Privacy Policy
Urban Foundry Ltd. respects and values privacy – this policy outlines key information to tell you how we gather, process and store data. There is a separate privacy policy for staff and associates.
We follow Market Research Society (MRS) best practice and their Code of Conduct, and we are registered with the Information Commissioners Office (ICO).
As a general principle, we will only gather, process and/or store data that is necessary and we do so in compliance with the General Data Protection Regulation (GDPR) that takes effect on 25th May 2018.
This policy affects your use of our website. It also provides information on other ways in which we may collect data through other areas of our work, which may not be relevant to you if you are only visiting the website. The differences are made clear in this document.
Your use of our website is contingent on your understanding and acceptance of this policy and we deem you to have understood and accepted this if you access our website.
If you do not accept and agree with this policy then you may not use our website and if you have accessed this policy online via our website then you must leave our website immediately.
Key terms
We always try to communicate using plain English, but there are some terms that require definition in order for you to understand this document, as follows:
- “aggregate data” is the collation of a large set of individual responses into one or more summaries, and where we use that term in this policy this means that it would not be possible to identify an individual from that data;
- a “Cookie” is a small text file placed on your computer or device by a website and/or a third party (e.g. Google) when you visit a website – use of cookies is governed by the Privacy and Electronic Communications (EC Directive) Regulations 2003, sometimes referred to as “Cookie Law”;
- a “data controller” determines the purposes and means of processing personal data;
- a “data processor” is responsible for processing personal data on behalf of a controller;
- a “data subject” is a living individual to whom data relates;
- “personal data” is defined by the UK Information Commissioner’s Office (ICO) as “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier” – the ICO further clarifies that this relates to ‘living individuals’;
- “raw data” when used in this policy means a full set of data that is searchable by individual entries, in other words someone viewing the file could see each individual response and therefore it is possible to see the information that any one individual has provided;
- “We/Us/Our/The company” means Urban Foundry Ltd., a limited company registered in England and Wales under company number 6692527, whose registered office is The Engine Room @HQ, Llys Glas, Alexandra Road, Swansea, SA1 3RD; and
- “Our/This Site” means: hqurbankitchen.co.uk
The use of capitalisation is for convenience – the lack of capitalisation in certain areas will not change the meaning of the term.
At times, we will be a data controller, and at other times we will be a data processor.
Key principles
The overriding principles are that the gathering, processing and storing of data has a legal basis and that it is fair. Part of the process of making it fair is to be open and honest about the data we collect. The nature of our work means that it is difficult to keep a document transparent whilst also covering every eventuality, so we have tried to balance these in this document. However, if at any time you are concerned or wish to know more about how we collect, process and store data then you can contact us via our website and we will do our best to help.
In all cases our policy is that any data we gather will be:
- used lawfully;
- collected only for valid purposes that are clearly explained;
- relevant to the purposes we have told you about and limited only to those purposes;
- accurate and kept up to date;
- kept only as long as necessary for the purposes we have told you about; and
- kept securely.
Before gathering, processing and storing any information, we have an internal test where all those gathering data, whether on staff or from a third party that we contract, can clearly articulate why we need to gather that personal data and what our legal basis for doing so is. We also determine in advance the length of time for which we will need to retain that data.
At the outset, prior to collecting data, we also consider any risks posed to the individual, for us and our clients and balance the need to gather data against risks. Our researchers are all highly experienced and trained in research ethics.
Once we have determined that we do need to gather, process and store personal data, then we will always be clear about:
- who we are and how we can be contacted (in using Our Site we work on the basis that this is already clear, in all other instances we will clearly identify ourselves and what we do in advance);
- who we are collecting the data for;
- who else we may share the data with (if anyone); and
- what data we are collecting (including whether it is anonymous) and how we will do it.
