Privacy Policy
Our website address is: https://moorehousegroup.org.uk.
Moore House Group respects your privacy and is committed to protecting your personal data and being transparent about how we collect and use your data. We will comply with any data protection legislation currently in force. This Privacy Notice explains how we use any personal information that you provide or which is provided to us by third parties.
By visiting our website, using any of our applications, or responding to social media posts, you are accepting and consenting to the practices described in this Notice, so please read it carefully. Any changes we make to this Privacy Notice will be posted on this page, so remember to check back again if you are a regular user. You can download a pdf version here. There is also a Glossary in case we use terms that you don’t understand.
1. Important Information about who we are;
2. The personal data we collect from you, how we collect and how we use it;
a. People who use our services or provide placements;
b. Visitors to our websites;
c. Job applicants;
d. Our current and former employees, volunteers and students.
3. Working with Third Parties
4. How we keep your data safe
5. Where we store and process your information
6. Your legal rights (including your right to request a copy of your data)
7. Glossary
1. Important Information about who we are
This website is owned and operated by Moore House Group. Moore House Group is made up of 3 organisations: Moore House Care & Education; JMT Care Services and The Jane Moore Trust.
Moore House Care & Education is a Scottish-registered organisation. Registration No: 110906. The registered office is:
Moore House School Ltd
21 Edinburgh Road
Bathgate
EH48 1EX
JMT Care Services is a Scottish-registered organisation. Registration No: 355291. The registered office is:
JMT Care Services Ltd
3a Alba Pavilions
Alba Campus
Livingston
EH54 7HG
The Jane Moore Trust is a Scottish-registered charity. Registration No: SC02123. The registered office is:
3a/3b Alba Pavilions
Alba Campus
Livingston
EH54 7HG
Elaine McSeveney, Head of Support Services, is responsible for answering any questions you have about this Privacy Notice. Elaine may be contacted at the above address, by phone 01506 652312, or by email: emcseveney@moorehouse.org.uk.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues (www.ico.org.uk).
We would, however, appreciate the chance to deal with any concerns you may have before you approach the ICO, so please feel free to contact us first.
This Privacy Notice was last updated on 11 January 2022.
It’s important that the personal data that we hold about you is accurate and up-to-date. Please keep us informed if your personal data changes during the duration of your relationship with us. We may update this Privacy Notice from time to time. If we make changes, an updated version of our Privacy Notice will be placed on our website.
2. The personal data we collect from you, how we collect it and how we use it
2a. The People who use our Services
This section explains what information Moore House Group collects, keeps and stores about you and / or your family if you are placed within our services (or have been placed within our services). It also explains your rights in relation to that information. You may also be given information by your service about the information they keep about you and what happens to it.
What information do we collect?
Moore House Group holds personal information about you which may include your name, date of birth, address, gender, ethnicity, sexual identity and whether you have a disability, so that we can make sure our services meet your needs. We will also record information about the service provided to you, including case reporting, plans and reviews.
Why do we collect your information?
Under the General Data Protection Regulation (GDPR), we must have a legal reason to keep your data and process it. When Moore House Group provides you with a service, we will process your data under legitimate interest. We do this because we cannot provide a service to you without using your personal information.
Who do we share your information with?
We share your data within Moore House Group with people who need to see it in order to provide you with a service. We may also share it with the organisation that pays for your service or with external agencies that inspect our work. We may be required to share your data with other agencies for legal reasons, a court order for example, or with other organisations if we believe that you are at risk of harm or may harm someone else.
There may be occasions when we will ask for consent to use your data, for example; to help us inform the public about our work. If this is the case, we will explain exactly what your data will be used for. If consent is withdrawn at any time, any of your data that has been used for publicity purposes will be deleted.
Who is responsible for your data?
The Data Controller is responsible for your data. This may be Moore House Group or the local authority or agency that funds the service being delivered by Moore House Group.
How long do we keep your data?
Moore House Group will keep your data once we have finished working with you. Depending on the nature of the service and our legal obligations, this will be a minimum of 6 years but can extend to 100 years for certain types of work.
Sometimes Moore House Group is required to transfer your data to the local authority who have commissioned us to provide your service, or to another organisation providing you with a service.
