1) TERMS OF WEBSITE USE
3) REVIEW POLICY
4) TERMS & CONDITIONS OF ADVERTISING
5) TERMS & CONDITIONS OF THE CV SEARCH FOR EMPLOYERS/RECRUITMENT AGENCIES
6) TERMS & CONDITIONS OF REVIEW WIDGETS
7) PRIZE DRAWS
8) INVITE TO REVIEW: DATA PROCESSING TERMS
1) TERMS OF WEBSITE USE
Information about us
Info@ke-ca.co.uk is a site operated by the Community Assembly of Penzance (“We”). We are an unaffiliated group of local residents concerned about the lack of democracy locally and nationally.
Accessing our site
Access to our site is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on our site without notice (see below). We will not be liable if for any reason our site is unavailable at any time or for any period.
You are responsible for making all arrangements necessary for you to have access to our site. You are also responsible for ensuring that all persons who access our site through your internet connection are aware of these terms, and that they comply with them.
In accessing any part of our site, you agree:
- not to use our site in such a way that disrupts, interferes with or restricts the use of our site by other users;
- not to reverse engineer, decompile, copy or adapt any software or other code or scripts forming part of our site; and
- not to change, modify, delete, interfere with or misuse data contained on our site and entered by or relating to any third party user of our site.
Material contained in our site must not be reproduced or exploited for commercial gain. All other rights are reserved and users must seek our permission before making any other use of material contained in our site.
Content Standards & Uploaded Content
These Content Standards apply to any content or comments posted or uploaded on our site. The Content Standards must be complied with in spirit as well as to the letter. We will determine, in our discretion, if such postings breach the Content Standards. We reserve the right to edit, not publish or to remove any content whether or not it complies with these Content Standards. Although our site is fully moderated, we are under no obligation to you or any other person to oversee, monitor or moderate our site or any other service we provide on our site and we may stop moderating our site at any time.
- Be genuinely held (where it states opinion)
- Be relevant
- Be written in English and comply with acceptable standards of spelling and grammar
- Comply with the laws applicable in England and Wales and in any country from which it is posted
Postings must not:
- Contain specific accusations of negligence, abuse or criminal activity.
- Be defamatory of any individual or organisation
- Be obscene, disrespectful, offensive, hateful, threatening, harassing or unlawful
- Promote discrimination based on race, sex, religion, nationality, disability, sexual orientation or age
- Contain abusive language
- Disclose the name, address, telephone, mobile or fax number, e-mail address or any other personal data in respect of any individual
- Be written in capitals
- Stereotype sections of society
- Name any organisations/businesses other than the organisation/business that is relevant to the listing, review etc…
- Infringe any copyright, database right or trade mark of any other person
- Breach any legal duty owed to a third party, such as a contractual duty or a duty of confidence
- Be in contempt of court or breach of a court order
- Impersonate any person, or misrepresent your identity or affiliation with any person
- Give the impression that the posting emanates from us if this is not the case
- Advocate, promote, incite any third party to commit, or assist any unlawful or criminal act
- Contain a statement which you know or believe, or have reasonable grounds for believing, that members of the public to whom the statement is, or is to be, published are likely to understand as a direct or indirect encouragement or other inducement to the commission, preparation or instigation of acts of terrorism
- Contain any advertising or promote any services or web links to other sites.
Content standards also apply to any videos uploaded to the site and, in addition to the general content standards listed above, the following specific standards (“Video Standards”) will apply:
- videos will only be posted by someone who has obtained all necessary rights and permissions to do so. Such rights and permissions will include (but not be limited to) licences and releases of any applicable copyright and performers’ rights licences and releases and consents under the General Data Protection Regulations (GDPR) Act from anyone shown in the video or whose personal data is used in the video;
- videos will comply with the laws applicable in England and Wales and in any country from which it is posted;
- videos will not contain strobing or flashing content or other material which carries a material risk of triggering migraines, photo-sensitive epilepsy or other conditions affected by visual material;
- videos will not contain any material which would prevent the video in question obtaining a PG rating as a maximum were it subject to classification by the BBFC under its then current guidelines.
Notice & Take Down Procedure: If you believe that content on our website may breach any of our Content Standards you can alert one of our moderators by clicking on the link provided or by emailing firstname.lastname@example.org. You will need to provide your email address and/or telephone together with a short explanation why you believe the content does not comply with our Content Standards. Reporting content will not automatically remove it, but will ensure we look at it as soon as possible. The moderators will then decide whether to remove it permanently or reinstate it.