Sometimes we will be gathering data for ourselves, sometimes we will have been commissioned to gather it for a third party. On occasions where we gather data for a third party we will determine with the third party in advance whether they require access to ‘raw data’ sets – often, the third party will only require ‘aggregate data’, in which case they cannot access any personal data. In other instances, the client will require access to the raw data set and in these instances we are a data processor and they are a data controller. In any instances where we are collecting data for a third party to use we will make this clear.
Where a third party is a data controller and we are the data processor we will satisfy ourselves in advance that their privacy policy is acceptable and, where necessary, we may also draw attention of data subjects to the privacy policies of those third parties.
Scope
This policy applies to your use of our site and other ways in which we gather, process and store data. Our site may contain links to other websites – please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.
Your rights
As a data subject, you have the following rights under the GDPR, which this Policy and Our use of personal data have been designed to uphold:
- the right to be informed about Our collection and use of personal data;
- the right of access to the personal data We hold about you;
- the right to rectification of any personal data We hold about you is inaccurate or incomplete;
- the right to erasure (often called the ‘right to be forgotten’) – i.e. the right to ask Us to delete any personal data We hold about you – please note that this right is not absolute and only applies in certain circumstances, we give a summary of this below;
- the right to restrict (i.e. prevent) the processing of your personal data in certain circumstances (see below);
- the right to data portability (obtaining a copy of your personal data to re-use with another service or organisation) in certain circumstances (see below);
- the right to object to Us using your personal data for particular purposes (this too is summarised below) in certain circumstances (see below); and
- rights with respect to automated decision making and profiling.
If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided below and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
This policy is designed to give a summary of your rights but it is not a legal document or legal interpretation. If you want to obtain further information about your rights, you can contact the Information Commissioner’s Office (ICO) or your local Citizens Advice Bureau.
Personal data that we collect, process and store
Depending upon your use of our site, from time to time we may collect some or all the following personal, and non-personal data (see section on our use of cookies and similar technologies below) – our gathering of this information may be for a specific task, such as a survey, or it may be through the contact form if you get in touch with us.
Whenever we gather data about you directly using our website we will always make this clear at the time and you will have to take an action to submit the data by ticking a box or filling in a form and clicking on something to submit that information.
The type of information that we may ask for will vary depending on the nature of our contact with you and a list of the types of information we may require is provided below. Note that the list below is intended to cover a wide range of eventualities – for most members of the general public, particularly if you are only browsing our website, few if any of these will apply to you. Alternatively, for employees and unpaid intern/volunteers we have legal responsibilities and a duty of care and we may need quite a lot of detailed personal information from you.
From time to time the personal information that we may request might include one, some or all of the following (the list is not exhaustive):
- your name;
- your date of birth;
- business/company name;
- contact information (email, phone numbers, social media handles, postal address and postcode);
- national insurance number (staff only);
- details of next of kin and other emergency contact information (staff only);
- driving license number and convictions (staff only);
- discipline and grievance information (staff only);
- employment records including performance information and sickness records (staff only);
- health information;
- right to work documentation (staff only);
- salary, annual leave, pensions and benefits entitlements (staff only);
- use of company ICT systems (staff only);
- payroll records (staff only);
- educational data;
- recruitment information (e.g. CV and references);
- job title/profession;
- demographic information such as gender, ethnicity, religious beliefs, preferences, marital status and dependents, and general interests;
- disability information;
- offending history (in rare circumstances and only where essential to safeguarding);
- your engagement or non-engagement with certain activities/institutions/organisations;
- IP address;
- CCTV footage;
- photographs;
- web browser type and version;
- operating system;
- financial information (including bank details and information related to benefit entitlements in certain circumstances);
- credit score;
- a list of URLs starting with a referring site, your activity on our site, and the site you exit to; and/or
- your opinions.
For the avoidance of doubt, ‘staff’ includes any unpaid interns/volunteers/work placements.
In all circumstances, it will be made clear that we are gathering personal data from you either directly to you in person (in most instances) and/or through clear signage (e.g. for CCTV).
