Privacy Policy

Airedale Enterprise Services

Who we are

The Data Controller is Airedale Enterprise Services, a Company limited by guarantee, providing business support and enterprise in Yorkshire & Humberside and East Lancashire.

Our registered office is at Airedale Enterprise Services, Sunderland Street, Worth Way, Keighley. BD21 5LE

For the purposes of Privacy Legislation, we are the Data Controller, registered at the Information Commissioners Office as a registration number:Z6926579

Changes to Our Privacy Notice

We review this notice regularly as part of our internal processes or as our services, activities, or processes change. It is subject to change at any time, but the most up to date version is published on our website: www.airedaleenterprise.org.uk

This notice is dated May 2018.

Contacting Us

If you’d like to request further information about our privacy policy or exercise any of your rights, you can contact us :

By post to Data Protection Officer, Airedale Enterprise Services, Sunderland Street, Worth Way, Keighley BD21 5LE.

By email at info@airedaleenterprise.org.uk

Through our website: www.airedaleenterprise.org.uk

Your Privacy Rights

You have rights relating to your personal information. You can find more information about your privacy rights on the Information Commissioner’s Office website www.ico.org.uk

You have the right to be informed about how and why we process your personal information including why we need it and how we will use it. You can find most of the information you need in this Privacy Notice. If you have any questions, please contact us via the above contact channels.

You have the right to access your personal information

You can request a copy of information we hold about you at any time.

You may choose to exercise your right of access through any of our contact channels, but we may ask you to provide documented evidence of your identity before we process your request. We may also contact you to clarify your request or to ensure we have all the information we need to fully meet your request.

Privacy law (*) requires us to respond to your request within 30 calendar days of verifying your identity (or within 3 months for more complex cases).  You’ll receive a full response as soon as we can reasonably provide one and we aim to resolve all subject access requests within 30 calendar days from confirming your identity. In more complex cases where we cannot provide a full substantive response within that time frame, we will write to you within 30 calendar days to explain why an extension is needed.

We don’t charge for subject access requests.

If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

You have the right to ask us to correct inaccurate personal information we hold about you.

If you believe information we hold about you to be inaccurate or incomplete, you can ask us to correct it or complete it at any time, through any of our contact channels.  Wherever possible, we will correct inaccurate or incomplete information immediately. In more complex cases we will take reasonable steps to confirm the accuracy of the information we hold. Whilst we investigate the accuracy of the information, we will restrict the processing of the information in question. We will let you know the outcome of our investigation as soon as we can. Any information we can verify as inaccurate will be corrected within one month of receiving your request.

You have the right to ask us to delete your personal information.

In some circumstances you have the right to ask us to delete information we hold about you.  For example, if we have asked for your consent to process the information, and you withdraw that consent.

We will respond to your request as soon as we can, and we will act on any requests granted within one month of your request. We can’t delete some information where we have a legal or regulatory obligation to keep it. We may also refuse your request if we believe it to be excessive. If your request for deletion is refused, we will explain the reasons for refusal.

You have the right to ask us to restrict the use of your personal information.

In some instances, you have the right to ask us to restrict the use of your personal information (for example if you have   challenged the accuracy of the information we hold or have objected to our processing). We will restrict our use of your information whilst we investigate your objection or request to correct your information. We will respond to your request as soon as we can, and we will act on any requests within one month of your request. If your objection is unsuccessful, we will only continue processing once we’ve let you know the outcome of the investigation. When processing is restricted, we are still permitted to store your personal data, but not use it. Information related to these requests will not be automatically deleted unless you expressly ask us to.

You have the right to data portability.

Where we process your personal information with your consent or for the performance of a contract, and our processing is automated, you have the right to move, transfer or copy that data to another system for your own purposes. ** We don’t currently have any services that processes information in this way. If we do in future, you can make a request and this data can be exported from our systems for you.

You have the right to ask us not to process your personal information.

We process most of the information we collect about you under the lawful basis of ‘legitimate interest’.  You have the right to object to our processing your personal information under this lawful basis, or for marketing purposes (including profiling). We will respond to your objection as soon as we can, detailing any actions we can reasonably make. If we believe there is an overriding compelling reason to continue the processing, we will explain why we think this is. We will action any requests to stop direct marketing as soon as we receive your objection. You can object to us using your data at any time through any of our contact channels.

Lawful basis for processing.

