Last updated: May 24, 2018

Business Healthy (“us”, “we”, or “our”) operates the www.businesshealthy.org website (the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of Personal Information when you use our Service.

We will not use or share your information with anyone except as described in this Privacy Policy.

We use your Personal Information for providing and improving the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

1.0 Information Collection And Use

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to, your email address, name, phone number, postal address (“Personal Information”). This website collects and uses personal information for the following reasons:

• 1.1 Your personal information
  • Personal information is anything that directly or indirectly identifies and relates to a living person, such as a name, address, telephone number, date of birth, unique identification number, photographs, video recordings (including CCTV) etc. Some personal information is ‘special category data’ and needs more protection due to its sensitivity.
    This includes any information about an identifiable individual that can reveal their sexuality and sexual health, religious or philosophical beliefs, racial origin, ethnicity, physical or mental health, trade union membership, political opinion, genetic/biometric data. Personal information relating to criminal offences and convictions, although not ‘special category data’, is still sensitive in nature and merits higher protection.
• 1.2 Why do we need your personal information?
  • We may need to use some information about you to:
    • Deliver Local Authority services required by law and other services which extend beyond our statutory duties;
    • achieve the objectives set out in our Corporate Plan to contribute to a flourishing society, support a thriving economy and shape outstanding environments;
    • support and promote the City of London, London and the UK;
    • contact you about our services to get your views, which helps us to manage them;
    • help investigate any concerns or complaints you have about our services;
    • keep track of spending on services;
    • check the quality of services; and
    • to help with research and planning of new services.
• 1.3 How the law allows us to use your personal information
  • There are a number of legal reasons why we will need to collect and use your personal information in different circumstances. Generally, we collect and use personal information where:
    • you, or your legal representative, have given consent
    • you have entered into a contract with us
    • it is necessary to perform our statutory duties or other legitimate purposes
    • it is required by law
    • it is necessary for employment purposes
    • it is necessary to deliver health or social care services
    • you have made your information publicly available
    • it is necessary for legal cases
    • it is to the benefit of society as a whole
    • it is necessary to protect public health
    • it is necessary for archiving, research, or statistical purposes
  • This privacy notice is provided in a layered format, and the link below will provide you with more detail in relation to the collection and use of personal information, for specific City of London services.
  • If you are unable to identify any specific service or have any queries regarding any of the more detailed information provided, please contact the Project Lead – Business Healthy Xenia Koumi Xenia.Koumi@cityoflondon.gov.uk.
• 1.4 Consent
  • If we have consent to use your personal information for any particular reason, you have the right to remove your consent at any time. If you want to remove your consent, please contact the Project Lead – Business Healthy Xenia Koumi Xenia.Koumi@cityoflondon.gov.uk.
• 1.5 Site visitation tracking
  • We collect information that your browser sends whenever you visit our Service (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.
  • This site uses Google Analytics (GA) to track user interaction with Log Data. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.  None of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. GA makes use of cookies (see below for more about cookies), details of which can be found on Google’s developer guides.  Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.
• 1.6 Registering as a Business Healthy Member
  • Should you choose to register to become a Business Healthy member via our web page here, all the information you enter into this form including your name, email address, company details and interests will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the registration form. This information is only used to identify you to us a member of Business Healthy. After registering you will be granted access to comment on our blog and forum. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
  • NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post or forum post comments that you submit on this website.
  • The benefit of becoming a member means you will have access to our resources and be first to hear of all our exciting news and events in the Business Healthy community. After registering with Business Healthy you will automatically receive an email to subscribe to our newsletter. If you opt-in to this your name and email address will be passed to MailChimp whom we consider to be a 3rd party data processor (see more below). Your information is not passed on to any of the other the third party data processors detailed below.
  • We will communicate to our members’ by ’email’ of all Business Healthy-related news and events.
  • You are responsible for safeguarding the password that you use to access the Service. You agree not to disclose your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorised use of your account and we will take steps to secure your account with a new password, or if you choose to, delete the account and your personal data from our database.
  • Should you wish to have a comment or forum post, or your Business Healthy membership account and it’s associated personal data deleted, please contact us using the email address that you registered with.
• 1.7 Contact forms and email links
  • Should you choose to contact us using a contact form like the one on this page, the name and email address you enter with your message will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the message. This information is only used to identify you so that we can contact you to answer your message, none of this information will be published on our website. Your message and it’s associated personal data will remain on our database until we see fit to remove it. Should you wish to have the message and it’s associated personal data deleted, please email us here using the email address that you submitted on the contact form.
  • Should you choose to contact us using an email link like this one, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined below. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
• 1.8 Email newsletter
  • If you choose to join our email newsletter via one of the newsletter register forms on this website, the email address that you submit to us will be forwarded to MailChimp who provide us with email marketing services. We consider MailChimp to be a third party data processor (see section below). The email address that you submit will not be stored within this website’s own database or in any of our internal computer systems.
  • Your email address will remain within MailChimp’s database for as long as we continue to use MailChimp’s services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
  • While your email address remains within the MailChimp database, you will receive periodic (approximately once a month) newsletter-style emails from us.
•  1.9 Behavioral Remarketing
  • Business Healthy uses remarketing services to advertise on third party web sites to you after you visited our Service. We, and our third party vendors, use cookies to inform, optimise and serve ads based on your past visits to our Service.
  • 1.5.1 Google
    Google AdWords remarketing service is provided by Google Inc.You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page.Google also recommends installing the Google Analytics Opt-out Browser Add-on for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.
• 1.10 About Cookies
  • Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive. We use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service. See this link to learn more about cookies https://cookies.insites.com/about-cookies/.

