1. Our Commitment to your Privacy
Seaton Town Council and Seaton Tourist Information Centre holds and processes data – including personal data– so that we can deliver services to the general public.
We are committed to gathering and processing personal data with full regard for the General Data Protection Regulations (GDPR), the Privacy and Electronic Communications Regulations (PECR) and to the principles of personal choice and control, transparency, fairness and security. We always collect and process data on lawful grounds to meet the genuine needs of our organisation, but we do so with the highest regard for an individual’s rights and freedoms.
We only share information when it is absolutely necessary to meet our organisational needs and legal obligations and only with strict controls and data sharing and processing agreements in place. We will never sell personal data to third parties.
We are committed to keeping the personal details safe. This Notice explains how and why we use your personal data, to ensure that you remain informed and in control of your information.
For more information about your rights with regards to personal data, please see the Information Commissioner’s Office.
- Key terms in this document
We use the following key definitions to describe people mentioned in this document. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights (www.ico.org.uk)
- ‘Data subject’: this is you. As the data subject, we respect your right to control your data.
• ‘Data controller’: this is us, Seaton Town Council. With your permission, we determine why and how your personal data is used (as outlined in this document).
• ‘Data processor’: this is a person, or organisation, who processes your data on our behalf, with your permission. For example, this might be Seaton Tourist Information Centre, a mailing house or another organisation that we use that may need access to your data in order to fulfil a service to you.
When we work with other organisations or individuals in this way, we always set up a written contract with them to protect your data. The third parties we work with at no point ‘own’ your data, so you will never hear from them independently and they will always delete your data from their systems when they have completed the task in hand. We always send your data to partner organisations securely, to minimise the risk of it being intercepted by unknown individuals and/or organisations.
3. Why do we collect your personal data?
We use your personal data to keep in touch with you and to deliver services to you.
We will only ever collect, store and use your personal data when we have an identified purpose and reason to do so. The ICO refers to this as a ‘lawful basis’. Further information about why we collect your personal data is outlined below.
- a) To administer your accommodation listing
We collect your personal data to administer your accommodation listing , which may involve:
• Sending you information on Seaton and the surrounding area including local events that your guests may be interested in.
• Processing payments • Sending you renewal information
• Getting in touch should there ever be any issues in booking your property or any issues reported by people staying with you • Keeping your personal details up to date
The ICO define the lawful basis for processing your data for these purposes as ‘contractual’.
- b) To send you items requested from us
We collect your personal data to send you:
• items you have requested
- c) To deliver services that you have asked for
We collect personal data to:
process any monitoring information related to these services
• report to partner organisations
The ICO define the lawful basis for processing your data for these purposes as ‘contractual’. Where it is a contractual requirement to share your personal data with third parties.
- d) To send you information about our work and ask for your opinion
We also collect your personal data so that we can send you information about our work that we feel will be of interest to you. This includes information on how we are working to promote Seaton and may include local events, activities, products and services including those of other organisations that we work with. From time to time, we may also use your personal data to ask for your opinion about our work.
This information is in addition to that outlined in sections a), b), c) and is defined as ‘direct marketing’ by the ICO
.i) Legitimate interest
This is where we have identified a genuine and legitimate reason for contacting you, which crucially does not override your rights or interests.
We use legitimate interest to send you the information listed above by post or telephone (if you are not registered with the Telephone Preference Service, and you have given us your telephone number).
- ii) Opt-in consent
This is where you have given us express permission to contact you by particular communication channels.
We use opt-in consent to send you the information listed above by email, text message (SMS) or telephone (if you are registered with the Telephone Preference Service)
We respect your right to update the way we get in touch with you about our work at any time.
4. What kind of personal data do we collect? How do we collect it?
- a) Basic information
We will usually collect basic information about you, including your name, postal address, telephone number, email address and your bank details if you are making payments.
Most of the time, we collect this data from you directly. Sometimes this is in person; other times, it is over the telephone, in writing or through an email. Occasionally we obtain information, such as your telephone number or other contact details, from external sources such as google.
- b) Getting to know you better
We also collect information about you that helps us to get to know you better. This may include:
information about your business or interests, which you tell us through surveys
• records of payments made for services
• your preferences of how you would like us to contact you
• records of events you’ve attended, or activities that you’ve been involved in.
Sometimes we will collect other information about you such as your date of birth and gender. When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific consent and permission.
Other ways in which we collect personal data to get to know you better include:
- i) Our website
Our website uses ‘cookies’ to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites.
Our cookies help us:
• Make our website work as you’d expect
• Remember your settings during and between visits
• Improve the speed/security of the site
• Allow you to share pages with social networks like Facebook
• Continuously improve our website for you • Cookies are set by this website (first party cookies) but may also be set by other websites (e.g. You Tube) that run content on the website’s pages (third party cookies).
