Website Privacy Notice

This Privacy Notice ("Notice") for ([https://www.elizabethdenham.org/]) (the "Site") explains how your information is used if:

  • you visit and browse the Site
  • you contact Elizabeth Denham via the Site
  • you sign up for newsletters or other marketing about Elizabeth Denham
  • you or the organisation you work for work with Elizabeth Denham.

If you are in the UK or EU/EEA, Elizabeth Denham is the data controller.

1. What information do we collect and how do we use it?

We explain what personal information we collect about you, how we use it, and the relevant legal reason (called a 'lawful basis') for each way that we use it.

If you'd like to learn more about the legal reasons we can use personal information, we explain these in the next section: What do each of these legal reasons mean?.

If you visit the Site

We collect:
We automatically collect information from you each time you use the Site.

This includes:

  • technical information
  • Site browsing information, and
  • (if you opt-in) location data

Technical information

Technical information may include: phone number, Internet Protocol (IP) address, login information, browser type and version, browser plug-in types and versions, device IDs, social log-in ID/email address, time zone setting, operating system and platform, hardware version, device settings (e.g. language and time zone), file & software names and types (associated with your device and/or the services), battery & signal strength, information relating to your mobile operator or Internet Service Provider (ISP).

Site browsing information

Information about ythe Site visit may include the full Uniform Resource Locators (URL), clickstream to, through and from the Site (including date and time), pages and services you viewed or searched for, demographic information (including age and gender), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), traceable campaign links (e.g. in emails, or via tracking URLs) or other information from analytics, advertising or search engine providers, methods used to browse away from the page, and any phone number used to call our office telephone number.

Location data

We only collect location data if you give permission (via our website cookie banner).

Location data includes country location (based on your full or partial IP address) which we use to provide location services (if you ask or permit this), so that we can deliver content or other services that are dependent on knowing where you are, like checking for fraudulent transactions.

Location data may be collected in combination with device ID, so we can recognise your mobile browser or device when you return to the Site.

Delivery of location services will involve checking any of the following:

  • the coordinates (latitude/longitude) of your location,
  • your current country or region, by referencing your current IP address against public sources, and/or
  • your Identifier for Advertisers (IFA) or ID for Vendors (IDFV) code for your Apple device, or the Android ID for your Android device, or a similar device identifier.

You can opt-in and out of location sharing by changing your cookie, browser or device settings (as applicable).

We use this to:
* understand how individuals use the Site, and how we can improve it. * ensure content from the Site is presented in the most effective manner for you and for your computer. * provide you with the information and services that you request or that you may be interested in.
Our legal reason for this is:
We do this in our legitimate interests (where we consider these are not overridden by your rights), or with your consent if required (e.g. to non-strictly necessary cookies).

If you contact or engage with the Site

We collect:
If you contact or engage with the Site, we will collect your contact information, and the other communications information you provide.

Contact information includes basic contact information you choose to provide, for example:

  • first and last name
  • company name and/or industry
  • email address
  • who you are representing
  • any additional information provided in the contact form.

Communications information includes your correspondence with me, for example if you get in touch to report a problem with the Site. This includes:

  • emails
  • texts & other digital messaging
  • calls
  • letters and print materials
  • any in-person conversations you have with me.
We use this to:
* contact you if you have asked to be contacted, including to respond to queries, troubleshoot problems, and help with any issues you may have with the services. * provide you with information you might request about our services. * provide you with technical and other service updates (for example, any terms of use updates).
Our legal reason for this is:
We do this in our legitimate interests (where we consider these are not overridden by your rights).

We may also do this to take steps to enter into any contract with you or to fulfil our obligations under any contract with you.

Where required, we will contact you with your consent.

If you sign up for updates or other marketing

We collect:
We may collect contact information (as explained above), like your name and email address. We may also collect your preferences for what information you would or would not like to receive about Elizabeth Denham, and if you have opted out of any direct marketing.
We use this to:
* send you a e-newsletter, updates and other related marketing material. * send you surveys, campaigns or other occasional activities. * ask you for feedback, including through surveys and other marketing research. We may send these via emails, texts, or post, depending on your preferences.
Our legal reason for this is:
We do this with your consent[m], where required. In certain circumstances, we may do this in our legitimate interests [n](where we consider these are not overridden by your rights).

You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our marketing email updates.

2. What do each of these legal reasons mean?

We must have a relevant legal reason (also called a 'lawful basis') for each way in which we use your personal information. These lawful reasons include:

  • consent,
  • a contract with you (as a data subject),
  • specified legitimate interests, and
  • compliance with our legal obligations.

Consent

We use your personal information to send you promotional or marketing content (for example, updates or newsletters) if you have consented (where required by law). We may also send direct marketing without consent, where permitted by law (see 'legitimate interests', below). You can opt-out of further marketing at any time by selecting the "unsubscribe" link at the end of all our promotional updates and marketing to you. We also rely on consent for some of the cookies we use.

Contract

We use your personal information if it is necessary to perform a contract you have with Elizabeth Denham, or if you have asked for specific steps to be taken before entering that contract. We may send you service updates based on your contract (for example, to tell you about any significant changes to this Notice or our terms of use[o]).

Legitimate interests

We may use your personal information if it is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.

