Most computers and mobile devices automatically accept cookies by default, but you can change your browser settings to refuse to accept cookies, delete cookies or notify you when cookies are set. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
• Internet Explorer
You can learn more about cookies by visiting www.allaboutcookies.org, which includes useful information on cookies and how to block them using different types of browser.
You can block Google Analytics by downloading and installing the Google opt-out browser add-on available here https://tools.google.com/dlpage/gaoptout or by blocking third party cookies in your browser options.
Please note that if you block all cookies including those necessary to enable you to use and navigate the website, you may not be able to use all the features on our website.
You have a number of different rights you might be able exercise against us in relation to personal data about you that we process as a controller. These are rights to:
• access your personal data
• obtain rectification or erasure of your personal data
• restrict and/or object to processing of your personal data
• have your personal data ‘ported’ to you or another organisation
• complain to a supervisory authority about our processing of your personal data
• withdraw consent to our processing of your personal data (where you have given consent)
The availability of these rights varies depending on the legal basis that we rely on for processing the relevant personal data. Below we have summarised these rights and explained how you can request to exercise them.
Please note that our clients are controllers in respect of personal data that they process for their business purposes using our software products and are responsible for responding to requests from individuals to exercise their rights in respect of that processing. If you want to request to exercise your rights in respect of that processing, please contact the relevant client organisation directly with your request. Our clients may ask us to assist them in responding to such requests as their processor, but the legal responsibility for responding to such requests remains with them as the controllers.
Access: You have the right to confirmation as to whether we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing that the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
Rectification: You have the right to have any inaccurate personal data about you corrected and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. We may need to verify the accuracy of the new data you provide to us.
Erasure: You have the right to the erasure of your personal data without undue delay where the personal data are no longer necessary in relation to the purposes for which we collected or otherwise processed them, you successfully object to our processing, you object to our use of your personal data for direct marketing purposes, we have processed your personal data unlawfully, or an applicable law requires the relevant personal data to be erased. However, there are exclusions to the right to erasure, including where we have overriding legitimate grounds to continue processing the relevant personal data or are required to do so by applicable law or where we need it to establish, exercise or defend a legal claim.
Restriction: You have the right to restrict our processing of your personal data where you contest the accuracy of the personal data, our processing is unlawful, we no longer need the personal data for our purposes but you require it to establish, exercise or defend a legal claim, or you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it to establish, exercise or defend a legal claim, to protect the rights of another natural or legal person or for reasons of important public interest or with your consent.
Object: You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis for the processing. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
Object to processing for direct marketing purposes: You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes).
Data portability: where processing of your personal data is based on performance of a contract or your consent and is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
Complain to a supervisory authority: If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
Withdraw consent: where any processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
How to exercise these rights against us: You can exercise any of your rights in relation to your personal data that require any action by us by emailing your request to email@example.com, in addition to any other contact methods specified in this notice. Please be aware that if your request relates to any processing that we carry out as a processor for one of our clients, we will inform you of this and advise you to make the request to the relevant client as the controller in respect of that processing.
How to complain to a supervisory authority: To make a complaint to a supervisory authority, you may contact the supervisory authority of your choice using contact details made available by that supervisory authority. See here for a list of European supervisory authorities and contact details: https://edpb.europa.eu/about-edpb/board/members_en. Relevant contact details for the UK supervisory authority, the ICO, can be found here: https://ico.org.uk/concerns/.
For enquiries relating to this notice or our processing of personal data, please contact firstname.lastname@example.org.
Changes to this notice
We may update this notice from time to time by publishing a new version on our website and, where any changes materially affect you, we will also make reasonable efforts to notify you.
Explanation of legal bases
It is only lawful to process personal data if there is a legal basis for doing it. Below is an explanation of the legal bases referred to in this notice.
Legitimate interests: processing of personal data is necessary for the purposes of the legitimate interests of us or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individuals to whom the personal data relate
Consent: the data subject has given consent to their personal data being processed for one or more specific purposes (a ‘data subject’ is an individual who can be identified from the data being processed)
Compliance with a legal obligation: processing of personal data is necessary for compliance with a legal obligation imposed by law
Protection of vital interests: processing of personal data is necessary in order to protect the vital interests of any individual
Explanation of international transfer terms:
Privacy Shield: this is an adequacy decision of the European Commission in respect of the transfer and subsequent processing of personal data to and by organisations in the U.S. who self-certify their compliance with the Privacy Shield Framework Principles contained in Annex II to the European Commission Implementing Decision (EU) 2016/1250 of 12 July 2016. Further information can be found on the Privacy Shield website: https://www.privacyshield.gov/welcome and in the ICO guidance: https://ico.org.uk/media/for-organisations/documents/2014413/data-transfers-to-the-us-and-privacy-shield.pdf.
Adequacy decision: this means an official decision adopted by the European Commission that a country (or a territory or specified sector within a country) or international organisation ensures an adequate level of protection for personal data.
Standard contractual clauses: these are standard data protection clauses for data transfers between EU and non-EU countries adopted by the European Commission pursuant to a decision of the European Commission that those clauses provide an adequate level of protection for personal data transferred between the parties to those clauses. See the Europa website for more information on, and links to, the standard contractual clauses: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en