License of Content: By submitting content to our site, you agree to grant us a non-exclusive, perpetual royalty-free, transferable and sub-licensable licence to use that content. Although you will still own the copyright in your content, we will have the right to freely use, edit, alter, reproduce, publish and/or distribute the material contained in your content. You further grant us the right to pursue at law any person or entity that violates your or Tomorrows Guides’ rights in the uploaded content by a breach of these terms.
Indemnification: You agree to indemnify and hold us harmless from and against any direct or indirect loss or damage (including consequential loss and loss of profits, goodwill or business opportunities) arising from any third party claim in relation to content you have uploaded onto our website or your breach of the provisions of these terms.
Social Media: We may have social media presence and may use Facebook and Twitter among other social media platforms. Please note that material posted by you to this site may be reposted or promoted by us on our social media platforms on the same conditions as apply to our website and subject to any additional conditions imposed by the platform in question. By posting to our website you are deemed to consent to any reposting or promotion by us using social media.
Intellectual property rights
We are the owner of all intellectual property rights in the material and data on our site, subject to the provisions in the intellectual property rights in the Content Standards and Uploaded Content (see above). Such rights include, but are not limited to:
- unregistered trade mark rights protecting our business and trading names;
- database rights protecting the data published on our site;
- copyright and design rights in the text and graphics on our site; and
- copyright in the software used on our site other than that licensed to us.
You must only use the materials and/or data on our site for personal and non-commercial purposes and in accordance with the terms below.
You may print off one copy, and may download extracts, of any page(s) from our site for your personal reference and you may draw the attention of others within your organisation to material posted on our site.
You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text.
Our status (and that of any identified contributors) as the authors of material on our site must always be acknowledged.
You agree to indemnify and hold us harmless from and against any direct or indirect loss or damage (including consequential loss and loss of profits, goodwill or business opportunities) arising from any third party claim in relation to your use of our site or your breach of the provisions of these terms.
Reliance on information posted
Commentary and other materials posted on our site are not intended to amount to advice on which reliance should be placed. We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents.
Our site changes periodically
We may update our site periodically, and may change the content at any time. If the need arises, we may suspend access to our site, or close it indefinitely. Any of the material on our site may be out of date at any given time, and we are under no obligation to update such material.
Limitation of our liability (All rights reserved)
The material displayed on our site is provided without any guarantees, conditions or warranties as to its accuracy. To the extent permitted by law and with all rights reserved, we, expressly exclude:
1 All conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity.
2 Any liability for any direct, indirect or consequential loss or damage incurred by any user in connection with our site or in connection with the use, inability to use, or results of the use of our site, any websites linked to it and any materials posted on it, including, without limitation any liability for:
2.1 loss of income or revenue;
2.2 loss of business;
2.3 loss of profits or contracts;
2.4 loss of anticipated savings;
2.5 loss of data;
2.6 loss of goodwill;
2.7 wasted management or office time; and
2.8 for any other loss or damage of any kind, however arising and whether caused by tort (including negligence), breach of contract or otherwise, even if foreseeable, provided that this condition shall not prevent claims for loss of or damage to your tangible property or any other claims for direct financial loss that are not excluded by any of the categories set out above.
This does not affect our liability for death or personal injury arising from our negligence, nor our liability for fraudulent misrepresentation or misrepresentation as to a fundamental matter, nor any other liability which cannot be excluded or limited under applicable law.
Our liability for losses suffered as a result of a breach of these terms by us is strictly limited to liability in respect of claims brought within one year of the material being first displayed on our site.
Information about you and your visits to our site
Use of your email address
When you send emails or request brochures through the profile pages, you are required to enter your email address. We will pass your email address on to the relevant organisation and/or their representative so that they can respond to your query.
Viruses, hacking and other offences
You must not misuse our site by knowingly or recklessly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack.
By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990 and other relevant laws in this and other jurisdictions. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.
We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any material posted on it, or on any website linked to it.
Linking to our site
You may link to our site, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. You must not establish a link from any website that is not owned by you. Our site must not be framed on any other site. We reserve the right to withdraw linking permission without notice.
If you wish to make any use of material on our site other than that set out above, please address your request to email@example.com
Links from our site
Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only. We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them.
Jurisdiction and applicable law
If you have any concerns about material which appears on our site, please contact firstname.lastname@example.org
Thank you for visiting our site.