We will only collect, process and store personal data for the reasons for which it is first collected, which we will state clearly at the time it is gathered (this includes use of this Site).
Frequently, when we undertake surveys, we do not require personal identifiers such as name, address, postcode and the like and data may be anonymized and used in aggregate – this means that we are interested in the overall opinions of a group of people. Where we do this, your data is anonymous and we construct such surveys so that it is not possible to identify an individual from their responses (this includes setting any e-surveys not to collect IP addresses).
If we conduct an anonymous survey but it could still be possible to identify an individual from their responses then it is treated as if you have supplied us with personal data.
Data retention periods will vary depending on the nature of the data gathered – some financial data (including copies of invoices/receipts) must be retained for several years, whereas some data such as CCTV data might only need to be retained for a month or so and can then be deleted. We will only retain personal data that we gather for as long as is necessary and only for the reasons it was first collected. Occasionally it is useful but not essential to retain data for longer than is absolutely necessary, for example retaining applications for employed roles and/or internship placements for ease of reference should other roles become available in future – if so, we will ask for your consent to keep such information on file for a longer period and we will keep this information secure and delete it should it no longer be necessary.
For the avoidance of doubt, we consider that the act of giving a business card to us that includes personal contact information (e.g. yourname@businessdomain e-mail formats), or where you send us a business email with personal contact details in the footer then this is an act of informed consent on your part where you are knowingly giving us your personal contact details with the specific intention that you want us to retain that data for ease of contact in the future for business reasons. In these cases the data might be retained by us indefinitely for our (and your) legitimate business interests, but we will use our best endeavours to keep any personal contact information of this type accurate and we will delete any data that is no longer of relevance. In all such instances we will still delete/destroy any personal data we have for you that you no longer wish us to retain if you make us aware of this.
We do not consider any type of business email address that is generic, such as admin@ or info@ or similar to be a personal identifier unless you tell us otherwise, even if that email only goes to one person in your organisation. Similarly, if your business address and contact phone number (including mobiles) are listed as your general business contact details publicly on your website and/or your written publicity materials, then we will not consider these to be personal identifiers unless you have told us otherwise.
We will comply with the GDPR requirements to safeguard your rights at all times.
Lawful basis
The following table summarises the various forms of lawful basis for gathering data and your rights to erasure, portability and to object for each (table adapted from ICO guidance):
Right to erasure | Right to portability | Right to object | |
Consent | Yes | Yes | No* |
Contract | Yes | Yes | No |
Legal obligation | No | No | No |
Vital interests | Yes | No | No |
Public task | No | No | Yes |
Legitimate interest | Yes | No | Yes |
*but with the right to withdraw consent |
The ICO defines and exemplifies each of the above as follows:
“(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)”
Whenever we gather, process or store personal data it will have a clear legal basis as shown in the list above. The principal reasons for us gathering, processing and storing personal data and their lawful basis are as follows:
- where it is for gathering opinion (e.g. as a community engagement process or research) or for our own or other’s marketing (including photography where the individual is clearly the subject of the photograph and is not someone that are in a contractual relationship with), then our lawful basis will be consent and we will ask you if you (or a legal guardian/carer for children and vulnerable adults) wish to provide this data (you have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it);
- where we have entered into a contract with you either because you are receiving a product/service from us (this includes intern placements via universities, schools or other referring agencies where we are required to share data between us and the referring agency) or where we are receiving a product/service from you (including any services provided by you as an employee or as an unpaid intern/volunteer for the company), then our legal basis will be contract – this includes photography that features staff/volunteers of an organisation with whom we have a contractual basis where the individuals are over 18 and are not a vulnerable adult (but we will always be sensitive to any requests not to take photographs of certain individuals);
