Introduction and Aim
Nu-World CIC knows that you take your privacy seriously. We do, too. We will not misuse, sell, or exploit any information provided to us and we do all we possibly can including physical, electronic, and managerial procedures to ensure your data stays safe.
The majority of the information you give us is for the express purpose of keeping all customers safe inside our hub or sending you information of interest about Nu-World.
Reasons/purposes for processing information GDPR legislation states six lawful bases for processing personal information. These are the only justifications for doing so.
1.necessary to enter into or to perform a contract,
2.necessary for compliance with a legal obligation,
3.necessary to protect ‘vital interests’
4.necessary for the public interest,
5.necessary for a legitimate interest,
6.with the consent of the data subject.
In line with this, Nu-World CIC will store or process data for a number of reasons including:
•Financial obligations for customers, staff and suppliers (points 1 and 2)
•Photos, names, dates of birth to allow the business to run smoothly and to help ensure child safety so that the correct children leave with the correct adults (points 4 and 5)
•Contractual obligations including staff, customer and supplier contracts to ensure are legally compliant (point 1 above)
•To inform customers, with their consent, of special offers and events that are taking place at Nu-World CIC (point 6 above)
•CCTV images for the prevention and detection of crime and to protect the children who come to Nu-World CIC (point 4 above)
•The following legitimate purposes: accounting, billing and audit, and administrative and legal purposes, statistical and marketing analysis, customer surveys and to help us in any future dealingswith you, for example by identifying your requirements and preferences (point 5 above)
Specifically, the information collected at reception or online is as follows:
•Telephone Number (for adults only)
• D.O.B (for children only)
Other than the email address, this information is for the security of all customers within the building so that if required they can be identified as well as enabling the business to run efficiently. The email address will only be used to communicate an event you have booked, special offers or events that Nu-World believes you would legitimately be interested in. You will be asked at the time whether you wish to be contacted via email and for what purpose.
As a data subject, you have the following rights under the GDPR, which this Policy and our use of personal data have been designed to uphold:
1. The right to be informed about our collection and use of personal data.
2. The right of access to the personal data we hold about you.
3. The right to rectification if any personal data we hold about you is inaccurate or incomplete.
4. The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you. We only hold your personal data for a limited time, normally 3 years after inactive use, unless dictated differently by law such as staff or financial records.
5. The right to restrict (i.e. prevent) the processing of your personal data.
6. The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation).
7. The right to object to us using your personal data for particular purposes.
8. Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your personal data, please contact us using the details provided at the foot of this policy and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
For further information about your rights, please contact the Information Commissioner’s Office (ICO) or your local Citizens Advice Bureau.
We take very strong precautions to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction and as part of this, Nu-World CIC has conducted a risk assessment of all the data it processes to ensure their CUSTOMERS, STAFF and SUPPLIERS data all remains as safe as possible. If your data is involved in a data breach for any reason, in particular any data that could identify customers, staff or suppliers personally you will be informed in line with the data breach guidelines as dictated by the Information Commissioner Office see www.ico.org.uk any data breach we will inform the ICO within 72 hours of being aware of any breach and follow our procedures after that, in line with the ICO guidance.
Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. They enable Nu-World to provide features such as remembering aspects of your last booking search to make subsequent searches faster. Cookies can be deleted from your hard drive if you wish. Most web browsers automatically accept cookies, but you can change your browser settings to prevent that. Even without a cookie you can use most of the features on the web site. Our cookies do not contain any personally identifying data.
Use of Pixels
In order to understand how our customers interact with the emails and the content that we send, we use pixels to understand who has opened the message. In order to provide our content in the most interesting way, we may also use pixels to learn whether you can receive emails in text or html form.
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance.
We do not keep any digital information on site, it is all secured by 3rd party companies as follows:
•Mailchimp who store and maintain our newsletter mailing list
•Gmail and google Docs for all office files and emails
•Google (another of our Affiliate Advertisers and also used for Analytics)
•Deputy for staff photos and contact details for the staff rota
They all operate their own extremely high levels of data security. All their servers are within the EU and each company has its own Privacy Policies and they are not permitted to use, in any way, the data that is shared on their servers.
How Can You Access Your Data?
Nu-World has an open policy regarding the maintenance of information we hold and use. Please contact us at any time via firstname.lastname@example.org via the contact details at the foot of this form to notify us of changes or detailing what information you wish to access or have removed from our systems. In line with the ICO guidance we will contact you within 28 days.
How Can You Control Your Data?
In addition to your rights under the GDPR, when you submit personal data either online or via reception you will be given options to restrict our use of your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes (including the ability to opt-out of receiving such emails from us, which you may do by unsubscribing using the links provided in our emails and at the point of providing your details and by managing your account).
What Happens If Our Business Changes Hands?
For further information about your rights, please contact your local Citizens Advice Bureau.
Nu-World CIC Data Controller
Address: Unit B, Peacock Court, Ringlet Road. HP2 7DP
Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.