- c) Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation). However, there are some situations where this will occur. When we do so, we will be very clear as to why we are collecting such information, and we will only do so with your specific consent and permission. In these situations, we collect the data from you directly. Generally, we anonymise sensitive personal data wherever possible.
We may also collect sensitive personal data if you have an accident on one of our premises.This information will be retained for legal reasons, for safeguarding purposes and to protect us (including in the event of an insurance or legal claim). If this does occur, we’ll take extra care to ensure your privacy rights are protected.
- d) Children and young people
In line with data protection law, we will not collect, store or process your personal details if you are under 13 years of age; unless we have the express permission from your parent or guardian to do so.
5. How do we store your data?
- a) Security
All of the personal data we process is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). This will be done in accordance with guidance issued by the Information Commissioner’s Office.
We use Campaign Monitor or MailChimp for e-mail marketing, with the exception of email. A copy of Campaign Monitor’s policy regarding data security – in terms of operational security, physical security and application security – can be found here and a copy of MailChimp’s policy regarding the same elements of data security can be found here.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). Our staff receive data protection training and we have a clear Data Protection Policy and associated guidance which personnel are required to follow when handling personal data.
- b) Payment security
All electronic forms that request financial data will use secure payment programmes to encrypt the data between your browser and our servers.
If you use a credit card we use Worldpay. Please refer to sections 17, 18, and 19 in the following link for their data processing terms and conditions: https://www.worldpay.com/sites/default/files/171120-SME-Terms-2017.pdf
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
- c) CCTV
Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and premises users. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded over.
- d) Data retention policy
We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold and delete what is no longer required.
6. Data sharing
We sometimes need to share the personal information we process. Where this is necessary we, and any third parties we share with, are required to comply with all aspects of the General Data Protection Regulations (GDPR). Sharing is always subject to a lawful basis for processing. We will never sell personal details to third parties.
Organisations that we share data with include:
- Organisations who process data on our behalf – for example, mail and print services, providers of other goods and services on our behalf (such as merchandise), consultants who help us to analyse and improve our performance;
• Our partners on partnership projects – for example, for the purposes of project monitoring and delivery;
• Our trading subsidiaries – to ensure that we are adhering to legal obligations and high levels of customer care • Legal/compliance bodies where required – insurers, auditors, HMRC, Fundraising Regulator, ICO;
• Statutory bodies or agencies – for example, to respond to legal issues and risks;
• Healthcare, social and welfare organisations – to manage and safeguard the wellbeing of our staff, volunteers and beneficiaries;
• Educators and examining bodies – for example, where we are supporting trainees;
• Current, past and prospective employers – for example, to provide references;
• Survey or research organisations
When we work with other organisations or individuals in this way, we must always set up a written contract with them to protect personal data – Data Processing and/or Data Sharing Agreements. The third parties we work with at no point ‘own’ an individual’s data, must never contact the individual outside of their agreement with us and must always delete this data from their systems when they have completed the task in hand. We must always send data to partner organisations securely, to minimise the risk of it being intercepted by unknown individuals and/or organisations.
7. Your rights
We respect your right to control your data. Your rights include:
- a) The right to be informed
This privacy notice outlines how we capture, store and use your data. If you have any questions about any elements of this policy, please contact us.
- b) The right of access
If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month. To make a Subject Access Request, please contact Seaton Town Council.
- c) The right to rectification
If we have captured information about you that is inaccurate or incomplete, we will update it.
- d) The right to erase
You can ask us to remove or randomise your personal details from our records.
- e) The right to restrict processing
You can ask us to stop using your personal data.
- f) The right to data portability
You can ask to obtain your personal data from us for your own purposes.
- g) The right to object
You can ask to be excluded from marketing activity.
- h) Rights in relation to automated decision making and profiling
We respect your right not to be subject to a decision that is based on automated processing.
For more information on your individual rights, please see the Information Commissioner’s Office.
Overall responsibility for this notice and the implementation of our Data Protection Policy lies with Seaton Town Council
Information Commissioner’s Office
For further assistance with complaints regarding your data, please contact the Information Commissioner’s Office, whose remit covers the UK.
Information Commissioner’s Office
Telephone: 0303 123 1113
9. Leaving our website
We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.
10. Contact Us
The website is owned and operated by Seaton Town Council.
Our principle place of business is Marshlands Centre, Harbour Road, Seaton, Devon EX12 2LT.
Telephone: 01297 21388
Email: firstname.lastname@example.org or email@example.com
We are open Monday – Thursday, 9am – 2pm