Privacy

PRIVACY AND COOKIE POLICY

Mid Devon District Council at the address Phoenix House, Phoenix Lane, Tiverton, EX16 6PP (“we”, “us” or “our”) operate the website www.visitmiddevon.co.uk (our “Website”).

This policy and Terms of Use sets out the basis on which your personal data will be processed by us when you visit our website www.visitmiddevon.co.uk, use our services, sign up to our newsletter and/or contract us in relation to business listings.

For the purpose of data protection laws, we are the controller and we are registered as a controller with the Information Commissioner’s Office under number Z5826451.
We are committed to maintaining the privacy and protection of all personal data that we process in connection with our business. If you have any questions regarding our privacy policy, please contact us (our contact details are set out in section 12).

1. BASIS FOR PROCESSING PERSONAL DATA

Sections 1.1 – 1.12 below explain how and why we process your personal data, as well as the legal basis on which we carry out this processing.

1.1 To operate the website and provide customer services to you: We may process your personal data in order to operate our website and provide various supporting customer services to you (such as where you submit an enquiries form to us to request certain information or where you create a “wish list” of events and locations you wish to visit).The legal basis on which we process your personal data in these circumstances is our respective legitimate interests in dealing with customer service requests and responding to communications. If you do not provide us with the personal data we request from you for customer services purposes, we may not be able to fully answer your queries.

1.2 To send you our e-newsletter: Where you have submitted an application form on our website for the purposes of receiving our e-newsletter, we will process your personal data (specifically your name and email address) to provide you with this. The legal basis on which we process personal data for this purpose is consent and / or legitimate interests to provide you with information you are interested in and to market relevant products and services to you. You are not under any obligation to provide us with your personal data for this purpose, and you can unsubscribe or withdraw your consent to personal data being processed in this way at any time by contacting us (contact details set out in section 12) or, where relevant, by following the unsubscribe link in any e-newsletter email you receive from us. We will stop processing your personal data in this way within five (5) working days of receiving an unsubscribe request. If you do choose to withdraw consent, this will not mean that our processing of personal data before you withdrew consent was unlawful.

1.3 To make our website better: We may process your personal data in order to provide you with a more tailored user experience. We may also use your personal data to make sure our website is displayed in the most effective way for the device you are using. This processing means that your experience of our site will be more tailored to you. We also use various cookies to help us improve our website (more details are set out in section 4) and share your personal data with the third party analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will also process personal data for the purposes of making our website more secure, and to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
The legal basis on which we process personal data in these circumstances is our legitimate interest to provide you with the best customer experience we can, and to ensure that our website is kept secure.

1.4 If you send us information for use on our website: Where you volunteer information to us, such as walking routes, events and other local information, for the purposes of it being included on our website as content (as a Contributor), we may receive your identity and contact details (such as your name and email address). The legal basis on which we process your personal data in these circumstances is our legitimate interests to increase and improve the information on Mid Devon offered to our visitors on our website.

1.5 To enter you into a competition: Where you choose to enter into a competition through, or advertised on, our website, we will receive information such as your name and contact details. The legal basis on which we process your personal data in this case is your consent and / or our legitimate interests to be able to enter you into the competition and contact you if you have won.

1.6 To advertise an event on our website: Where you provide information for the purposes of listing an event on our website we may receive your name and contact details. The legal basis on which we process your personal data in these circumstances is our legitimate interests to provide you with an avenue to promote your event and to increase and improve the information on Mid Devon offered to visitors through our website.

1.7 To participate in market research: Where you agree to participate in market research in relation to the area of Mid Devon and relevant activities and events. The legal basis on which we process personal data in these circumstances is your consent and / or our legitimate interests to improve our organisation by providing website visitors with more relevant and accurate information in relation to Mid Devon. Where you confirm you are happy for us to do so, we may collect special categories of personal data for this same purpose. In these circumstances, the legal basis on which we process such data is your explicit consent. For more information on special categories of data, please see section 2.6.