How can you access your data? (Subject Access Requests)
You may request a copy of the information that Moore House Group holds about you, but sometimes the local authority that pays for your service might be responsible for providing you with your data.
2b. Visitors to our websites
Moore House Group sometimes sends small data files, called cookies, from our websites to your computer, mobile phone or other device. These cookies are then stored on the hard drive of your device. Some of these cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. The data collected is not shared with any third party. The information we get through the use of these cookies is anonymous and we make no attempt to identify you or influence your experience of the site while you are visiting it. If you do not allow these cookies we will not be able to include your anonymous visit in our statistics. By using this site, you agree that we can place these cookies on your device. We use the following cookies on our site:
Font size change (newFontSize)
This cookie simply stores your preference if you have opted to increase/decrease the website’s font size. This enables the font size to be standard throughout the site.
Cookie Banner (cookieBanner)
This session cookie remembers your acceptance of the cookie banner statement. You can control and/or delete cookies as you wish or delete cookies installed by the site – for more details, see www.allaboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. To do so you should modify your browser settings, click on the help section of your Internet browser and follow the instructions. However, if you do this, you may have to manually adjust some preferences every time you visit the site and some services and functionalities may not work.
2c. Job applicants – Paid, Volunteer and Student Roles
As part of any recruitment process, Moore House Group collects and processes personal data relating to job applicants. If you apply for a role with Moore House Group we will only use the information you supply to us to process your application and to monitor recruitment statistics.
What information do we collect? We will collect a range of information about you, including:
● Your name, address and contact details, including email address and telephone number; ● Details of your qualifications, skills, experience and employment history;
● Information about your current salary;
● Whether or not you have a disability for which we need to make reasonable adjustments during the recruitment process;
● Information about your entitlement to work in the UK.
How do we collect your personal data?
We collect it in a variety of ways. For example, you may have filled in an application form, or submitted a CV, you may have provided your passport details or other identification documents, or we may have collected it through interviews or other forms of assessment.
We may also collect information about you from third parties, such as references supplied by former employers. Moore House Group will only seek information about you from third parties once we’ve made you an offer. The application process will make clear at what point we will be contacting third parties.
Where will we keep your data?
Your personal information will be stored, securely, in several places: on your application record, in our Recruitment and Selection system, our HR management systems and on other IT systems.
Why do we need your personal data?
We need to process your data in order to enter into a working agreement with you. In some cases we need to process your data to ensure we are complying with our legal obligations, eg checking an individual’s right to work in the UK.
We have a legitimate interest in processing your personal data during the recruitment process and for keeping records of the process. It allows us to manage that process, assess and confirm your suitability for the role and decide who to offer a role to. We process health information if we need to make a reasonable adjustment to the recruitment process for the candidates who have a disability. This is to carry out our obligations and exercise specific rights in relation to employment. Moore House Group is obliged to seek information about criminal convictions and offences. This is necessary to carry out our obligations and exercise specific rights in relation to employment. Moore House Group will not use your personal information for any purpose other than the recruitment exercise for which you have applied.
How long will we keep your data?
Personal information about unsuccessful candidates will be held for six months after the recruitment exercise has been completed, it will then be destroyed. Interview notes for all unsuccessful applicants are destroyed after six months. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data. If your application is successful, personal data gathered during the recruitment process will be transferred to your personnel file and will be retained in accordance with our retention policy.
Who has access to your data?
Your information will be shared internally for the purposes of the recruitment exercise. This includes members of the HR and recruitment team, interviewers involved in the recruitment process, managers in the business area with a vacancy and IT staff if access to the data is necessary for the performance of their roles. As part of the recruitment process we may need to share your data with third parties in order to conduct any necessary background checks and vetting processes, such as contacting previous employers/referees to obtain a reference; and Disclosure Scotland to conduct criminal record checks. As part of the recruitment process, we will make clear to you which checks will be required.
What if you don’t provide personal data?
You are under no statutory or contractual obligation to provide data to us during the recruitment process. However, if you do not provide Moore House Group with the information, we may not be able to process your application properly, or at all. You are under no obligation to provide information for equal opportunities monitoring purposes and there are no consequences for your application if you choose not to provide such information.
