Updated Data Protection & Privacy Notice
Mansfield BID have made some changes to our data protection and privacy notice in light of the new data protection legislation known as General Data Protection Regulation, or GDPR as it is more commonly known. These changes came into effect on 25th May 2018.
These changes include:
- The data that we control
- How we use the data
- Why we need the data
- Who has access to the data
- Your rights regarding your data
- Clear and more transparent details of who to contact regarding any queries
This updated notice outlines your rights under the new GDPR legislation.
Mansfield Business Improvement District is a not for profit, private company limited by guarantee without share capital with a registered number of 07075136. The registered office is Cromwell House, 68 Westgate, Mansfield, and Nottinghamshire, NG18 1RR. Mansfield BID is also registered with the Information Commissioner’s Office as a data controller (No. Z2477273).
Mansfield BID will be known as the “data controller” of the personal data provided by you to us, or otherwise provided or collected by us. Our data protection officer (DPO) is the BID Chief Executive Officer Nikki Rolls, who is contactable via email at email@example.com
Mansfield BID is responsible for:
All of which are now referred to as “our websites”. Please read this notice carefully. Your use of our websites signifies your agreement and consent to this notice. If not, please discontinue your use immediately.
How the law protects you
Your privacy is protected by law. Data Protection law says that we are allowed to use personal data only if we have a proper reason to do so. The term “personal data” means information about an identifiable individual which includes name, address, email, telephone number and other information relating specifically to an individual.
The law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it, or
- Protection of the vital interests of a data subject or another person, or
- Performance of a task in the public interest
Any of these lawful bases could apply to a BID but the most relevant are consent and legal obligation. Processing data relating to voter/levy payer contacts for the purposes of communicating statutory information about Mansfield BID, as set out in BID regulations is covered by the legal obligation lawful basis. The processing of personal data for any other purpose (e.g. general public information, crime prevention messaging, general interest notifications etc) requires consent from the data subject. Consent is tightly defined under the GDPR and must be explicit for the data collected and the purpose for which the data is intended to be used. As the data controller, Mansfield BID must obtain and prove consent (an opt-in process) and at any time a data subject may withdraw their consent and request their personal data is erased* (*please note this right does not apply to data held for the legal obligation lawful basis). Mansfield BID is currently undertaking a review of its non-statutory distribution lists and will be contacting participants in order to obtain specific consent regarding the receipt of any further information from us.
Information we collect about you
Mansfield BID shall comply with the Principles of Data Protection listed within the GDPR. We will make every possible effort to comply with these principles. The Principles are:
Lawfulness, fairness and transparency - Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.
Purpose limitation - Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data minimisation - Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Accuracy - Personal data shall be accurate and, where necessary, kept up to date.
Storage limitation - Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Integrity and confidentiality - Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Accountability - The controller shall be responsible for, and be able to demonstrate compliance with the GDPR.
How we process your data
Mansfield BID processes the following data about you:
- Information you give us – Information you provide us in compliance of the lawful basis of legal obligation to enable us to communicate with you on matter relating to ballot and BID proposals required by BID regulations. We also process information you electively provide us with your consent. This includes data you provide us by filling in forms, inputting data on our websites or by corresponding with us by phone, email or otherwise. It includes information you provide when you subscribe to receive our latest news and details of our events, search our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address and/or postcode, job title, employer details, email address and phone number, photos and other images.
- Information we collect about you – Mansfield BID receives personal data from third parties, such as the Local Authority, regarding information required as part of our legal obligation to communicate with you regarding statutory BID business. With regard to the information you provide us consensually, we will automatically collect the following information each time you visit our websites:
- Technical information - including the Internet protocol (“IP“) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
- Information about your visit - including the full Uniform Resource Locators (“URL“), clickstream to, through and from our site (including date and time), page response times, download errors, length of visits to certain pages and page interaction information (such as scrolling, clicks, and mouse-overs).
