Privacy Notice

Version Date Notes
1 25/05/2018
  1. Overview

1.1          Dubs in the Middle Limited may collect, keep and use personal data or information about individuals for specific and lawful purposes.  Individuals could include customers, suppliers and other third parties.

This privacy notice sets out how we the company comply with our data protection obligations and seek to protect personal information relating to you. It outlines how we gather, use and (ultimately) delete personal information and sensitive personal information in accordance with the data protection principles.

1.2       We are committed to complying with our data protection obligations. We understand that your personal data is important to you, and we have a responsibility to you to ensure that the information we collect and use is done so proportionately, correctly and safely.

1.3       We also have an obligation to be concise, clear and transparent about how we obtain and use personal information relating to you and what we do with the information when it is no longer required. Being transparent with you and providing accessible information about how we use your information builds trust and demonstrates our commitment to the General Data Protection Regulations, hereafter referred to as ‘GDPR’. (Regulation (EU) 2016/679).

  1. Our Details

2.1       Dubs in the Middle Limited address is: 8 Abbey Gardens, Evesham, WR114SP

  1. Purpose of processing

3.1       We collect, hold and use personal data received by you to enable us to provide our services to you. The amount and type of information we hold about you depends on the services we are providing for you. We will not ask you for any information which is not necessary for the particular service we are providing to you.

  1. Definitions

4.1       “Personal data” means any information relating to a person who can be identified, directly or indirectly, from that information.  This could include your name, your identification number, location data, online identifier (such as IP address) or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that person.

4.2       Some of the services we provide may require us to process your ‘special categories of personal data’. These special categories of personal data are of a sensitive nature, and might include health data or financial data. The definition ‘special categories’ of personal data has been extended to now include biometrics data (such as facial images) and genetic data (such as the analysis of a biological sample).

4.3       “Processing” means obtaining, recording, organising, storing, amending, retrieving, disclosing and/or destroying information, or using or doing anything with it.

4.4       “Data Subject” means the data subject to whom the personal data relates.

4.5       “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).

4.6       “ICO” means the Information Commissioners Office, the governing body for Data Protection in the UK.

  1. Conditions of Processing

5.1       When we process your personal data we will do so in accordance with the six data protection principles.  These principles are designed to protect you, and ensure that we:

a).        Process your information lawfully, fairly and in a transparent manner;

b).        Use your information for a specified, explicit and legitimate purpose and not further processed in a manner that is incompatible with that purpose;

c).        Only obtain adequate, relevant and limited information to allow us to carry-out the purpose for which it was obtained;

d).        Ensure the information we hold about you is accurate and, where necessary, kept up to date;

e).        Keep any information for no longer than necessary for the purposes for which it was collected; and

f).         Process your information in a manner that ensures appropriate security of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

  1. Lawfulness of processing

6.1       Dubs in the Middle Limited processes your per5sonal data as it is necessary for the performance of a contract we have with you.

  1. Processing ‘special categories’ of personal data

7.1       Dubs in the Middle Limited does not process special categories of personal data.

  1. Consent

8.1       Consent for processing personal data

The Company may also provide services which will require your consent to process your personal data.

In circumstances as described above your consent to process your personal data             must be ‘ specific, informed, active and affirmative, meaning it must be clear and      freely given by you after we explain what further processing we would like to do with      your personal data. You can therefore make an informed decision about whether you consent to the processing or not. You are in control and you can withdraw your consent at any stage by contacting the data protection lead( Natalie Elliott)  at the above address.  (Please note however that any processing that has taken place     up to the time that you withdraw consent will be considered lawful).

 

 

8.2       Recording/managing consent

Once your consent is obtained we will keep a record of when you consented, the information you were provided with prior to consent and how you consented.

Consent is part of your ongoing relationship with our company, and will therefore be         managed appropriately and reviewed at least every two years. As previously stated,             you have the right to withdraw their consent at any stage.

  1. Data protection impact assessments (DPIAs)

9.1       Where processing is likely to result in a ‘high risk’ to a data subject’s rights (eg where Dubs in the Middle Limited is planning to use a new form of technology), we will, before           commencing the processing, carry out a DPIA to assess:

9.1.1    whether the processing is necessary and proportionate in relation to its      purpose;

9.1.2    the risks to data subjects; and

9.1.3    what measures can be put in place to address those risks and protect        personal information.

  1. Retention

10.1     Personal information (and sensitive personal information) should not be retained for         any longer than necessary. The length of time over which data should be retained      will depend upon the circumstances, including the reasons why the personal       information was obtained. The Company will keep the personal information for a             period of 5 years.

  1. Security

11.1          The Company will use appropriate technical and organisational measures to keep            personal information secure, and in particular to protect against unauthorised or      unlawful processing and against accidental loss, destruction or damage. These may include

11.1.1  making sure that, where possible, personal information is                                        pseudonymised or encrypted;

11.1.2  ensuring the ongoing confidentiality, integrity, availability and                                  resilience of processing systems and services;

11.1.3  ensuring that, in the event of a physical or technical incident,                                  availability and access to personal information can be restored in a                        timely manner; and

11.1.4  a process for regularly testing, assessing and evaluating the                                   effectiveness of technical and organisational                                                            measures for ensuring the security of the processing.

  1. International transfers of your personal data

Dubs in the Middle Limited not transfer personal data outside of the European Economic Area             (EEA).  The EEA includes all European Union countries and the following three non-            European Union countries Iceland, Liechtenstein and Norway.