Automated decision-making
Some of Moore House Group’s recruitment process is solely based on automated decision-making. For example, when applicants are asked to confirm they have the right to work in the UK; or when applicants confirm that they are not barred from undertaking roles working within regulated activity; or whether the applicant has a clean and valid driving licence where driving is an essential requirement for the role. If an applicant is unable to fulfil the requirements they will not be able to progress any further with their application. Should an applicant wish to challenge any automated decision within the recruitment process they should contact the recruitment team via email: recruitment@moorehouse.org.uk.
2d. Our current and former employees, volunteers and students
Moore House Group collects and processes personal data relating to its staff and volunteers in order to manage the work relationship with you.
What information do we collect?
Moore House Group collects and processes a range of information about you that is appropriate to the role you perform with us. This will vary depending on whether you are an employed member of staff, casual (relief) worker, volunteer, contractor, agency worker or student, and may include:
● Your name, address and contact details, including email address and telephone number, date of birth and gender;
● The terms and conditions relating to the work you are doing for Moore House Group;
● Details of your qualifications, skills, experience and employment history, including start and end dates with previous employers and with us;
● Information about your salary, including entitlement to benefits such as pensions;
● Details of your bank account and national insurance number;
● Information about your marital status, next of kin, dependents and emergency contacts;
● Information about your nationality and entitlement to work in the UK;
● Information about your criminal record;
● Relevant information if you drive a company vehicle, your own vehicle for business purposes, or if we hire a car for you;
● Details of your rota (days of work and working hours) and attendance at work;
● Details of periods of leave taken by you, including holiday, sickness absence, family leave and extended leave, and the reasons for the leave;
● Details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
● Assessments of your performance, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
● Information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments and
● Equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief.
How do we collect your personal data?
We collect your information in a variety of ways. For example, you may have filled in an application form, or submitted a CV; you may have provided your passport details or other identity documents; from forms completed by you at the start or during your work with us; from correspondence with you; or through interviews, meetings or other assessments.
We may also collect information about you from third parties, such as recruitment agencies, references supplied by former employers, and information from criminal records checks as permitted by law.
Where will we keep your data?
Your personal information will be stored, securely, in several places: in your personnel file, in our HR management systems and in other IT systems.
Why do we need your personal data?
Moore House Group needs to process your data to enter into a working relationship with you and to meet our contractual obligations under any agreement with you. For example, if you are an employee we need to process your data to provide you with an employment contract, to pay you in accordance with that contract, and to administer any benefits.
In some cases, Moore House Group needs to process data to ensure that we are complying with our legal obligations. For example, it is required to check a worker’s right to work in the UK, to deduct tax, to comply with health and safety laws and to enable employees to take periods of leave to which they are entitled. It’s necessary to carry out criminal records checks to ensure that individuals are permitted to carry out their role.
In other cases, Moore House Group has a legitimate interest in processing personal data before, during and after the end of the working relationship.
Processing staff data allows the organisation to:
● Run recruitment and selection processes;
● Maintain accurate and up-to-date staff records and contact details (including details of who to contact in the event of an emergency), and records of contractual and statutory rights;
● Operate and keep a record of disciplinary and grievance processes, to ensure acceptable conduct within the workplace;
● Operate and keep a record of employee performance and related processes and workforce management processes;
● Operate and keep a record of absence and absence management procedures, to allow effective workforce management and ensure that employees are receiving the pay and other benefits to which they are entitled;
● Obtain occupational health advice, to ensure that it complies with duties in relation to individuals with disabilities, meet its obligations under health and safety law, and ensure that workers are receiving the sick pay or other benefits to which they are entitled;
● Operate and keep a record of other types of leave (including maternity, paternity, adoption, parental and shared parental leave), to allow effective workforce management, to ensure that Moore House Group complies with duties in relation to leave entitlement, and to ensure that workers are receiving pay or other benefits to which they are entitled;
● Ensure effective general HR and business administration;
● Provide references on request for current or former employees;
● Comply with our statutory and regulatory obligations and
● Maintain and promote equality, diversity and inclusion in the workplace.
Where Moore House Group is relying on legitimate interest as a reason for processing employee data, we have considered whether, by collecting the data, the organisation is overriding the rights and freedoms of our employees and workers and has concluded that we are not.
