The DPA & GDPR May 2018
EEVT and the organisations website complies to the DPA (Data Protection Act 1998) and already complies to the GDPR (General Data Protection Regulation) which comes into effect from May 2018. We will update this policy accordingly after the completion of the UK’s exit from the European Union.
Data Sharing Code of Practice
EEVT are registered with the ICO, registration reference ZA124285, and fully comply with their data sharing code of practice. Our nominated data controller is Steve Lawrence, who can be contacted on firstname.lastname@example.org. The ICO is the Information Commissioner’s Office and it is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The Eight DPA Principles:
- Fairly and lawfully processed.
- Processed for limited purposes.
- Adequate, relevant and not excessive.
- Not kept for longer than is necessary.
- Processed in line with your rights.
- Not transferred to other countries without adequate protection.
We are committed to safeguarding the privacy of this website visitors; this policy sets out how we will treat your personal information.
(1) What information do we collect?
We may collect, store and use the following kinds of personal data:
a) Information about your computer and about your visits to and use of this website, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views
b) Information that you provide to us for the purpose of registering with us (including email address)
c) Information that you provide to us for the purpose of subscribing to this website services, email notifications and/or newsletters (including email address)
d) Any other information that you choose to send to us.
We may send a cookie which may be stored on by your browser on your computer’s hard drive. We may use the information we obtain from the cookie in the administration of this website, to improve the website’s usability and for marketing purposes. We may also use that information to recognise your computer when you visit this website, and to personalise this website for you.
Most browsers allow you to refuse to accept cookies. (For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.) This will, however, have a negative impact upon the usability of many websites, including this one.
(3) Using your personal data
a) Administer the website
b) Improve your browsing experience by personalising the website
c) Enable your use of the services available on the website
d) Send you general (non-marketing) commercial communications which you have asked us to
send by opting in.
e) Send you email notifications which you have specifically requested
f) Send to you our weekly newsletter and other marketing communications (relating to our
business) which we think may be of interest to you by post or, where you have specifically
agreed to this, by email or similar technology (you can inform us at any time if you no longer
require marketing communications to be sent by emailing us at email@example.com
g) Provide third parties with statistical information about our users – but this information will
not be used to identify any individual user
h) Deal with enquiries and complaints made by or about you relating to the website
i) We will not without your express consent provide your personal information to any third
parties for the purpose of direct marketing
j) You can unsubscribe at any time using the unsubscribe facility at the end of our emails.
(4) Other disclosures
a) To the extent that we are required to do so by law
b) In connection with any legal proceedings or prospective legal proceedings
c) In order to establish, exercise or defend our legal rights (including providing information to
others for the purposes of fraud prevention and reducing credit risk)
d) To the purchaser (or prospective purchaser) of any business or asset which we are (or are
(5) Security of your personal data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. We will store all the personal information you provide on our secure servers. Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential. We will not ask you for your password.
(6) Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for six years after they cease being clients for tax and other regulatory purposes.
In some circumstances you can ask us to delete your data
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
(7) Policy amendments
(8) Your rights
You may instruct us to provide you with any personal information we hold about you. Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee (currently fixed at £10.00) if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure
your right to access your personal data (or to exercise any of your other rights). This is a security
measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We may also contact you to ask you for further information in relation to your request to speed up
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
(9) Third party websites
The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.
(10) Updating information
Please let us know if the personal information which we hold about you needs to be corrected or updated.