1.8 If you use our social network pages: Where you use any of our social network pages or where you use any of our services that allow interaction with social networks, such as Facebook or Twitter, we may receive information relating to your social network accounts. For example, where you ‘Like’ or ‘Tweet’ something on our website or share any of our content, we may record that you have done so and we may receive information about your social network profile (depending on your social network account privacy settings). For more information on your social media profile privacy, you should view the privacy policy and other guidance on the relevant social network’s website.
The legal basis on which we process your personal data is our legitimate interests to provide you with the best user experience we can and to market and grow our business.

1.9 For the business listings service: To the extent that you enquire after, or purchase, a business listing space on behalf of a business or organisation, we may receive your name and contact details. The legal basis on which we process your personal data is our legitimate interests to provide you with this service or information on this service. Tiverton Museum of Mid Devon Life (TM) manages this service for us and so may also be processing your personal data for this purpose – please see section 4 for more information.

1.10 For marketing purposes: We may take photographs, or record audio or video footage of you discussing or participating in activities or events in Mid-Devon. We do this for the purposes of using the images and footage to promote the area of Mid-Devon.

1.10.1 Where you are incidentally included in this material, the legal basis on which we process such personal data is that it is necessary for the legitimate interests we have in marketing Mid-Devon and growing the impact of our organisation. If you do not wish to be included in such material, please tell the individual responsible for taking the photographs, audio or video footage.

1.10.2 Where you are specifically included and identifiable, the legal basis on which we process such personal data is your explicit consent.

1.11 If our business is sold: We will transfer your personal data to a third party:

1.11.1 in the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets (at all times in accordance with all applicable data protection laws); or

1.11.2 if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the assets transferred to the purchaser,
in each case, the legal basis on which we process your data in these circumstances is our legitimate interest to ensure our business can be continued by a purchaser. If you object to our use of personal data in this way, the relevant seller or buyer of our business may not be able to provide products and/or services to you.

1.12 In certain circumstances we may also need to share your personal data if we are under a duty to disclose or share personal data in order to comply with any legal obligation.

1.13 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

1.14 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

1.15 Please note that we may process your personal data without knowledge or consent, where this is required or permitted by law.

2. CATEGORIES OF INFORMATION WE COLLECT FROM YOU

2.1 We will collect and process the following personal data about you.

2.2 Information you give us: This is information about you that you give us when filling in forms on our website or by corresponding with us by phone, e-mail or otherwise. It includes information provided to us in relation to:

2.2.1 submitting enquiries to us via our online enquiries form;

2.2.2 registering for our e-newsletter;

2.2.3 providing information as a Contributor, as mentioned above in section 1.4;

2.2.4 completing an image release form to agree you are happy for your photo or the audio or video content containing yourself to be taken and used on our website, as mentioned above in section 1.5;

2.2.5 providing information in relation to an event to be listed on our website;

2.2.6 entering a competition through our website;

2.2.7 agreeing to participate in market research;

2.2.8 our “Make your own wish list” function on our website; and

2.2.9 reporting a problem with our website.
The information you give us may include names, addresses, email addresses, phone numbers and job role/title.

2.3 Online Information we collect: With regard to each of your visits to our website we will automatically collect the following information:

2.3.1 technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, screen resolution, operating system and platform; and

2.3.2 information about your visit, including the full Uniform Resource Locators (URL), clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs) and methods used to browse away from the page.

2.4 Information we receive from other sources: We may receive personal data about you from other third parties and public sources such as technical and website usage data from analytics providers, such as Google, or your identity and contact details from TM where you have purchased a business listing space (see section 4).

2.5 Photographs, audio and video files: As stated above, we may collect photographic, audio and visual data of you relating to the promotion of the area of Mid-Devon. We may also process photographic, audio and visual data of you relating to the promotion of a business or events listing provided to us by a third party (including TM). For more information on how that third party processes your personal data, please refer to their privacy policies.

2.6 We may collect special categories of personal data about you when we undertake market research and you agree to participate in this. Special categories of personal data includes details about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health, sex life or sexual orientation.
We may also process certain special categories of personal data when you include certain information in your communications with us. For example:

2.6.1 your dietary requirements (which may reveal details of your personal health or religious beliefs) when making enquiries to us on our website (such as in relation to restaurants); or
2.6.2 any health conditions or disability requirements (such as wheel-chair access or other relevant information) when making enquiries (such as in relation to events or places to visit).

