Privacy Policy

Our Privacy Policy

Worcestershire County Council (‘the Council’) honours the rights of its subscribers, employees and other users’ including website visitors’ right to privacy and data protection. The Council is fully committed to complying with the provisions of all applicable EU General Data Protection Regulations (“GDPR”). This Privacy Policy (“Policy”) describes how the Council collects, uses, shares, and retains personally identifiable information. The Policy is effective as of 20th August 2020. The policy will be continuously assessed against new technologies, business practices, regulatory changes and the evolving needs of the Council and the services provided the Council. We are registered with the Information Commissioners Office, the UK’s Data Protection Authority.

Data Controller

The data controller for all personal data collected the Council. This means that we are responsible for deciding what data we collect and how we hold and use your personal data. We will implement appropriate data security measures for protecting the data from unauthorised access and loss, as laid out in the Security section of this Policy.

Data Collection

The Council collects and maintains a variety of personally identifiable information, including names, email addresses, phone numbers, social media profiles, business addresses, demographic information such as the local authority area or industry sector of the business and details of Council services the users may be interested in such as, but not limited to, tourism information, relevant newsletters, events and training courses. The Council collects information directly from individuals or from the company of the individuals. The information could be collected through e-mails, phone calls, online registration forms, event registration forms and face to face meetings and any other processes. The Council does not collect personal data about individuals except when there is a legitimate business requirement or when such information is provided on a voluntary basis.

Users should also be aware that non-personal information and data may be automatically collected through the standard operation of the Councils web servers, and by the use of cookies technology and/or Internet Protocol (“IP”) address tracking. Non-personal identification information might include the browser used by you, the type of computer, the operating systems, the Internet service providers, and other similar information. The Councils web server also automatically gathers information about the top viewed and visited pages and links on our website, top entry and exit points, number of form completions, time spent on pages, top downloads, top keywords used offsite to lead customers to our website, your internet protocol (IP) address, information collected via cookies, the areas you visit on the website, the links you may select from within the website to other external websites and device event information such as system activity, crashes, hardware settings, browser type etc. Most browsers are set to accept cookies. You can set your browser to refuse cookies, or to alert you when cookies are being sent; however, if you disable cookies, the full functionality of the Councils websites may not be available to you. The information thus collected enables us to develop and customise our services better to meet your needs and preferences, and to bring to your attention member services, events, networking opportunities and training courses.

Purpose of Processing

The personal data collected is used by the Council and its associated third parties (e.g. district councils and Worcester LEP) to give you information relating to Visit Worcestershire services.

The Council may perform statistical analyses of user behaviour and characteristics to measure interest in and the use of various sections of the website. The personal data held by the Council may also be used on an aggregate basis without any personal identifiers to provide third parties with information, such as the composition of membership, and to help us develop new member services and products, improve the features and content of the website or other marketing material, and to provide sponsors and others with aggregate information about our members, website users and their usage patterns in relation to services and/or the website.

Data retention

The personal data collected is stored in the Councils CRM system and other appropriate data management systems, both paper based and electronic. Personally identifiable information will only be disclosed to third parties where contractual non-disclosure agreements are in place or if permission has first been obtained from the user. The data will not be transferred to any agency located outside the EU. At regular intervals, we will:

  • review the length of time we keep your personal data for
  • consider the purpose or purposes for which we hold your personal data for in deciding whether (and for how long) to retain it
  • securely delete information that is no longer needed for that purpose or those purposes update, archive or securely delete information if it goes out  of date.

Security

The Council uses reasonable measures to safeguard personally identifiable information. The implemented measures will be appropriate to the type of information maintained and compliance with all relevant legislation governing protection of personal information. Measures are implemented to preserve the confidentiality, integrity and availability of the personal information. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, contractors or agents who have a legitimate business need to have access to that data. The employees, contractors or agents will process your personal data in accordance with our instructions and inline with GDPR. They will be subject to a duty of confidentiality and due care with respect to handling the personal data. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. The Councils employees are trained on data security and information protection. Relevant areas of the Councils website will employ Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information collected and retained by the Council.

Links to Third-Party Sites

Where appropriate and only for the legitimate business needs, the Council may provide links to third-party web sites or advertisements which contain links to third-party sites. These links are provided as a service to website users. The linked third-party websites are operated by independent entities that have their own privacy policies. This Privacy Policy does not apply to such other websites or to the use that those entities make of your information. The Council has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information. The Councils website may also serve third party advertisements, or other content that contains their own cookies or tracking technologies. The Council does not control the use of those technologies.

Opt-Out

The Visit Worcestershire service is a free subscription organisation and for its contractual and legitimate business interests, must maintain contact information on its members and the wider business community to communicate information on membership, events, training courses, policy and research, and for its key business of promoting tourism in the County. The Council acting as Visit Worcestershire also sends promotional material promoting its events and other relevant offerings. From time to time, the Council collaborates with other relevant organisations and companies to promote other programs that may be of interest to members and the wider  community. In such cases, the Council does not provide these organisations with any personally identifiable information but may distribute the organisation’s information on their behalf to those who may legitimately be benefited from receiving such information or have elected to receive such information. If you do not wish to receive marketing material, you may opt out. Every marketing e-mail will include an ‘unsubscribe’ link at the bottom. You may also notify the Council in writing as set out below.

Social media

We may use third party provided tools to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by these third party tools. Like other personal data, these direct messages will not be shared with any other organisations.

Access, Review and Correction

The General Data Protection Regulations gives you the right to access your personal data held by us (“subject access request). Subject access requests must be made in writing to the details below. We will endeavour to respond to the request within a reasonable period and in any event within one month as required by the relevant provisions in the GDPR.

It is important that the personal data we hold about you is accurate and current. We will take all reasonable measures to ensure that the personal data we hold about you is accurate. We have also implemented procedures to enable you to review and correct your personal information, should there be any changes to your circumstances or errors in the gathered data. When you make a request to access or review the personal data we hold about you, we will request you to verify your identity before the request can be fulfilled.

Privacy Rights

In addition to the rights of access, review and correction, you have the right to object to your personal data being processed for any particular purpose, or to request that we stop using your information. If you wish to exercise these rights, please e-mail [email protected] or send a letter marked “Data Protection” to the Councils offices at County Hall, Spetchely Road, Worcester, WR5 2NP. If you have further concerns about how we use your personal data, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the data protection authority for the UK. Please visit https://ico.org.uk/ for more details on your data protection rights and how to contact them.

This privacy policy was last updated on 20th August 2020.