PRIVACY NOTICE STATEMENT
This Privacy Notice explains when and why we collect personal information about you, how we use it and the conditions under which we may disclose it to others. Your personal data is defined as any information that can directly or indirectly identify you. This notice also explains how we keep your data safe and secure and includes information you need to know about your rights and how to exercise them.
If you have any questions regarding our Privacy Notice and our use of your personal data or would like to exercise any of your rights, please get in touch via the following information:
Email us: [email protected]
Telephone us: 0330 147 4290
Write to us: Data Protection Officer, TIAH, 1 St. James Court, Whitefriars, Norwich NR3 1RU
If you are unhappy with the way we process your data, you can also make a complaint to the Information Commissioner’s Office (ICO) which regulates the use of information in the UK. They can be contacted by:
Telephone: 0303 123 1113
Write to the ICO: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Or by going online to https://ico.org.uk/make-a-complaint/
If you are based outside of the UK, the complaint should be directed to the relevant Data Protection Supervisory Authority in that Country.
1. Who are we?
We are The Institute for Agriculture and Horticulture (TIAH) and for the purposes of UK Data Protection Law we are a Data Controller. We work to help people and business fulfil their potential and the industry thrive through offering skills and careers support.
In this Notice, The Institute for Agriculture and Horticulture (TIAH), ‘we’, ‘us’, ‘our’ means:
The Institute for Agriculture and Horticulture, also known as ‘TIAH’, company registration number 03824061, charity registration number 1091213 with a registered address at 1 St. James Court, Whitefriars, Norwich NR3 1RU.
2. How do we collect information from you?
Information you give us directly
For example, we may obtain information about you when you attend one of our events, when you apply to work with us or if you become a member of TIAH.
When you visit this website
We may, like many companies, automatically collect the following information when you visit our website:
· Technical information, including the type of device you’re using, your IP address, browser and operating system being used to connect your computer to the internet. This
information may be used to improve our services with you and make your experience better.
When you interact with us on social media platforms such as Facebook and Twitter, we may obtain information about you (for example, when you publicly tag us in an event photo). The information we receive will depend on the privacy preferences you have set on those types of platforms.
3. What type of information is collected from you?
The personal information we collect, store and use might include:
· Your name and contact details (including postal address, email address and telephone number).
· Your date of birth and preferred pronoun(s).
· Your bank or credit card details if you make a purchase. Your card information is not held by us, it is collected by our third-party payment processors, who specialise in securing your information and processing of debit/credit card transactions.
· Transaction data (including payments made and the products or services purchase).
· Any other personal information that may be shared with us.
Data protection laws recognise certain categories of personal information as sensitive or special categories of data and therefore requiring greater protection, for example, information about your health, religion, sex life or sexual orientation.
We do not usually collect sensitive data about you unless there is a clear and valid reason for doing so and data protection laws allow us.
4. How and why is your information used?
We may use your information for a number of different purposes, which may include:
· Keeping a record of your relationship with us.
· Carrying out our obligations under any contracts entered into between you and us.
· Providing you with the services, products or information you asked for.
· Checking for updated contact details against third party sources so we can stay in touch. if you move (please refer to section ‘keeping your information up to date’).
· Seeking your views or comments on the services and information we provide.
· Notifying you of any changes to our services.
· Sending you communications which you have requested and that may be of interest to you. These may include information about events we may organise.
· Processing applications for job opportunities; and
· Record an event that you attend.
How long is your information kept for?
We keep your information for no longer than is necessary for the purposes it was collected for. The length of time we keep your information for is determined upon our legal and operational considerations. For example, we are legally required to hold certain types of information to fulfil our statutory and regulatory obligations (e.g., Employment law, Health and Safety and tax/accounting purposes).
We review our retention periods on a regular basis and update our Records of Processing Activities (RoPAs) accordingly. If you would like to know more about how long, we hold your personal
information for – please email [email protected]
5. Who has access to your information?
We do not sell or rent your information to third parties. We do not share your information with third parties for marketing purposes unless we have your Consent to do so. However, we may disclose your information to third parties in order to achieve other purposes set out in this policy.
Third parties working on our behalf
We may pass your information to our third-party service providers, suppliers’ subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on their behalf, for example, to process a donation. Please be assured that your data will not be processed by these third parties for any other reason than that stated unless you have requested us to do so, or we are required to do so by law. For example, for the purposes of prevention of fraud or other crime or any other requirement by law.
6. Lawful Processing
Data protection law requires us to rely on one or more lawful basis for processing your personal information. Please see the following lawful grounds we use and believe are relevant and lawful under data protection laws:
Specific and informed Consent
Where you have provided your Consent to use your personal information for a certain purpose, such as to send you information by email.
Where it is necessary to achieve our and others’ objectives as an organisation with good reason as long as we can demonstrate that the use is fair and with your reasonable expectations. This might include but is not limited to:
· To send you communications through the post which we believe might be of interest to you.
· To personalise, enhance or modify and improve our services and communications to you to benefit our customers.
· To take photos of the work we do to promote the aims and objectives of TIAH.
· To understand how people interact with our website, the effectiveness of our services, our promotional and marketing campaigns and our advertising.
Whenever we use Legitimate Interest to process data, we perform a Legitimate Interest Balancing Assessment (LIA) to enable us to consider any potential impact on you (both positive and negative), and your rights under data protection laws. Your information will not be processed if our interests as an organisation override your fundamental rights and freedoms according to the law.