The legal basis on which we process such data will usually be your explicit consent. However, in the circumstances where we are unable to obtain such consent, the legal basis for such processing will be to protect your vital interests (for example, your health) and/or to meet our specific legal obligations (for example, pursuant to equality and anti-discrimination legislation).

2.7 We do not collect data relating to criminal convictions or offences or related security measures.

3. DISCLOSURES OF INDIVIDUALS’ PERSONAL DATA

3.1 For the purposes set out in section 1, we may have to share your personal data with External Third Parties who provide support integral to the provision of our services and enable us to operate, such as:

3.1.1 Service providers acting as processors based in the UK who provide IT and system administration services. This includes TM who operate our website and help to manage the social media accounts.

3.1.2 TM, if you enquire after, or purchase, a business listing space on behalf of a business or organisation.

3.1.3 Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, insurers and employment and recruitment agencies based in the UK (or other relevant jurisdictions) who provide consultancy, banking, legal, insurance, accounting and recruitment services.

3.1.4 Marketing and PR companies based in (and outside) the UK, in particular social media organisations such as Facebook, Instagram, Twitter, YouTube and Vimeo.

3.1.5 HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the UK (or other relevant jurisdictions) who require reporting of processing activities in certain circumstances.

3.1.6 Other third party companies where we have an agreement in place and only where an individual has agreed that we may share their personal data with them.

3.1.7 Marketing and PR providers where you have agreed to a publication or article with us.

3.2 Third parties to whom we may choose to sell, transfer, or merge parts of our organisation or our assets. Alternatively, we may seek to acquire other organisations or merge with them. If a change happens to our organisation, then the new owners may use individuals’ personal data in the same way as set out in this privacy policy.

3.3 We require all third parties to respect the security of individuals’ personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use individuals’ personal data for their own purposes and only permit them to process individuals’ personal data for specified purposes and in accordance with our instructions.

4. BUSINESS LISTINGS SERVICE

4.1 Our website will also include a business listings service which will be managed by TM in accordance with listings terms and conditions between the advertiser and TM. To the extent that you enquire after, or purchase, a business listing space on behalf of a business or organisation, TM may process your personal data. For these purposes, TM will be a data controller. For more information on how and on what basis TM processes personal data please see their privacy policy.

5. COOKIES

5.1 Our website uses cookies to distinguish individuals from other users of our website. This helps us to provide individuals with a good experience when they browse our website and also allows us to improve our website. By continuing to browse the website, users are agreeing to our use of cookies.

5.2 A cookie is a small file of letters and numbers that we store on an individual’s browser or the hard drive of their computer. We only use (and store) non-essential cookies on an individual’s computer’s browser or hard drive if they provide their consent.

5.3 Please note that third parties (including, for example, advertising networks and providers of external services such as web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

5.4 Individuals can block cookies by activating the setting on their browser that allows individuals to refuse the setting of all or some cookies. However, if individuals use their browser settings to block all cookies (including essential cookies) they may not be able to access all or parts of our website.

5.5 Except for essential cookies, all cookies will expire as outlined under the expiration column in the table included in section 5.2.

6. WHERE WE STORE PERSONAL DATA

6.1 The data that we collect from you will be stored in (and will not be transferred out of) the European Union (or, following the United Kingdom’s departure from the European Union, the United Kingdom and the European Union).

6.2 If we transfer personal data out of the European Union (or, following the United Kingdom’s departure from the European Union, the United Kingdom and the European Union), we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

6.2.1 We will only transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.

6.2.2 Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.

6.2.3 Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

6.3 If further information on the specific mechanism used by us when transferring your personal data out of the European Union (or, following the United Kingdom’s departure from the European Union, the United Kingdom and the European Union) is required, please contact us directly (please see section 12).

7. DATA SECURITY

7.1 We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to individuals’ personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process personal data on our instructions and they are subject to a duty of confidentiality.

7.2 We have put in place procedures to deal with any suspected personal data breach and will notify the individuals involved and any applicable regulator of a breach where we are legally required to do so.

