GDPR Article 13 Privacy Notice
In line with Article 13 of the GDPR, UK Privacy Consultants collects your personal information only to the extent necessary to fulfill a precise purpose related to our tasks.
We put in place measures to guarantee that your data are kept up-to-date and processed securely. Here below, we provide you with some general information regarding the processing of personal data on our website. Specific information about the processing activities of the UK Privacy Consultant website other than the ones associated with this website will be provided separately. Personal data is only stored for a period that is contained within our retention schedule.
You have specific rights when it comes to the processing of your data by us.
When your data is processed by UK Privacy Consultants, you have the right to know about it.
You have the right to access the information and have it rectified without delay if it is inaccurate or incomplete.
You can ask to have your data erased, and unless we have a lawful basis to continue to process it, it will be erased. Either way, we will let you know.
You can ask to have some or all of your data to be restricted from further processing in certain circumstances.
You can also object to it, in certain circumstances, on grounds relating to your specific situation.
You can ask to exercise your right to data portability; however, please be aware that this may not be possible in all circumstances due to the way we process your personal data.
You can request that any of the above changes be communicated to other parties to whom your data have been disclosed.
You also have the right not to be subject to automated decisions (made solely by machines) affecting you, as defined by law.
You have the right to receive your personal data in a standardised format in case you wish to transfer it to another controller (data portability).
Right to complain
You have the right to complain at any time if you believe your data protection rights have been breached.
These rights are outlined in Chapter III of the current data protection Regulation 2018/1725.
In the first instance, we recommend that you contact us directly so that we can work through any concerns you may have.
However, you can report any incident or concerns you have about UK Privacy Consultants directly to the Information Commissioners Office (ICO), using any of the methods shown on the ICO web page: https://ico.org.uk/make-a-complaint/
How to exercise your data protection rights at UK Privacy Consultants
If UK Privacy Consultants is processing your personal data and you would like to exercise your data protection rights, please send us a written request either by e-mail DPO@UKPrivacyConsultants.co.uk or to our Data Protection Officer by post in a sealed envelope to 98 Goodliff Road, Grantham, NG31 7QB.
In principle, we cannot accept verbal requests (telephone or face-to-face) as we may not be able to deal with your request immediately without first analyzing it and reliably identifying you.
Your request should contain a detailed, accurate description of the data you want access to. When there are reasonable doubts regarding your identity, you might be asked to provide a copy of a document, which helps us to verify your identity. It can be any document such as your ID card or passport. Should you provide any other documents, personal details such as your name and your address should be in clear to be able to identify you, while any other data such as a photo or any personal characteristics, may be blacked out.
Our use of the information on your identification document is strictly limited: the data will only be used to verify your identity and will not be stored for longer than needed for this purpose.
Your personal data and our website
The UK Privacy Consultants website is our most important communication tool. Here we communicate our work such as our guidelines, recommendations, best practices, advises, opinions and decisions. In addition, we communicate data protection news and information about data protection topics to the general public as well as our more expert audiences.
Some of the services offered on our website require the processing of your personal data.
personal data collected on our website for the following purposes:
when you send us a request or a complaint through our website or by other means, only for the purpose of the management of this request of complaint;
We do not reuse the information for another purpose that is different to the one stated.
We will never divulge your personal data for direct marketing purposes.
Under certain conditions outlined in law, we may disclose your information to third parties, (such as the European Anti-Fraud Office, the Court of Auditors, or law enforcement authorities) if it is necessary and proportionate for lawful, specific purposes.
As a rule, we do not keep your personal information for longer than necessary for the purposes for which we collected it. We may keep your personal data for a longer period for historical or scientific purposes with the appropriate safeguards in place.
UK Privacy Consultants uses social media to present its work through widely used channels. The ideas and views expressed by UK Privacy Consultants on social media are for information purposes only. No communication through social media shall be deemed to constitute legal or official notice on behalf of the Board.
Google Analytics and its cookies
Google Analytics is the corporate service which monitors and evaluates the effectiveness and efficiency of the UK Privacy Consultants website.
It uses an open-source analytics platform, Matomo (formerly Piwik), fully controlled by the European Commission. This platform enables the protection of end-user personal data thanks to features such as IP address de-identification. On top of that, the EDPB has created a feature to manage users’ consent to the collection of users’ browsing experience for anonymised statistics.
