- your use of our site https://www.softwarecornwall.org/ (“our site”) and our booking portal;
- information you provide to us when booking and attending our events;
- communications with us (whether in person or online);
- providing us with information via our social media accounts and groups;
- subscribing to our mailing lists;
- the provision of our products and services,
and sets out the basis on which any personal data we collect from you (whether as an individual or an individual acting on behalf of an organisation) or that you provide to us, will be processed by us.
You may be asked to provide personal data whilst you are in contact with us. Personal data is information that can be used to identify or contact you. You do not have to provide the personal data that we request, however, if you choose not to, we may not be able to provide you with the products, services or events that you have requested.
If we combine personal data with non-personal data, the combined information will be treated as personal data for as long as it remains combined. Personal data does not include data where the identity has been removed (anonymous data).
For the purpose of the General Data Protection Regulations ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation and the Data Protection Act 2018 (“Data Protection Legislation”) the data controller is Software Cornwall Ltd. a company registered in England and Wales with company registration number 09406639 whose registered office and main trading address is Software Cornwall Ltd., c/o Bluefruit Software, Gateway Business Centre, Barncoose, Redruth TR15 3RQ Cornwall UK. Our Data Protection Registration Number is ZA152951
INFORMATION WE MAY COLLECT FROM YOU AND HOW WE USE IT
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Financial Data includes bank account and payment card details (type, number, name on card, expiry date and CCV code). The financial data may be processed for the purposes of processing and delivering orders for products and services, completing your event ticket (namely managing payments and charges and collecting monies). The legal basis for this processing is the performance of a contract and our legitimate interests (namely to recover payments due).
- Transaction Data includes details about payments to and from you, details of products and services you have ordered, details of sponsorship payments made by you and details about events you have booked with us. The transaction data may be processed for the purpose of processing your order or booking request or finalising your sponsorship request. The legal basis for this processing is the performance of a contract and our legitimate interests (namely our interest in the proper administration of our site and business).
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this site. The technical data may be processed for the purpose of administering and protecting our business and site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and to deliver relevant website content. The legal basis for this processing is our legitimate interests (namely to grow our business and to inform our marketing strategy).
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. The marketing and communications data may be processed for the purposes of sending you the relevant notifications and/or newsletters (including our general email newsletter). The legal basis for this processing is consent. Please note that we may contact you about similar events, products and services by electronic means without obtaining your consent where we have already concluded a contract with you. However, you can opt-out of receiving this information at any time.
- Special Categories of Data. We collect two types of Special Category Data namely Ethnicity and Health. This data is collected for the purposes of fulfilling our obligations in data collection for any EU funded programmes that are part of our activities. The legal basis for collecting this data will be your explicit consent on each form where you provide this data. The forms that you provide this data on will provide further details of how this data is used. This data is not used by us for any purposes other than stated and we will never divulge this data to any other third party.
PEOPLE UNDER THE AGE OF 16
In the main all our activities are intended for anyone over the age of 16, however, our Educational Programmes do involve the participation of young people under the age of 16 and we have a Safeguarding Policy to cover our interactions with this age group please see insert link.
Any data we collect for young people is based on the parent or legal guardian of the young person providing consent for us to store that data. This data is limited to attendance records at events outside of schools and the first name, last name, age at the date of the event and email address.
We will never use this data for any purpose other than informing the young person about the event. All such data will be securely deleted within one month after the event.
In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We also collect and use Aggregated Data such as statistical or demographic data for any purpose related to our business. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We may take photographs, recordings and films of our events. In which case, you may be filmed, photographed or recorded as part of your attendance. We will inform you of our intention to photograph, record or film in advance and will respect any request not to appear in any photograph, recording or film. You can also exercise these rights at any time by contacting us at Software Cornwall Ltd..
We may also provide you with information about events, products and services that are similar to those that you have already received, or we feel may interest you including events and services provided by our sister company Agile on the Beach Ltd. if you:
- have already concluded a contract with us or joined our mailing list, we will only contact you by electronic means (e-mail or text) with information about events, products and services similar to those which were the subject of a previous contract or we may feel you would be interested in. If you do not want to be on our mailing list, you can opt out at any time by contacting us or unsubscribing by using the links provided in our electronic communications and at the point of providing your details.
