| How this website processes Personally Identifiable Information | | Privacy means "data protection" and this notice is kept under regular review and shall be improved from time to time. If the improvements are significant, a prominent notice will be posted on this website for a reasonable time to notify visitors of these improvements. Unless and until a person objects using the Contact Us Application (CUA), phone, email or post, all improvements will apply to the existing information about that person that is already stored and the Personally Identifiable Information collected from the effective date of the revised privacy notice. People are encouraged to periodically review this website in order to ensure that they are aware of the current Privacy Notice. A person using this website following the effective date of any improvement will constitute acceptance of the current Privacy Notice. | | This privacy notice states what a person should expect when this website collects Personally Identifiable Information (PII). It also acts as evidence of compliance with UK laws such as GDPR article 5(2) accountability. This service is registered with the Information Commissioners Office with data protection registration number PZ9322564. |
| Glossary | | CUA means Contact Us Application as an online message service for visitors. | | PII means Personally Identifiable Information that may also be called personal data. | | RFM means Request Fulfilment Management as the first and Second Level Support teams working 24*7 to resolve queries from visitors and approved people. | | GDPR means General Data Protection Regulations as the legal obligation that all UK companies must comply with. |
| Chapter 1. People who are browsing |
| 1.1 People who are visitors | | When someone visits this website, Visitor Analytic Service (VAS) are used to collect standard internet log information and details of visitor behaviour patterns. Analytics find out things such as the number of visitors to the various parts of the website and this information is only processed in a way which does not identify anyone. No attempt is made to find out the identities of those people visiting the website. When Personally Identifiable Information (PII) needs to be collected, then the policy is to be honest, open and transparent in that personal information is being collected with an explanation of the purpose that the information is needed. Website logs gather information such as IP address, computer type, screen resolution, OS version, domain name, location, timestamp, time spent on page, previous website name and an indication of transaction times. | | Please click here to popup more information about Visitor Analytics Service |
| 1.2 People using cookies | | Normal cookies stored in a computer browser are used to manage a persons requests in an effective way. Cookies do not store any Personally Identifiable Information (PII) and only store encrypted information that cannot be used by others. Session cookies are erased when a person signs out or closes their browser. Persistent cookies are stored for a longer period to remember a persons preferences and options. People have the right to configure their browser to decline cookies and that would mean that a the persons preferences would not be remembered. | | Please click here to popup more information about Cookie Policy |
| 1.5 Published Content notice | | A policy is to dynamically publish content from an internal Published Content Service (PCS) to minimise the threat of corruption. For privacy reasons and to prevent data leaks, the names of people and organisations are normally not published. The use of first person "we" and "our" are minimised because privacy is a asset shared between trusting parties. The objective of privacy is to prevent identity theft, but it is understood that some people will trade their privacy for fame in an egotistical moment, but this private website should minimise such a threat. | | Please click here to popup more information about Published Content Service |
| 1.6 Links to other websites notice | | A policy is not to provide links to other websites because it is not possible to control what other websites do or say. An objective is to deploy a complete and correct service with internal links to a large number of safe and secure web pages with no dependency on other websites that may not always be operational. |
| 1.7 Legal Jurisdiction notice | | This website is subject to the laws of England and does not represent or warrant that the website is appropriate or available for use on any other jurisdiction. Those that choose to use this website do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules and regulations. From time-to-time, it may become necessary to limit access to any person, geographic area or jurisdiction for any reason. | | Please click here to popup more information about the General Data Protection Regulations (GDPR)... |
| Chapter 2. People who send a Message |
| 2.1 People who use the Contact Us Application (CUA) | | This website collects information volunteered by members of the public using the Contact Us Application (CUA). A message may be directed to a specific Officer such as the Data Protection Officer or may be a more general request to the Request Fulfilment Management (RFM) team. These messages are encrypted so they cannot be stolen and replicated so they cannot be lost. It is safe and secure to include private, confidential and sensitive information when using the Contact Us Application (CUA). Messages are only disclosed to the Request Fulfilment Management (RFM) team who only processes personal information in line with documented instructions and have committed themselves to privacy with a service agreement. The Contact Us Application (CUA) has a built-in escalation facility to bring the message to the attention of an Officer if the message is not responded to within 25 hours. Unless there are legal reasons not to do so, online messages are automatically erased inline with the retention notice. | | Please click here to popup more information about the Contact Us Notice... |