  1. Information Sharing

13.1     To ensure that we can provide you with the best possible service we may have to             share your personal data between our internal teams or external partners. Our            external partners include Ticketsource, Stripe & Paypal.

13.2     We may also share your information with third parties, other than those who either           process information on our behalf or because of a legal requirement/entitlement, and         it will only do so if necessary or where permitted under the GDPR.

  1. Statistical Data/Research

14.1     Statistical data/Research

Statistical data or statistical analysis will not allow the identification of any specific            data subject nor will it have any impact on any data subject’s entitlement to our services and/or facilities.

We may use your personal information to administer our site and internal operations        including data analysis, statistical and survey purposes (see also cookies). If we      require your specific or explicit consent to do this then we shall seek your consent in          advance and only after outlining to you the purpose of the proposed processing.  You    will have the option to withdraw your consent at any stage.

  1. Your rights

15.1     You have certain rights in relation to the personal information we hold about you.            These rights are as follows:

  • Right to be informed – you have a right to be told how Dubs in the Middle Limited use your personal data. Dubs in the Middle Limited communicate the right to be informed via this privacy notice.
  • Right of access – you have the right to request a copy of the information that we hold about you. (This right is similar to a subject access request).
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to erasure (right to be forgotten) – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restrict processing – where certain conditions apply to have a right to restrict the processing.
  • Right of data portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing, the performance of a legal task and scientific or historical research.
  • Right to object to automated processing, including profiling.
  • The right to withdraw consent – If the legal basis for our processing of your personal information is consent then you have the right to withdraw that consent at any time.

15.2     Some of the rights are complex, and there are circumstances where your rights will          not apply, for example the right to erasure will not apply if your personal data is         required for legal proceedings. It is recommended that you read the relevant      guidance notes on Dubs in the Middle Limited’s website, or on the ICO’s website for further   information – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-       regulation-gdpr/data subject-rights/

  1. How to exercise your rights

16.1     You may exercise any of your rights in relation to your personal data by writing to us        at the address above. To avoid delay in dealing with your request please ensure that      you confirm in your request which right you wish to exercise along with the reasons       why.

16.2     The first copy will be provided free of charge, but additional copies may be subject to       a reasonable fee.

16.3     We will respond to your request within 30 days, by either providing you with the    information requested, requesting further information from you, or requesting further    time to complete your request, if for example the request is substantial or we need to            obtain information from various departments within Dubs in the Middle Limited.

16.4     Dubs in the Middle Limited can also refuse your request.  In the event that Dubs in the Middle Limitedrefuses your request we will provide you with reasons why, as well as provide you with    details of how you can challenge or appeal our decision.  You will also be informed of your right to legally challenge our decision with the ICO.

  1. Cookies

171      Cookies are small text files that are placed on your computer, smartphone, tablet or         smart TV’s when you access a website. They are widely used in order to make           websites work, or work more efficiently, by allowing the website to recognise your            device and store information about past actions or preferences.  An example could         be internet banking, where your device may recognise and populate certain             previously entered login details previously entered.

17.2     Dubs in the Middle Limited website uses cookies in order to provide a better service and experience to our customers and other website users.

17.3     There are two kinds of cookies

  • session cookies which are short-term and auto-delete after a few minutes or when you close your browser; and
  • persistent cookiesset by the website and stored for a longer period of time, usually used to store commonly entered information on forms (such as your name, address, and telephone number). They also store information about your browsing habits across multiple sites, usually used to allow advertisers and social network site operators to target advertising at you.

17.4     Dubs in the Middle Limited uses Google Analytics to analyse the use of our website and help us create a more useful and easy to use site. The data collected is completely anonymous and does not store any personal details. The          information is used to analyse how visitors make use of our website and allows us to        gather statistical information such as website activity, visitor numbers, popular pages             and customer journey through the website.

17.5     If you do not wish to allow use of cookies for our website, you can block them using         your browser preferences (for example by amending your cookie settings on google     settings).

17.6     You can find out more about cookies by visitin

18. Links to other websites

18.1     Dubs in the Middle Limited website may contain links to other websites run by other             organisations. This privacy notice applies only to Dubs in the Middle Limited website‚ so we             encourage you to read the privacy notices on the other websites you visit. We       cannot be responsible for the privacy notices and practices of other sites even if you access them using links from our website.

  1. Amendments

19.1     We will continually review and update this privacy notice to reflect changes in our             services and feedback from service users, as well as to comply with changes in the       law. When such changes occur, we will revise the “last updated” date at the top of    this notice. We will also inform you of any amendments to this privacy notice.

19.2     Dubs in the Middle Limited encourages you to periodically visit Dubs in the Middle Limited’s web site to review         this notice and to be informed of how Dubs in the Middle Limited is protecting your information.

19.3     If you require general information about the Data Protection Act or General Data   Protection Regulations (Regulation (EU) 2016/679), information is available on the     Information Commissioner’s website.

  1. Complaints

20.1     If you wish to make a complaint about how Dubs in the Middle Limited are processing your             personal data, then in the first instance please contact the data protection officer/data      protection lead at the above address.

20.2     If you are still dissatisfied with how Dubs in the Middle limited have handled your complaint then youhave the right to complain to the Information Commissioners Office (ICO). The     ICO can be contacted as follows:

The Information Commissioner

Wycliffe House
Water Lane
Wilmslow
Cheshire

SK9 5AF

Telephone:      08456 30 60 60

Website:          www.ico.gov.uk

  1. Point of contact for this privacy notice
Name

Title

Telephone

Email

Natalie Elliott

Managing Director

07795 522770

info@dubsinthemiddle.co.uk