Version 1.0 | 27th March 2020
Added to Website on 5th May 2020
Information About Us
Our Site is owned & operated by Green Light PBS Ltd, a limited company registered in England under company number 09496038
|Mor Workspace, Treloggan Lane, Newquay, Cornwall, TR7 2FP
|Data Protection Officer:
|Richard Jackson (Pulse Cyber Security – DPO as a Service)
Pulse Cyber Security, Trevenson House, Redruth, Cornwall, TR15 3PT
|Jo Pyrah (Nominated Individual)
Mor Workspace, Treloggan Lane, Newquay, Cornwall, TR7 2FP
1. What Does This Policy Cover?
2. What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
3. What Are My Rights?
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 10.
It is important that your personal data is kept accurate and up to date. If any of the personal data we hold about you changes, please keep us informed if we have that data.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau (CAB).
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first.
4. What Personal Data Do We Collect and How?
We obtain personal data about you, for example, when:
The information we hold about you may include the following:
5. How we use personal data we hold about you
Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.
a) Situations in which we will use your personal data
We may use your personal data in order to:
b) Change of purpose
Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.
Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.
6. Do You Share My Personal Data?
a) Why might you share my personal data with third parties?
We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.
b) Which third-party service providers process my personal data?
“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, administration services and payroll processing services.
All our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.
c) What about other third parties?
We may share your personal data with other third parties, for example in the context of the possible sale or restructuring of the business. We may also need to share your personal data with a regulator or to otherwise comply with the law.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
7. How Can I Access My Personal Data?
If you want to know what personal data, we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses provided. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
8. Privacy Overview
Here at Green Light PBS Ltd we are committed to building and keeping the trust and confidence of everyone we have contact with. We think it’s important that you know that we record your personal data when you do things like visit our website, our Facebook page or use our online services in any way. We want you to trust us with any information we collect and hold.
Green Light PBS Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
If you are unhappy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
It is very important that the information we hold about you is accurate and up to date.
9. Sensitive Data
We do not collect any Sensitive Data about you from this website. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
You are not required to provide any personal information on the public areas of this website; however, you may choose to do so by completing the application forms on various sections of our websites and Facebook pages, including:
We may also obtain personal information from your IP address, operating system and web browser that you use to access our website or Facebook site. You may also provide us with personal information if you contact us by email, telephone or letter.
We require your explicit consent for processing sensitive data, and we will request your signature for this consent.
10. How we use your personal data
We will only use your personal data when legally permitted. The most common uses of your personal data are:
Generally, we do not rely on consent as a lawful basis for processing your personal data, other than in relation to sending marketing communications to you via email or text message.
You have the right to withdraw your consent to receiving marketing information from us at any time by emailing us at: [email protected]
11. Purposes for processing your personal data
Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data.
Please email us at [email protected] if you need details about the specific lawful basis we are relying on to process your personal data where more than one ground has been set out in the table below:
|Purpose / Activity||Type of Data||Lawful Basis for Processing|
|To register you as a new customer||
||Performance of a contract|
|To manage our relationship with you which will include:
Asking you to leave a review or take a survey
||Performance of a contract with you
Necessary to comply with a legal obligation
Necessary for our legitimate interests to keep our records updated and to study how customers use our services
|To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
||Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise
Necessary to comply with a legal obligation
|To deliver relevant content and advertisements to you and measure and understand the effectiveness of our advertising||
||Necessary for our legitimate interests to study how customers use our services, to develop them, to grow our business and to inform our marketing strategy|
|To use data analytics to improve our website, services, marketing, customer relationships and experiences||
||Necessary for our legitimate interests to define types of customers for our services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||
||Necessary for our legitimate interests to develop our services and grow our business|
12. Marketing communications
You will receive marketing communications from us if you have:
a. Requested information from us or purchased goods or services from us; or
b. If you provided us with your details and ticked the box at the point of entry of your details for us to send you marketing communications; and
c. In each case, you have not opted out of receiving that marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by emailing us at [email protected] at any time
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product / service purchase, service experience or other transactions.
13. Disclosures of your personal data
We may have to share your personal data with the parties set out below for the purposes set out in the table in paragraph 2 above:
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within our group of companies which involves transferring your data outside the European Economic Area (EEA).
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Please email us at [email protected] if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
14. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
|Email address: [email protected]
Postal Address: FAO Data Protection Officer
Green Light PBS Ltd. Mor Workspace, Treloggan Lane, Newquay, Cornwall, TR7 2FD
Telephone number: 01637 416444
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
16. Regulatory Bodies & Memberships
We are regulated by the Care Quality Commission (CQC)
Cornwall Council commission services and conduct periodical Quality Assurance Visits