This privacy notice contains how we receive and use your personal data when using our site www.demla.org. In supplying data to us, you certify to us that you are of 13 years of age or over.
DEMLA (Devon and Exeter Medico-Legal Association) is the data controller, and we (referred to as “we”, “us” or “our” in this privacy notice) are responsible for your personal data.
Full name of legal entity: DEMLA (Devon and Exeter Medico-Legal Association)
Email address: firstname.lastname@example.org
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com
- WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT PURPOSE AND ON WHAT GROUND WE PROCESS IT
Definition of personal data: any information relating to an individual (not including anonymised data).
We may use personal data about you in the following instances:
- Communication Data including any communication you send to us, through the website contact form, email, text, social media messaging and posting, or any other form of communications. The reason for using this data is to communicate with you, to keep record and for the establishment, pursuance or defence of potential legal claims. Our lawful ground for this processing is our legitimate interests to communicate with you.
- Customer Data including data needed for any services such as your name, title, billing address, delivery address, email address, phone number, contact details, purchase details and your card details. This data is used in order to supply your requested services and to keep a record. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.
- User Data including data regarding how you use our website and any online services together with any data that you post publicly on our website or through other online sources. We use this data to run our website and ensure that relevant content is provided for you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. Our lawful ground for this processing is our legitimate interests which in this instance is to enable us to properly administer our website and our business.
- Technical Dataincluding data regarding your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this instance is to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
- Marketing Dataincluding data about your preferences in receiving marketing messages from us and our third parties and your communication preferences. We process this data to enable you to partake in our promotions such as competitions, prize draws and free give-aways, to deliver relevant website content and advertisements to you and measure or understand the effectiveness of this advertising. Our lawful ground for this processing is our legitimate interests which in this instance is to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.
- We may use Customer Data, User Data, Technical Data and Marketing Data to deliver relevant website content and advertisements to you (including Facebook adverts or other display advertisements) and to quantify or understand the effectiveness of the marketing we give you. Our lawful ground for this processing is legitimate interests which in this instance is to grow our business. We may also use such data to send other marketing communications to you.
- HOW WE COLLECT YOUR PERSONAL DATA
Data provided directly from you may be collected, for example, e-mails, social media messages or website forms. Data may automatically be collected through your use of our website using technologies such as cookies.
Third parties may send relevant data to us such as analytics providers (for example, Google, Facebook), providers of technical, payment and delivery services such as aggregators or data brokers.
Data may also be sent to us from public sources such as Companies House and the Electoral Register.
- MARKETING COMMUNICATIONS
Our lawful ground for processing your personal data is for the purposed of sending you marketing communications, either with your consent or in our legitimate interests (to expand our organization, for example).
Under the Privacy and Electronic Communications Regulations, we may get in touch with you with marketing communications if (i) you previously purchased goods/services from us or, inquired about our goods or services or (ii) you have given permission to get marketing communications and in both circumstances you have not since expressly opted out of receiving such communications from us. Further, under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can at any time opt out of getting these.
Should any third party want the use of your personal data, we will expressly receive your consent before we share that data.
If at any time you wish to opt out of being in receipt of marketing messages from us, you can do so by following the relevant opt-out links on any message received OR by emailing firstname.lastname@example.org telling us so.
If you do opt out of receiving further marketing communications from us, this does not include any personal data we have from your transactions with us, such as purchases.
- DISCLOSURES OF YOUR PERSONAL DATA
We may have to allow the parties set out below to view your personal data:
- Unrelated companies who provide services to us.
- IT and system administration services providing service to us.
- Professional advisers such lawyers, bankers, auditors and insurers.
- Government bodies that need us to report processing activities.
- Third parties to whom we transfer, or merge parts of our organisation or our assets.
We assure that all third parties to whom we allow access to your data to respect its confidentiality and to abide lawfully in its handling. Your personal data will only be allowed to be viewed by third parties such as those outlined above, in specific circumstances where it is necessary.
- INTERNATIONAL TRANSFERS
The levels of data protection outside of the European Economic Area (EEA) are not always the same. Therefore, unless specific criteria is met, the European law prohibits personal data from being shared outside of the EEA.
A majority of our third-party service providers operate outside of the EEA meaning your personal data will be used outside of the EEA.
Because of this, we take extra precaution to assure a closely similar degree of security of data by putting the following safeguards in place:
- Your personal data shall only be shared to countries approved by the European Commission as having acceptable personal data protection; or
- Certain service providers will be required to use specified contracts and/or codes of conduct and certification systems that have been approved by the European Commission as giving the same personal data protection as that given within Europe; or
- US-based providers that are part of the EU-US Privacy Shield have equal safeguards for personal data, therefore we may share data with them.
If the above safeguards are not possible, we would obtain your express consent for sharing personal date. At any time, you have the right to retreat that given consent.
- DATA SECURITY
To ensure your personal data is not accidentally lost, used, accessed, altered or disclosed without right, security measures have been put in place. Access to data is only given to those employees and/or partners who have a need for business purposes. These employees/partners will use your personal data only under our guidelines and understanding of confidentiality.
Further, we will be made aware of any suspicion of a breach of personal data confidentiality due to systems we have in place. You would be notified in such a time this breach was to occur.
- DATA RETENTION
Your personal data will only be retained on our system for as long as is necessary to fulfil its reason for being used. this includes the purpose of satisfying any potential requirements for legal, accounting or reporting purposes.
To decide what appropriate length of time personal data should be kept we take into consideration the following: its volume, nature and sensitivity, potential risk of abuse from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
The law requires us to retain basic personal data regarding our customers for tax purposes (such as Contact, Identity, Financial and Transaction Data) for six years post customer status.
We may use this anonymise this information and use it indefinitely without further notice to you if needed for research or generating statistics.
- YOUR LEGAL RIGHTS
You have the right to request the following, under data protection laws in place regarding your personal data:
- to object to processing,
- to portability of data and to withdraw permissions given
More information regarding these rights can be found below:
Should you wish to act upon any of these rights, please email email@example.com expressing so.
There will be no fee payable for you to access your personal data held (or any of the other rights in place regarding your personal data). However, a reasonable fee may be payable if your request is:
- excessive or,
- refuse to comply with your request in these circumstances.
In order to confirm your identity and provide you with access to your personal data, we may request specific information. This security system is in place to ensure your personal data is not wrongly shared with unauthorised person(s). Any further information we ask you for is to speed up our response to your request.
Legitimate requests are aimed to be responded to within four weeks. It may take longer if your request is especially complicated or high in volume; if this is true we will advise you.
If you are unhappy with how we use your personal data, you have right to lodge a complaint to the Information Commissioner’s Office (ICO) – the UK supervisory authority for data protection issues (www.ico.org.uk). If you do have a complaint we would be grateful if you contact us first, so we can try to resolve it directly.
- THIRD-PARTY LINKS
Our website may include links to third-party websites, plug-ins and applications. Should you click on those links or engage with them, this may enable third parties to use your personal data. These are third parties and thus we do not have control or responsibility over their privacy measures. Should you leave our website for another, we would encourage you to view and understand their privacy notice.
Services will be provided by:
DEMLA (Devon and Exeter Medico-Legal Association).
Effective Date: May 25, 2018