2.0 How to access, modify or remove your information

We allow you to access, update, and correct inaccuracies in your personal information in our custody and control, subject to certain exceptions prescribed by law. You may request access, updating and corrections of inaccuracies in your personal information we have in our custody or control by accessing your personal profile in your account or by contacting us via email. We may request certain personal information for the purposes of verifying the identity of the individual seeking access to their personal information records. To ensure you receive the information you need to manage your account and protect your privacy, please be sure to keep your contact information up to date.

At any time you can request us to delete your account and personal information from our database. Such a request should be made via email using the email address for the associated account. We may request certain personal information for the purposes of verifying the identity of the individual seeking to delete their account.

3.0 How we store your personal information

As detailed in section 1.1 and 1.2 above, if you register as a Business Healthy Member or submit a contact form via this website some personal information will be stored within this website’s database. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is build on (WordPress). In the near future we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.

Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to.

3.1 How long do we keep your personal information?

We will only keep your personal data for as long as is necessary. This means that we will retain your personal data for as long as you remain an active member, and after this, we will only keep your data for as long as is necessary for the purposes which it is stored.

4.0 About this website’s server

This website is hosted by HostNine within a UK data centre located in Berkshire. Some of the data centre’s more notable security features are as follows:

• Safeguarded by an enterprise grade Storage Area Network (SAN)
• RAID-50 protected arrays to handle drive failures gracefully with no downtime
• ClamAV antivirus

All traffic (transferral of files) between this website and your browser is encrypted and delivered over HTTPS.

The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation as outlined in section 9.0 below.

5.0 Our third party data providers

We use a number of third parties to process personal data on our behalf. These third parties comply with the legislation set out in section 10.0. All 3 of these third parties are based in the USA and are EU-U.S Privacy Shield compliant.

• Google (Privacy policy)
• Mailchimp (Privacy policy)
• Gravatar (Privacy policy)

These third parties have access to your Personal Information only to perform these tasks on our behalf outlined in section 1 above and are obligated not to disclose or use it for any other purpose.

5.1 Our third party data processor

Business Healthy have an appointed subcontractor data processor who has full access to manage, maintain and support the website. The sub contractor complies with the legislation set out in section 10.0. Please see their details below.

• Sixredsquares Limited
  Unit 7b, Victoria Business Park, Short Street, Southend-on-Sea, Essex, SS2 5BY

6.0 Compliance With Laws

We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

7.0 International Transfer

Your information, including Personal Information, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to United Kingdom and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

In the event that a dispute arises with regards to the international transfer of data, you agree that the courts of England and Wales shall have exclusive jurisdiction over the matter.

8.0 Links To Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

9.0 Children’s Privacy

Our Service does not address anyone under the age of 13 (“Children”).

We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your Children has provided us with Personal Information, please contact us. If we become aware that we have collected Personal Information from a child under 13 without verification of parental consent, we take steps to remove that information from our servers.

10.0 Juristiction and Relevant legislation

This Policy shall be governed and construed in accordance with the laws of England and Wales, without regard to its conflict of law provisions. Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:

• UK Data Protection Act 1988 (DPA)
• EU Data Protection Directive 1995 (DPD)
• EU General Data Protection Regulation 2018 (GDPR)

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact us here.

11.0 Changes To This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

---

12.0 Contact information

If you have any questions about this Privacy Policy, please contact us.