- where we may run activities that require us to gather data to comply with regulation imposed by law, for example for licensing of certain activities, or for record keeping that we are legally obliged to conduct such as maintaining accounts, then our legal basis will be legal obligation – this includes the use of CCTV for the purposes of the prevention and monitoring of crime that is a condition of any licenses imposed by the local licensing authority and/or the police (see separate section below on CCTV);
- where we gather information for health and safety or other general safeguarding purposes (for example a list of names of the people in a building or at an event we run gathered for fire safety reasons), then our legal basis is vital interests;
- it is conceivable that we could be commissioned by a public body to gather data that will assist them in fulfilling non-statutory roles that are in the public interest – usually consent will still be the lawful basis for gathering personal data in these circumstances but it may be public task (in these instances we would be a data processor and the public body will be the data controller) – where this is the case we will make this clear; and/or
- there is certain personal data that we deem to be in our legitimate interest to gather, such as: analytics for use of Our Site; data such as a CV that is relevant to any application for any paid or unpaid role with the company; data from past clients and/or key individuals in formal roles (e.g. employees of public bodies and limited companies) that have participated in/collaborated with us in past commissions – we use these for marketing and communications purposes; and photography at events that we may run or participate in. If an individual is clearly the subject of the photograph then this will fall under consent, but where images are taken of crowds, where a person’s features may be visible but where they are not clearly the subject of the photograph (e.g. long shots of crowds) then our lawful basis is our legitimate interest. We will, wherever possible, post information at venues and locations to make it clear that photographs may be taken and we will respect any requests from individuals not to have the photograph taken. In all instances, we will always pay care and attention to safeguarding of children and vulnerable adults.
We will not send you any unsolicited marketing/spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Sensitive data
There will be certain circumstances where we may be required to hold sensitive data about you, particularly if you are an employee or unpaid volunteer/intern where the data is required legally as part of our duty of care, for example disability data will help us to determine whether we need to make adjustments to our working practices.
We might ask about criminal convictions during an application phase for a role undertaking work with/for us to determine your suitability for the role. For certain tasks we will be required to undertake (or require you to submit to us) a police check if the work we are asking you to undertake with/for us (whether as an employee, sub contractor or unpaid intern/volunteer) will involve working with vulnerable people – in these instances, our duty of care to the end beneficiary outweighs your right to privacy on these matters and so we can decline to offer you this type of role if you refuse to submit to such a check or do not pass the requirements.
Such sensitive data is only shared internally on a need to know basis and kept to the minimum number of people necessary. In these instances our collection and retention of the data is almost always going to be related to employment law and/or safeguarding. There may be certain data such as ethnicity/religious beliefs that is not contractual but in our legitimate interest to undertake meaningful equal opportunities monitoring.
As with all other instances we will only gather sensitive data if we need to and there is a lawful basis for doing so and your rights remain as described in this policy above. Furthermore, we will always be happy to discuss any concerns you have with any personal data, sensitive or otherwise, that we hold for you.
CCTV
For any licensed premises that we either operate directly, or that we administer on behalf of a third party social enterprise that we have set up, we may operate CCTV systems where this is a requirement of the license imposed by the local licensing authority and/or the police.
Any CCTV will capture images but not audio and there will be clear signage in the venue(s) to tell you that CCTV is in operation.
Where we are responsible for a system signage in the venue will show our company name as the Data Controller including where the venue is operated through a separate social enterprise. Images are solely recorded to fulfil our obligations for the prevention and detection of crime – they will not be used for any other purpose.
From time to time CCTV may pick up passers-by on the street where entry doors are transparent and/or there are large windows within the field of view of the cameras – this is minimised insofar as possible by reducing angles on the camera but some capture of motion on the street is unavoidable and for main entrances a small exterior area on the threshold is purposefully monitored.
Please also note that CCTV systems cannot differentiate between adults and minors and so images of children and vulnerable adults in the venue(s) in which CCTV operates will be captured alongside images of anyone else. This cannot be prevented and your use of the venue takes place on the basis that you know and understand this. Note that because our lawful basis is legal obligation you do not have the right to object to this.