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to employees with disabilities and for health and safety purposes). Where we process other special categories of personal data, such as information about ethnic origin, sexual orientation, health or religion or belief, this is done for the purposes of equal opportunities monitoring.
Who has access to the data?
Your information will be shared internally, including with members of the HR team; the Payroll Officer, your line manager, managers in the business area in which you work and any other members of staff for whom access to the data is necessary for the performance of their roles.
Moore House Group shares your data with third parties in order to obtain pre-employment references from other employers and to obtain necessary criminal records checks from Disclosure Scotland. The services we provide to children and young people are subject to external regulation, so if you work in a service, your personal data will be shared with relevant inspectors.
Moore House Group also shares your data with third parties that process data on our behalf, in connection with the provision of benefits, the provision of occupational health services, and the off-site archiving of personal data once you have left Moore House Group’s employment.
How long will we keep your data?
Moore House Group will hold your personal data for the duration of your working relationship with us. After the end of your working relationship with us, due to the nature of the work that Moore House Group carries out, and in order to meet our safeguarding commitments, we may hold some of your data indefinitely.
2e Moore House Training Academy (MHTA)
MHTA is required to maintain necessary documentation of all processing activities; implement appropriate security measures (technical and organisational); perform Data Protection Impact Assessments (DPIAs);
comply with the requirement of prior consultation with the regulator (where there are significant risks identified by a DPIA); and designate a Data Protection Officer (DPO).
Individuals (data subjects) have rights under data protection law; these rights are listed later on in this policy. The MHTA has appropriate procedures in place to ensure these rights can be actioned if an individual makes a request.
Personal data shall be processed fairly, lawfully and
transparently.
This means that Moore House Training Academy shall:
• Only collect and use personal data in accordance with the lawful conditions set down in data protection law and do not do anything in breach of any other laws;
• Treat people fairly by using their personal data for specific purposes and in a way that they would reasonably expect;
• Inform people how we use their personal data and what their rights are (known as a privacy notice). This includes being clear, open and honest about how the MHTA uses their data to meet the transparency requirements of the right to be informed (for further detail please see section about individuals’ rights);
• Rely on an individual’s consent, as the legal basis for processing their personal data, only where:
o We’ve obtained the data subject’s specific, informed and freely given consent, and
o The individual has given consent, by a statement or a clear affirmative action (that we document);
o The individual has the right to withdraw their consent at any time without detriment to their interests; and that it is as easy to withdraw consent as it is to provide it.
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’).
This means that Moore House Training Academy shall:
• Ensure that if we collect someone’s personal data for one purpose (e.g. to provide advice on study skills), we will not reuse their data for a different purpose that the individual did not agree to or expect (e.g. to promote goods and services for an external supplier);
• Be clear in the privacy notice as to the specific purposes of processing and ensure that the data subjects are fully informed (for further information regarding right to be informed see section below on individuals rights);
• If the data is to be used for another purpose we will ensure that it is compatible with the original purpose, or gets the individual’s specific consent for the new purpose.
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’).
This means that Moore House Training Academy shall:
• Only collect personal data that is sufficient for the stated purpose;
• Relevant for that purpose (i.e. we will not collect personal data that is not necessary for the stated purpose);
• We will only collect the minimum data required, (i.e. we will not collect more personal data that is necessary for the purpose);
• Reduce risks of disclosure by pseudonymising personal data where possible;
• Anonymise personal data wherever necessary and appropriate, (e.g. when using it for statistical purposes), so that individuals can no longer be identified;
• Review the data we hold and where appropriate delete what we do not need.
Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
This means that Moore House Training Academy shall:
• Take all reasonable steps to ensure personal data is not incorrect and have processes in place to ensure that incorrect or misleading data is corrected or erased as soon as possible;
• The personal data will be updated where appropriate, (e.g. when informed of a change of address, our records will be updated accordingly);
• Ensure the accuracy of the personal data we create and record the source of that data (e.g. from data subject or from partner organisation);
• We have processes in place to address an individual’s right to rectification: how it is considered, actioned and recorded.
Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; (‘storage limitation’);
This means that Moore House Training Academy shall:
• Only keep personal data for as long as necessary for the purpose it was collected for;
• Regularly review the retention period for any records containing personal data;
• Have appropriate processes in place to comply with individuals’ requests for erasure under the ‘right to be forgotten’;
• Destroy records securely in a manner appropriate to their format or anonymise the personal data when we no longer require it;
• Identify personal data that needs to be kept for public interest archiving, scientific or historical research or statistical purposes
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
This means that Moore House Training Academy shall:
• Have appropriate organisational security measures in place to protect personal data as included in those policies previously detailed in Section 1.
• Have appropriate technical security measures in place to protect personal data;
• Have appropriate physical and personnel security measures in place, (e.g. secure rooms where personal data is held);
• Control access to personal data so that staff, contractors and other people working in the MHTA can only see the personal data that is necessary for them to fulfil their duties;
• Require all MHTA staff, contractors, students and others who have access to personal data in the course of their work to complete data protection training, supplemented as appropriate by procedures and guidance relevant to their specific roles;
• Set and monitor compliance with security standards for the management of personal data as part of the MHTA’s framework of information governance policies and procedures;
• Provide appropriate tools for staff, contractors, students and others to use and communicate personal data securely when working away from the MHTA;
• Where transferring personal data to another country outside the European Union put in place appropriate agreements and auditable security controls to maintain privacy rights;
• Have a robust security incident reporting procedure in place to manage, investigate and, where applicable, report to the Information Commissioner’s Office and data subjects affected;
• Where a data breach is likely to result in a risk to the rights and freedoms of data subjects, the Data Protection Officer shall liaise with the Information Commissioner’s Office and report the breach, in line with regulatory requirements, within 72 hours of discovery. The Data Protection Officer shall also recommend, where necessary, actions to inform data subjects and reduce risks to their privacy arising from the breach.
3. Working with Third Parties
Moore House Group will never sell your personal data, however we may share your information with third parties in order to provide services to you. Your data may be accessible to some of the IT support companies who manage our business critical systems, however, this is only for the purposes of supporting our IT systems and is strictly governed by our contractual arrangements with them.
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Except for these specific cases listed below, we won’t share financial information with third parties without your specific consent unless required to do so by law. We can share your personal information with:
● selected third parties, including:
● Archive and storage systems;
● Commissioners, photographers, videographers, creative designers, creative agencies, and online survey providers
● Insurers, solicitors, brokers, loss adjusters
● Benefits providers and Criminal Records Check processors;
● Analytics and search engine providers that assist us in the improvement and optimisation of our site;
● Where we are under a duty to disclose or share your personal information in order to comply with any legal obligations, or to protect the rights, property, or safety of Moore House Group;
● for employees, payroll agencies, HMRC, pension, insurance companies and statutory bodies, where regulated to do so by law.
● We will keep your personal information confidential, and where we provide it to other third parties we will only do so under contract, on conditions of confidentiality and security, and only for the purposes for which you have provided your information to us.
4. How do we keep your data safe?
We take the security of your personal information very seriously. We have internal policies, controls and appropriate data collection, storage and processing practices and security measures in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the proper performance of their duties.
We work hard to make sure that our security procedures do the job they are designed to do and any communications between you and our websites are protected by encryption (this means that communications are turned into codes that only Moore House Group’s website can understand, which stops unauthorised people seeing them). We work closely with industry-leading technical partners to make sure that all your personal information is safe and secure.
We use strict procedures to prevent unauthorised access to or loss of data from our systems, however, we cannot guarantee the security of data that you transmit to our websites and therefore any transmission to us is at your own risk.
Please be aware that any personal information you choose to post on the public areas of our websites can be read, collected, or used by other users and could be used to send you unsolicited messages. We are not responsible for the personal information you choose to make public. In addition, we are not responsible for the content you publicly post on the site that can be found via web-based search engines.
Where we have given you (or where you have chosen) a password which enables you to access certain parts of the site, you are responsible for keeping this password confidential. We ask you not to share that password with anyone.
5. How we store and process your information
The information that we collect from you may be transferred to, and stored in, a location within the United Kingdom, but only where we are satisfied that it has an adequate level of protection. It may also be processed by staff operating in these locations who work for us or for our service providers. This includes staff engaged in, among other things, the hosting of the site and the provision of support services. By submitting your personal information, you agree to this transfer, storing or processing. Moore House Group will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this Privacy Notice.
