Data Protection and Processing Policy (Oct 12 2024 rev1)

Purpose

The purpose of this policy is to outline the policy regarding the processing, protecting and maintaining of data, for people that have requested a copy (Requesters) of the Sustainable Corporate Production guide (SCP guide).

The Sustainable Corporate Production Guide is an initiative of EVCOM and ACrew4U Ltd. 

Definitions-

“We” refers to EVCOM and ACrew4U

“Requester” refers to a person that has requested a copy of the SCP guide via the Sustainablecorporateproduction.com website.

We will hold and process personal data in accordance with the Data Protection Act, the General Data Protection Regulation (Regulation (EU) 2016/679) and any other applicable laws and regulations relating to the processing of personal data and privacy, including any applicable guidance and codes of practice issued by the Information Commissioner’s Office or any other relevant supervisory authority.

The purpose of which is to protect the rights and privacy of individuals, and to ensure that data about them are not processed without their knowledge.

Scope

The Act and subsequently this policy applies to electronic and paper records held in structured filing systems containing personal data. It also covers data held on all clients, employees and contractors of the Company.

For the purposes of this policy we are primarily concerned with personal data, which could fall under the Data Protection Act (DPA), the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and commercially sensitive data, which may not have legal repercussions under the DPA and GDPR but could have commercial consequences.

Description of processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us to provide the SCP guide;, maintain records of Requesters of the guide and to advertise and promote initiatives, events, publication updates and social media communities linked to the Sustainable Corporate Production initiative.

We never share information with third parties for marketing purposes.

Type/classes of information processed

We process information relevant to the above reasons/purposes. This may include:

  • personal details
  • family details
  • education and employment details
  • financial details
  • sales and marketing
  • goods and services

We also process sensitive classes of information that may include:

  • trade union membership

Website contact forms

When you complete one of the contact forms on our website, we will ask you for a number of pieces of personal information, such as your name, email address and other contact details. This is obviously required for us to respond to your request.

If you do not use or submit an online form on the website, no data will be collected in that regard.

Account logins

For some website functionality, we will need to create for you a user account that allows you to login to the site to ensure that only authorised individuals can access your data and that functionality. Examples include when you make an online purchase via the site, or when you have a role in administering or contributing towards the website content or updating your supplier or client account data. The purpose of these user accounts is to protect your personal data behind login security, and to protect the integrity of our site and the servers that run it.

Data collected will generally involve your name and email address (which doubles as username) as a minimum, but may include your postal address if it is required for online purchases.

If you do not register for an online account then no such data will be collected in this regard.

Technical data (such as ‘IP address’)

When you visit our website, our systems will log a record of your visit in our server logs, and typically this record will include the technical ‘IP’ address that is associated with your device and the browser type and version that you are using.

Such server logs are extremely common practice, and are used to monitor technical resources, monitor high-level server activity, and importantly to detect and prevent malicious or fraudulent activity on our systems. This data can also be used, if required, to diagnose reports of technical issues. The storage of IP addresses, allow us to identify patterns of behaviour (such as repeated malicious attempts to access a system).

IP addresses, in and of themselves, do not allow us in any way to identify you as an individual, especially given that it is very common for IP addresses to be dynamically allocated by your service provider, and will therefore often routinely change.

Furthermore, we do not and will not use the content of server access logs to attempt to determine an identifiable individual. We therefore do not consider that data held within server logs falls within the scope of ‘personal data’, and accordingly we do not seek your consent to collect it.

Cookies & ‘similar technologies’

We have included cookies, web beacons and similar technologies into one section because they all perform similar functions even if, from a technical perspective, they work slightly differently.

All of these technologies allow us to better understand how users are using our website and other related services. They can also be an essential part of providing certain online functionality. They are all essentially small data files placed on your computer (or other device) that allow us to tell when you have visited a particular page, or performed a particular action (such as clicking a particular button) on our website.

These technologies are used by most websites as they provide useful insight into how the services are being used, as well as improving speed, performance and security, and enabling us to improve our personalisation of your experience.

Cookies

These are small text files placed in the memory of your browser or device when you visit a website. Cookies allow a website to recognize a particular device or browser. There are several types of cookies:

Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.

Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.

First-party cookies are set by the site you are visiting.

Third-party cookies are set by a third party site separate from the site you are visiting.

There are a number of ways that you can influence how cookies are used on your particular device. Most commercial browsers (such as Chrome, Safari, Edge, Internet Explorer, Firefox etc) allow you to set preferences for whether to allow or block website cookies.

They will also provide tools that allow you to remove any cookies that have already been set. Using the ‘Help’ functionality of your browser, or an internet search, will help you to understand how to use these features for your particular browser.

Web beacons

Small graphic images (also known as “pixel tags” or “clear GIFs”) that may be included on our sites and services that typically work in conjunction with cookies to identify our users and user behaviour.

Website Analytics

We may use Google Analytics to better understand what people look at on our website.

When people visit our site, information about their visit (such as which pages they look at, how long they spend on the site and so on) is sent in an anonymous form to Google Analytics (which is controlled by Google).

The data contains information about anyone who uses our website from your computer, and there is no way to identify individuals from the data.

We ensure that no personally identifiable information is ever contained within the data sent to our analytics providers, and we also perform a process which partially obscures your IP address information.

As analytics information is not personal data, we do not specifically ask for your prior consent.

Who the information is processed about

We process personal information about:

  • Requesters of the guide
  • People who have signed up to the SCP Linked in community
  • complainants
  • enquirers
  • professional advisers, consultants
  • employees

Transfers

It may sometimes be necessary to transfer personal information overseas. When this is needed any transfers made will be in full compliance with all aspects of the data protection act.

You always have a choice as to if you wish to not receive some or all marketing or sales related correspondence.

The Company and all staff are committed to fully complying with the principles set out in the Data Protection Acts.

Accordingly, all data will be:

  • fairly and lawfully processed;
  • processed for limited purposes and not in any manner incompatible with those purposes;
  • adequate, relevant and not excessive;
  • accurate;
  • not kept for longer than is necessary;
  • processed in line with the data subject’s rights;
  • secure; and
  • not transferred to countries without adequate protection.

Your Rights

Your personal data is protected by legal rights, which may include your right to:

object to our processing of your personal data;
request that your personal data is erased or corrected;
request access to your personal data.

For more information or to exercise your data protection rights please contact us in writing or email

NB – If you wish to request access to your personal data we are required to ask you to supply proof of your identity.

Our data protection contact emailIs dataprotection@acrew4u.com (stating reference “SCP requester”)

You also have a right to complain to the Information Commissioner’s Office which regulates the processing of personal data.  For more information please visit: www.ico.org.uk