Our CCTV systems are password protected using secure passwords and access is restricted to named individuals who have received training in its use and on the principles of data protection under the GDPR. Rooms in which recorders are located are kept locked when staff are not in them with a limited number of keys, the whereabouts of which are monitored. CCTV systems may be operated remotely over the internet to monitor footage when venues are closed if necessary and to check that cameras are operational. Any CCTV data transferred wirelessly or over the internet is encrypted and secure.
Should there be a request by the police to access data for the purposes of crime detection or prevention then relevant data will be identified in conjunction with the police and that element of recorded data will be transferred to them on an encrypted portable drive or other encrypted storage device, at which point they will become the Data Controller for that section of footage with responsibility for that data under the GDPR legislation. Once data has been taken by the police, any further data requests related to that information must be directed to them and they will deal with such requests using their own GDPR policies.
All CCTV data on our systems is automatically deleted after a period of several months unless a police investigation requires us to otherwise maintain a certain section, in which case that section will be retained and the remainder deleted.
Because our lawful basis for gathering CCTV data will be legal obligation, you do not have a right to object, but you do have a right to view and request a copy of the information that we hold. To do this you need to write to us and provide details to help us to establish your identity as the person in the pictures, and to help us to find the images on our system, which includes a description of yourself, the relevant dates and times (these must be specific), and proof of your identity. We will provide you with the information within 30 days of receiving your written request provided that it contains the necessary information for us to do so. If it does not we will write back to you to let you know why we are unable to comply with your request and what you need to do in order for us to be able to do so.
If we cannot isolate your image from others (for example where you are part of a large closely packed crowd) then note that you do not have a right to view other people’s images unless you can prove that you are the parent or legal guardian of a minor, or the carer with formal responsibility for a vulnerable adult. We will weigh up your rights against those of others when determining whether to provide you with access to those images but if we cannot protect the privacy of others then we are likely to refuse access in these circumstances and deem it lawful to do so. We reserve the right to engage third party legal advice to assist us in such circumstances. Please note that if it would put a criminal investigation at risk then we can refuse to provide you with access or copies of CCTV data that shows you.
We will arrange a suitable time during normal opening hours for you to visit and review footage and we can place data on an encrypted device and give this to you. To protect your data we do not post data storage devices nor can you nominate a third party. Because this process requires staff to sit with you whilst you review the footage and for us to provide a data storage device for you to take the imagery away on if you wish, we will make a charge of £10 for each individual request, which is payable in advance.
Third party links on our website or other media
With the exception of any links to data processers acting on our behalf (see below) all links on this site to third party websites are provided solely as a convenience to you. If you use these links, you will leave our site.
Unless the site we link to has a function to control data for us (i.e. they would be our data processor) we will not review the privacy policy of third party sites and we do not have any control of, nor will we be held responsible for any of these sites, their content or their privacy policy. We do not endorse or make any representations about them, or about any information, software or other products or materials found there, or about any results that may be obtained from using them. If you decide to access any of the third-party sites linked to this site, you do so at your own risk.
Where any third-party website links are for the purposes of our gathering data (e.g. a link to an online survey platform that we may use to help us to gather data) we will make that clear everywhere the link is posted and we will have checked that the data processor is GDPR compliant and also that they are compliant with our own high standards of privacy.
Where your data is stored
We use third party providers to host our website and to provide third party cookies (see below) and also for our online backups of our administrative files. As a result, some or all of your data when using our websites and data that we collect about you that is stored on our own systems could be stored outside of the European Economic Area (“the EEA”) (which consists of all EU member states, plus Norway, Iceland, and Liechtenstein). If We do store data outside the EEA, We will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under GDPR.