If you communicate with us through any link on our websites, we may ask you for your personal data so we can respond to your questions and comments.
Generally speaking, the information you give us and/or the information we collect about you will be relative to the functions of Mansfield BID and will be kept for no longer than is necessary for that purpose. In any event the maximum retention time scale will be the current 5 year BID tenure period plus an additional year, to ensure all administrative duties can be fully discharged.
How do we use the information about you?
- To provide you with the information and services that you request from us. For example, through newsletters or other communications. It is important to understand you can opt out at any time from receiving such communication from us by unsubscribing from our services.
- To provide you with information about other services we offer that are similar to those that you have enquired about. For example, we may provide you with information regarding future events or workshops you previously attended or showed interest in.
- To notify you about changes to our service.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To help us administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
- To improve our websites to ensure that content is presented in the most effective manner for you and for your computer.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To assist us to ensure our websites are as safe and secure as possible.
- To gauge and understand the effectiveness and appropriateness of the marketing we provide to you and other people.
- To inform us about suggestions and recommendations we can make to you and our other website users about offers and services that may be of interest.
- Information we receive from other sources.
Use of images
Mansfield BID routinely uses photos and videos to promote our work via our websites, newsletters and other publicity communications. Where possible we will reasonably try to obtain your consent in advance of publication on our websites. However, if we are using an image of you, and you would like us to stop, please contact us as soon as possible. Please note, we do not pay or provide credit for use of your image in our photographs or videos.
At times, we may share your image for use by our partners in order to promote or advertise our events, projects, services and initiatives. Where possible, we will reasonably try to gain your consent in advance. However, if we are using an image of you, and you would like us to stop, please contact us as soon as possible.
How we share your personal data
Mansfield BID will never sell or otherwise disclose your personal data, subject to some specific exceptions:
- If we collect or update your personal data following an event or initiative that we deliver in partnership with another organisation, we would only share the data with that partner with your explicit consent.
- We may share your personal data with service providers, employees or contractors that we have commissioned to perform services or work on our behalf. They are provided only with the personal data they need to perform their functions and can only use and disclose such personal data as is necessary to perform services on our behalf or to comply with legal requirements.
- If we have agreed to conduct activity that promotes our businesses, or other services that you provide, or that highlights work or activity that you are undertaking, we may share your name, your job title, the name of your employer and your image. We may also share your professional contact details in circumstances where people will need to contact you, in order for our activity to be meaningful.
- Mansfield BID collects data that may assist law enforcement agencies to prevent and detect crime, and to assist in the apprehension and prosecution of offenders. This data usually consists of (but is not limited to) names, address where known, photos and video footage. Mansfield BID may disclose this data to law enforcement agents without prior consent from you, in line with S.29(3) of the Data Protection Act 1998.
- In addition, we may disclose your personal data (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
Mansfield BID crime reduction activity
Mansfield BID currently engages in 3 specific crime reduction strategies:
- Mansfield BID Ambassadors: Mansfield BID provides an Ambassador patrol service for the benefit of those who live, work, visit or pass through the Mansfield BID area. Occasionally our Ambassador service may capture photographic or video images or CCTV of people engaging in criminal and/or anti-social behaviour. Where appropriate this will be shared with the relevant law enforcement agencies for investigation and possible prosecution. If requested, we will consider sharing this data, without consent, in accordance with S.29(3) of the Data Protection Act 1998
- ACIS: Mansfield currently uses ACIS (Active Crime Intelligence System), an online crime reporting and information sharing secure digital portal. This platform is available for use by any businesses within the Mansfield BID area who is a member of the Mansfield Business Crime Partnership. ACIS is defined as a “data processor” for the purpose of the Data Protection Act 1998 with a designated “data controller” employed by the Mansfield BID. Personal data is shared directly with public sector multi-agencies including but not exhaustive Nottinghamshire Police and Mansfield District Council via this platform for the express purposes of assisting them to prevent and detect crime, and to assist them in the capture and prosecution of offenders. Personal data is also shared with Mansfield BID businesses who are registered users of the ACIS system, for the purpose of preventing or detecting crime. For example, CCTV footage and or images of a person stealing from a shop may be shared among the relevant registered users for the purpose of proactively alerting other businesses to the threat, and identifying the offender so they may be apprehended and prosecuted. However, businesses can share their intelligence back to the “data controller” who may disseminate to the members at a later date.