Privacy Law states we must have a lawful basis for processing your information; the legal basis will vary depending on the circumstances of how and why we have your information.  Usually we will do this in the following instances:

o the processing is necessary for our legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect your personal data which overrides those legitimate interests;

o you have given consent for us to process the information i.e. in relation to certain marketing activities;

o the processing is necessary for a contract we have, or because we have been asked to take specific steps before entering into a contract;

o the processing is necessary for compliance with a legal obligation to which we are subject i.e. we are required to provide certain information to HMRC;

o the processing is necessary for us to comply with the law.

We do not process any special category information.

Information we collect from you and what we do with it.

To provide our services to you, we need to collect, process and store information about you.  We use your information to administer, support, improve and develop our business generally, to provide statistical information to meet our lawful requirements and to enforce our legal rights. If we intend to use your information for a different purpose, we will do so in ways consistent with Privacy Law or, wherever possible, by notifying you in advance. We will only use your information for the specific purpose(s) for which it has been provided to or collected.

We collect and process a variety of information from you and about you. In most cases, the information we collect about you is provided by you directly. This helps us to confirm the information we collect is accurate and as up to date as possible. We will usually do this when you first contact us, though we may ask you to confirm your details on subsequent contacts from time to time. The type of information collected from you and obtained about you will vary depending on your association with us. However, in almost all cases we are likely to ask you to provide:

  • name, address and contact details (including phone number, e-mail address or social media identifiers) – to contact you about your enquiry, or membership, and keep you up to date about the services you have requested or receive from us, inform you about any service interruptions, or contact you with other information related to our business;
  • where appropriate (e.g. as a member of our Business Club) financial information (including method of payment and bank account details) – to subscribe you for the services you receive from us and manage your payment arrangements.

Information we collect or obtain from others about you.

We prefer to collect information about you directly. This helps us to confirm the information we collect is accurate and as up to date as possible. However, we may also collect information about you from other sources and may receive information collected by our business partners or sub-contractors relating to services they are delivering to you, or to respond to a complaint you have made, for example Virgin StartUp information. If you use our website, we will keep a record of the contact and we may collect additional information about you to provide a better digital service and website functionality.

If you email us, we will respond to you using the email address you gave us. We may add your email address to your account and it may be used for future communications. Please note that email isn’t considered to be a secure communication method. If you have   any concerns over the security of your information in transit, please raise this with us so that we can suggest alternative methods of contact. Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with our own policies. Emails are stored, archived and deleted in line with our information security and data retention policies.

If you contact us by phone or in writing (including e-mail, social media or via our website) we will record, monitor or keep copies of the correspondence. We keep this information for several reasons (including fraud prevention and crime recording/investigation) but the main reasons are to:

  • assist our response to any queries you may have;
  • ensure we continue to offer you the best possible service;
  • maintain standards and help train our staff;
  • demonstrate our compliance with any regulatory obligations; and
  • keep our records up to date so that we don’t offer you services that you don’t need.

Contacting us by telephone

When you contact us by telephone, your telephone number may be added to your records so that we can contact you in future to provide further services or information. We may use a telephone number listed on your account to contact you to discuss your membership account or text you with reminders to pay unpaid subscriptions. We may also use a telephone number listed on your account to text you if there’s a change in our event or services (you can opt out of the text messages at any time).

Contacting us by post

All customer post addressed to us, including enclosures, is scanned electronically on to our systems.  Where the post relates to an identifiable record or account, we will store the letter and attachments on that record. Post is stored and processed in a secure area of the building. The retention of hard-copy documents and electronic images of post received is detailed in our data retention rules.

Contacting us via social media

We strongly advise not to post your personal contact or other sensitive information on a public social media site. If you contact us using social media to report an issue, we will ask you to private message us to gather suitable information. We may suggest an alternative contact method if we think this is more appropriate.

Making a complaint

If you make a complaint to us, we will follow our complaints process you can request a copy of our complaints procedure by contacting us by post, email or telephone.

We may need to share details about your complaint internally to fully investigate. If you escalate your complaint to the Information Commissioners Office, we may share information with them to resolve your complaint. If the complaint relates to a service provided by a third party, we will share information with them to resolve your complaint. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis. We will only use the personal information we collect to process the complaint and to examine the level of service we provide. We may compile and publish statistics showing information (for example the number of complaints we receive), but not in a form which identifies any individuals. We will keep complaints in line with our data retention policy. This means that information relating to a complaint will be retained for seven years from closure.

Visiting our website.

