This website is owned and operated by Kidwells Rated Ltd, trading as What’s In Hereford
Registered office address Kidwells House, 4 Coldnose Road, Hereford, HR2 6JL
Company number 12668377
Data Protection Officer: Emily Horne
Contact email: firstname.lastname@example.org
Contact phone: 01432 278179
Introduction to this Policy
We are committed to safeguarding the privacy of our website visitors and service users. This policy applies when we are acting as a “data controller” in respect to the personal data of website visitors, service users, and other clients.
This Policy sets out the obligations of Kidwells Rated Ltd, trading as What’s In Hereford, (“we”, “us”, “our”, “the Company”) regarding data protection and the rights of clients, contractors, employees, agents and business contacts (“you”, “your”, “data subjects”) in respect of their personal data under the General Data Protection Regulation (“GDPR”, “the Regulation”).
The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a “data subject”).
How We Use Your Personal Data
What’s In Hereford uses data in a few different ways, similarly to most modern websites and companies. In summary, we use data to analyse and improve our website and services, provide our website and services, stay in touch with you, and if relevant, market to you.
To explain in more detail, this includes:
Usage data. Usage data looks at how visitors use our website. This data may include your IP address, general geographical location, browser type and version, operating system, how you found our website, timings, page views, and other information that tells us how you visited the website, when, and for how long. This information is used to continually improve the website and our services on a legitimate interest basis.
Account data. When you create an account with What’s In Hereford, this information will be kept by us for the purpose of maintaining your account. Typically, this information is at least your name and email address. This info is processed to securely operate the website and services and communicate with you about them. This information is stored with us at your request when you create an account or confirm with us in some manner that you want us to create it for you.
Whether or not you create a website account/login, we also store profile information based on the listings and businesses on our website. This information is processed for the purposes of advertising your businesses, charities, events, services, and/or similar listings on the website. Many business and charity profiles are based on publicly available information, however in the case of sole traders (of which Herefordshire has many!) we do need your consent to share this information so we can list your contact information for the listing.
Publication data. We process information that you post for publication on our website or through our services. This includes business, events, charities, and other listings on the What’s In Hereford website that you provide to us. We also aim to list as many companies as possible, so some listings are made from publicly available sources where we are able to process the data – such as for registered Ltd companies and charities. We process this information for legitimate purposes of operating this website, accurately, legally and securely.
Enquiry, correspondence, and customer relationship data. When you contact us to enquire about our website or service, we will retain any of the contained information (such as name, email address, phone number, business name, etc) for the purposes of contacting you, communicating with you about similar services, and to analyse and improve our website and service.
When you work with us, we will continue to process your information to be able to provide our website and service. This will include the relevant information you have shared with us, such as address, payment details, services record, and other information you have consented. This is so we can provide the best service possible and manage our customer relationships.
Transaction and financial information. If you choose to sponsor a listing or use other premium features of our website or service, we will also request payment information at the time such as contact details, card or bank details, and the transaction details. This transaction data is processed to complete the contract between you and us and the proper administration of the service.
Marketing and notification information. If you create an account with us or contact us about our services, we use this consent to stay in touch with you about these and very similar services to keep you updated unless you say otherwise. This includes email newsletters and email notifications. We also have an opt-in only newsletter which covers the latest updates from the What’s In Hereford website, service, listings, and our partners. You will receive this when you request to sign up for it. You can remove that consent at any time by clicking “unsubscribe” at the bottom of any of those emails.
We may also process any of the above personal data where necessary for legal or vital purposes, to protect our legal and vital rights, your legal and vital rights, and the legal and vital rights of others. We may also process data where necessary to protect our business against risks, which can include obtaining or maintaining insurance coverage, managing risks, or getting expert advice.
Please do not supply any other person’s personal data to us, unless we prompt you to do so or you can provide clear consent that they have willingly provided it for the purpose you are sharing it for.
How We Share Your Data
What’s In Hereford is, at its core, a public directory of the available businesses, services, charities, and events across Herefordshire. This means we share your data in some ways, but not others.
We DO share data that has been shared with the intention of publicly listing a business, service, charity, event, news/update, or similar information for publication. This information is processed and, subject to the approval process, will be published online for the public to see and use.
We also share data in a few ways, to provide our website and service and for the administration of the Company. We use and therefore share the data with:
- Software providers. These services include transaction providers, email, identity verification, hosting, data storage, data analytics, customer management, and similar tools to administer the features and services we offer on the website.
- Providers of communications services such as telecommunications and postal services, to contact you about the service or as requested.
- Outsourced service providers who may process some aspects of the service or website on our behalf, such as website development.
- Social media sites, for the purpose of market research and marketing campaigns.
When we “share” data in these ways, the information is still being used for internal processes by us. We simply want to be fully transparent in how we administer our services (the website, listings, email newsletters, support, etc) to you.
It is unlikely, but we may also share your data as necessary to protect the legal or vital rights of yourself, others, or ourselves. If necessary, we may also instruct third parties to act on our behalf to collect outstanding debts or to protect our rights, in which case we would share data with debt collectors, lawyers, enforcement officers, and other relevant authorities.
Some third-party tools, such as embedded YouTube videos or social media feeds, also apply their own Cookies. In these cases, you need to refer to those companies about their data use policies.
Cookies on this Website
The Data Protection Principles
This Policy aims to ensure compliance with the Regulation. The Regulation sets out the following principles with which any party handling personal data must comply. All personal data must be:
- processed lawfully, fairly, and in a transparent manner in relation to the data subject;
- collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and kept up to date having regard to the purposes for which they are processed, is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
- processed in a manner that ensures appropriate security of the personal data.
Your Data Rights
The Regulation sets out the following rights applicable to data subjects:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure (also known as the ‘right to be forgotten’);
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights with respect to automated decision-making and profiling.
Lawful, Fair, and Transparent Data Processing
The Regulation seeks to ensure that personal data is processed lawfully, fairly, and transparently, without adversely affecting the rights of the data subject. The Regulation states that processing of personal data shall be lawful if at least one of the following applies:
- Consent is given to the processing of his or her personal data for one or more specific purposes;
- for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
- for compliance with a legal obligation to which the controller is subject;
- to protect the vital interests of the data subject or of another natural person;
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Processed for Specified, Explicit and Legitimate Purposes
- The Company collects and processes the personal data set out in Part 13 of this Policy.
- The Company only processes personal data for the specific purposes set out in this Policy. The purposes for which we process personal data will be informed to data subjects at the time that their personal data is collected, where it is collected directly from them, or as soon as possible after collection where it is obtained from a third party.
How Long We Keep Your Data
How long we store your data will depend on its original purpose. The Company shall not keep personal data for any longer than is necessary considering the purposes for which that data was originally collected and processed. When the data is no longer required, legally or for legitimate interests, all reasonable steps will be taken to erase it safely without delay.
The Company shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Data Subject Access
You may make a subject access request (“SAR”) at any time to find out more about the personal data which the Company holds about them. The Company is normally required to respond to SARs within one month of receipt (this can be extended by up to two months in the case of complex and/or numerous requests, and in such cases the data subject shall be informed of the need for the extension).
The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
Lasted updated: 23 March 2021