Oxon Hoath policy for GDPR
Who are we
Tindle Conferences and Education are committed to protecting your personal information and making every effort to ensure that personal information is processed in a fair, open and transparent manner.
Tindle Conferences and Education are a ‘data controller’ for the purposes of the DPA 1988 and from 25 May 2018 the EU GDPR 2016/679, which means we are responsible for, and control the processing of, your personal information.
If you wish to contact us, you can do via the contact page here
Our obligations under the act:
- If you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information.
- Only collect information that you need for a specific purpose.
- Collect and use information about people fairly and lawfully, without unwarranted harm or intrusion into their private life.
- Ensure the information is adequate, relevant and not excessive
- Keep the information secure and maintain records of data that is stored.
- Ensure the information is relevant and up to date.
- Only hold as much as you need and for as long as you need it.
- Don’t send the information to anyone not authorised to receive it.
- Allow the subject of the information to see it on request.
Who is responsible?
The data controller is contactable via the contact page here. They are legally responsible for the information that is stored and protected.
All our staff who collect, store and use information are data processors under the act. They are aware of the terms of, and will comply with, GDPR.
We will be open and honest about the information we are collecting, processing and storing.
Those with whom we do business will be told what data is being retained and how their data is going to be stored.
For the commercial side of the business, there will be an audit trail to show that consent has been given for use of details and retention.
Where controversial decisions are made, there is appropriate record-keeping to show justification for this. Such decisions are made by the data controller.
Retaining and storing information:
We will keep personal information to do with the commercial side of our business only as long as it is necessary and only as much as is necessary.
Data retained and processed for the commercial side of the business will include names, addresses, telephone numbers and e-mail addresses if we have been given permission to retain them. You can opt out or ask for data to be removed at any time by contacting the data controller.
Information can be stored on computers, on servers, on phones and in the cloud, all of which will be password-protected. Some information will also be stored in notebooks which will be securely locked away or kept safe when away from the office.
We will review the information from time to time to ensure it’s still relevant and up-to-date and delete any we no longer need. If asked, we will be able to show that this is being done.
We will keep personal information only as long as it is necessary and only as much as is necessary.
We will make sure that information about people is secure by taking reasonable steps to stop it being lost, stolen or misused.
We have password protection on computers, phones, laptops and tablets. Notebooks, folders and memory sticks are kept secure at all times – locked in cupboards in work and not left unsecured if away from the office.
All information is either locked away, password-protected or encrypted. Any redundant computers are wiped of all personal information.
All staff have knowledge of, and are compliant with, Tindle Conferences and Education’ security policies and procedures.
Cookies are small text files stored on your computer while you are visiting a website. Cookies help make websites work. They also provide us with aggregated information about how users interact with our site. We use this information to try to improve your experience on our website.
A number of the services we use to add value and convenience to your experience of our website may set cookies on your browser on our behalf. These services fall into three broad groups: web analytics, surveys and advertising.
Subject access requests:
Individuals can make a written request to find out what we hold about them, where it was obtained from and ask for copies of information and to see the complete data trail. This will be complied with within 30 days and will not usually incur a charge.
Such request will be dealt with by the data controller and should be made in writing by e-mail or post to that person.
We will refuse or charge for requests which are manifestly unfounded or excessive. If we are refusing, we will tell the individual why and tell them they have the right to complain to the supervisory authority.