| 2.2 People who use email | | Any email sent to this website, including any attachments, shall be monitored and used for reasons of security in compliance with the electronic communications policy. Email monitoring or blocking software, including Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication Reporting and Conformance (DMARC) shall be used. Any email will be copied and uploaded as a new message into the Contact Us Application (CUA) where it can be processed by the Request Fulfilment Management (RFM) team in the normal way. Once an email becomes an online message it is erased so that by the end of every day, all emails will have been automatically erased. No email can exist for more than a few hours. It is recommended that private, confidential and sensitive business information is not leaked by an email message. Please be aware that the sender has a responsibility to ensure that any email sent is not offensive and is within the bounds of the law. It has to be assumed that emails are phishing attacks until the sender provides evidence to the contrary because an approved person would use the Contact Us Application and would not wish to leak business information by email. | | Please click here to popup more information about First Level Support by email |
| 2.3 People who use the phone | | When a person phones the First Level Support (FLS) team the message is recorded and Calling Line Identification (CLI) information is collected. The phone message will be transcribed as a new message into the Contact Us Application (CUA) where it can be processed by the Request Fulfilment Management (RFM) team in the normal way. Once the information collected by First Level Support (FLS) team has been transcribed as an online message that information shall be automatically erased within 24 hours. It is recommended that private, confidential and sensitive business information is not leaked by a phone message. Please be aware that the caller has a responsibility to ensure that any message is not offensive and is within the bounds of the law. It is assumed that all phone calls are phishing attacks until the caller provides evidence to the contrary because an approved person would use the Contact Us Application rather than leak business information in a phone call. As a duty of care to people on the phone to protect them from abuse, intimidation and impersonation, First Level Support (FLS) team do not have access to any Bespoke Application Service data and cannot access any personal information. The First Level Support (FLS) team have access to a vast library of published web pages that offer advice and guidance on how application services may be used, but are not responsible for education. | | Please click here to popup more information about First Level Support by phone |
| 2.4 People who use the post | | Any postal communication shall be scanned as attachments to a request using the Contact Us Application (CUA) where it can be processed by the Request Fulfilment Management (RFM) team in the normal way. Once a letter becomes an online message it is shredded so that by the end of every day, all paper documents will have been shredded. Please be aware that the author has a responsibility to ensure that any letter is not offensive and is within the bounds of the law. | | Please click here to popup more information about First Level Support by post |
| 2.5 People who make a complaint | | When this website receive a complaint it is processed via the Contact Us Application (CUA) by the Request Fulfilment Management (RFM) team to process in the normal way. A complaint normally contains the identity of the complainant and any other individuals involved in the complaint. The personal information collected will only be used to process the complaint and to check on the level of service provided. The Request Fulfilment Management (RFM) team usually have to disclose the complainants identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a persons record is in dispute. If a complainant does not want identifying information to be disclosed, the Request Fulfilment Management (RFM) team will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. Complaint information is retained in line with the enclosed retention notice. Complaints are retained in secure data center environments and access is restricted according to the "need to know" principle. It should be noted that a person is able to make a complaint to the Information Commissioners Office. Similarly, where enquiries are submitted, the Request Fulfilment Management (RFM) team will only use the information to deal with the enquiry and any subsequent issues. Periodically statistics are compiled and published showing information like the number of complaints received, but not in a form which identifies anyone. | | An objective is to meet the highest standards of data protection when collecting and using personal information. People are encouraged to send an online message if they think that collection or use of information is unfair, misleading or inappropriate. Suggestions are welcomed for improving these procedures. This privacy notice was drafted with brevity and clarity in mind and does not provide exhaustive detail of all aspects of collection and use of personal information. if additional information or explanation needed, please make a request using the Contact Us Application (CUA) that is safe and secure. | | It may be necessary to disclose Personally Identifiable Information (PII) to any third party; | | (1) if it is required to do so by law, | | (2) to comply with a legal process, | | (3) to comply with governmental requests, | | (4) to prevent, investigate, detect or prosecute criminal offenses or attacks on the technical integrity of the website or network, | | (5) to enforce terms and conditions or | | (6) to protect the rights, privacy, property, business or safety of the website, its people or the public. | | Please click here to popup more information about Complaint Handling |
| 2.6 Disclosure notice | | It may be necessary to share some personal information with other parties such as suppliers and vendors when broking a price for a service. The personal information disclosed will be explained to that person in advance and subject to their formal consent that may be withdraw at any time. It is understood that some people have traded their privacy for fame and are comfortable for identity thieves to know their date of birth and birth of their children. | | Please click here to popup more information about Data Protection Index... |
| 2.7 Retention notice | | This website uses an Expired Information Erasure Service that ensures that Personally Identifiable Information (PII) is only retained for as long as it is necessary to fulfill the purposes that it was provided. Unless required for legal reasons, information is automatically erased two years after the information process was closed. | | Compliance with GDPR article 5(1e) storage limitation is deployed with this retention notice and automated services to erase expired information without human decision making or forgetfulness. | | Please click here to popup more information about Expired Information Erasure Service |