We will use this condition to process personal information where we are required by law.
Performance of a contract
Where we are entering into a contract with you, for example where you purchase a ticket to an event we have organised.
Where it is necessary to protect your life or your health. An example would be in the case of a medical emergency by an individual attending one of our events.
Fundraising and Marketing Communications
Your contact details may be used to provide you with information about our services, our fundraising opportunities on behalf of our clients.
We may from time to time send you marketing communications through the post. If you prefer not to hear from us this way, please get in contact and let us know by any of the contact details listed at the beginning of this Privacy Notice.
We will only send you marketing communications by email, text and telephone if you have explicitly provided your Consent. You may opt-out of our marketing communications at any time by clicking the unsubscribe link at the end of our marketing emails.
We respect and value your choices. You have a choice whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our services, you can opt-out at any time by contacting a member of the team at any of the contact details listed.
We are committed to putting you in control of your data and you are free to change your marketing preferences at any time, including if you do not want to receive further contact in regard to marketing purposes. Please contact us and we will be sure to amend your preferences:
Email us: [email protected]
Telephone us: 0330 147 4290
Write to us: Data Protection Enquiry, 1 St. James Court, Whitefriars, Norwich NR3 1RU
Under data protection laws in the UK and EU, you have certain rights over the personal information that we hold about you. Here is a summary of the rights we think apply:
Right to be Informed
You have the right to be informed as to how we use your data under what lawful basis we carry out any processing. This Privacy Notice sets this information out however if you would like further information or feel that your rights are not being respected please get in contact with any of the details listed above.
Right of Erasure
You may ask us to delete some or all of your information we hold about you. Sometimes where we have a legal obligation we cannot erase your personal data.
Right to Object
You have the right to object to processing where we are using your personal information such as where it is based on legitimate interests or for direct marketing.
Inaccurate personal information corrected
Inaccurate or incomplete information we hold about you can be corrected. The accuracy of your information is important to us and we are working on ways to make this easier for you to review and correct the information that we hold about you. We will also carry out an annual accuracy check and contact you to ensure your information is up to date. If any of your information is out of date or if you are unsure of this, please contact through any of the contact details listed in this section.
Right of restriction
You have a right to restrict the processing of some or all of your personal information if there is a disagreement about its accuracy, or we are not lawfully allowed to use it.
Right to Access your information
You have a right to request access to a copy of your personal information that we hold about you, along with the information on what personal information we use, why we use it, who we share it with, how long we keep it for and whenever it has been used for automated decision making. You can make a request for access free of charge and proof of identity is required.
Automated decision making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right to question the outcome of automated decisions that may create legal effects or create a similar significant impact on you.
You can ask us to provide you or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form so it can be easily transferred.
7. Keeping your information safe
We take looking after your information very seriously. We have implemented appropriate physical, technical and organisational measures to ensure that your personal information is secure when under our control, both on and offline, from improper access, use, alteration, destruction and loss.
Any sensitive information (such as your credit or debit card details or any information that is classed as sensitive or special category data) is encrypted and protected. All debit and credit card details are passed securely to our payment processing partner, according to the Payment Card Industry Security Standards.
Our websites may contain links to other sites. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that advertisers or websites that have links on our site may collect personally identifiable information about you. This Privacy Notice does not cover the information practises of those websites or advertisers.
8. Keeping your information up to date
We take reasonable steps to ensure your information we hold of you is accurate and up to date. We review our data annually. We really appreciate it if you let us know when your contact details change to ensure we have the most up to date record of you.
9. Use of ‘Cookies’
Like many other websites, the TIAH website uses ‘cookies’. ‘Cookie’ is a name for a small file, usually of letters and numbers, which is downloaded onto your device such as your computer, mobile phone or tablet. Cookies allow websites to recognise your device so that the sites can work more efficiently, and also gather information about how you use the site.
The Cookies we use
We use the categorisation set out by the International Chamber of Commerce in their UK Cookie Guide. We use all four categories of Cookies:
· Strictly Necessary Cookies are essential for you to move around our website and use its features.
· Performance Cookies collect anonymous information about how you use our site, like which pages are visited most.
· Functionality Cookies collect anonymous information that remembers choices you make to improve your experience, like your text size or location. They may also be used to provide services you have asked for such as watching a video or commenting on a blog.
· Targeting or Advertising Cookies collect information about your browsing habits in order to make advertising relevant to you and your interests.
No Cookies, please.
10. Transferring your information outside of the United Kingdom
We use an organisation called Mailchimp to support our management system and data storage is based in the United States. We have performed a balancing test to identify the risks that may be caused when using Mailchimp and have identified a low risk. Mailchimp have proved a high standard in availability and performance, and security is one of their top priorities. We review this decision regularly. When data is transferred outside of the UK, appropriate safeguards and standard contractual clauses (SCC) are in place to ensure adequate levels of security and are in line with data protection laws.
11. Changes to this policy
Any changes we may make to this policy in the future will be posted on the TIAH website so please check this page occasionally to ensure that you’re happy with any changes. If we make any significant changes, we’ll make this clear on our website.
12. Review of this policy
We keep this policy under regular review. This policy was last updated 1 December 2022.
We monitor and review this policy annually, and revise it where necessary, to ensure that it is, and remains effective.