6. Your Legal Rights
Under the General Data Protection Regulation (GDPR), you have the following rights: a. The right to access your personal information
b. The right to edit and update your personal information
c. The right to request to have your personal information deleted
d. The right to restrict processing of your personal information
e. The right to object
f. The right to lodge a complaint with a supervisory authority
If you wish to exercise your rights, please Contact Us, providing as much information as possible about the nature of your contact with us to help us locate your records. Any changes you have requested may take 30 days before they take effect.
6a. The right to access your personal information
You have a right to access your personal data. By making a Subject Access Request to Moore House Group you can find out what personal data we hold about you, why we hold it and who we disclose it to. You must make a Subject Access Request in writing, and include proof of your identity.
Email: info@moorehouse.org.uk
Or write to:
Elaine McSeveney
Head of Support Services
Moore House Group
21 Edinburgh Road
Bathgate
EH48 1EX
Once we have received your request, and verified your identity, we will respond within 30 days.
6b. The right to edit and update your personal information
The accuracy of your personal information is important to us. You can edit your personal information including your address and contact details at any time.
6c. The right to request to have your personal information deleted
You have the right to request the deletion of your personal information which we will review on a case by case basis.
6d The right to restrict processing of your personal information
You have the right to ‘block’ or suppress processing of your personal data. However, we will continue to store your data but not further process it. We do this by retaining just enough of your personal information so we can ensure that the restriction is respected in the future. Please note, this is not an absolute right and only applies in certain circumstances.
6e. The right to object
You have the right to object to your personal information being processed for marketing (including profiling) and for research purposes. From the very first communication from us and every marketing communication we send after, you will have the right to object to marketing. Email: info@moorehouse.org.uk
If we process your personal information for the exercise or defence of legal claims, or we can demonstrate compelling grounds that override your rights and freedoms we may not be able to fulfil your request. However, we will contact you to discuss further.
6f. Your right to lodge a complaint with a supervisory authority
If you wish to lodge a complaint or seek advice from a supervisory authority please contact:
The Information Commissioner’s Office – Scotland
45 Melville Street
Edinburgh
EH3 7HL
Telephone: 0303 123 1115
Email: Scotland@ico.org.uk
7. Glossary
Anonymisation is the process of either encrypting or removing personally identifiable information from data sets, so that the people who the data describe remain unknown or anonymous.
Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to, eg, The Children’s Act, Care Leaver’s Act, as well as regulatory requirements under SSSC and other relevant bodies.
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes.
The Data Controller is the organisation that is responsible for your personal data. They are required to keep it secure, make decisions about what happens to your data and are accountable if it’s lost or not kept confidential.
The Data Processor is the natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Protection Act 1998 is a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system. The Act defines eight data protection principles to ensure that information is processed lawfully. This law will be updated once the Data Protection Bill (2018) has been passed.
Encryption is the method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key. Encryption is one of the most important methods for providing data security, especially for end-to-end protection of data transmitted across networks.
General Data Protection Regulation (GDPR) is the 2018 legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
Legitimate Business Interests Legal Basis means the interests of our company in conducting and managing our business to enable us to give you the best service/products and the best and most secure experience. For example, we have an interest in making sure our marketing is relevant to you, so we may process your information to send you marketing that is tailored to your interests. When we process your personal information for our Legitimate Interests, we make sure to consider and balance any potential impact on you (both positive and negative), and your rights under Data Protection Laws.
Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Personal Data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data Breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s economic situation, personal preferences, interests and location.
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to the data subject without the use of additional information. The additional information must be kept separately.
Public Task Legal Basis means we can rely on this lawful basis as we need to process personal data ‘in the exercise of official authority’. This covers public functions and powers that are set out in law; or to perform a specific task in the public interest that is set out in law.
Special Category Data means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Subject Access Request is your right to get a copy of the information that is held about you. Suppression List is a list that contains mailing or email addresses that you want to permanently exclude from future mailings or emails we send.
Third Party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor or persons who, under the direct authority of the controller or processor, are authorised to process personal data.