We provide reasonable safeguards for use of your data – key measures are as follows:
- check that any suppliers who may process data on our behalf are compliant with GDPR;
- using SSL connections for email;
- use secure username/passwords for our electronic data storage devices;
- never store personal data on USB or similar portable drives unless there is no other option – ordinarily the only files that require us to store and transfer data on USB sticks are very large video files, in these cases it would be to transfer between machines or to a third party that has contracted the work; for the former the USB is erased after use, for the latter it is sent recorded delivery via Royal Mail or using a trusted courier service;
- maintain an ability to remotely delete data from any laptop should it be lost or stolen; and
- storing hard copies containing personal information in our offices, transferring data to a secure digital format wherever possible and as soon as possible, and shredding hard copies once they are no longer required.
Cookies
A ‘first party Cookie’ is one that would be placed directly by us and used only by us – presently, this Site does not use ‘first party Cookies’ and will not place these on your computer or device because of your use of this website.
However, in using this site you may also receive certain ‘third party Cookies’ on your computer or device. ‘Third party Cookies’ are those placed by parties other than us. Third party Cookies are not essential for the functioning of this website, but do help us by helping us analyse the use of our site so that we can better understand our audience. Data is aggregated and presented to us in an anonymized format – we do not receive your personal details through any ‘Third party cookies’.
Before third party Cookies that use your personal data are placed on your computer or device, you will be shown a popup requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling Us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however, as Our Site develops certain features of Our Site may no longer function fully or as intended. You will be given the opportunity to allow only first party Cookies and block third party Cookies that use your personal data.
As Our Site evolves, certain features may be created that will depend on Cookies to function. Cookie Law deems these Cookies to be “strictly necessary”. Your consent will not be sought to place these types of Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser’s settings, but please be aware that Our Site may not work properly if you do so. We will always take care to ensure that your privacy is not at risk by allowing them.
The following third party Cookies may be placed on your computer or device because of using Our Site:
- Google Analytics
Our Site uses analytics services provided by Google Analytics. Website analytics refers to a set of tools used to collect and analyse anonymous usage information, enabling Us to better understand how Our Site is used. This, in turn, enables Us to improve Our Site and the products/services offered through it. You do not have to allow Us to use these Cookies, however Our use of them does not pose any risk to your privacy or your safe use of Our Site, and it does enable Us to continually improve Our Site, making it a better and more useful experience for you.
Note that as Our Site evolves, the third-party cookies that we use may change, so you should regularly check this policy for updates.
In addition to any controls that We provide, you can choose to enable or disable Cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third party Cookies. By default, most internet browsers accept Cookies but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete Cookies on your computer or device at any time, however you may lose any information that enables you to access Our Site more quickly and efficiently including, but not limited to, any login and personalisation settings that we may add from time to time.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
Sharing your data
We will only share your data under the following circumstances:
- with other projects that are directly affiliated with us that we administer, which presently include:
- Uplands Market Ltd. (which also runs the Marina Market); and
- Canolfan Ltd. which is an independent not for profit vehicle that we have set up to operate several sub-projects.
- where the reason for gathering the data is our role as a data processor for a third-party client e.g. survey data that we may gather (in these instances we will have made it clear to you who we are gathering the data for and what it’s purpose is in advance);
- where we contract with other agencies to provide the services to our clients or to you directly (in these instances we will ensure that the provider is fully GDPR compliant and adheres to our privacy policy as part of their contract with us an in all instances only data necessary for the performance of the task and gathered lawfully will be used);
- where the use of our websites involves data gathered by a third-party cookie provider (see below);
- where we are legally obliged to disclose the data e.g. CCTV footage required by the police; and/or
- (only in exceptional circumstances) where we deem that the safeguarding of an individual overrides their right to privacy.
In all instances We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
Third party data processors
We use several third-party suppliers as data processors – we have satisfied ourselves that to the best of our ability to check they are all compliant with this policy and in line with GDPR requirements. Their privacy policies can be found on their respective websites:
- Dropbox for online backup and filesharing within the company;
- Eventbrite for e-ticket sales;
- Fasthosts for our website and email;
- Google for Google Analytics for analysing visitor statistics to our website and Google Maps for the location map on our website;
- iZettle for certain financial transactions;
- Lloyds Bank plc for financial transactions;
- Paypal for certain financial transactions;
- MailChimp for marketing; and
- SurveyMonkey for online research.
