Important information and who we are
Your legal rights
Under certain circumstances, you have legal rights under GDPR in relation to your personal data which are known as data subject rights. Those rights are:
- The right to request access to your personal data. This is commonly known as a ‘subject access request’.
- The right to request correction of your personal data.
- The right to request erasure of your personal data. This is commonly known as ‘the right to be forgotten.
- The right to object to use of your personal data.
- The right to request restriction of use of your personal data.
- The right to request transfer of your personal data.
- The right to withdraw consent, where consent is being relied upon to use your personal data.
The personal data we collect about you
Personal data is any information about an individual which can identify that person. It does not include any information where the individual’s identity has been removed (this is known as anonymous data), which we may collect, use and share for any purpose. We may collect the following personal data about you: 1. Personal data you give us You may provide your personal data to us by filling in forms via our website or by corresponding with us by phone, e-mail or otherwise. The personal data you give us may include your name, address, e-mail address and phone number, and other information related to us and your participation with us (including personal expressions of ideas, opinions and comments, or information contained in any application which is submitted to us). 2. Personal data we collect about you With regard to each of your visits to our website, we may automatically collect the following personal data:
- technical information, including the internet protocol (IP) address used to connect your computer to the internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from our website.
How we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where we need to perform the contract we are about to enter into or have entered into with you.
Generally we do not rely on consent as a legal basis to use your personal data other than where you have agreed that your personal data may be used by us or any third party to send you marketing information. You have the right to withdraw your consent to such uses at any time. Set out below is a description of all the ways we plan to use your personal data. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so. Please note that we may use your personal data without your knowledge or consent where this is required or permitted by law. 1. Personal data you give to us or that we collect about you We may use personal data in the following ways:
- to allow you to access our website;
- to provide you with information that you may request from us (including, without limitation, relating to our projects and initiatives);
- to provide you with other information that is similar to that which you have already enquired about or that we feel may interest you;
- to improve our website and ensure that content from our website is presented in the most effective manner for you and for your computer;
- to monitor and administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in any interactive features of our service, when you choose to do so;
- to register your interest in our projects and initiatives;
- as part of our efforts to keep our website safe and secure; and
- for internal record keeping.
Disclosures of your personal data
1. To group companies We may share your personal data with any companies within our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006, and any associated companies which have common ownership. 2. To third parties We may share your personal data with selected third parties, including:
- members of Exeter City Futures Community Interest Company (including prospective members);
- research partners and project collaborators (including prospective research partners and project collaborators); and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We may also share your personal data with other third parties:
- in the event that we sell or buy any business or assets, in which case we may disclose or transfer your personal data to the prospective seller or buyer of such business or assets;
- if we are under a duty to disclose or share your personal data with any regulatory or law enforcement authorities and are required to do so;
- in order to exercise or defend our legal rights or in connection with any legal proceedings or anticipated legal proceedings; and
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes and in accordance with our instructions.
The majority of the personal data we collect will be stored and used in the UK at our offices and in our secure data centre(s). We will only transfer your data outside of the European Economic Area (EEA) where it is necessary for us to do so. Whenever we transfer your personal data out of the EEA, we ensure protection is afforded to it by ensuring at least one of the following safeguards is implemented: (a) We will only transfer your personal data to service providers located in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. (b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. (c) Where we use service providers based in the US, we may transfer personal data to them if they are certified under the Privacy Shield, which requires them to provide similar protection to personal data shared between the Europe and the US.
Security of personal data
We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those directors, employees and other third parties who have a business need to know. They will only use your personal data for specified purposes and are required to keep your personal data confidential. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
Retention of personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data, whether we can achieve those purposes through other means and applicable legal requirements.
Third party websites etc.
Our website may, from time to time, include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third party websites, plug-ins or applications and are not responsible, and do not accept any liability, for their compliance with data protection laws. When you leave this website, we encourage you to read the privacy policies of every website you visit or plug-in or application you download, in particular before submitting any personal data to those websites, plug-ins or applications.