WHY Communications is committed to protecting the privacy of all individuals it interacts with and we therefore ask that you please read this fair processing notice carefully. This fair processing notice explains how WHY Communications collects and uses your personal information.
1. About WHY Communications ►
2. WHY Communications’ processing of your personal information ►
Where you use the WHY Communications website ►
3. What marketing activities do we carry out? ►
4. How long do we keep your personal information for? ►
5. What is our approach to sending information overseas? ►
6. Automated decision making and profiling ►
7. Your rights ►
8. Contacting us ►
9. Keeping your information safe ►
10. Updates to this Notice ►
1. About WHY Communications
2. Our processing of your personal information ►
We will collect and use different personal information about you for different reasons, depending on our relationship with you.
As a public relations and marketing company, we collect and process personal data so that we can provide you with information about our services and deliver services to you. We will also use your personal data where we need to do so to comply with a legal or regulatory obligation. This makes us a controller of your personal data.
In order to make this notice as user friendly as possible, we have split it into different sections. Please click on the section below that best describes your relationship with us and the service you receive from us.
Where you use the WHY Communications website►
This section will apply if you use our website, including the Let’s Talk section.
What personal information may we collect?►
· Information submitted via the website, for example, details provided when you contact WHY Communications using the Let’s talk form, including your name and email address.
· Information obtained from Google Analytics. This includes information such as how you use our website and the demographics of visitors to our website.
How will we collect your personal information? ►
We will collect your information from you directly when you submit information via our website.
What will we use your personal information for? ►
There are a number of reasons we use your personal information and, for each use, we need to have a "lawful basis" to do so. We will rely on the following “lawful basis” when we process your personal information for the purposes mentioned, namely, that we have a valid business reason to use your personal information so that we can undertake our everyday business operations and activities, including:
· monitoring usage of our website and identifying ways in which we can improve the experience of our website users;
· responding to any enquiries you have submitted using the contact form.
In each case where we consider we have a valid business reason, we assess our need to use this personal information for these purposes against your rights to privacy to ensure we are protecting your rights.
Who will we share your personal information with? ►
We will not sell or transfer your personal information to anyone unless we have a valid purpose as set out above and we will only disclose it to the following parties:
· selected third parties in connection with any sale, transfer or disposal of our business;
· third parties who provide services to us or on our behalf so that we can carry out our everyday business operations and activities, such as IT suppliers and website providers.
What marketing activities do we carry out? ►
We will send you our WHY Communications newsletters where you’ve agreed to receive them. You can unsubscribe from this type of communication at any time by clicking the link in the footer of the email, or contacting us on firstname.lastname@example.org.
We may send event invitations from time to time. You can also unsubscribe from these.
4. How long do we keep personal information for? ►
We will only keep your personal information for as long as reasonably necessary to respond to any questions you raise. For example when you contact us to make an enquiry about our services, we will retain your personal information for 2 years following the enquiry.
If you opt in to our mailing list to receive information from us from time to time, we will retain your personal information until you opt out or otherwise ask us to stop sending you information, or if you fail to respond to one of our periodic emails checking you are still happy to receive our information.
If you would like further information about how long we will keep your personal information for, please contact us using the details set out in section 8.
5. What is our approach to sending your personal information overseas ►
There are a small number of instances where your personal information may be transferred to countries outside of the European Economic Area ("EEA"). For example, we store personal information on Obvibase and Google Drive.
Where such a transfer takes place, we will take the appropriate safeguarding measures to ensure that your personal information is adequately protected. This may include one of the following measures:
· entering into data transfer contracts and using specific contractual provisions that have been approved by European data protection authorities (often referred to as the "standard contractual clauses"). You can find out more about standard contractual clauses at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en;
· where transferring personal data to a company in the United States, checking that the company is certified under the "Privacy Shield" framework. The Privacy Shield is a scheme whereby companies certify that they provide an adequate level of data protection. You can find out more about the Privacy Shield https://www.privacyshield.gov/welcomeor
· checking that the company in question is based in a country outside the EEA which has been deemed by European data protection authorities to have adequate levels of protection for personal information. You can find out more about this at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en
We are also entitled under European data protection laws to transfer your personal information to countries outside the EEA where it is necessary for the performance of the contract we have with you.
If you would like further information regarding our data transfers and the steps we take to safeguard your personal information, please contact us using the details set out in section 8.
6. Automated decision making and profiling ►
What is automated decision making?