- are a potential new customer (e.g. enquiring about events, sponsorship, products or services), we will contact you by electronic means with information about events, sponsorship, products and services only if you have provided your explicit consent to this. If you are happy for us to use your personal data in this way, please tick the relevant box situated on the page on which we collect your details. Again, if you do not want us to use your data in this way, you can opt out at any time by contacting us or unsubscribing by using the links provided in our electronic communications.
HOW IS YOUR PERSONAL DATA COLLECTED
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- joining as a member;
- register and book our event tickets;
- order products and services;
- provide invoice and payment information;
- subscribe to our newsletters;
- request marketing materials to be sent to you;
- add your CV to our CV bank;
- respond to surveys; or
- give us some feedback
- Automated technologies or interactions. As you interact with our site, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies.
- Third parties or publicly available sources. We may receive personal data about you from various third parties which include:
- Technical Data from analytics providers such as Google based outside the EU; and
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
WHERE WE STORE YOUR PERSONAL DATA
Some of the third parties which we work closely with are based outside of the European Economic Area (“EEA”) so their processing of your personal data will involve a transfer of data outside of the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
- where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe; and
- where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
CHANGE OF PURPOSE
DISCLOSURE OF YOUR INFORMATION
You agree that we may disclose your information (including personal data) to the following categories of third parties:
- suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- other data storage providers, in connection with cloud storage and file hosting services;
- managers and auditors of any EU funded programme that we are taking part in for the purposes of ensuring our compliance with the rules governing these programmes;
- CV submissions may contain your personal data and these will be shared with Software Cornwall members
Your personal data will not be shared with third parties for third party marketing purposes unless you have provided your express consent.
We may also disclose your personal data to third parties:
- where we have your consent to do so;
- in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
- if Software Cornwall Ltd. or substantially all of our assets are acquired by a third party, in which case personal data held by us about you will be one of the transferred assets; and
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights of Software Cornwall Ltd., our customers, attendees, members, sponsors or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Under Data Protection Legislation, in certain circumstances you have the following rights in relation to your personal data:
- Right to access. You have the right to request access to information held about you. We will provide you with a copy of your personal data held by us free of charge (providing your request is not excessive or for multiple copies, in which case we may charge a reasonable fee to cover our costs) and certain information about the processing of your personal data and the source of such data (if not directly collected from you by us). You also have the right to request that your personal data is transferred to a third party.
- Right to object to data processing. You may withdraw your consent to the processing of your personal data at any time by contacting us or ticking a box to opt out of receiving marketing materials. Upon receipt of your notification, we shall promptly stop any processing of your personal data and (if requested by you) erase such information if we are not required to retain it for legitimate business or legal purposes.
- Right to restrict processing. You may ask us to suspend the processing of your personal data in the following circumstances:
- if you do not think your personal data is accurate;
- where we are found to be processing unlawfully but you do not want us to erase your personal data;
- where you need us to continue holding your personal data to establish, exercise or defend legal claims; or
- you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- Right of rectification and right of erasure. You have the right to request that we correct or erase any inaccuracies in your personal data if such information would be incomplete, inaccurate or processed unlawfully.
Where we are relying on consent to process your personal data, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
You can also exercise these rights at any time by contacting us at Software Cornwall Ltd.. We may reject requests that are unreasonable or require disproportionate effort (for example, such a request would result in a fundamental change to our existing practice) or risk the privacy of others.
Our site may, from time to time, contain links to and from third party websites (for example, the ticket booking page operated by Cvent, Inc.). If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
PERSONAL DATA RETENTION
We may retain information about you, including personal data, for the period necessary to fulfil the purposes for which it was first collected unless a longer retention period is required or permitted by law. In determining data retention periods, we take into consideration contractual obligations, legal obligations, obligations under EU programmes and the expectation and requirements of our customers. When personal data is no longer needed, we will securely delete or destroy it.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
If you have any cause for complaint about our use of your personal data, please contact us using the details provided above and we will do our best to solve the problem for you. If we are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office (www.ico.org.uk).
Last updated: May 2020