- Warwick Business School Society (herein ‘the owner’ or ‘WBSS’) is intent on safeguarding the privacy of the user
- WBSS determines the means of gathering data and processing data
- WBSS.co.uk (Herein ‘the website’) has within it privacy controls, with which the user can dictate the level of control over their data
Gathering of data
- Within the website, WBSS will collect the following types of data:
i. Usage data, including but not limited to IP address, geographical location, browser type and version, operating system, length of visit, and website navigation paths. Such data is processed to improve the website’s processes and tailor website content to match the preferences of the user. The legal basis for processing this data is consent and the improvement of website services.
ii. Account data, including but not limited to name and email address. This is processed in order to provide services, ensure the security of the website, and to maintain the website database. The legal basis for processing this data is consent and the proper administration of the website
iii. Profile data, including but not limited to the user’s name, address, telephone number, email address, profile pictures, gender, sex, date of birth, relationship status, hobbies, educational details, employment details. This data is processed in order to enable and monitor the use of website services. The legal basis for processing this data is consent and the proper administration of the website.
iv. Service data, namely your credit card details. This is in order to make use of the website’s full functionality, including purchasing merchandise. The legal basis for processing this data is consent and the proper administration of data.
v. Publication data, including but not limited to website testimonials, and the creation of a profile. This data is processed in order to enable publication of select user data on the website. The legal basis for processing this data is consent and the proper administration of the website.
vi. Enquiry data, including but not limited to the user’s use of the search bar during the course of operating website. This data is processed in order to make use of relevant data conveyed to the owner. The legal basis for processing this data is consent.
vii. Customer relationship data i.e. data relating to customer relationships including but not limited to name, employer, job title, and contact details. This data is processed to keep records of communications with the user, and promoting products and services to the customer. The legal basis for this processing is consent and the proper management of the owner’s customer relationships.
viii. Transaction data, including but not limited to contract details, card details, and transactional details. This data is processed to supply purchased goods and services, alongside keeping record of transactions. The legal basis for processing this data is as a contract between the user and the owner in order to ensure the proper administration of the website.
ix. Notification data, namely information provided by the user in subscription of email notifications and newsletters. This data is processed to send the user relevant notifications and newsletters. The legal basis for processing this data is consent.
x. Correspondence data i.e. information sent via the user’s correspondence with WBSS, including but not limited to the prima facie content of correspondent alongside the metadata. This is processed for the purposes of communication and record keeping. The legal basis for processing this data is the proper administration of the website.
b. WBSS reserves the right to process any of the data in 2a. in the course of legal claims. The legal basis for this is to protect the legitimate interests of WBSS, namely to assert the legal rights of WBSS or the user.
c. WBSS reserves the right to process any of the data in 2a. in order to manage risk or obtain professional advice. The legal basis for processing this data is the protection against business risks.
d. WBSS reserves the right to process any of the data in 2a. to comply with a legal obligation to which the owner is subject. The legal basis for processing this data is in order to protect vital interests of the user or another revelant party.
e. The user should refrain from providing false personal data, or that of another person unless explicitly asked to do so.
Sharing of data within the European Economic Area
- WBSS reserves the right to disclose the user’s personal data to a member of a group of companies insofar as it is deemed necessary for the purposes of the website, in compliance with the legal bases
- The owner may share the user’s data with insurers or advisors where it is necessary for the purpose of including but not limited to, maintaining insurance coverage, managing risks, obtaining professional advice.
- The owner may disclose data listed in 2a. for the proper administration of the website, where legally appropriate
- Financial transactions made via the website are handled by WBSS’ financial services provider, iZettle, (herein the ‘financial services provider’) User data outlined in 2a. will only be shared the financial services provider in alignment with the purposes and adhering to the legal bases for the collection of data. The user should consult the financial services provider’s website for further details in this regard.
- The owner will disclose a user’s personal data where such disclosure is in compliance with a legal obligation to which WBSS is subject.
Sharing of data outside the European Economic Area
- WBSS engages with multi-national companies. Transfers to companies with multi-national offices will be protected by appropriate safeguards, namely those that are adopted by the European Economic Area. (herein ‘EEC’)
- Standard data protection clauses favoured by the European Commission constitute the appropriate safeguards, under which data will be shared with WBSS affiliates operating outside the EEC.
- Appropriate safeguards mentioned in 4a. and 4b. are contained within the European Union’s General Data Protection, which can be found here: https://eugdpr.org
- The user accepts that personal data submitted for publication on the website may be available via the internet around the world. In this regard, WBSS absolves itself of responsibility in the misuse of personal data by others.
Retention and Deletion of data
- This section is designed to ensure that the owner complies with legal obligations in relation to the retention and deletion of personal data.
- Personal data submitted by the user and processed by WBSS will not be kept for longer than is necessary for that purpose/purposes
- It is not possible for WBSS to specify in advance the periods for which personal data will be retained. However, the period of retention will be based on the following criteria
i. No retention of data shall exceed more than five years without explicit permission of the user
ii. Data will not be retained if the user terminates their membership of WBSS
- WBSS reserves the right to retain personal data where such retention is necessary for compliance with a legal obligation to which WBSS is subject, or in order to ensure vital interests of the user or another relevant party.
Rights of the user
- Right to access, namely the right to confirmation of the owner processing the user’s personal data, the way in which this is done, and where it is done. Furthermore, the user may request to lean the purposes of processing, and categories of data. The user may access their personal data free of charge in the first instance, providing the rights of others are not affected, but will be required to pay a fee of £10.00 in further instances.
- Right to rectification, namely the right to have any inaccuracies in personal data rectified, and the right to request incomplete personal data bank be completed.
- Right to erasure of personal data, in the following circumstances:
i. Data no longer being necessary for the purpose for which it was collected
ii. Withdrawing consent to consent-based processing
iii. Objecting to data processing under applicable aspects of GDPR
iv. The process being directly for marketing purposes
v. The personal data being unlawfully processed
Subject to the following exclusions:
vi. Exercising freedom of expression and information
vii. For compliance with a legal obligation
viii. For the establishment, exercise, or defence of legal claims
d. Right to restrict processing of personal data, in the following circumstances:
i. Contesting the accuracy of personal data
ii. Processing is unlawful but the user opposes erasure
iii. The owner no longer requires the personal data for the purposes of processing but the user requires the data as establishing a legal defence or claim, and the user has rightfully objected to the processing
Subject to the following exclusions:
iv. Consent of the user
v. Exercise or defence of legal claims
vi. For the protection of the rights of a third party
vii. In an important public interest
e. Right to object to processing, if the processing is for direct marketing purposes. If an objection on these grounds is made, WBSS will cease to process a user’s personal data for this purpose
f. Right to data portability, namely the right for the user to receive their personal data in a structured, commonly used, and machine-readable format, with the exception where such data will adversely affect the rights of others
g. Right to complain to a supervisory authority, for example the right to lodge a complaint with an EU member state of a user’s residence, if the user believes processing of data to be infringing data protection laws
h. Right to withdraw consent in the owner’s processing of data. Withdrawal will not affect lawfulness of data processing prior to the withdrawal.
i. A user may exercise the rights above by written notice to WBSS, or an email.