Last updated: May 24, 2018
Business Healthy (“us”, “we”, or “our”) operates the www.businesshealthy.org website (the “Service”).
This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.
1.0 Information Collection And Use
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address (“Personal Information”). This website collects and uses personal information for the following reasons:
- 1.1 Your personal information
- Personal information is anything that directly or indirectly identifies and relates to a living person, such as a name, address, telephone number, date of birth, unique identification number, photographs, video recordings (including CCTV) etc. Some personal information is ‘special category data’ and needs more protection due to its sensitivity.
This includes any information about an identifiable individual that can reveal their sexuality and sexual health, religious or philosophical beliefs, racial origin, ethnicity, physical or mental health, trade union membership, political opinion, genetic/biometric data. Personal information relating to criminal offences and convictions, although not ‘special category data’, is still sensitive in nature and merits higher protection.
- 1.2 Why do we need your personal information?
- We may need to use some information about you to:
- Deliver Local Authority services required by law and other services which extend beyond our statutory duties;
- achieve the objectives set out in our Corporate Plan to contribute to a flourishing society, support a thriving economy and shape outstanding environments;
- support and promote the City of London, London and the UK;
- contact you about our services to get your views, which helps us to manage them;
- help investigate any concerns or complaints you have about our services;
- keep track of spending on services;
- check the quality of services; and
- to help with research and planning of new services.
- 1.3 How the law allows us to use your personal information
- There are a number of legal reasons why we will need to collect and use your personal information in different circumstances. Generally, we collect and use personal information where:
- you, or your legal representative, have given consent
- you have entered into a contract with us
- it is necessary to perform our statutory duties or other legitimate purposes
- it is required by law
- it is necessary for employment purposes
- it is necessary to deliver health or social care services
- you have made your information publicly available
- it is necessary for legal cases
- it is to the benefit of society as a whole
- it is necessary to protect public health
- it is necessary for archiving, research, or statistical purposes
- This privacy notice is provided in a layered format, and the link below will provide you with more detail in relation to the collection and use of personal information, for specific City of London services.
- If you are unable to identify any specific service or have any queries regarding any of the more detailed information provided, please contact the Project Lead – Business Healthy Xenia Koumi Xenia.Koumi@cityoflondon.gov.uk.
- 1.4 Consent
- If we have consent to use your personal information for any particular reason, you have the right to remove your consent at any time. If you want to remove your consent, please contact the Project Lead – Business Healthy Xenia Koumi Xenia.Koumi@cityoflondon.gov.uk.
- 1.5 Site visitation tracking
- We collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
- 1.6 Registering as a Business Healthy Member
- Should you choose to register to become a Business Healthy member via our web page here, all the information you enter into this form including your name, email address, company details and interests will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the registration form. This information is only used to identify you to us a member of Business Healthy. After registering you will be granted access to comment on our blog and forum. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
- NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post or forum post comments that you submit on this website.
- The benefit of becoming a member means you will have access to our resources and be first to hear of all our exciting news and events in the Business Healthy community. After registering with Business Healthy you will automatically receive an email to subscribe to our newsletter. If you opt-in to this your name and email address will be passed to MailChimp whom we consider to be a 3rd party data processor (see more below). Your information is not passed on to any of the other the third party data processors detailed below.
- We will communicate to our members’ by ’email’ of all Business Healthy-related news and events.
- You are responsible for safeguarding the password that you use to access the Service. You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorised use of your account and we will take steps to secure your account with a new password, or if you choose to, delete the account and your personal data from our database.
- Should you wish to have a comment or forum post, or your Business Healthy membership account and it’s associated personal data deleted, please contact us using the email address that you registered with.
- 1.7 Contact forms and email links
- Should you choose to contact us using a contact form like the one on this page, the name and email address you enter with your message will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the message. This information is only used to identify you so that we can contact you to answer your message, none of this information will be published on our website. Your message and it’s associated personal data will remain on our database until we see fit to remove it. Should you wish to have the message and it’s associated personal data deleted, please email us here using the email address that you submitted on the contact form.
- Should you choose to contact us using an email link like this one, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined below. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
- 1.8 Email newsletter
- If you choose to join our email newsletter via one of the newsletter register forms on this website, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see section below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
- Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
- While your email address remains within the MailChimp database, you will receive periodic (approximately once a month) newsletter-style emails from us.
- 1.9 Behavioral Remarketing
- 1.5.1 Google
Google AdWords remarketing service is provided by Google Inc.You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page.Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
- 1.10 About Cookies
- Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. See this link to learn more about cookies https://cookies.insites.com/about-cookies/.
2.0 How to access, modify or remove your information
We allow you to access, update, and correct inaccuracies in your personal information in our custody and control, subject to certain exceptions prescribed by law. You may request access, updating and corrections of inaccuracies in your personal information we have in our custody or control by accessing your personal profile in your account or by contacting us via email. We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records. To ensure you receive the information you need to manage your account and protect your privacy, please be sure to keep your contact information up to date.
At any time you can request us to delete your account and personal information from our database. Such a request should be made via email using the email address for the associated account. We may request certain personal information for the purposes of verifying the identity of the individual seeking to delete their account.
3.0 How we store your personal information
As detailed in section 1.1 and 1.2 above, if you register as a Business Healthy Member or submit a contact form via this website some personal information will be stored within this website’s database. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). In the near future we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.
3.1 How long do we keep your personal information?
We will only keep your personal data for as long as is necessary. This means that we will retain your personal data for as long as you remain an active member, and after this, we will only keep your data for as long as is necessary for the purposes which it is stored.
4.0 About this website’s server
This website is hosted by HostNine within a UK data centre located in Berkshire. Some of the data centre’s more notable security features are as follows:
- Safeguarded by an enterprise grade Storage Area Network (SAN)
- RAID-50 protected arrays to handle drive failures gracefully with no downtime
- ClamAV antivirus
All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.
The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation as outlined in section 9.0 below.
5.0 Our third party data providers
We use a number of third parties to process personal data on our behalf. These third parties comply with the legislation set out in section 10.0. All 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.
These third parties have access to your Personal Information only to perform these tasks on our behalf outlined in section 1 above and are obligated not to disclose or use it for any other purpose.
5.1 Our third party data processor
Business Healthy have an appointed subcontractor data processor who has full access to manage, maintain and support the website. The sub contractor complies with the legislation set out in section 10.0. Please see their details below.
- Sixredsquares Limited
Unit 7b, Victoria Business Park, Short Street, Southend-on-Sea, Essex, SS2 5BY
6.0 Compliance With Laws
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
7.0 International Transfer
Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter.
8.0 Links To Other Sites
9.0 Children’s Privacy
Our Service does not address anyone under the age of 13 (“Children”).
We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under 13 without verification of parental consent, we take steps to remove that information from our servers.
10.0 Juristiction and Relevant legislation
This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions. Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact us here.
12.0 Contact information