TYPE OF PERSONAL DATA BEING PROCESSED
The type of personal data being processed may include:
- Email Address
- Job Title
- Telephone Number
- Business Name
- Demographic information such as postcode
HOW PERSONAL DATA IS COLLECTED
Personal data is obtained from one or more of the following:
- Visits and use of our websites, and Company Portals
- Use of Up and Active social media
- Use of Google Analytics
- Attendees of corporate seminars hosted by Up and Active
- Subscribers to Up and Active Company updates
- Parties entering into agreements with Up and Active
- Requests for information about products and services offered by Up and Active and/or quotes
- Employment enquiries
WHY PERSONAL DATA IS COLLECTED
Personal data is collected to provide legitimate business services which include:
- For Marketing purposes
- For us to review and reply to your enquiry
- To provide an opinion for a service you have requested
- To meet our statutory monitoring and reporting responsibilities
- To handle and communicate orders, billings and payment, delivery of products and services
- To improve Up and Active services and product offering
Where indicated, however, some of the information is optional and you can choose not to complete.
HOW PERSONAL DATA IS USED
Personal data may be used to:
- Process orders, process a request for further information, to maintain records and to provide pre and after-sales service
- Carry out our obligations arising from any contracts entered into by you and us
- Carry out security checks (this may involve passing your details to our Identity Verification partners, who will check details we give them against public and private databases – this helps to protect us from credit risk and both you and us from fraudulent transactions)
- Comply with legal requirements
- We may need to pass the information we collect to other Departments within Up and Active for administrative purposes
- Seek your views or comments on the services we provide
- Notify you of changes to our services
- Send you communications which you have requested and that may be of interest to you. These may include information about product updates, newsletters, events, seminars
- To inform you of various promotions, goods and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of Up and Active. Each marketing communication sent to you by Up and Active will provide you with the option to unsubscribe and manage your data profile and communication preferences from Up and Active at any time
- Process a job application
- Create a profile of your interests and preferences so that we can contact you with information relevant to you.
WHO HOSTS THE UP AND ACTIVE WEBSITE
The site is hosted using the Microsoft Azure services. The hosting has been arranged and is managed by H12 Enterprises Ltd on behalf of Portfolio.
WHERE IS THE DATA STORED FOR THE UP AND ACTIVE WEBSITE
We don't have a physical address for the Azure site but Microsoft lists it as being "UK West"
WHAT SECURITY MEASURES ARE IN PLACE FOR THE DATA (data storage site)
Data is stored in a SQL Server database which is protected by firewall allowing access for Portfolio for administrative purpose (by IP address) and access by the site code.
WHAT CONTINGENCY PLANS ARE IN PLACE IN THE EVENT OF A BREACH (data storage site)
Data loss is mitigated by backups that take place every 24 hours. Regarding data breach, we would advise the client of the breach (Up and Active). We would liaise with the client to contact users and advise that there had been a breach and what steps are being taken to further secure data. All data breaches would be kept on record.
HOW IS THE DATA ACCESSED (data site)
Data is accessed via the Up and Active site. It is also accessed using SQL Server Management Console for administrative purposes.
IS THERE AN ENCRYTION CERTIFICATE?
Yes, the site is secured with a SSL certificate
HOW LONG PERSONAL DATA IS STORED
We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will not hold personal data on our systems for any longer than is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
WHO HAS ACCESS TO PERSONAL DATA
Only Up and Active employees are granted access to customer information. This is ensured by the use of strict operational processes and procedures.
Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on Up and Active security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.
Personal information provided via the Company’s portals is secured using Secure Socket Layer (SSL) server and is encrypted before being transmitted. Secure pages have a lock icon or key on the bottom of web browsers such as Microsoft Internet Explorer, information supplied by you on these webpages is securely stored and can only be accessed for the purposes for which it was provided.
All IT systems are kept in a secure environment with appropriate access control. We are audited on a regular basis by independent security companies, plus internal audits by our Local Authority Partner.
Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Third-Party Service Providers working on our behalf:
When we use third party service providers, we have a contract in place that requires them to keep your information secure and Assurances of GDPR Compliance.
Third-Party Product Providers we work in association with:
We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
Different rules apply depending on the type of Lawful Processing being undertaken. Many of the following individuals’ rights apply:
- The right to be informed how personal data is processed
- The right of access to their personal data
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting email@example.com. You can request that your data is updated and/or deleted at any time, unless Up and Active can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.
LINKS TO OTHER WEBSITES/FROM OTHER WEBSITES
16 OR UNDER
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
QUESTIONS, COMPLAINTS AND SUBJECT ACCESS REQUESTS (SARS)
Any questions or Subject Access Requests (SARs) should be sent to: firstname.lastname@example.org
REVIEW OF THIS POLICY
This Policy is reviewed on a regular basis. It was last updated 25th May 2018.