s, they1. Overview of the Policy
1.1. This document will explain:
- What data we collect on you;
- Our purpose for collecting your data;
- How we might use that data;
- How long we will store your data for;
- What data we might share with others; and
- How you can control the data you give us.
2. Who we are and how to contact us
2.2. We are the data controller of your personal data, if you want to contact us about your data or for any other reason please email firstname.lastname@example.org.
2.3. If you would like to contact the Information Commissioner’s Office, UK’s independent authority that regulates information rights and data privacy in the country, please visit www.ico.org.uk for more details.
3. Our purpose of collecting your data
3.1. We collect and process personal data to enable it to assess the performance of our websites.
3.2. We only process your data where there is a lawful basis for doing so and if it fits with the rights you have. Our lawful basis for collecting and processing personal data is legitimate interest. We may share your data with other organisations in the course of carrying out our functions, or to enable others to perform theirs.
4. What personal data we collect from you
4.1. We will explain why we collect information from you and how we will use it before you provide it to us, unless it is obvious. With regard to each of your visits to our site we will automatically collect information including (without limitation) the following:
- time zone setting, geographical location, browser type and version, operating system and platform, referral source, length of visit, page views and website navigation paths;
- information about your visit, including the full Uniform Resource Identifiers (URI), clickstream to, through and from our site, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs, methods used to browse away from the page) and any phone number used to call us.
We additionally store anonymised versions of the internet protocol address used to connect your computer to the internet. These addresses are made anonymous through modification before the point we collect them for storage. In one instance, the internet protocol address is combined with other data points and processed through a hashing algorithm, while in another, the address is simply changed so the final two or three digits within the address are swapped, either for “00” or “000”. This ensures we cannot use the data we receive to identify you personally – even in combination with the other data points we collect.
4.2. We shall only collect what we need to achieve our obligations and tasks and nothing more.
5. What we do with your data
5.1. Our lawful basis for processing your data is legitimate interest. We use analytic tools on your data in a way you would reasonably expect. This helps us to improve the website and enhance your web experience.
5.2. We will not, without your express consent, supply your personal data to any third party for the purpose of their or any other third party’s direct marketing.
6. Disclosing personal data
6.1. You agree that we have the right to share your personal data with:
- any member of our group, which means our subsidiaries as defined in section 1159 of the UK Companies Act 2006;
- selected third parties including but not limited to:
- business partners, suppliers and sub-contractors for the performance of a contract;
- analytics and search engine providers that assist us in the improvement and optimization of our site.
6.2. We will disclose your personal data to third parties:
- to the extent that we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
- in connection with any ongoing or prospective legal proceedings;
- in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets; and
- if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets.
7. How long we hold your data for
7.1. We will only retain your data as long as it takes to fulfil our obligations and duties. We will anonymise or delete your data once it is not needed anymore.
7.2. We review the data frequently to decide whether we need to do this.
8. Security of your data
8.1. Securing your data is top priority for Zinc Network. We have taken appropriate technical and organisational measures in accordance to data privacy legislation applicable to the UK, to store your data safely and securely.
8.2. Measures include:
- ISO27001 certification;
- Cyber Essentials Plus certification;
- Access controls;
- Anti-virus software;
- Laptop hard drive encryption;
- Secure cloud storage service; and
9. Your data rights
9.1. Requesting access to your personal data
- You have the right to request access to the personal data Zinc Network holds on you, this is called a Subject Access Request. To start the process please contact email@example.com and state exactly what information you would like us to provide.
- You will be asked for two documents to prove your identity; this will usually be a government issued photo ID (passport, driving licence) and a utility bill dated within the last 3 months at your current address.
- We will provide you the information requested within 1 month of the request date. If we require more time for whatever reason you will be notified of this with the reason.
9.2. Other rights
- In certain circumstances you have the right to:
- object to and restrict the use of your personal data, or to ask to have your data deleted, or corrected.
- (where you have explicitly consented to the use of your personal data and that is the lawful basis for processing) the right to withdraw your consent to the processing of your data and the right to data portability.
10.1. We may update this policy from time to time by publishing a new version on our website.
11.1. At this time, our website doesn’t store cookies or make use of any form of HTML5-based local browser storage on your device. Cookies are commonly used to help website owners to track user activity across a website, however we have adopted an approach to user tracking which does not require us to store data, such as cookie files, within your device’s permanent memory, such as its hard drive or NAND flash memory.