will hold your data for up to two years for financial, legal and regulatory compliance.
We will not transfer your data to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
We will collect data through forms, and indirectly through platforms such as, but not limited to, Facebook, Twitter and LinkedIn, as well as through third parties such as, but not limited to, CACI, Experian and approved data warehouses.
The data we collect includes:
First and Surname
Date of Birth
Email address
Address including postcode
Phone and mobile number
Social identifiers
Preference data – provided by you at the point of sign up
Cookie and behavioural data – based on web and email activity
Marketing opt-in data
Email communications responses
History – full audit trail of data usage for compliance requirements
If we hold data, or are asked to process data for, a child under 13, we will hold additional data, including but not limited to:
Parent or guardian name and contact information
Parental or guardian consent for marketing communications
We also collect information about how you use our website and mobile apps to improve SEO, PPC, online advertising, email marketing, web analytics or other digital services.
We use a valid opt-In consent as grounds for processing your data, given at the point of collection. You can unsubscribe at any time via an email or by contacting us at data@nottinghambid.com
We may use your personal information for:
Your data will be shared with approved third parties in order to provide these services. For an up-to-date list of these third parties, please email data@nottinghambid.com
We will email you to inform you that we hold information about you, with a link to our Data Protection Policy. We will inform you of any update to this policy via email.
We will only store data on our approved secure environments, which are GDPR compliant, including:
CRM Platform
Email service provider
Email software
Data stored on local PCs and other devices will be protected with a strong password and encrypted.
Data will be removed from local PCs and other devices, and any memory sticks or cloud storage platforms, as soon as it is no longer required.
All hard copies will be kept in a locked cabinet or drawer and put away when not in use.
You have the right to request access to the data we hold on you.
Please provide two forms of identification from the following to prove the data relates to you:
Passport
Driving licence
Birth certificate
Utility bill (from last 3 months)
Current vehicle registration document
Bank statement (from last 3 months)
Within one month of receiving your request, we will contact you with details of how you can access your data.
Please contact data@nottinghambid.com
If you notice any errors in the information we hold about you, you have the right to request that your record is updated. We will respond within one month.
Please contact data@nottinghambid.com
You have the right to opt out of all data usage or to restrict what we can do with your data. We will respond within one month.
Please contact data@nottinghambid.com
You have the right to request all information about you is erased from our systems.
Although we respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. We will review your request and tell you what data we can remove. We will do our best to respond within one month.
Please contact data@nottinghambid.com
When transferring your personal information, either internally or externally to clients or partners, we will ensure that the recipient is authorised to receive the data.
To ensure our employees are aware and comply with data policies we have:
If we suspect a data breach of any kind, we will report it to the Information Commissioner’s Office immediately.
If you suspect a data breach, which you believe may have involved us and the information we hold on you, please email data@nottinghambid.com with the subject 'Data Breach' and we will respond within 72 hours.
Our appointed Data Controller (the individual within our organisation who ensures our data policies and processes are followed and enforced) is:
Lee Walker, BID Manager
If any issue is not resolved by the above individual, please contact:
Neil Fincham, Director
The GDPR in the UK is governed by the ICO – www.ico.org.uk