You acknowledge and agree that your personal data may be processed in accordance with this policy. Without this, we will be unable to provide you with certain marketing communications.
We are the data controller in respect of any personal data we collect about you.
We have appointed a data protection officer who is responsible for monitoring our data protection compliance.
2. COLLECTION OF YOUR PERSONAL DATA
We collect and process the following information about you; this is for the purposes explained in section 3.
• Information you give us Name, email address (personal and/or work), postal address, encrypted password(s), telephone number(s), date of birth, gender, interests, preferences, and competition entry details and answers
• Information automatically collected from you When you visit or use any of our Digital Applications, we automatically collect certain information from you (the majority of which is from a server log), including:
• geo-location data
• operating system and browser type
• domain name requested
• server log details
• browser language
• access times
• application version, platform and settings
• URL of the website you visited before browsing to our websites
• time you spent on each page visited
• URLs of the pages you visited on our websites
• IP address used to connect your computer or mobile device to the internet
• other information about your use of and actions on our websites
We may record or monitor calls, emails, text messages and other correspondence for training purposes to improve the quality of our offering and to prevent and detect fraud.
• Information collected from third parties
Google analytics – collects information about how visitors use our Digital Applications.Doubleclick (Data collection for Google Adwords) – collects information about how visitors use our Digital Applications.Authentication information – see section 10
3. USE OF YOUR PERSONAL DATA
We may use your personal data for any or all of the following purposes:
• to provide a high level of customer service (including assisting with any of your enquiries and bookings) and to notify you of any security and data breach alerts, and technical notices (including services messages and updates to our Digital Applications and terms);
• to help operate, maintain and improve our offering and our Digital Applications;
• to communicate with you about our offers, promotions, upcoming events, reviews and other news or those of our selected partners – this may be via email, telephone, text message and/or push notification – you can change your marketing preferences (including the way in which we contact you) by contacting The Mighty Society directly vie email or telephone.
• to facilitate profiling, segmentation and personalisation – these may be based on location, preferences, interests and past actions.
• to meet our legal obligations and for establishing, exercising or defending our legal rights;
• to compile reports and to help us understand and improve our Digital Applications; and
• to enable us to carry out targeted online advertising more likely to be relevant to you.
4. SHARING OF YOUR PERSONAL DATA
We sometimes need to share the personal information we process with other organisations and, where necessary or required, we may share your personal data with the following categories of third parties:
• service providers and suppliers assisting with our business activities, business associates, customers, payment services providers, hosting providers, providers of IT support, advertising platforms, providers of booking systems, providers of cloud-based software or services used by us, accounting firms and law firms;
• ombudsman, regulators, public authorities and security organisations, such as the police, HM Revenue & Customs and the Information Commissioner’s Office, to the extent required by law, regulation, court order or if necessary to establish, exercise or defend our legal rights, including if we suspect fraud or attempted fraud;
• companies in the same group as us;
• current, past and prospective employers, recruitment and employment agencies, trade and employer associations and professional bodies and educators and examining bodies;
• financial organisations and advisors, credit reference agencies, debt collection and tracing agencies, and tenants;
• staff including volunteers, agents and temporary and casual workers;
• family, associates and representatives of the person whose personal data we are processing;
5. TRANSFER OF YOUR PERSONAL DATA OUTSIDE OF THE UK OR THE EUROPEAN ECONOMIC AREA (EEA)
Some third parties to whom we may transfer your personal data may be located outside of the UK or the EEA. In the event of a transfer, we will seek to ensure that appropriate safeguards to protect your data are in place which could include entering into a data transfer agreement with such third parties to ensure adequate protection for your information. Examples of the types of contractual clauses we may use can be found at the following link: http://ec.europa.eu/justice/data-protection/intern….
6. LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA
We will process your personal data where it is necessary:
• for the performance or entering into of a contract with you, including in order to provide our offering, process your payment and to respond to enquiries and bookings made by you;
• for compliance with our legal obligations;
• for the purpose of furthering our legitimate interests including to:
• improve our offering and Digital Applications;
• operate our Digital Applications efficiently and effectively;
• carry out behavioural advertising; and
• prevent, detect and investigate fraud or illegal activity.
We may also process your personal data on the basis of any consent given by you. This consent may be updated by visiting our preference centre – see section 12*.
7. PROTECTION OF YOUR PERSONAL DATA
We are committed to protecting your personal data and to keeping it safe and confidential. We will therefore ensure that appropriate technical and organisational physical, electronic and procedural safeguards are implemented to protect it. Access to your personal data will also be limited to our employees and certain third parties who process it on our behalf.
8. STORAGE OF YOUR PERSONAL DATA
Your personal data will generally be stored for up to 5 years.
We may, however, keep your personal data for longer than 5 years if we need it to fulfil our contractual obligations to you, the law requires us to maintain it for a longer period or you have not withdrawn your consent.
9. YOUR RIGHTS
You have the following rights, albeit some of them only apply under certain circumstances:
• to have a copy of the personal data we have collected about you and to send a copy of it to another data controller;
• to update or amend the personal data we have collected about you if it is inaccurate or incomplete;
• to erase, or restrict the processing of, the personal data we have collected about you;
• to object to the processing of the personal data we have collected about you, including in respect of any data processed for direct marketing purposes;
• to withdraw any consents you have provided in respect of our processing of your personal data; and
• to lodge a complaint with the Information Commissioner’s Office (www.ico.org).
To exercise any of these rights, please contact us – see section 11.
If you want to amend your personal data or preferences, please visit our preference centre – see section 12*.
10. CONNECTING TO THIRD PARTY SERVICES INCLUDING SOCIAL NETWORKS
Our offering may contain links to third-party apps, services, tools and websites that are not affiliated with, controlled or managed by us (including Facebook, Instagram, LinkedIn and Twitter®) and these services and links may also include social networking features (such as the Facebook® “Like” button and widgets, “Share” buttons, and other interactive mini-programs). Additionally, you may choose to use your own social networking logins from, for example, Facebook or LinkedIn® to log into some of our services. If you choose to connect using a social networking or similar service, we may receive and store authentication information from that service to enable you to log in and other information that you may choose to share when you connect with these services. These services may collect information, such as the web pages you visited and IP addresses, and may set cookies to enable features to function properly. We are not responsible for the security or privacy of any information collected by these third parties. You should review the privacy statements or policies applicable to the third-party services you connect to, use or access as the privacy practices of these third parties will be governed by their own privacy statements. If you do not want your personal information shared with your social media account provider or other users of the social media service, please do not connect your social media account with your account for the services we provide and do not participate in social sharing.
11. CONTACT INFORMATION AND UPDATING YOUR PREFERENCES
If you have any comments or questions, please contact us at The Mighty Society, Timsons Business Centre, Bath Road, Kettering, Northamptonshire, NN16 8NQ (marked for the attention of our Data Protection Officer), via phone (01536 419934) or via email ([email protected])
If at any time you wish to change how we communicate with you or what we communicate with you about, please contact us on the above details.
To unsubscribe from any of our marketing-related activities, please follow the link at the bottom of any of our e-communications. Alternatively, please contact us at [email protected] and we will process your request.
12. CHANGES TO THIS POLICY
From time to time we may change this policy. Changes made to it will be notified to you. If you do not accept the changes within the specified timeframe (which will be no less than 30 days) we may have to cease providing you with access to our offering and/or our Digital Applications.