Last modified: 30 April 2018
TDA (“We” on behalf of Torbay Culture and The Shorely) are committed to protecting and respecting your privacy. We promise to keep your data safe and private, not to sell your data, to give you ways to manage and review your data.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
For the purpose of the General Data Protection Regulation (GDPR) (“the Act”) we are registered as a Data Controller with the Information Commissioner’s Office (Registration Reference No ZA175198) and a description of how we use personal information is included in our entry on the data protection register which is maintained by the Information Commissioner’s Office.
Information we may collect from you:
Under GDPR we have a legal duty to protect any information we collect from you. We have procedures and security features in place that aim to keep your data secure once we receive it. We may collect and process the following data about you:
Legal Basis we rely on
The GDPR protection sets out a number of different reasons for which a company may collect and process your personal data including:
Consent – in specific situations, we can collect and process your data with your consent e.g when you tick a box to receive email newsletters
Performance of a Contract –we need your personal data to enable us to perform a contract and deliver our services
Legal compliance – If the law requires us to, we may need to collect and process your data – e.g we can pass on details of people involved in fraud or other criminal activity or details to HMRC
Legitimate interest – in specific situations, we require your data to pursue our legitimate interest in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests’ e.g to carry out our marketing activities and seeking your consent when we need to contact you
Why do we collect information about you?
We need to collect and hold information about you, for a variety of reasons including:
We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information.
How we use your information
We will use the information you provide in a manner that conforms to the GDPR Act. We will endeavour to keep your information accurate, up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept.
We will process your information for the following purposes:
How we protect your information
Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it.
We will not disclose your personal information that you provide to us, to anyone else without your permission, except in the few situations where disclosure is required by law, or where we have good reason to believe that failing to share the information would put someone else at risk. You will be told about this.
We will not keep your information longer than it is needed taking into account the following:
We will always dispose of paper records or delete any electronic personal information in a secure way.
Ways in which we collect and use information
Generally, we will use your information within the TDA and will only share it outside the TDA where we need to perform our service, you have requested it or given your consent. We do use trusted third parties – for example IT companies who support our websites, HM Revenue & Customs, fraud management, and to administer our mailing list for e-newsletters with an organisation called Mail Chimp. If you have purchased from us and used a credit or debit card with us, we will share transaction details with companies which help us to provide this service (such as Visa and Mastercard).
If we use products or services which process personal information, we will only use GDPR compliant companies to help deliver our services, we will only provide information they need to perform their specific service and we will work closely with them to ensure your privacy is respected at all times. These providers are obliged to keep your details securely, and use them only to fulfill your request. If we do transfer any information outside the European Economic Area (EEA) we will ensure the following safeguards:
We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under GDPR. Where we need to disclose sensitive or confidential information such as medical details to other partners, we will do so only with your prior explicit consent or where we are legally required to.
We may disclose information when necessary to prevent risk of harm to an individual. At no time will your information be passed to organisations external to us and our partners, for marketing or sales purposes or for any commercial use without your permission.
We will inform you if we record or monitor any telephone calls you make to us and obtain your consent to do so. This will be used, to increase your security, for our record keeping of the transaction and for our staff training purposes.
Please remember that transmission of information over the internet is not secure and if you submit any information to us over the internet (such as emails, or via our website(s) or by any other means you do so at your own risk.
If you email us we may keep a record of your contact and your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you. We would also suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online services or post.
CCTV systems are installed in some of our TDA areas and these areas are used by members of the public. We monitor these, for the purposes of public/ staff safety and crime prevention and detection.
In our locations, signs are displayed notifying you that CCTV is in operation and should you have any issues please contact the TDA’s Data Protection Manager.
Images captured by CCTV will not be kept for longer than necessary. However, on occasions there may be a need to keep images for longer, for example where a crime is being investigated. You have the right to see CCTV images of yourself and be provided with a copy of the images. Should you wish to do this please contact the TDA’s Data Protection Manager.
We operate CCTV and disclose in accordance with the codes of practice issued by the Information Commissioner and the Home Office.
When will we contact you?
We may contact you:
You have the right to request that we stop processing your personal data in relation to any TDA service. However, this may cause delays or prevent us delivering a service to you. Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement
You can legally ask to see any information that we hold about you, and get a copy. To do so please contact the TDA’s Data Protection Manager (contact details are at the end of the Policy).
You have the right to be forgotten and may terminate your arrangement with us at any time, in which case we will permanently delete your record(s) and all data associated with it. To request this please contact the TDA’s Data Protection Manager. Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement.
We try to ensure that any information we hold about you is correct. There may be times where you find the information we hold is no longer accurate and you have the right to have this corrected.
Please contact us if you wish to exercise any of these rights, or if you have a complaint about how your information has been used. We will need to record your personal contact details to be able to respond to, and track the progress of, your request. Where you request access to your information we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your information and to reduce risk of identity fraud, identity theft or unauthorised access to your information.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to use regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (this opens in a new window, please note we can’t be responsible for the content of external websites).
TDA Data Protection Manager
TDA, Tor Hill House, Torquay TQ2 5QW
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them.
TDA is a trading name of Torbay Economic Development Company Limited, a company registered in England and Wales No. 7604855 Registered Office Tor Hill House, Union Street, Torquay, Devon TQ2 5QW.