We are committed to safeguarding the privacy of our website visitors and service users (both online and offline).
This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can access the privacy controls via logging into your Account.
In this policy, “we”, “us” and “our” refer to Tomorrow’s Guides Limited. For more information about us, see the section “Our details” below.
How we use your personal data
In this section we have set out:
- – the general categories of personal data that we may process;
- – in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;
- – the purposes for which we may process personal data; and
- – the legal bases of the processing.
We may process your email enquiries, brochure requests and callback requests data (“email enquiries data”). The email enquiries data may include names, email addresses, telephone numbers and postal addresses. The email enquiries data may be processed for the purposes of sending email enquiries, making brochure requests and callback requests to organisations who may respond/contact you. The legal basis for this processing is our legitimate interests, to provide website users with the ability to send enquiries/brochure requests to organisations and also to enable organisations to receive and respond to these enquiries/brochure requests.
We may process your website user account data (“website user account data”). The website user account data may include your name, email address, location and telephone number. The data may be processed for the purposes of managing your website user account, receiving survey emails and receiving marketing emails about our website services. The legal basis for this processing is our legitimate interests, in particular, to provide those with website user accounts with additional website functionality.
We may process your email newsletter data (“email newsletter data”). The email newsletter data may include your names and email addresses. The email newsletter data may be processed for the purposes of sending you the email newsletter. Where we are sending a newsletter using personal data collected from 25 May 2018, the legal processing is consent.
We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others. All rights reserved.
We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your personal data set out in this section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
Providing your personal data to others
We may disclose your personal data to any member of other Community Assemblies across the UK insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.
We may provide your personal data to third parties to the extent set out in the “How we use your data” section above. Furthermore, if your personal data is disclosed to another Community Assembly, which is then acquired by a third party, then your personal data may be disclosed to this third party.
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose the following categories of personal data to our suppliers or subcontractors insofar as reasonably necessary for the purposes outlined.
- a) organisation listing data to subcontractors for storage of data, sending emails and communications, processing of photos and videos and processing of transactions.
- b) email enquiries, brochure requests and callback requests data to our suppliers/sub contractors for storage of data and sending emails.
- c) reviews data to our suppliers/sub contractors for storage of data, back up of data, sending emails and communications, processing of review cards and IT support.
- d) recruitment data to our suppliers/sub contractors for storage of data, back up of data, sending emails and communication, IT support and collection of debtors.
- e) job applications data to our suppliers/sub contractors for storage of data, back up of data, sending emails and communications and processing of CVs.
- f) cv upload data to our suppliers/sub contractors for storage of data, back up of data, sending emails and communication and processing CVs.
- g) website user account data to our suppliers/sub contractors for storage of data, back up of data and sending emails.
Financial transactions relating to our website and services may be handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International transfers of your personal data
In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the UK.
– Website user account data of supplier or sub contractor.
– Email newsletter data of supplier or sub contractor.
In these cases, we will ensure that it will only be transferred to countries that have been identified as providing adequate protection for personal data or to a third party where we have approved a transfer mechanisms in place to protect your personal data. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Retaining and deleting personal data
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We will retain your personal data as follows:
- – Usage data is retained for a maximum of 50 months.
- – Transaction data is retained for a maximum of 6 years.
- – Website users accounts are retained for a maximum of 3 years from date of last log in unless they are connected to a listing organisation.
- – Email newsletter data is retained as long as the subscriber wishes to continue to receive the monthly newsletter.
Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Security of personal data
We will take appropriate technical and organisational precautions to secure your personal data and to prevent the loss, misuse or alteration of your personal data.
We will store all your personal data on personal computers and mobile devices, and in manual record-keeping systems.
The following personal data will be stored by us in encrypted form: password(s).
Data relating to your enquiries and financial transactions that is sent from your web browser to our web server, or from our web server to your web browser, will be protected using encryption technology.
You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You should ensure that your password is not susceptible to being guessed, whether by a person or a computer program. You are responsible for keeping the password you use for accessing our website confidential and we will not ask you for your password (except when you log in to our website).
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of significant changes to this policy by email or through displaying a message in your account.
In this section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
- a) the right to access;
- b) the right to rectification;
- c) the right to erasure;
- d) the right to restrict processing;
- e) the right to object to processing;
- f) the right to data portability;
- g) the right to complain to a supervisory authority; and
- h) the right to withdraw consent.