Data protection information and measures in Europa Analytics
Google Analytics is configured to use the second level domain europa.eu (used by the websites of European institutions) and to store first-party cookies.
Cookies (from Matomo) used by Europa Analytics enable the European Commission to track the following information about visitors. This information is used to prepare aggregated statistics reports of visitors’ activity, which do not contain any personal data:
· IP address (masked) ;
· Location: country, region, city, approximate latitude and longitude (Geolocation);
· Date and time of the request (visit to the site);
· Title of the page being viewed (Page Title);
· URL of the page being viewed (Page URL);
· URL of the page that was viewed prior to the current page (Referrer URL);
· Screen resolution of user's device ;
· Time in local visitor's time-zone;
· Files that were clicked and downloaded (Download);
· Links to an outside domain that were clicked (Outlink);
· Pages generation time (the time it takes for webpages to be generated by the webserver and then downloaded by the visitor: Page speed);
· Main language of the browser being used (Accept-Language header);
· Browser version, browser plugins (PDF, Flash, Java, …) operating system version, device identifier (User-Agent header);
· Language of the visited page;
· Site Search;
To improve the accuracy of the produced reports, information is also stored in a first-party cookie from our website and then collected by Google Analytics:
· Random unique Visitor ID;
· Time of the first visit for the specific visitor;
· Time of the previous visit for the specific visitor;
· Number of visits for the specific visitor.
UK Privacy Consultants retains full control of the data collected through first-party cookies by storing the data in servers fully owned and controlled by UK Privacy Consultants.
Besides some session cookies, a random ID persistent cookie is generated by Matomo, which allows Google Analytics to identify when a user returns to the site. This cookie has an expiration date of 13 months, after which it is automatically removed from the user's device.
· First party cookies are cookies set by the website you’re visiting. Only that website can read them. Also, a website might potentially use an external service to analyse how people are using their site. Google Analytics sets their own cookie to do this and does not use external parties.
· Persistent cookies are cookies saved on your computer which are not deleted automatically when you close your browser, unlike a session cookie, which is deleted when you close your browser. Persistent cookies are only used to re-identify you upon your next visit.
Consent to collecting your browsing experience, including personal data, for the production of anonymised statistics
By default, the browsing experience of our website visitors is NOT tracked by Google Analytics. You may, though, choose to consent to our processing of any personal data collected during your browsing experience on our website to allow us to produce anonymised statistics.
You enable the Do Not Track option (see below for an explanation) in your web browser, we will respect your choice, and your browsing experience on our website will not be tracked for our anonymised statistics.
If you have not enabled the Do Not Track option, we will show you a cookie banner for you to make your choice and install a cookie called “edp_cookie_agree” to keep track of your choice. If you consent to the processing mentioned above, then Europa Analytics is activated and some relevant cookies loaded. You can always decide to withdraw your consent, or consent again at any time.
The “edp_cookie_agree” expires after 6 months: then, if your Do Not Track option is not enabled, you will be shown the cookie banner again to renew your choice.
In case you have disabled all cookies, you will be shown the cookie banner at each visit of our website.
If you wish to consent to (or withdraw your consent from) analytics:
Do not track preferences
Do Not Track is a function that allows visitors no to be tracked by websites. Do Not Track options are available in a number of browsers including:
Restricted access to information
All analytics data communication is encrypted via HTTPS protocol. The analytical reports generated by Google Analytics can only be accessed through the GoDaddy, with the relevant UK Privacy Consultants staff or by duly authorised external sub-contractors, who may be required to analyse, develop and/or regularly maintain certain sites.
Masking of IP addresses
Note: institution, city and country of origin for statistical purposes are determined from the full IP, then stored and aggregated before a mask is applied. Google Analytics uses an IP de-identification mechanism that automatically masks a portion of each visitor's IP (Internet Protocol), effectively making it impossible to identify a particular UK Privacy Consultant visitor solely via their IP address.
Google Analytics automatically deletes visitors' logs after 13 months. Aggregated data sets, containing no personal data, are stored for an indefinite period by UK Privacy Consultants for analysis purposes.
If you have any questions concerning the processing of personal data, you can also contact our DPO.
Version Number: 2 dated: 1 Jul 19