| 2.8 Cross Border Transfer notice | | As an objective Personally Identifiable Information (PII) shall not be transfered outside the UK. Data sovereignty is guaranteed because all Personally Identifiable Information (PII) is Pseudonymised and Replicated Encrypted Data making it unintelligible, meaningless and worthless. It is plausible to state that Personally Identifiable Information (PII) is not stored and so it cannot be transferred. | | Compliance with GDPR articles 44 to 50 is deployed by not storing any data that can be identified as personal. |
| 2.9 Adult notice | | As an objective Personally Identifiable Information (PII) is only processed for people who are an adult (of legal responsibility) and will not process any information about a child or young person that needs the consent of a guardian. To minimise the cost of doing business, special legal processing for people who are not an adult has been eliminated. All staff who are contracted to confidentiality with a service agreement, must be an adult who are legally able to commit to such an agreement. All customer, supplier and business associate contact people who consent to the processing of their personal data must be an adult who is legally able to consent to such processing. It would be contrary to GDPR article 5(1c) as excessive to store a persons date-of-birth just to verify that the person is an adult. The only purpose to store a persons date-of-birth is to discriminate against them based on their age - that would be illegal and the person could claim damages for ageism. | | Where an Intern is hired before the age of 18, the persons guardian must consent and counter-sign the persons service agreement. People who are below the age of 18 are discriminated against with a lower income and the need to have another person act as their legal guardian. |
| Chapter 3. People who receive a message |
| 3.1 People who request a document | | This website is uses a Document Subscription Service (DSS) to send electronic messages and documents to people. | | The term "subscription" in this context means that people must consent to opt-in and subscribe; and may withdraw their consent with opt-out and unsubscribe. Document Subscription Services ensures that a person must formally opt-in and consent to access a message before that message is accessed. Document Subscription Services ensures that every message includes an "unsubscribe" link for a person to opt-out and withdraw their consent to being sent such a message. Statistics are gathered around email opening and links using industry standard technologies including clear images to help monitor and improve message and document flow. Personally Identifiable Information (PII) has to be stored for the people who have requested the service in order to provide this service. However, the website only use these details to provide the service the person has requested and for other closely related purposes. | | Please click here to popup more information about the Document Subscription Service... |
| 3.2 People who are job applicants, current and former employees | | When individuals apply to work, they can apply directly to the applicable Officer using the Contact Us Application (CUA) that is always available. The Personnel Director team will only use Personally Identifiable Information (PII) to process the application and to monitor recruitment statistics. Where the recruitment procedure need to disclose information to a third party, for example when to take up a reference or obtain a "disclosure" from the Disclosure and Baring Service (DBS); the recruitment procedure will not do so without informing thee person beforehand (unless the disclosure is required by law). Personal information about unsuccessful candidates will be held according to the retention notice after the recruitment procedure has been completed. De-personalised statistical information about applicants is retained to help improve recruitment activities, but no individuals are identifiable from that data. Once a person has taken up employment, the Personel Directors team will maintain Pseudonymised and Replicated Encrypted information about that person in safe and secure electronic environments. The information contained in this will be kept secure and will only be used for purposes directly relevant to that persons employment. Once their employment has ended, the personal data will be retained in accordance with the requirements of the retention notice. | | Please click here to popup more information about the Employee Information... |
| 3.3 People who access their own personal information | | An objective is to be open, honest and transparent in terms of giving people access to their own Personally Identifiable Information (PII) using a Digital Wallet Application (DWA). People can find out if their Personally Identifiable Information (PII) is stored by sending a "subject access request" via the Contact Us Application (CUA). If information is stored about a person then that person will be given an access code that grants them access:- | | (1) To view their Personally Identifiable Information (PII) as GDPR Article 15 Right of Access. | | (2) To view a detailed description of that information. | | (3) To view why it is being held and when it will be erased. | | (4) To be told who it could be disclosed to. | | (5) To let them download a copy of the information in an intelligible form as GDPR Article 20 Right to data Portability. | | (6) To let them rectify any errors or omissions as GDPR Article 16 Right to Rectification. | | (7) To let them erase their own information when they withdraw consent for it to be used as GDPR Article 17 Right to Erasure (right to be forgotten). | | (8) To give them a means to complain as GDPR Article 21 Right to Object and GDPR Article 22 Right to Stop Profiling. | | Please click to popup Data Protection Application... |
| 3.4 Direct Marketing notice | | An objective is not to get involved in any direct marketing and not get involved with the distribution of any application software. No programming is involved, no software is sold and it is recommended that application software that is likely to have vulnerabilities is never downloaded and installed. |
| Document Management Service | | 1. Title: 1.2 Demand Director: 05 Privacy Notice. | | 2. Reference: 161205. | | 3. Key Words: GDPR, privacy, legal compliance, security, Personally Identifiable Information (PII). | | 4. Description: Public privacy notice to inform people what degree of privacy they can expect and have a right to demand in compliance with UK laws, including General Data Protection Regulations (GDPR). | | 5. Privacy: Public shared for the benefit of humanity without copyright. | | 6. Edition: 5.3. | | 7. Issued: 4 May 2018. |
|
|