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
To the extent that the legal basis for our processing of your personal data is:
- a) consent; or
- b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. In the UK, this is the Information Commissioner’s Office but you may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
You may exercise any of your rights in relation to your personal data by written notice to us.
Third party websites
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Personal data of children
Our website and services are targeted at persons over the age of 16.
If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Acting as a data processor
In respect of the “invite to review” feature, we do not act as a data controller; instead, we act as a data processor.
Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
https://support.apple.com/kb/PH21411 (Safari); and
Blocking all cookies will have a negative impact upon the usability of many websites.
If you block cookies, you will not be able to use all the features on our website.
This website is owned and operated by the members of the Community Assembly of Penzance.
You can contact us:
using our website contact form; or
by telephone, on the contact number published on our website from time to time.
8) INVITE TO REVIEW: DATA PROCESSING TERMS
1.1. In this section; Invite to Review: Data Processing Terms; the following terms shall have the meanings given to them below:
“Data Processing Details” means the details listed in the table at the end of this section;
“Data Protection Legislation” means all laws, regulations, legislative and regulatory requirements and codes of practice applicable to the Processing of Personal Data including, without limitation, the UK Data Protection Act 1998 and any regulations, instruments or codes of practice issued pursuant to that Act, Directive 95/46/EC of the European Parliament and of the Council of October 24 1995 and any successor legislation replacing, repealing or amending those laws, including the GDPR;
“Effective Date” means the date of your Order
“GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data;
“Order” means your order for the Services;
“our Personnel” means our employees and individual sub-contractors;
“Services” means the Invite to Review service to be provided to you under the Order; and
“you” or “your” means the entity placing the Order; and
“your Personal Data” means Personal Data which is Processed on behalf of you as described in further detail in the Data Processing Details;
1.2. “Controller”, “Data Subjects”, “Personal Data”, “Processor” and “Processing/Process” shall have the meanings given to them in the Data Protection Legislation applicable from time to time.
2.1. The subject matter, nature and purpose and duration of the Processing of your Personal Data under the Order is set out in the Data Processing Details.
2.2. You are a Controller and we are a Processor of your Personal Data.
2.3. You instruct us to Process your Personal Data as required to perform the Services in accordance with the Order.
- Your obligations in relation to Processing of your Personal Data
3.1. You shall comply with all your obligations as a Controller under the Data Protection Legislation in respect of your Personal Data.
3.2. Without prejudice to the generality of Section 3.1, you shall ensure that the Processing of your Personal Data by us in accordance with the Agreement is lawful for the purposes of the Data Protection Legislation.
- Our obligations in relation to Processing of your Personal Data
4.1. We shall:
4.1.1. Process your Personal Data only pursuant to and in accordance with written instructions from you, which are set out in Clause 2.3 above;
4.1.2. Process your Personal Data only as necessary for the purposes of performing the Services in accordance with the Order;
4.1.3. Process your Personal Data in compliance with all its obligations as a Processor under applicable Data Protection Legislation;
4.2. We shall not transfer any your Personal Data to any place outside the European Economic Area unless and until the following conditions are fulfilled:
4.2.1. we take all steps necessary to ensure that at least one of the conditions required by the Data Protection Laws for transfers of personal data outside the European Economic Area (a “transfer mechanism”) is complied with in respect of such transfer
4.3. We shall:
4.3.1. ensure that access to your Personal Data is limited to our Personnel who have a reasonable need to access your Personal Data to enable us to perform our obligations under the Order and is limited to such part or parts of your Personal Data as are strictly necessary;
4.3.2. take reasonable steps to ensure the reliability of any of our Personnel who have access to your Personal Data including without limitation ensuring that all our relevant Personnel are informed of the confidential nature of your Personal Data and agree to treat it as confidential information, have undertaken training in the laws relating to handling Personal Data, and are aware of our duties in respect of your Personal Data;
4.3.3. have in place appropriate security measures (both technical and organisational) which comply with the security requirements of the Data Protection Legislation applicable from time to time;
4.3.4. not engage any third party to process your Personal Data without your prior specific or general written authorisation. Any third party providers listed in the Data Processing Details shall be deemed to have been authorised by you. You also now generally authorise us to engage third parties to process your Personal Data in connection with the Services; in the case of a general written authorisation, we shall inform you at least 14 days in advance of any intended changes concerning the addition or replacement of any third party subcontractor, and if you object to any such changes before their implementation, then the parties will discuss the objection and attempt to agree a mutually acceptable resolution in good faith;
4.3.5. ensure that where we engage a subcontractor to Process any of your Personal Data, this will be subject to a written agreement between us and the sub-contractor that imposes equivalent obligations on the sub-contractor as are imposed on us under this Addendum;
4.3.6. assist you in responding to requests from Data Subjects relating to the exercise of their rights under Data Protection Legislation in relation to your Personal Data;
4.3.7. provide you with any relevant information necessary to enable you to comply with your obligations under Data Protection Legislation in relation to security, breach notification, data protection impact assessments and prior consultation in relation to your Personal Data. We may charge you at our standard time-based charging rates for any work performed by us at your request pursuant to Clauses 4.3.6 and 4.3.7.
4.4. We shall notify you as soon as practicable:
4.4.1. of any accidental or unlawful loss, alteration, destruction, unauthorised disclosure of, or access to, any of your Personal Data, in which case we shall provide you with any relevant information available to us in order to assist you with its obligations under Data Protection Legislation in relation to the security breach;
4.4.2. if we receive any complaint or regulatory notice which relates to the Processing of any of your Personal Data;
4.4.3. if we receive any request from a Data Subject relating to their rights under the Data Protection Legislation in respect of your Personal Data relating to them; or
4.4.4. if we consider that an instruction from you infringes applicable Data Protection Legislation.
4.5. Upon termination or expiry of the Order, or at the point at which we cease to perform the Services for you, we shall delete and/or return any your Personal Data stored within our systems or otherwise in our possession in accordance with the retention and deletion procedure detailed in the Data Processing Details.
4.6. Notwithstanding anything else in this Section, we may Process your Personal Data otherwise than in accordance with your instructions if and to the extent that it is required, by any applicable law to which we are subject, to Process your Personal Data otherwise than in accordance with your instructions, provided that we inform you of that legal requirement before carrying out such Processing unless prohibited by that law from doing so.
4.7. We shall make available to you all information necessary to demonstrate our compliance with our obligations under this Section, which may (without limitation) be done by making such information available via our website. We shall permit you or a third party auditor appointed by you to carry out audits of our systems and processes for the purpose of verifying our compliance with our obligations under this Section, and to contribute to such audits, provided that:
4.7.1. you give reasonable written notice of any audit to us;
4.7.2. any audit takes place within our normal working hours;
4.7.3. audits take place on a periodic basis;
4.7.4. all personnel who carry out the audit sign appropriate confidentiality agreements;
4.7.5. you pay any of our reasonable costs incurred in connection with an audit, unless the audit reveals that we are in breach of its obligations under this Section; and
4.7.6. the personnel shall have no right to direct, and we shall have no obligation to carry out, any act in pursuance of an audit which would be a breach of Data Protection Legislation.
- Limitations of liability
5.1. We shall have no liability to you for any losses or damages arising as a result of:
5.1.1. you failing to comply with your obligations under this Section;
5.1.2. your breach of Data Protection Legislation; and
5.1.3. us complying with any instruction given by you in relation to the Processing of your Personal Data.
- Changes in Data Protection Legislation
6.1. If any changes or prospective changes to the Data Protection Legislation or the United Kingdom’s exit from the European Union or European Economic Area result or will result in one or both Parties not complying with the Data Protection Legislation in relation to Processing of your Personal Data carried out under the Order, then the Parties shall use their best endeavours promptly to agree such variations to this Addendum and/or the Order as may be necessary to remedy such non-compliance.
DATA PROCESSING DETAILS
Subject matter of Processing: your Personal Data is Processed by us in connection with providing the Services to you pursuant to the Order.
Nature of Processing: The Processing of your Personal Data will be a substantial, necessary and integral part of the performance of the Services.
Purpose of Processing: Provision of the Services.
Duration of Processing: The Processing will take place during the term of the Order.
Categories of Data Subjects: Residents/Service Users and their Family/Friends.
Types of Personal Data that may be Processed: The types of
Personal Data may include name, contact details (including phone number and email), location, IP address and other online identifiers and connection to the provider.
Approved sub-Processors: We use the following organisations as third party sub-processors: Microsoft Azure (server hosting), BackupVault (database back up) and AuthSMPT (email provider).
Retention & Deletion Process:
– We will retain the email address and other personal details, as above.
– You can request for an email address and other personal information, as above, to be deleted at any time
– If we receive a request for erasure, we will opt them out of the email and inform the person that they need to make the request for erasure to you as you are the data controller. It is your obligation to ensure that you do not provide us with their details again