WHAT IS THE PURPOSE OF THIS POLICY?
This policy describes how Tayburn are safeguarding the personal information entrusted to us to allow us carry out our business. The protection of personal information is extremely important.
We recognise user privacy and data protection as human rights and we have a duty of care to those whose data we handle.
We understand that data should only be collected and processed when absolutely necessary.
We will never sell, rent or otherwise distribute or make public your personal data.
WHAT IS PERSONAL INFORMATION AND WHAT DO WE HOLD?
Site visitation tracking
Like most websites, Tayburn uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us.
GA can record your computer’s IP address – but we use IP anonymisation so this information is not available to us.
Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
Other personal information and what do we hold?
In order to deliver great work for our customers on occasion we may need to collect and use some limited personal data.
We securely hold a register of all the personal information we use to allow us to protect it. For each piece of information we collect there is a more detailed privacy information that describes the details of how we protect it.
The principles we follow to protect this personal information:
1) We always handle personal data in a fair, lawful and transparent way
•We always tell individuals how and why their data is processed in a clear, understandable and open way.
•We always use the information to treat people fairly and never use it in a way that would be detrimental to the individual.
•We are clear that we are allowed to collect and process the information.
•We will never sell information to anyone.
•We understand that individuals have rights relating to the information we hold. about them and will do what we can to help them exercise these rights.
2) We always have a specific purpose for any information we use and never go beyond this
•We are clear on why we have collected information and only process data in-line with that purpose.
•If we need information for a different purpose, we will always contact individuals to seek their approval before we do this or collect the information from scratch.
•We will only share information with our partners in order to achieve the purpose we have collected it for and when we use partners to help us, they will have in place appropriate technical and organisational measures to protect privacy.
3) We only ever collect the right amount of information to achieve the purpose at hand
•We understand that we only need a very limited amount of personal information to carry out our business, so we don’t collect it unless we really need it.
•By being clear on the purpose of the information we collect, we never collect excessive amounts of information.
•We understand that we shouldn’t create a burden on those who supply us with information, so we collect enough to achieve the purpose first time and avoid going back and asking for more.
4) We actively work to ensure the information we hold is accurate
•We make reasonable efforts to ensure information is correct at the point of collection.
•We understand information can become out-of-date and replace or remove it over time.
•We have processes to make sure information is maintained while we hold it.
•We understand the importance of both the availability and integrity of data alongside confidentiality.
5) We keep information only for as long as we need it for the purpose it was collected
•We are clear when we collect information how long it will be kept for.
•We are transparent about our retention policy with data subjects and our customers.
•We have processes in place to securely and permanently delete or destroy information.
6) We have appropriate technical and organisational measures in place to ensure information is secure
•We use a mixture of suitable technical, physical and governance measures to secure the information we hold.
•We all understand that security is everyone’s responsibility and we all regularly renew our data protection training.
•We secure both our electronic and paper information.
•We secure our information both at rest with us and during any necessary transfers.
•We understand the relationships and responsibilities between data controllers and processors and ensure anyone processing information for us meets standards equivalent to our own.
•We never process information outside of Europe.
•We manage any changes to processes or infrastructure to ensure we maintain security of information.
If someone contacts us about their data?
We understand that individuals retain rights associated with the information we hold about them. These include the right to access information, the right to correct information and the right to have information deleted.
Any contact around information we hold should normally come directly to Elaine Francey, our Data Lead.
What do we do if personal information is breached in some way?
We will do everything we can to protect personal data, however, if something was to ever go wrong we understand that we need to deal with this promptly and inform everyone who needs to know.
How do we share information?
We work with a number of partners and 3rd parties to deliver our business and this may involve some limited sharing of information, some of which may be personal data. As we only need to use personal information in very limited ways will always avoid sharing personal information if possible.
When we receive data we always process it, store it and dispose of it in a way that is consistent with the original purpose and we agree this with those providing it to us.
When we share information with any organisation who requires to process it for us, we ensure that they are clear on the purpose of the data and the limitations on its use. They must also provide assurances of having appropriate technical and organisational measures in place to safeguard the information as we share responsibility for information others process for us. Any sharing of personal information must be approved by the Data Lead and must be properly documented. We have a sharing form that must be completed and signed off.
Any Further Questions
If you have any questions about this policy or any data related matter, including if you would like to discuss your data in relation to any of your personal data rights you should contact: Elaine Francey, 15 Kittle Yards, Edinburgh, EH9 1PJ, tel: 0131 662 0662