Data Protection Policy
1. Overview of the Policy
1.1. This document will explain:
- What data we collect on you;
- Our purpose for collecting your data;
- How we might use that data;
- How long we will store your data for;
- What data we might share with others; and
- How you can control the data you give us.
2. Who we are and how to contact us
2.2. We are the data controller of your personal data, if you want to contact us about your data or for any other reason please email email@example.com.
2.3. If you would like to contact the Information Commissioner’s Office, UK’s independent authority that regulates information rights and data privacy in the country, please visit www.ico.org.uk for more details.
3. Our purpose of collecting your data
3.1. We collect and process personal data to enable it to assess the performance of our websites.
3.2. We only process your data where there is a lawful basis for doing so and if it fits with the rights you have. Our lawful basis for collecting and processing personal data is legitimate interest. We may share your data with other organisations in the course of carrying out our functions, or to enable others to perform theirs.
4. What personal data we collect from you
4.1. We will explain why we collect information from you and how we will use it before you provide it to us, unless it is obvious. With regard to each of your visits to our site we will automatically collect information including (without limitation) the following:
- the internet protocol address used to connect your computer to the internet, time zone setting, geographical location, browser type and version, operating system and platform, referral source, length of visit, page views and website navigation paths;
- information about your visit, including the full Uniform Resource Identifiers (URI), clickstream to, through and from our site, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs, methods used to browse away from the page) and any phone number used to call us.
4.2. We shall only collect what we need to achieve our obligations and tasks and nothing more.
5. What we do with your data
5.1. Our lawful basis for processing your data is legitimate interest. We use analytic tools on your data in a way you would reasonably expect. This helps us to improve the website and enhance your web experience.
5.2. We will not, without your express consent, supply your personal data to any third party for the purpose of their or any other third party’s direct marketing.
6. Disclosing personal data
6.1. You agree that we have the right to share your personal data with:
- any member of our group, which means our subsidiaries as defined in section 1159 of the UK Companies Act 2006;
- selected third parties including but not limited to:
- business partners, suppliers and sub-contractors for the performance of a contract;
- analytics and search engine providers that assist us in the improvement and optimization of our site.
6.2. We will disclose your personal data to third parties:
- to the extent that we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
- in connection with any ongoing or prospective legal proceedings;
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; and
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
7. How long we hold your data for
7.1. We will only retain your data as long as it takes to fulfil our obligations and duties. We will anonymise or delete your data once it is not needed anymore.
7.2. We review the data frequently to decide whether we need to do this.
8. Security of your data
8.1. Securing your data is top priority for Zinc Network. We have taken appropriate technical and organisational measures in accordance to data privacy legislation applicable to the UK, to store your data safely and securely.
8.2. Measures include:
- ISO27001 certification;
- Cyber Essentials Plus certification;
- Access controls;
- Anti-virus software;
- Laptop hard drive encryption;
- Secure cloud storage service; and
9. Your data rights
9.1. Requesting access to your personal data
- You have the right to request access to the personal data Zinc Network holds on you, this is called a Subject Access Request. To start the process please contact firstname.lastname@example.org and state exactly what information you would like us to provide.
- You will be asked for two documents to prove your identity; this will usually be a government issued photo ID (passport, driving licence) and a utility bill dated within the last 3 months at your current address.
- We will provide you the information requested within 1 month of the request date. If we require more time for whatever reason you will be notified of this with the reason.
9.2. Other rights
- In certain circumstances you have the right to:
- object to and restrict the use of your personal data, or to ask to have your data deleted, or corrected.
- (where you have explicitly consented to the use of your personal data and that is the lawful basis for processing) the right to withdraw your consent to the processing of your data and the right to data portability.
10.1. We may update this policy from time to time by publishing a new version on our website.
11.3. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
11.4. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
11.5. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
11.6. Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
12. Our cookies
12.1. We only use session cookies.
12.2. The names of the cookies that we use on our website, and the purposes for which they are used, are set out below. We use a session cookie to:
- track how users interact with the website;
- improve the website’s usability;
- prevent fraud and improve the security of the website;
- facilitate the use of our website search engine.
13. Analytics cookies
13.1. We use Google Analytics to gather and analyse traffic which accesses our website.
13.2. Our analytics service provider generates statistical and other information about website use by means of cookies.
13.3. The analytics cookies used by our website have the following names: _ga, _gat, _gid, __utma, __utmt, __utmb, __utmc, __utmz and __utmv.
13.4. The information generated relating to our website is used to create reports about the use of our website.
14. Third party cookies
14.1. Our website also uses third party cookies over which we have no control.