At Wallacespace we are serious about protecting your privacy and personal data by default and design, meaning that we have put in place tough systems and processes to protect your data across all touch points. We aim to comply with all relevant privacy laws across policy, process, training and documentation.
Who are we?
Our full details are:
Full name of legal entity: Wallacespace Limited
Name and title of DPO: Emma Coates, Associate Director for Marketing
Email Address: firstname.lastname@example.org
Postal address: Salatin House, 19 Cedar Road, Sutton, Surrey, SM2 5DA
Telephone number: 020 7395 1728
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data processing issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What data we collect from you:
We will only collect basic information from you that is relevant to the matter that we are dealing with and does not include any location based information. In particular we may collect the following information from you which is defined as ‘personal data’:
• Personal details (name, address, email, phone number);
• Financial details; and
• Business activities of the person whose details we are processing.
We also record details of any bookings or enquiries you make with us.
We do not collect any ‘special categories’ of personal data about you (this include details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How we use your data:
We use your data to process and manage your bookings and enquiries, necessary for the performance of the contract between us.
With your permission, we will email you our newsletter approximately every six weeks. We may also check in by phone from time to time. Occasionally we may even send a good, old fashioned letter. We only email business email addresses and will only contact you if:
1) You have asked us to; or
2) We genuinely believe you have a legitimate need for our services and we deem this to represent a legitimate interest in line with the ICO’s guidance.
If at any point you decide you would prefer us not to contact you, let us know and we won’t.
We may also use your personal data for:
1) Administering any accounts;
2) Processing your bank/credit card details in order to obtain payment;
3) Market research;
4) Our own internal marketing; and
5) Credit reference checks (where appropriate).
We will only use your data where we’re allowed to by law, e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.
We do not use your data for automated decision making or profiling.
Who we share your data with:
We may have to share your personal data with certain third parties (see the list below for examples). Where your data is shared, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
1) If you are visiting wallacespace, we ask you to add your data to the miaTrustedTrace tool. This data will then be shared with NHS Contact Tracers in the event that we have a confirmed case of Coronavirus at one of our buildings,
2) Service providers, acting as processors, who provide IT and system administration services,
3) Professional advisers, acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services,
4) HM & Customs, regulators and other authorities, acting as processors or joint controllers, who require reporting or processing activities in certain circumstances.
We never share your data with third parties for marketing purposes.
We do not transfer your personal data outside the European Economic Area (EEA).
How we keep your data secure:
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long we keep your data:
If we have invoiced you for our services, we are required to keep your data for six years, in case we are asked to provide data in the event of an audit. After six years, if there has been no further booking or interaction, we will securely delete your data. If you make an enquiry but not a booking in between your booking and the six year deletion date, your data will be deleted at the six year deletion date, or after three years, whichever is the longer time frame.
If you have a made an enquiry but not booked with us, we will securely hold your data for a period of three years following our last interaction. After three years we will securely delete your data.
An interaction might include, but not be limited to, a conversation, an email enquiry or a request for information via our website.
If you have not been invoiced for services provided, you may at any point ask us to delete your data.
The miaTrustedTrace tool (for Coronavirus contact tracing) will automatically delete your personal data 21 days after your event at wallacespace.
We don’t save any personal data after you finish your session, although we do store anonymised data so that we can keep an eye on how people use our website and keep improving in order to deliver a better experience.
You can configure your browser not to accept cookies. Disabling cookies in your browser will not prevent you from accessing the site, however, it may limit your access for certain features. The information collected by cookies is non-personal and allows us to statistically monitor how people are using our website.
If you would like us to remove you from our database entirely, let us know and we shall remove the information you ask us to. If you would like to view any or all of the data we may hold on you, please ask us. We aim to comply with all data requests within 14 days. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you further information in relation to your request to speed up our response.