Automated decision making refers to a situation where a decision is taken using personal information that is processed solely by automatic means (i.e. using an algorithm or other computer software) rather than a decision that is made with some form of human involvement.
WHY Communications does not currently undertake automated decision making.
What is profiling?
Profiling is any form of automated processing of personal information which uses that personal information to evaluate certain personal aspects in relation to an individual.
WHY Communications does not currently undertake profiling.
7. Your rights ►
You have several rights which you can exercise at any time relating to the personal information that we hold about you and use in the ways set out in this notice. Please contact us at any time using the details set out in section 8 (Contacting us) if you wish to exercise these rights; we will not usually charge you.
We respect your rights and will always consider and assess them. However, please be aware that we may not always be able to comply with a request that you make as the consequence might be that:
· in doing so, we could not comply with our own legal or regulatory requirements; or
· in doing so, we could not provide services to you and would have to cancel your contract.
We will of course inform you if any of the above situations arise or if we are unable to comply with your request.
· The right to access your personal information ►
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. Please contact us using the details in section 8 to request a copy of the information we hold.
We are happy to provide you with those details but, in the interests of confidentiality, we follow strict disclosure procedures and may require proof of identity from you prior to disclosing such information.
We will usually provide your personal information to you in writing unless you request otherwise. Where your request has been made electronically (e.g. by email), a copy of your personal information will be provided to you by electronic means where possible.
· The right to rectification ►
Please help us to keep your personal information accurate and up to date. If you believe that there are any inaccuracies, discrepancies or gaps in the personal information we hold about you, please contact us and ask us to update or amend it.
· The right to restriction of processing ►
In certain circumstances, you have the right to ask us to stop using your personal information, for example, where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to use your personal information.
· The right to withdraw your consent ►
Where we rely on your consent to process your personal information, you have the right to withdraw your consent to further use of your personal information.
· The right to erasure ►
You can request that your personal information is deleted in certain circumstances such as where we no longer need your personal information for the purpose we originally collected it. When you exercise this right, we will need to consider other factors to assess whether we can comply with your request.
· The right to object to direct marketing ►
You have a choice about whether or not you wish to receive marketing information from us and you have the right to request at any time that we stop sending you marketing messages. You can do this either by clicking the link in the footer of any email that we send to you or by contacting us on email@example.com.
Please note that, even if you opt out of receiving marketing messages, we may still send you communications which are relevant to the nature of services we offer you. If you have asked us to stop using your personal information for marketing purposes, your name, date of birth and email address will be added to and kept on a "suppression list" to make sure that we do not send you marketing communications via the relevant channel(s) in the future.
· The right to object to processing ►
In certain circumstances, where we only process your personal data because we consider we have a legitimate business need to do so, you have the right to object to our processing of your personal data.
· The right to data portability►
In certain circumstances, you can request that we transfer any personal information that you have provided to us to a third party.
When you exercise this right, we will need to consider other factors to assess whether we can comply with your request.
· Rights relating to automated decision-making ►
We do not carry out automated decision-making.
· The right to make a complaint with the ICO ►
If you believe that we have breached data protection laws when using your personal information, you have a right to complain to a data protection supervisory authority which, in the UK, is the Information Commissioner's Office (ICO). You can visit the ICO's website at https://ico.org.uk/ for more information. Please note that lodging a complaint will not affect any other legal rights or remedies that you have.
8. Contacting us ►
If you would like any further information about any of the matters in this notice or if you have any other questions about how we collect, store or use your personal information, please contact Heather Macdonald Tait, our WHY Communications data protection contact, at firstname.lastname@example.org FAO Heather Macdonald Tait, WHY Communications Limited, 41 Ashgrove Road, Bristol, United Kingdom, BS7 9LF.
9. Keeping your information safe►
We have in place appropriate technical and security measures to prevent unauthorised access and accidental loss of your personal information.
We store your personal details on secure servers. We use industry standard security and firewalls on our servers. When we collect payment card details electronically, we use encryption by using Secure Website Certificate technology, which makes it hard for a hacker to decrypt your details.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your personal information. Our security procedures mean that we may occasionally request proof of identity, for example, your password, before we disclose personal information to you. You are responsible for protecting against unauthorised access to your password and to your computer.
10. Updates to this notice ►
From time to time we may need to make changes to this notice, for example, as the result of changes to law, technologies, or other developments. We will provide you with the most up-to-date notice by email and you can also check our website periodically to view it.
This notice was last updated on 29 March 2019 .