Welcome to our website. If you continue to browse and use this website [our ‘Site’] you are agreeing to comply with and be bound by the following terms and conditions of use.
- The content of the pages of this website is for your general information and use only. It is subject to change without notice.
- This website contains material which is owned by or licensed to us. This material includes, but is not limited to, the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with the copyright notice, which forms part of these terms and conditions.
- Unauthorised use of this website may give rise to a claim for damages and be a criminal offence.
- From time to time this website may also include links to other websites. These links are provided for your convenience to provide further information. They do not signify that we endorse the website. We have no responsibility for the content of the linked website(s).
- Your use of this website and any dispute arising out of such use of the website is subject to the laws of England and Wales.
Personal data we obtain from you
If you correspond or communicate with us, whether through the Site, by email, by telephone or otherwise, then we may process personal data which is contained in the relevant communication (e.g. the contents of correspondence, or notes of the subject matter of telephone calls) or which relates to the communication (e.g. your contact details or job title). All of this together is communications data. We process communications data for the purposes of communicating with you. If you have indicated your interest in our educational services or in our operations, then we may also process communications data for the purposes of addressing your enquiry and providing you with occasional news about our services (although you will be free to unsubscribe at any time). Finally, we may use conversion tracking in relation to some of our email communications (such as newsletters and promotional emails) – this will record whether a recipient has opened an email sent by us, or whether they have clicked through to any of the links in it.
If we deal with you or your organisation, for example as a supplier, customer, collaborator or commercial partner, then we may process personal data such as your contact details for the purposes of setting up an account in our systems or otherwise administering our relationship with you. We may also process personal data within all related correspondence and documents such as proposals or contracts, whether created by us or provided to us. We call all of this account data, and we process it for the purposes of purchasing products and services and administering our dealings with others.
We may process personal data relating to transactions, such as bank account details, contact details or transaction data in relation to payments made by us to you or by you to us (transaction data). This may include your contact details, any bank account or sort code information provided for the purposes of making or receiving payment, and the transaction details (such as POs or invoices). We process transaction data for the purpose of making and receiving payments.
We may process personal data relating to any visit you make to our premises, such as your vehicle registration number, contact details, role, the purpose of your visit or your movements around our site. We might also ask you to sign certain waivers or acknowledgements in order to access certain areas of our premises. We call all of this visitor data and we will process it for the purposes of ensuring your visit is properly recorded and is safe.
We have installed CCTV systems in some of our premises. We may process stills or footage which contain images of individuals (CCTV data). CCTV data may be processed by us for the purposes of security, safety and the prevention and detection of crime.
We may process technical data about your use of the Site, such as your browser type and version, operating system, time zone setting and location, referral source, length of visit, or navigation around the Site (for instance, which pages are viewed and how long for). This data is aggregated and anonymised in such a way that it contains no information relating to any identifiable individual at all : it’s not actually personal data but we mention it in this Policy for the sake of completeness. We process technical data for the purpose of improving our Site.
Personal data we obtain from others
Your personal data may be provided to us by someone other than you: for example, by your employer, by an organisation with whom you and we are both dealing. Normally this data will be communications data or account data as described above and will be processed by us for the purposes described above.
Our other processing
We may also process any of the data described above:
- (a) for the purposes of record-keeping and back-up and restoration of our systems;
- (b) as required by law or in connection with legal claims.
Our legal basis of processing
We will process personal data only on lawful bases. In particular, we will process personal data on the following lawful bases identified in Article 6 GDPR:
for the performance of a contract with you, or to take steps at your request prior to entering into a contract with you (Article 6(1)(b) GDPR). This may be our basis for processing communications data, account data, transaction data or visitor data;
for our legitimate interests (Article 6(1)(f) GDPR). This may be our basis for processing:
- i) correspondence, account and visitor data (as we have an interest in properly administering our business and communications, and in developing our relationships with interested parties);
- ii) transaction data (as we have an interest in making and receiving payments promptly and in recovering debts);
- iii) any personal data identified in this Policy where necessary in connection with legal claims (as we have an interest in being able to conduct and defend legal claims to preserve our rights); and
- iv) CCTV data (as we have an interest in the security of our premises);
- v) any personal data identified in this Policy in connection with backups of any element of our IT systems or databases containing that personal data (as we have an interest in ensuring the resilience of our IT systems and the integrity and recoverability of our data).
in performing our public functions (Article 6(1)(e). This may be our basis for processing any of the personal data identified above if we do so in connection with carrying out specific tasks in the public interest (for example, in our teaching or governance activities). If we process personal data in carrying out activities unrelated to our public functions then we do so on one of the bases set out above.
PACA's Data Protection Lead is Libby Hurd and you can contact them by email on: firstname.lastname@example.org
Disclosures of your personal data
We may disclose your personal data to our suppliers or contractors in connection with the uses described above. For example, we may disclose:
- (a) any personal data in our possession to suppliers which host the servers on which our data is stored;
- (b) transaction data to our accountants; and
- (c) account data to contractors who help us administer our operations.
We do not allow our suppliers or contractors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and applicable law.
We may disclose your personal data as necessary to comply with law (e.g. to Government or law enforcement).
We may disclose your personal data to our legal or professional advisors in order to take advice, but will do so under obligations of confidentiality.
If any part of our operations is sold to, transferred to, or integrated with, another organisation (or if we enter into negotiations for those purposes), your personal data may be disclosed to that organisation.