Cornish Mining World Heritage Site
Privacy and Security Policy
This policy applies to our website, use of contact databases, emails and social media for communication and marketing purposes, and any other methods we use for collecting information. It covers what we collect and why, what we do with the information, what we won’t do with the information, and what rights you have.
The policy in brief
It’s important that you read the full policy to understand what information we hold, how we may use it, and what your rights are – but if you don’t have time to read it all now, here’s a quick summary:
We collect information that is either personal data (information that can be used to help identify an individual, such as name, address, phone number or email address) or non-personal data (such as IP addresses, pages accessed etc).
We collect information about partners and stakeholders, service users, volunteers and employees.
We collect information to provide information, services or goods, to fundraise for our work, for administration, research, profiling, analysis, and for the prevention/detection of crime.
We only collect the information that we need or that would be useful to us in order to provide the best possible service.
We do our best to keep personal information secure, as described below, including adhering to the ISO 27001 standard on information security, including policies for encryption, and secure storage.
We never sell your data and we will never share it with another company or charity for marketing purposes.
We only share data where we are required by law or with carefully selected partners or contractors who do work for us. All our contractors are required by their contract to treat your data as carefully as we would, to only use it as instructed, and to allow us to check that they do this.
There’s something I don’t understand
If you need help in understanding or completing this form, please contact the Cornish Mining World Heritage Site team by emailing Enquiries@cornish-mining.org.uk
Withdrawing your consent
You have the right to withdraw your consent for us to process/ hold your data with information about our services at any time. You can do this by emailing us via CMWHS-GDPR@cornwall.gov.uk. Please ensure that the email is entitled: 'Please do not contact me'.
Every marketing email we send you will have an “unsubscribe” option.
The policy in full
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’ or ‘our’, it refers to the Cornish Mining World Heritage Site Office of Cornwall Council. The Data Controller for all the information you provide is Cornwall Council, New County Hall, Treyew Road, Truro TR1 3AY. Data Protection Registration Number: Z1745294.
Your acceptance of this policy, and our right to change it
By joining our user or e-mail groups, using our websites, social media pages, entering a competition or providing your information you consent to our collection and use of the information you provide in the ways set out in this policy.
We may make changes to this policy from time to time. If we do so, we will post the changes on our website and they will apply from the time we post them. This policy was last changed on 31 May 2018.
What is personal data?
Personal data is information that can be used to help identify an individual, such as name, address, phone number or email address.
What information do we collect and why?
We will only ever collect the information we need – including data that will be useful to help improve our services. We collect two kinds of information:
1. Non-personal information such as IP addresses (the location of the computer on the internet), pages accessed and files downloaded. This helps us to determine how many people use our sites, how many people visit on a regular basis, and how popular our pages are. This information doesn't tell us anything about who you are or where you live. It simply allows us to monitor and improve our service.
2. Personal information such as name, postal address, phone number, email address, but only with your consent.
We collect this information in connection with specific activities, such as organising meetings, developing and implementing projects, information and newsletter requests, product purchases, feedback, donations, competition entries etc. The information is either needed to fulfil your request or to enable us to provide you with a service.
What do we do with the information?
We will use the information you provide to:
- Fulfil your requests – such as provision of information, competition entries, participation in campaigns
- Process sales transactions, donations, or other payments and verify financial transactions
- Identify visitors and contributors
- Handle orders, deliver products and communicate with you about orders
- Provide a personalised service to you when you visit our website – this could include customising the content and/or layout of our pages for individual users
- Record any contact we have with you
- Prevent or detect fraud or abuses of our websites and enable third parties to carry out technical, logistical or other functions on our behalf
- Carry out research on the demographics, interests and behaviour of our users to help us gain a better understanding of them and to enable us to improve our service. This research may be carried out internally by our employees or we may ask another company to do this work for us
- Communicate with our partners and customers
- If you have agreed to it, provide you with information that we think may be of interest to you.
Using your information for marketing
We provide our existing users and contacts with an opportunity to opt-out of receiving communication with us at every opportunity. From May 2018, supporters and users will be required to ‘opt in’ to receiving communication from us and we will only send marketing information to people who have specifically said that they agree to us doing this, and we will only do so in the way(s) they have agreed to. Marketing information covers information about the work we do, information from the goods and services provided, or fundraising appeals.
If you want to receive this information but haven’t opted in, you can do so by emailing CMWHS-GDPR@cornwall.gov.uk .
Sharing your information
We will only share your information if:
- We are legally required to do so, e.g. by a law enforcement agency legitimately exercising a power or if compelled by an order of the Court
- We believe it is necessary to protect or defend our rights, property or the personal safety of our people or visitors to our premises or websites
- We are working with a carefully-selected partner that is carrying out work on our behalf. These partners may include order fulfilment companies, and the kind of work we may ask them to do includes processing, packaging, mailing and delivering purchases, answering questions about products or services, sending postal mail, emails and text messages, carrying out research or analysis and processing card payments.
We only choose partners we can trust. We will only pass personal data to them if they have signed a contract that requires them to:
- Abide by the requirements of GDPR
- Treat your information as carefully as we would
- Only use the information for the purposes it was supplied (and not for their own purposes or the purposes of any other organisation)
- Allow us to carry out checks to ensure they are doing all these things.
Storing your information
Your data will be held within Cornwall Council’s secure network and premises and could be processed outside of the European Economic Area. Access to your information will only be made to authorised members of staff or contractors who are required to process it for the purposes outlined in this privacy notice.
Our sub-contractor will also maintain the same levels of security that we do which are set out in the contract we have with them.
Information is stored by us on computers located in Ireland and the UK.
We may transfer the information to other offices and to other reputable third party organisations as explained above. We may also store information in paper files.
How long will we keep this information?
We will keep your information only for as long as we need it to provide you with the goods, services or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with people that have asked us not to.
We keep information in accordance with agreed retention and disposal schedules. In line with Cornwall Council policy we use the Batchelor Retention Guidelines.
In general, we keep information for 6 years after a project or contract ends.
When we no longer need information we will always dispose of it securely, using specialist companies if necessary to do this work for us.
What we don’t do with your information
We never sell or share your information to other organisations to use for their own purposes.
What are my data rights?
Your personal information belongs to you and you have the right to:
- be informed of how we will process it
- request a copy of what we hold about you and in commonly used electronic format if you wish (if you provided this to us electronically for automated processing, we will return it in the same way)
- have it amended if it’s incorrect or incomplete
- have it deleted (where we do not have a legal requirement to retain it)
- withdraw your consent if you no longer wish us to process
- restrict how we process it
- object to us using it for marketing or research purposes
- object to us using it in relation to a legal task or in the exercise of an official authority
- request that a person reviews an automated decision where it has had an adverse effect on you
For more information about your rights under the Data Protection Act go to the website of the Information Commissioner’s Office at ico.org.uk.
The World Heritage Site Office is a ‘public authority’ as defined under the Freedom of Information Act, and we are required to comply with the terms of this Act.
How do I exercise these rights?
If you would like to access any of the information we hold about you or have concerns regarding the way we have processed your information, please contact:
Data Protection Officer
Tel: 01872 326424
I don’t agree with something
We would prefer any complaints to be made to us initially so that we have the opportunity to see if we can put things right. However, if you are unhappy with the way we have processed your information or how we have responded to your request to exercise any of your rights in relation to your data, you can raise your concerns direct with the Information Commissioner’s Office, Tel No. 0303 123 1113, website https://ico.org.uk/concerns/