Privacy Notice
Privacy Notice – Michael Lilley
Dated 29/2/2021
This Privacy Notice sets out the way Michael Lilley collects, uses and stores your information in accordance with UK data protection legislation (Data Protection Act 2018 [DPA 2018] and General Data Protection Regulation [GDPR]).
Maintaining the security of your data is important to me (Michael Lilley), and I am committed to respecting your privacy rights. I endeavour to be transparent about what data I collect and how I use it. I may collect, use and store your personal data as described in this Privacy Notice.
CHANGES TO THIS PRIVACY NOTICE
I reserve the right to update or change this Privacy Notice at any time, so please ensure that you are viewing the latest version.
WHAT TYPE OF INFORMATION I HAVE
I collect and process the following information:
Personal identifiers, contacts and characteristics
(personal information is information that can be used to directly or indirectly identify you)
- Includes but is not limited to your name, title, postal address, email address and telephone numbers.
- Information relating to processes including communications, payment information such as banking or payment card details if making payment or donation, website or digital media use.
- Potentially personally identifying information like Internet Protocol (IP) addresses for site users and for users posting or leaving comments on our website.
- Activities or actions that you are or have been associated with.
- If you access my website via your mobile device I may collect your unique phone identifier.
Non-personally identifying information.
- Collection of Information from use of our website, digital media or other services:
The purpose in collecting non-personally identifying information is to better understand how visitors use my website and digital media. This data may include but is not limited to information such as your browser type and version, language preference, referring site, the pages of our site you visit, and other usage statistics. I may use third party services such as Google Analytics that collect, monitor and analyse data, or use a spam screening service to help identify spam.
HOW I GET THE INFORMATION AND WHY I HAVE IT
A lot of the personal information I process is provided to me directly by you for one or more of the following reasons:
- Communicating with me.
- Subscribing to communications from me.
- Posting or commenting on posts on my website.
- Provision of a service to me.
- Donation or payment to me.
- Administration and management.
- Filling in forms provided by me.
- Website tracking. (for Cookies use please see my Cookies Policy)
It is important that you notify me of any changes to your personal information as soon as possible.
I also receive personal information indirectly, from the following sources in the following scenarios:
- I collate publicly available contact and other relevant information.
- I collate information from and or about organisations or individuals with whom I engage or may wish to contact or engage with as part of my activities or research.
Under the General Data Protection Regulation (GDPR), the lawful basis I rely on for processing this information is:
- I have a legitimate interest.
WHAT I DO WITH THE INFORMATION I HAVE
- Maintain a list of subscribers to communications from me.
- Personally identifiable subscribing information will not be made public or shared with third parties other than as specified in this privacy notice.
- Action the aims and objectives of IA.
- I reserve the right to disclose your personal information to meet legal and regulatory obligations or when I believe that disclosure is necessary to protect my rights, avoid litigation, protect your safety or the safety of others or investigate fraud. I may also disclose information about you if I determine that such disclosure should be made for reasons of public importance.
- To maintain financial records.
- To facilitate administration and management.
- I may share your information when necessary with third party services or contractors I ask to carry out a service or action on my behalf, e.g. MailChimp. I try to ensure your information will not be used by the third party for any other purposes.
- I do not sell or otherwise provide personal information to other companies for the marketing of their own products or services.
HOW I STORE YOUR INFORMATION
I take the security of information I store very seriously and I endeavour to take appropriate reasonable steps to ensure data is securely stored.
I will take reasonable precautions to prevent the loss, misuse or alteration of your personal information. I will take reasonable precautions to store, process and transport personal information in a secure manner.
MailChimp – I may at times use Mailchimp for my general email distribution, and collecting data via my website forms. Relevant information will be stored in my MailChimp account. You can visit MailChimp’s website to access their Privacy Policy and Terms. https://mailchimp.com/legal/privacy/
I will keep personal data for as long as is necessary to fulfil the purposes for which I collected it, and I will keep data in accordance with legal, tax and accounting requirements. Normally, my retention period for personal data collected is a minimum of six years after the end of the year in which any service, need or relevance has ceased. Where your personal data is no longer required I will ensure it is disposed of in a secure manner.
YOUR DATA PROTECTION RIGHTS
Under data protection law, you have rights including:
- THE RIGHT TO BE INFORMED – Individuals have the right to be informed about the collection of their personal data, except when an individual already has the information, or if it would involve a disproportionate effort to provide it to them, or it would render impossible or seriously impair the achievement of the objectives of the processing.
- THE RIGHT OF ACCESS – You have the right to access your personal information, this is commonly referred to as subject access.
- THE RIGHT TO RECTIFICATION – You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
- THE RIGHT TO ERASURE – You have the right for personal data to be erased, this right is not absolute and only applies in certain circumstances.
- THE RIGHT TO RESTRICT PROCESSING – You have the right to request the restriction of personal data, this right is not absolute and only applies in certain circumstances.
- THE RIGHT TO DATA PORTABILITY – This right is only applicable should I rely on the lawful basis of consent or performance of contract for processing the information, and processing is carried out by automated means.
- THE RIGHT TO OBJECT – You have the the right to object to the processing of your personal data. This right is not absolute and only applies in certain circumstances.
- RIGHTS IN RELATION TO AUTOMATED DECISION-MAKING INCLUDING PROFILING – I do not undertake automated individual decision-making and profiling.
You are not required to pay any charge for exercising your rights. However in certain circumstances, for example additional requests for the same data, you may be subject to an administrative fee.
If you make a request, I normally have one month to respond to you.
Please note that proof of identity may be required should you choose to exercise any of the above rights in relation to personal data.
Further information about your data protection rights appears on the Information Commissioner’s Office (ICO) website.
You have the right to lodge a complaint with the Information Commissioner’s Office.
HOW TO COMPLAIN
If you have a complaint about my use of your personal data, or anything in this notice, please talk to me first so I can help to resolve any problem or query.
You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Information Commissioner’s Office
MY CONTACT DETAILS
Data Controller:
Michael Lilley
71 High Park Road
Ryde
Isle of Wight
PO33 1BX
michaellilleyiow@gmail.com