8. DATA RETENTION

8.1 We will only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

8.2 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

8.3 Where there is a contract (for example when we provide business listings), we will generally retain our customers’ data for a period of 7 (seven) years after the a contract has ended, to ensure that we are able to assist should they have any questions or feedback in relation to our products/services or to protect, or defend, our legal rights, or for tax purposes.

8.4 Where we have processed personal data to provide you with marketing communications, such as our e-newsletter, we may contact you at least every twelve (12) months to ensure you are happy to continue receiving such communications. If you tell us that you no longer wish to receive such communications, your personal data will be removed from our marketing lists (but will be added to a “do not contact” list) within five (5) working days from when we receive such a request.

8.5 Where we have processed personal data for you to use the “Make your own wish list” function on our website, we will retain your data for eighteen (18) months from the date you last logged into your account. After eighteen (18) months, we will contact you via email to inform you that your account has been inactive for eighteen (18) months and that, if you wish for us to continue to retain your data, you will need to log into your account within fourteen (14) days. If you do not respond to this email within fourteen (14) days, then your account, along with personal data stored on your account, will be deleted.

8.6 Where we have processed personal data for any other reason (such as where you have contacted us with a question through our enquiry form on our website), subject to section 8.3, we will retain your data for twelve (12) months.

8.7 In some circumstances you can ask us to delete your data: see section 9.1.3 below for further information.

8.8 In some circumstances we may anonymise personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

9. YOUR LEGAL RIGHTS

9.1 Under certain circumstances, you have rights under data protection laws in relation to your personal data. You may have the right to:

9.1.1 Request access to your personal data (commonly known as a “data subject access request”). This enables individuals to receive a copy of the personal data we hold about them and to check that we are lawfully processing it.

9.1.2 Request correction of the personal data that we hold about you. This enables individuals to have any incomplete or inaccurate data we hold about them corrected, though we may need to verify the accuracy of the new data they provide to us.

9.1.3 Request erasure of your personal data. This enables individuals to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Individuals also have the right to ask us to delete or remove their personal data where they have successfully exercised their right to object to processing (see below), where we may have processed their information unlawfully or where we are required to erase their personal data to comply with local law. Note, however, that we may not always be able to comply with an individual’s request of erasure for specific legal reasons which will be notified to them, if applicable, at the time of their request.

9.1.4 Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. Individuals also have the right to object where we are processing their personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process an individual’s information which override their rights and freedoms.

9.1.5 Request restriction of processing of your personal data. This enables individuals to ask us to suspend the processing of their personal data in the following scenarios: (a) if they want us to establish the data’s accuracy; (b) where our use of the data is unlawful but they do not want us to erase it; (c) where they need us to hold the data even if we no longer require it as they need it to establish, exercise or defend legal claims; or (d) they have objected to our use of their data but we need to verify whether we have overriding legitimate grounds to use it.

9.1.6 Request the transfer of your personal data to them or to a third party. We will provide to individuals, or a third party they have chosen, their personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which they initially provided consent for us to use or where we used the information to perform a contract with the individual.

9.1.7 Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before the individual withdrew their consent. If an individual withdraws their consent, we may not be able to provide certain services to them. We will advise the individual if this is the case at the time they withdraw their consent.
If you wish to exercise any of the rights set out above, please contact us directly.
Individuals have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with concerns before you approach the ICO so please contact us in the first instance.

10. LINKS ON OUR WEBSITE

Our website may, from time to time, contain links to and from the websites of our partner networks and affiliates. Our service connects you to different websites. If you follow a link to any of these websites or use our service, please note that you have left our website and these websites have their own privacy policies. We do not accept any responsibility or liability for these policies or websites. Please check these policies before submitting any personal data to these websites.

11. CHANGES TO OUR PRIVACY POLICY

Any changes we make to our privacy policy in the future will be posted on this webpage and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

12. CONTACT DETAILS

Our full details are:
Full name of legal entity: Mid Devon District Council
Email address: dpo@middevon.gov.uk
Telephone number: 01884 234975
Postal address: Mid Devon District Council, Phoenix House, Phoenix Lane, Tiverton, EX16 6PP