Twickenham BID Ltd value the trust you place in us by giving us your data. This policy sets out the basis on which any personal data we hold, collect from you, or that you provide to us, whether via our website or otherwise, will be used and processed by us.
We adhere to the Principles of Data Protection, as set out in the General Data Protection Regulation (GDPR). This includes the obtaining, holding, using, disclosing or sharing of such data. All personal data captured and held is maintained and analysed by the website's web servers. It does not capture personal information (unless you have provided this) but dose capture the user's IP address, which is automatically recognised by our web servers and is used to monitor website usage. All such data is confidential and will be treated with due care.
How we collect data and what information we collect
We will collect data through forms, and indirectly through social media platforms, approved data warehouses and information you provide when you subscribe to any of our updates or newsletters. It includes information provided when you make an enquiry, enter competitions, engage with business services provided by the BID or a third-party supplier, promotional activity, taking part in surveys, and registering for specific event information.
The data we collect includes; full name, date of birth, email, address and postcode, phone and contact number, social identifiers, email communication responses and as stated in this policy Cookie and behavioral data and website usage history.
If we collect, hold data, or are asked to process data for, a child under 13, we will hold additional data, including but not limited to:
- Parent or guardian name and contact information
- Parental or guardian consent for marketing communications
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website.
Any cookies that may be used by this website are used either solely on a per session basis or to maintain user preferences. Cookies are not shared with any third parties. We also collect information about how you use our website to improve SEO, PPC, online advertising, email marketing, web analytics or other digital services.
How we use your personal information
We may use your personal information for:
- Email communication with valid consent, for example updates on events and promotions
- Promotion of Twickenham BID Ltd
- Profiling to improve our communication
- Research and statistical analysis to inform the BID strategy and update levy payers.
Your data will be shared with approved third parties in order to provide these services. You can request an up-to-date list of these third parties at any time by contacting us via the details below.
BID Levy Payers
We will use your data on the grounds of Legal Obligation, Legitimate Interest and consent basis of processing data defined by GDPR. All communications regarding your Levy and your opportunity to vote are a legal obligation to ensure you are informed.
All other communications, which will include communicating with you via email, phone, and post to provide the below are considered to be of Legitimate Interest, as there is a benefit to both parties to be kept up to date with BID activity.
Legitimate interests includes:
- updates and information in line with our BID aims and objectives
- events which will impact the Town Centre and potentially your business
- any useful information relating to Twickenham BID, Twickenham Town Centre area and your business.
- results of activity and events delivered by the BID and other local organisations.
For operational purposes, we will use data we collect for clients and supplier companies for the following:
- financial and accounting procedures, including, but not limited to, quoting, raising purchase orders, sending statements, discussing payments and invoicing
- credit checking
- contractual matters
- human resource matters
Your right to be informed
If we indirectly collect your data we will email you to inform you that we hold information about you, with a link to our Data Protection Policy. We will update this policy from time to time and ensure the latest version is always published on our website.
How we store your data
We will only store data on our approved secure environments, which are GDPR compliant, including:
- CiviCRM Platform
- Email service provider
- Email software
Data stored on local PCs and other devices will be protected with a strong password and encrypted. Data will be removed from local PCs and other devices, and any memory sticks or cloud storage platforms, as soon as it is no longer required.
All hard copies will be kept in a locked cabinet or drawer and put away when not in use.
Accessing, updating, removing or restricting usage of your data
Under the GDPR you have the right to request the data we hold on you, request updates if any data is incorrect, request to be removed from, or restrict how we use and process your data. To exercise any of these rights please contact us and we will be in contact with you to set out the next and required steps.
Having your data erased
You have the right to request all information about you is erased from our systems.
Although we respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. We will review your request and tell you what data we can remove. We will do our best to respond within one month.
Transferring and sharing your data
We may share your personal information with selected third parties whom we organise a joint event or form a business service with, or for joint marketing or BID project delivery purposes. All personal data captured is held confidential, maintained and analysed by the website's web servers. It does not capture personal information but does capture the user's IP address, which is automatically recognised by our web servers and is used to monitor website usage.
You should be aware, however, that access to web pages will generally create log entries in the systems of your ISP or network service provider. These entities may be in a position to identify the client computer equipment used to access a page. Such monitoring would be done by the provider of network services and is beyond the responsibility or control of Twickenham BID Ltd.
We will only share your data with third parties if we are obliged to disclose by law, or the disclosure is “necessary” for the purposes of national security, taxation and criminal investigation, or if we have your prior consent.
Operational procedures to protect your personal information
All BID employees are aware of the importance of and the requirements we have as a business to keep your data secure, and comply with data protection regulations and this policy. Data breach and accountability We take data security and your privacy seriously and as such we have appointed a data controller within our organization to ensure compliance to this policy. Our data controller can be reached at firstname.lastname@example.org.
If we suspect a data breach of any kind, we will report it to the Information Commissioner’s Office immediately. If you suspect a data breach, which you believe may have involved us and the information we hold on you, please email us with the subject 'Data Breach' and we will respond within 72 hours.
The GDPR in the UK is governed by the ICO – www.ico.org.uk
You can update or amend your personal information, as well as how we contact you, at any time. If you have any questions, concerns or complaints about the ways in which we process your personal data, you can contact us by:
Post: Try Twickenham Ltd, 30 Heath Road, Twickenham, TW1 4BZ
Phone: 020 34170 809