Each time you visit our website or mobile application we will automatically collect the following information:

Cookie Name Cookie Owner Cookie Description
wordfence_verifiedHuman Wordfence Cookie set by the Wordfence Security WordPress plugin to protect the site against malicious attacks.
wfwaf-authcookie Wordfence This cookie is set by the WordPress security plugin “Wordfence”. It is used to authenticate user’s login request.
wfvt_ Wordfence This allows a security plugin we use to operate
wfvt_2131273394 Wordfence This allows a security plugin we use to operate
wordpress_test_cookie WordPress WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
_gid Google Analytics Used to distinguish users.
_ga Google Analytics Used to determine a user’s inclusion in an experiment and the expiry of experiments a user has been included in.
_gat Google Analytics This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
wp-settings-time- WordPress WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wp-setting- WordPress WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wordpress_sec WordPress Essential WordPress session management cookies for logged in users.
wordpress_logged_in WordPress After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
gdpr_popup Airedale Enterprises This cookie is used to track who has already been shown the notice. The cookie has been set never to expire unless there is a change in the privacy policy.

Information we share with others.

In most circumstances we will not disclose your personal information without your consent. However, there are circumstances where we need to share some of your information to meet our compliance obligations or where we are permitted to under Privacy Law. We may share your personal information with any member of the AES team. We do this to ensure we offer you a consistent service across our services. All access is controlled in accordance with our IT Security Policy. We have legal obligations to share data with some third parties identified in law. We may disclose your personal information to third parties if we are under a duty to disclose or share your personal information to comply with any legal obligation. We do not require your consent to process your information in this way.

Sometimes we are contacted by HMRC, the Department for Work and Pensions DWP, the police, fraud agencies or Immigration UK Visas and Immigration asking for information about our individual members and customers. Under Privacy Law, we are permitted to share this data with them without your consent and you will not be notified that this has been done. This is in the support of the prevention and detection of crime.

We use third-party IT and software providers for different systems, like our social media and email management to support us with processing the large amounts of data that we need to manage.

From time to time we may require legal advice and may need to share your personal data with our legal advisers or our insurance companies or other professional advisors to obtain advice or make a claim.

Where we store your information and how we keep it safe.

All customer personal information stored on our corporate systems on secure IT servers. We operate a suite of IT and security policies to ensure your information is kept secure, including appropriate access and auditing controls.

We use anti-virus software and fire walls to protect against cyber-attack. Unfortunately, the transmission of information via the internet isn’t completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of information you send to us that is outside of our security arrangements; any transmission is at your own risk.

We also operate strict physical security at all our sites and employees all receive security and data protection awareness training.

Where we transfer information to third parties to enable them to process it on our behalf (see the information about Trusted Partners above), we ensure that the providers meet or exceed the relevant legal or regulatory requirements for transferring data to them and keeping it secure.

How long we will keep your information.

We only keep your information for as long as we need it.  We will retain certain information (i.e. contact information and bank details) for as long as you have a relationship with us.  Our data retention policy and rules detail outline these time frames in detail, but the length of time depends on the purpose of the processing.

Generally, we keep:

  • customer members subscription, correspondence, complaints, financial details and contact histories – we will retain this data whilst you continue to engage with us for our services and thereafter for up to seven years; (BLS recommend you review all your contacts where no engagement has been received in the past seven years and consider deleting the data)
  • data subject requests (i.e. subject access requests and objections) for up to two years;
  • webchats and social media posts (in third party systems) for up to twelve months, unless related to a complaint;

After which time your personal information will be either deleted or anonymised. These retention periods may be extended in certain limited cases as prescribed or permitted by law – i.e. because of an accident at one of our events or to bring or defend a legal claim.

Complaints:

We take any complaints concerning your privacy very seriously. If you think our collection or use of your personal information is unfair, misleading or inappropriate please bring it to our attention via the above contact channels and we will be happy to provide any additional information or explanations needed. We also welcome suggestions for improving our procedures.

You can also contact the Information Commissioner’s Office at www.ico.org.uk or write to Wycliffe House Water Lane, Wilmslow, Cheshire SK9 5AF or 0303 123 1113 for information, advice or to make a complaint.

(*) Privacy Law means the Data Protection Act 2018, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic Communications (EC Directive) Regulations 2003, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011, the General Data Protection Regulation and all other applicable laws and regulations relating to processing of personal data and privacy in any applicable jurisdiction as amended and replaced, including where applicable the guidance and codes of practice issued by the UK Information Commissioner or such other relevant data protection authority.