From time to time we use associates to augment our core staff team – associates are generally self-employed freelancers or very small limited companies (with one or two staff). Where we use associates, they operate under as extensions of our team and under our privacy policy and our contract terms, and they are subject to the requirements outlined herein for securing data.
We use social media to market our work and our projects. The data from social media channels never enters our systems, but we will from time to time upload photographs to social media channels on our pages/twitter fees, so you should satisfy yourself of their privacy policies and how you can manage your own data on their sites. We currently use the following social media channels:
This list will change from time to time – we will always ensure that any third party processors are in line with GDPR requirements and we will update this list as soon as possible if we add further third party data processors.
What happens if we cease to operate or the business changes ownership
A business is a corporate entity and it is the business that gathers and holds any data. Therefore, any personal data that you have provided will, where it is relevant to any part of Our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us and in line with the GDPR regulations. Should the business be sold, you will not be contacted in advance and/or informed of the changes provided that the corporate entity retains the same company number.
In the event that the company were to merge and a new company number created, then you will be contacted about any data we hold about you and how this may or may not be transferred to the new entity.
Should the business cease to trade then all data will be securely deleted/destroyed once all legal obligations for the wind up of the business are met and we will retain a reserve sufficient to cover the costs of doing this.
Accessibility
We aim to make this website accessible and easy to use for everyone, no matter what browser you use, regardless of your level of ability, or if you have a disability.
While embracing new technologies, we also aim to:
- ensure that users with a disability can gain access with their assistive software or computer settings; and
- ensure users are pointed to the right direction to get information on how to customise their computers.
The site’s layout takes into account users who are blind or visually impaired and is compatible with popular screen reading software.
Our website accessibility is guided by the Worldwide Web Consortium’s (W3C) Web Content Accessibility Guidelines 1.0 (or as updated) and we strive to meet the AA standard wherever possible.
Maintaining an accessible site is an ongoing process and we are continually working to offer a user friendly experience. Where the highest standards of accessibility cannot be met we will aim to provide the information in an accessible format on request.
If you experience any problems with the site or if you have any comments, please email us.
Changing text size
The website is designed to let you change the text size and other display settings through standard browser settings. You can get information on how to do this by clicking here (external link).
Certain information on this site requires that you have the right software to view it. Below we have signposted you to some freely available viewers and readers. Please note that these links are placed here for your convenience, we do not endorse any of these products and others may be available. Any links are to external websites and visiting those sites and/or downloading materials from them or any other action off this site is wholly your responsibility.
Readers and viewers allow you to read file-types associated with commercial programmes without having the program installed on your computer. Readers and viewers can be large files but usually only need to be downloaded once. We have not linked to the following, but you may wish to search for one or more of these using your browser or search engine:
- Word Reader for Linux
- Adobe Acrobat Reader
- Adobe Flash Player
- Microsoft Word Viewer
- Microsoft Excel Viewer
- Microsoft PowerPoint 2007 Viewer
If you are using a screen reader or similar assistive technology to read our site, you may wish to use Adobe’s online conversion tool to create html versions of pdf documents. You can access it at the following URL:
http://www.adobe.com/products/acrobat/access_onlinetools.html (external link).
How you can access the data we hold about you
Under GDPR legislation you have the right to request a copy of any personal data we hold that relates to you and in the areas identified above, to request that we delete that data. We will respond to your request promptly and there will be no cost to you of making or our responding to reasonable requests except for CCTV but it is important that you are clear what you are requesting.
If you wish to make a request for information about the data we hold about you then it is important that this request is made clear when you contact us.
If you would like to contact us about privacy please visit the Contact page of this website and (if emailing or writing) ensure that the subject / reference for your query is ