Privacy Notice Guidance
This is a general template for a GDPR compliant Privacy Notice, which can be customised to suit your business needs and offers generic guidance for use. It is important to understand your notification responsibilities and to customise this template to ensure it is relevant and compliant.
The ICO have also published guidance and examples on their website for Privacy Notices; what should be included and suggested formats - Privacy Notice Guidance
Privacy Notice vs Privacy Policy – the two terms are used interchangeably, and there is no universally defined difference; however, some definitions suggest a Privacy Notice is the content presented at the time personal data is obtained (pop-up, on-screen, paper form etc); whereas the Privacy Policy is a constant poster, website page, link that is always available for visitors/individual to read – both having the same content.
REMEMBER: You are obligated to provide a privacy notice to ALL individuals when you process their personal data, but the context/content of the notice will vary depending on the legal basis you are processing under.
Consent
If you are using consent as your lawful basis for processing, you must evidence that consent has been obtained via an affirmative action (i.e. signature, non-ticked box). We have provided some consent form templates which can be used in hard copy forms, at the bottom of a privacy notice or accompanying your electronic/website privacy notice if you are obtaining consent. You can also use your own consent form for each data subject, with an unticked, opt-in box or affirmative action mechanism for each processing activity.
If your services are provided to children, you must use child-friendly language in your notice, include any risks of providing data and if relying on consent, verify the age (under 13 for UK) and gain parental consent where applicable (template provided in Consent & Withdrawal Template). You will also need to customise the sections on Non-EU Transfers and Legitimate Interests if applicable, stating the reasons and safeguard mechanisms.
Marketing
When sending marketing materials to customers, you have the option to use consent or legitimate interests, so we have added examples for each (which you can remove if you do not send marketing).
You can only use legitimate interests for marketing if you have assessed that the information being sent is relative and beneficial to the customer, that you have weighed their interests against your own, there is little to no risk posed, the method & content is non-intrusive, and the material being sent is something a customer would usually expect to receive and you offer the option to opt-out.
Privacy Notice
Who We Are
UK Race Support Limited (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
UK Race Support Limited trades at UK Race Support Limited, Clover Ct, Tibshelf, Alfreton DE55 5JA. We act as the data controller when processing your data. Our designated Data Protection Officer/Appointed Person is Simon Westwood who can be contacted at UK Race Support Limited, 2 Clover Ct, Tibshelf, Alfreton DE55 5JA at info@ukracesupport.co.uk.
Information That We Collect
UK Race Support Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we collect from is: -
- Name
- Home Address
- Business Email
- Home Telephone Number
- Mobile Telephone Number
We collect information in the below ways: -
Via Email
Telephone, verbally.
On-line forms.
Hard copy forms – Application forms etc.
Electronic platforms (e.g. Sage, Quickbooks, Xero etc)
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, Paypal information, email address, and phone number. We refer to this information as “Order Information.”
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information and Order Information.
How We Use Your Personal Data (Legal Basis for Processing)
UK Race Support Limited takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud; and
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
Your Rights
You have the right to access any personal information that UK Race Support Limited processes about you and to request information about: -
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Safeguarding Measures
UK Race Support Limited takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: -
- Keeping passwords secure, and change them regularly and never share them.
- Keeping screens locked and/or logged off computers when away from a desk.
- Dispose of confidential paper securely by shredding or using secure waste bins.
- Keeping desks clear and lock away confidential material when away from desk/office.
- Keep restricted areas locked.
- Ensure confidential information is not visible through windows or doors (i.e. computer screen, paper trays, note pads, whiteboards etc).
- Encrypt any information that is taken off site.
- Use firewalls, anti-virus and malware software on all networks and devices.
How Long We Keep Your Data
UK Race Support Limited only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
CONSENT EXAMPLE
Occasionally, UK Race Support would like to contact you with the products/services/promotions] that we provide. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting UK Race Support directly.
If you consent to us contacting you with the above-mentioned marketing and offers, please tick to say how you would like to be contacted: -
Post ☐ Email ☐ Telephone ☐ Text Message (SMS) ☐ Automated Call ☐
Lodging A Complaint
UK Race Support Limited only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
[Insert Organisation Name]
[Insert Data Protection Officer Name]
[Insert Organisation Address]
[Insert Organisation telephone and email]
[Insert Supervisory Authority]
[Insert Supervisory Authority Address]
[Insert Supervisory Authority telephone and email]