Mansfield BID also collects personal data of users of ACIS. This data includes (but is not limited to) names, employer details and contact email addresses and telephone numbers. This data is processed in line with the Data Protection Act 1998, and in line with this policy, and is used for the purpose of providing access to the ACIS system. If you would like us to stop using your personal data for this purpose, please contact us, however, please note, this may result in the termination of your access to the ACIS system.
- MBCP (Mansfield Business Crime Partnership): Mansfield BID provides all businesses with the opportunity to become a member and receive crime intelligence relating to the defined BID area via ACIS and the Retail Radio Scheme. MBCP members and BID staff are defined as “data processors” for the purpose of the Data Protection Act 1998 with a designated “data controller” employed by the Mansfield BID. Personal data is shared directly with public sector multi-agencies, including but not exhaustive Nottinghamshire Police and Mansfield District Council, via this platform for the express purposes of assisting them to prevent and detect crime, and to assist them in the capture and prosecution of offenders. Personal data is also shared with Mansfield BID businesses who are registered members of the MBCP, for the purpose of preventing or detecting crime. For example, CCTV footage and or images of a person stealing from a shop may be shared among the relevant registered users for the purpose of proactively alerting other businesses to the threat, and identifying the offender so they may be apprehended and prosecuted.
Mansfield BID also collects personal data of members of MBCP. This data includes (but is not limited to) names, employer details and contact email addresses and telephone numbers. This data is processed in line with the Data Protection Act 1998, and in line with this policy, and is used for the purpose of providing information sharing for the members of MBCP. If you would like us to stop using your personal data for this purpose, please contact us, however, please note, this may result in the termination of your membership to MBCP.
Where Your Personal Data May Be Transferred Or Stored
Mansfield BID will treat your personal data as private and confidential, but may share it outside of our organisation if:
- Allowed by any agreement entered into by you
- You consent
- Needed by our agents, advisers or others involved in running accounts and services for you or collecting what you owe to other companies
- Needed by third parties to help manage your records
- HM Revenue and Customs or other statutory authorities who require it
- The Law, Regulatory Bodies, or the public interest permits and requires it
- Required by us or others to investigate or prevent crime
- Required as part of our duty to protect your accounts
How We Protect Your Personal Data
Mansfield BID maintains administrative, technical and physical safeguards to protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal data you provide to us.
Updates To Our Privacy Notice
We may change this policy from time to time by updating this page. We will also communicate changes to you via email, website, or letter. You should check this page from time to time to ensure that you are happy with any changes.
What are your rights?
You have the right to ask us to provide you with access to and rectification or erasure of your personal data. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.
You have the right to object to certain purposes for processing, in particular direct marketing.
You have the right to update your contact details and preferences. Any changes need to be communicated to the DPO via an email to firstname.lastname@example.org or by writing to Nikki Rolls, Mansfield BID, 1st Floor, 8 Regent Street, Mansfield, Nottinghamshire NG18 1SS.
If you wish to raise a complaint on how we have handled your personal data, you can contact our DPO via an email to email@example.com or by writing to Nikki Rolls, Mansfield BID, 1st Floor, 8 Regent Street, Mansfield, Nottinghamshire NG18 1SS.
Should you be unhappy with our processing of your personal data, you have a right to complain to the Information Commissioner’s Office, which is the regulator for data protection.
In the event that we suspect there has been a serious breach to our systems or data we will inform the Information Commissioner’s Office within 72 hours, and will inform the affected individuals as soon as practicable afterwards.