Privacy & Policy Statement
Everyday our business will receive, use, and store information about a range of data subjects, including but not limited to customers, suppliers, job applicants, and general enquiries. This policy sets out how we ensure that this information is processed lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’) and how we will treat your personal information when you use www.tamarvalleyfoodhubs.org.uk or services of Tamar Grow Local CIC.
We are committed to safeguarding the privacy of our volunteers, staff, customers, supporters and visitors and we take our data protection duties seriously. Because we respect your privacy, we will not sell or otherwise transfer your information to third parties for marketing purposes without your explicit consent.
About this policy
Tamar Grow Local CIC is responsible for ensuring compliance with the Data Protection Requirements and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to your usual contact at Tamar Grow Local; if you are unsure who to contact then write or call the Tamar Grow Local team: [email protected] or 01579 208412
What is personal data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession). Processing is any activity that involves use of personal data. It includes obtaining, recording, holding or transferring data; organising, amending, retrieving, using, disclosing, erasing or destroying it.
Data Protection Principles
As your data controller, we will ensure that your personal data is:
1. Processed fairly, lawfully and in a transparent manner.
2. Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose.
3. Adequate, relevant and limited to what is necessary for the intended purposes.
4. Accurate, and where necessary, kept up to date.
5. Kept in a form which permits identification for no longer than necessary for the intended purposes.
6. Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
7. Not transferred to people or organisations situated in countries without adequate protection and without firstly having advised the individual.
8. Processed fairly, lawfully and in a transparent manner.
9. Collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose.
10. Adequate, relevant and limited to what is necessary for the intended purposes.
11. Accurate, and where necessary, kept up to date.
12. Kept in a form which permits identification for no longer than necessary for the intended purposes.
13. Processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
14. Not transferred to people or organisations situated in countries without adequate protection and without firstly having advised the individual.
Fair and Lawful Processing
The Data Protection Requirements are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual. In accordance with the Data Protection Requirements, we will only process personal data where it is required for the following lawful purposes: where the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, in the legitimate interests of the business, or where the individual has given their consent.
Accurate Data
We will ensure that personal data we hold is accurate and kept up to date. We will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. We will take all reasonable steps to amend or destroy inaccurate or out-of-date data.
Timely Processing
We will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. We will take all reasonable steps to destroy, or erase from our systems, all data which is no longer required.
Processing in line with Data Subject’s Rights
We will process all personal data in line with data subjects’ rights, in particular their rights to:
1. Confirmation as to whether or not personal data concerning the individual is being processed.
2. Request access to any data held about them.
3. Request rectification, erasure or restriction on processing of their personal data.
4. Lodge a complaint with a supervisory authority.
5. Data portability.
6. Object to processing, including for direct marketing.
7. Not be subject to automated decision-making including profiling in certain circumstances.
Data Security
We take appropriate and adequate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. We have in place password procedures to maintain the security of all personal data from the point of the determination of the means for processing and point of data collection to the point of destruction. Additionally, we use a secure connection when collecting personal financial information from you, which conforms to PCI standards. All forms which request credit card or bank details use the SSL (Secure Sockets Layer) protocol for encryption. Wherever possible, we will store all personal data inside the European Economic Area (EEA). Any time that data is transferred outside the EEA, we ensure that exactly the same provisions on data security and processing are applied.
What information do we collect?
We may collect, store and use the following kinds of personal data:
• Information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type, referral source, length of visit and number of page views)
• Information that you provide to us for the purpose of registering with us.
• Your contact details provided to us when you have booked events or opted in to receive newsletters, giving us permission to contact you regarding our events.
• Your contact details that you gave us and agreed we could contact you if you met us at one of our events.
• Your contact details if you have ordered from us and opted in to give us permission to contact you about our services and events.
• Information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters
• Any other information that you choose to send to us
Why we have your personal data & how we use it
We collect and use your data only as necessary for the purposes of which it was obtained.
We may use your information for the purposes of…
• To process and ship your orders
• For you to access and use our payment platform
• Account maintenance – to create and maintain accounts with us
• Provide Customer service – to provide you with customer service including response to enquiries, complaints and general feedback about our products. This may be fulfilled by telephone, email and letter
• Consumer engagement – to get your more actively engaged with our products and offers.
Disclosures
We may disclose information about you to [any of our employees, officers, agents, suppliers or subcontractors] insofar as reasonably necessary for the purposes as set out in this privacy policy.
In addition, we may disclose information about you:
• To the extent that we are required to do so by law;
• In connection with any legal proceedings or prospective legal proceedings;
• In order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk); and
• To the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling
• Except as provided in this privacy policy, we will not provide your information to third parties, or sell you information to any organisations.
Your rights
You may instruct us to provide you with any personal information we hold about you and we will provide you with an opportunity to opt out of the use of your personal data. You may instruct us not to process your personal data for our own marketing purposes by email at any time. (In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.)
Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites and we will provide you with an opportunity to opt out of the use of your personal data.
Changes to this Policy
Our Privacy Policy may change from time to time. The amended version will be published on our website and any significant changes will be communicated to you either on the website or directly. This will replace any previous privacy policy. You should check this page occasionally to ensure you are happy with any changes.