Our legitimate interests include:

Administering, improving and expanding our services

  • Getting your feedback and reviews.
  • Providing the Site, and ensuring technical bugs are identified and resolved.
  • Gathering information and developing insights about how you use the Site, including aggregating individuals' data.
  • Developing and improving the Site.
  • Implementing and improving our security measures.
  • Growing our organisation and informing our promotional strategy.

Marketing & advertising

  • Marketing and promoting Elizabeth Denham's services to an organisation you work for or provide services to.
  • Measuring or understanding the effectiveness of marketing we serve to you and others and delivering relevant marketing to you.

Fulfilling agreements with other organisation

  • Complying with any agreement we may have with an organisation you work for or provide services to.
  • Enforcing or applying our terms or other agreements with you or with an organisation you work for or provide services to.

In each case, these legitimate interests are only valid if they are not outweighed by your rights and interests.

If you would like further information about how we assess our legitimate interests, please contact [email protected].

Legal obligation

We may need to process your personal information to comply with our legal obligations, including under applicable law, and/or any court orders. This may include compliance with know-your-client and anti-money laundering rules.

3. Who do we share your information with?

We may share your personal information:

  • with service providers who support the services we offer through the Site and only process your personal information on our instructions and to the extent necessary to perform their support functions (for example, website and data hosting, distributing communications, supporting or updating marketing lists, customer service, facilitating service feedback, and IT support services)
  • with our auditors, legal advisers and other professional advisers.
  • with potential investors, donors or financial backers.
  • with any person where necessary to protect our (or our clients' or other third parties') rights, property or safety, and to enforce our rights under this Notice or under any agreement with you. This includes exchanging information with other organisations to detect and prevent fraud and cyber-crime.
  • if required to do so by court order or under a duty to disclose your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation. This includes exchanging information with law enforcement agencies, regulators, or other similar government bodies.

4. Where do we store your information?

Elizabeth Denham is based in Canada, and works internationally. Your personal information may be transferred internationally:

  • to store it.
  • so we can to provide our services to you.
  • to support the operation of our organisation, where this is in our legitimate interests (and we consider these are not overridden by your rights).
  • where we are legally required to do so.

We will put legal protections in place to safeguard personal data transfers in compliance with data protection laws.

If you are in the UK / EEA, your personal information may be transferred outside the UK / EEA, including to the key organisations listed below:

Digital OceanStandard Contractual Clauses (Article 46 GDPR)
CookiebotStandard Contractual Clauses (Article 46 GDPR)
Sanity.ioStandard Contractual Clauses (Article 46 GDPR)

5. How do we protection your information?

Our website uses secure end-to-end encryption to protect your information. All connections into our platform are secured using industry standard security and encryption.

All information you provide to us is stored on our servers.

All data we capture is stored in secured databases and data storage systems with strict access limitations. All data access requests are logged and monitored in accordance with any threat detection policies.

The transmission of information via the internet is not completely secure. We do our best to protect your personal information, but we cannot guarantee the security of your data transmitted to us, any transmission is at your own risk. Once we have received your information, we use strict procedures and security features to try to prevent unauthorised access.

6. Other websites

We may sometimes link to other websites. The websites will have their own privacy information, which you should read before using or sharing personal information with the website.

We are not responsible or liable for these websites, any content on them, or their policies and notices. A link does not mean we endorse the views of the linked website. We have no control over the availability of any of these websites.

7. How long do we keep your information for?

We will usually keep personal information:

  • for as long as necessary for the original reasons we collected it, and
  • for up to six years after that to identify any issues and resolve any legal proceedings.

We may keep your personal information for a longer period:

  • in the event of a complaint,
  • if we reasonably believe there is a prospect of legal proceedings,
  • if we are aware of pending or ongoing legal proceedings, or
  • in some circumstances, if applicable law says we must.

If you opt into marketing about Elizabeth Denham, we will keep your relevant personal information for as long as you are receiving marketing. If you have opted into receiving marketing from us but later decide to opt out (or object to any other use of your personal information), we may keep a record of your opt-out or objection so we can respect your preferences (and demonstrate our compliance).

8. What rights do you have over your personal information?

In certain circumstances, you have the following rights:

  • to be provided with a copy of your personal information,
  • to ask us to correct or delete your personal information,
  • to request us to restrict how we use your personal information (for example, while we investigate your concerns about the accuracy of data, or lawfulness of a certain use),
  • to object to the further use of your personal information, including the right to object to marketing from us,
  • to request that your provided personal data be moved to a third party, and
  • where you have consented, to withdraw consent.

If you would like to exercise any of these rights in relation to the personal information held about you, you can contact [email protected].

If you are in the UK or the EU, you have the right to lodge a complaint with a data protection supervisory authority:

  • The Information Commissioner's Office (ICO) is the supervisory authority in the UK. You can visit their website here
  • If you are in the EU, you can find your local data protection authority here.

9. Updating this Privacy Notice

This Notice was last updated 30-04-2023.

We may update this Notice from time to time, and will post any changes on this page.

If we make any substantial changes, we will notify you.

10. Contact

If you have any questions or feedback for us, please get in touch at [email protected].

Copyright @Elizabeth Denham 2024

Terms of UsePrivacy NoticeCookie Notice