1.1 Dubs in the Middle Limited may collect, keep and use personal data or information about individuals for specific and lawful purposes. Individuals could include customers, suppliers and other third parties.
This privacy notice sets out how we the company comply with our data protection obligations and seek to protect personal information relating to you. It outlines how we gather, use and (ultimately) delete personal information and sensitive personal information in accordance with the data protection principles.
1.2 We are committed to complying with our data protection obligations. We understand that your personal data is important to you, and we have a responsibility to you to ensure that the information we collect and use is done so proportionately, correctly and safely.
1.3 We also have an obligation to be concise, clear and transparent about how we obtain and use personal information relating to you and what we do with the information when it is no longer required. Being transparent with you and providing accessible information about how we use your information builds trust and demonstrates our commitment to the General Data Protection Regulations, hereafter referred to as ‘GDPR’. (Regulation (EU) 2016/679).
- Our Details
2.1 Dubs in the Middle Limited address is: 8 Abbey Gardens, Evesham, WR114SP
- Purpose of processing
3.1 We collect, hold and use personal data received by you to enable us to provide our services to you. The amount and type of information we hold about you depends on the services we are providing for you. We will not ask you for any information which is not necessary for the particular service we are providing to you.
4.1 “Personal data” means any information relating to a person who can be identified, directly or indirectly, from that information. This could include your name, your identification number, location data, online identifier (such as IP address) or to one or more factors specific to the physical, physiological, mental, economic, cultural or social identity of that person.
4.2 Some of the services we provide may require us to process your ‘special categories of personal data’. These special categories of personal data are of a sensitive nature, and might include health data or financial data. The definition ‘special categories’ of personal data has been extended to now include biometrics data (such as facial images) and genetic data (such as the analysis of a biological sample).
4.3 “Processing” means obtaining, recording, organising, storing, amending, retrieving, disclosing and/or destroying information, or using or doing anything with it.
4.4 “Data Subject” means the data subject to whom the personal data relates.
4.5 “GDPR” means the General Data Protection Regulation (Regulation (EU) 2016/679).
4.6 “ICO” means the Information Commissioners Office, the governing body for Data Protection in the UK.
- Conditions of Processing
5.1 When we process your personal data we will do so in accordance with the six data protection principles. These principles are designed to protect you, and ensure that we:
a). Process your information lawfully, fairly and in a transparent manner;
b). Use your information for a specified, explicit and legitimate purpose and not further processed in a manner that is incompatible with that purpose;
c). Only obtain adequate, relevant and limited information to allow us to carry-out the purpose for which it was obtained;
d). Ensure the information we hold about you is accurate and, where necessary, kept up to date;
e). Keep any information for no longer than necessary for the purposes for which it was collected; and
f). Process your information in a manner that ensures appropriate security of your personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Lawfulness of processing
6.1 Dubs in the Middle Limited processes your per5sonal data as it is necessary for the performance of a contract we have with you.
- Processing ‘special categories’ of personal data
7.1 Dubs in the Middle Limited does not process special categories of personal data.
8.1 Consent for processing personal data
The Company may also provide services which will require your consent to process your personal data.
In circumstances as described above your consent to process your personal data must be ‘ specific, informed, active and affirmative, meaning it must be clear and freely given by you after we explain what further processing we would like to do with your personal data. You can therefore make an informed decision about whether you consent to the processing or not. You are in control and you can withdraw your consent at any stage by contacting the data protection lead( Natalie Elliott) at the above address. (Please note however that any processing that has taken place up to the time that you withdraw consent will be considered lawful).
8.2 Recording/managing consent
Once your consent is obtained we will keep a record of when you consented, the information you were provided with prior to consent and how you consented.
Consent is part of your ongoing relationship with our company, and will therefore be managed appropriately and reviewed at least every two years. As previously stated, you have the right to withdraw their consent at any stage.
- Data protection impact assessments (DPIAs)
9.1 Where processing is likely to result in a ‘high risk’ to a data subject’s rights (eg where Dubs in the Middle Limited is planning to use a new form of technology), we will, before commencing the processing, carry out a DPIA to assess:
9.1.1 whether the processing is necessary and proportionate in relation to its purpose;
9.1.2 the risks to data subjects; and
9.1.3 what measures can be put in place to address those risks and protect personal information.
10.1 Personal information (and sensitive personal information) should not be retained for any longer than necessary. The length of time over which data should be retained will depend upon the circumstances, including the reasons why the personal information was obtained. The Company will keep the personal information for a period of 5 years.
11.1 The Company will use appropriate technical and organisational measures to keep personal information secure, and in particular to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. These may include
11.1.1 making sure that, where possible, personal information is pseudonymised or encrypted;
11.1.2 ensuring the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
11.1.3 ensuring that, in the event of a physical or technical incident, availability and access to personal information can be restored in a timely manner; and
11.1.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
- International transfers of your personal data
Dubs in the Middle Limited not transfer personal data outside of the European Economic Area (EEA). The EEA includes all European Union countries and the following three non- European Union countries Iceland, Liechtenstein and Norway.
