INTRODUCTION – THE PURPOSE OF THIS PRIVACY NOTICE
Naturebites (“We”) are committed to protecting the privacy and security of your personal information. Please read this privacy notice carefully in order to understand our views and also our practices in regards to your personal data. The notice covers how we collect and use your personal information during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR). It applies to all of our clients.
Naturebites is a “data controller”. This means we determine the purposes and means of processing personal data.
A “data processor” is responsible for processing personal data on behalf of a controller. We would always use data processors who are GDPR compliant if the need arose, however we have never allowed the data we hold to be processed externally previously and we don’t have any plans to do at the time of writing.
Personal data is defined by the GDPR as meaning any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier (Article 6). For example full name, home address, private email address or telephone number. Online identifiers include IP addresses and cookies.
There is also special categories of personal data, which is referred to as sensitive data (Article 9). For example racial or ethnic origin, health data, biometrics or political opinions. Naturebites will never store any such data.
HOW TO CONTACT NATUREBITES
Naturebites is the data controller and as such, we decide how your personal data is processed and for what purposes (as explained in this privacy notice). Should you wish to discuss your personal data, or any queries in regards to how we hold or process personal data, please contact Kathy James from Naturebites. Kathy James can be contacted by telephone on 07790431078 or by email Kathy@naturebites.co.uk.
DATA PROTECTION PRINCIPLES
We will comply with data protection law (GDPR). This says that personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specific, explicit and legitimate purposes;
- Adequate, relevant and limited to what is necessary;
- Accurate and up to date;
- Kept in a form which permits identification of data subjects (a natural person) for no longer than is necessary;
- Processed in a manner that ensures appropriate security of the personal data.
WHY WE KEEP AND PROCESS YOUR PERSONAL DATA
We will use your personal data for the following purposes:
- To meet contractual obligations
- To meet legal obligations
- Where consent has been positively given for marketing purposes
We will only collect basic personal data to fulfil the above purposes, and this does not include any special categories of personal information about you. This information will include the likes of your name, address and personal email address.
We will collect personal data from our clients themselves, and will never accept personal data from third parties. The data will be collected from our clients for 1 and 2 above, in order to continue our professional relationship.
Data will be collected for 3 above, primarily for marketing purposes and always with a GDPR complaint method (for example, MailChimp as an emarketing solution).
WHAT IS OUR LEGAL BASIS FOR PROCESSING YOUR PERSONAL DATA?
The GDPR outlines 6 legal basis for processing personal data. Of these six, Naturebites has identified 3 lawful bases for collecting and processing personal data. These are:
- Contractual: personal information is collected and processed where we need to perform the contract/agreement we have entered with you
- Legal: where it is necessary to collect and process personal information to comply with the law
- Consent: where consent has been freely given for marketing purposes
Naturebites will not share your data for marketing purposes with any third parties. We will only share your personal information with third parties when required by the law to do so, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
Please be aware that your information may be stored on a cloud-based system, whose servers are located outside of the EU. Naturebites will always ensure that we use a GDPR complaint company for this service.
We have put in place security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We do not have any employees, agents or contractors who have or would have access to your personal information.
We will only retain your personal information for no longer than is reasonable necessary in order to fulfil the purposes it was collected for. To determine these lengths of time we consider the amount, nature, sensitivity of the data, potential risk of harm from unauthorised use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means.
YOUR RIGHTS AND YOUR PERSONAL DATA
The GDPR provides the following rights for you as individuals:
- Right to be informed about the collection and use of your personal data
- Right of access (referred to as a “data subject access request”) to your personal data
- Right to rectification – where personal data may be out of date
- Right to erasure of your personal data when it is no longer necessary to retain it
- Right to withdraw your consent at any given time, where consent was the lawful basis for processing the data
- Right to restrict personal data processing
- Right to request the transfer of your personal data to another data controller or processor
- Rights in relation to automated decision making and profiling (not used by Naturebites).
For more information on your rights as individuals, please visit the ICO website.
If we wish to use your personal data for a new purpose, that isn’t covered in this privacy notice, we will provide you with a new notice and explanation.
CHANGES TO OUR PRIVACY NOTICE
We reserve the right to update this privacy notice from time to time, and we will provide you with a new privacy notice when we make any substantial changes. Please check back frequently to see any updates or changes.