- Information Sharing
13.1 To ensure that we can provide you with the best possible service we may have to share your personal data between our internal teams or external partners. Our external partners include Ticketsource, Stripe & Paypal.
13.2 We may also share your information with third parties, other than those who either process information on our behalf or because of a legal requirement/entitlement, and it will only do so if necessary or where permitted under the GDPR.
- Statistical Data/Research
14.1 Statistical data/Research
Statistical data or statistical analysis will not allow the identification of any specific data subject nor will it have any impact on any data subject’s entitlement to our services and/or facilities.
We may use your personal information to administer our site and internal operations including data analysis, statistical and survey purposes (see also cookies). If we require your specific or explicit consent to do this then we shall seek your consent in advance and only after outlining to you the purpose of the proposed processing. You will have the option to withdraw your consent at any stage.
- Your rights
15.1 You have certain rights in relation to the personal information we hold about you. These rights are as follows:
- Right to be informed – you have a right to be told how Dubs in the Middle Limited use your personal data. Dubs in the Middle Limited communicate the right to be informed via this privacy notice.
- Right of access – you have the right to request a copy of the information that we hold about you. (This right is similar to a subject access request).
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to erasure (right to be forgotten) – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restrict processing – where certain conditions apply to have a right to restrict the processing.
- Right of data portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing, the performance of a legal task and scientific or historical research.
- Right to object to automated processing, including profiling.
- The right to withdraw consent – If the legal basis for our processing of your personal information is consent then you have the right to withdraw that consent at any time.
15.2 Some of the rights are complex, and there are circumstances where your rights will not apply, for example the right to erasure will not apply if your personal data is required for legal proceedings. It is recommended that you read the relevant guidance notes on Dubs in the Middle Limited’s website, or on the ICO’s website for further information – https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/data subject-rights/
- How to exercise your rights
16.1 You may exercise any of your rights in relation to your personal data by writing to us at the address above. To avoid delay in dealing with your request please ensure that you confirm in your request which right you wish to exercise along with the reasons why.
16.2 The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
16.3 We will respond to your request within 30 days, by either providing you with the information requested, requesting further information from you, or requesting further time to complete your request, if for example the request is substantial or we need to obtain information from various departments within Dubs in the Middle Limited.
16.4 Dubs in the Middle Limited can also refuse your request. In the event that Dubs in the Middle Limitedrefuses your request we will provide you with reasons why, as well as provide you with details of how you can challenge or appeal our decision. You will also be informed of your right to legally challenge our decision with the ICO.
171 Cookies are small text files that are placed on your computer, smartphone, tablet or smart TV’s when you access a website. They are widely used in order to make websites work, or work more efficiently, by allowing the website to recognise your device and store information about past actions or preferences. An example could be internet banking, where your device may recognise and populate certain previously entered login details previously entered.
17.3 There are two kinds of cookies
- session cookies which are short-term and auto-delete after a few minutes or when you close your browser; and
- persistent cookies – set by the website and stored for a longer period of time, usually used to store commonly entered information on forms (such as your name, address, and telephone number). They also store information about your browsing habits across multiple sites, usually used to allow advertisers and social network site operators to target advertising at you.
17.4 Dubs in the Middle Limited uses Google Analytics to analyse the use of our website and help us create a more useful and easy to use site. The data collected is completely anonymous and does not store any personal details. The information is used to analyse how visitors make use of our website and allows us to gather statistical information such as website activity, visitor numbers, popular pages and customer journey through the website.
17.6 You can find out more about cookies by visitin
18. Links to other websites
18.1 Dubs in the Middle Limited website may contain links to other websites run by other organisations. This privacy notice applies only to Dubs in the Middle Limited website‚ so we encourage you to read the privacy notices on the other websites you visit. We cannot be responsible for the privacy notices and practices of other sites even if you access them using links from our website.
19.1 We will continually review and update this privacy notice to reflect changes in our services and feedback from service users, as well as to comply with changes in the law. When such changes occur, we will revise the “last updated” date at the top of this notice. We will also inform you of any amendments to this privacy notice.
19.2 Dubs in the Middle Limited encourages you to periodically visit Dubs in the Middle Limited’s web site to review this notice and to be informed of how Dubs in the Middle Limited is protecting your information.
19.3 If you require general information about the Data Protection Act or General Data Protection Regulations (Regulation (EU) 2016/679), information is available on the Information Commissioner’s website.
20.1 If you wish to make a complaint about how Dubs in the Middle Limited are processing your personal data, then in the first instance please contact the data protection officer/data protection lead at the above address.
20.2 If you are still dissatisfied with how Dubs in the Middle limited have handled your complaint then youhave the right to complain to the Information Commissioners Office (ICO). The ICO can be contacted as follows:
The Information Commissioner
Telephone: 08456 30 60 60
- Point of contact for this privacy notice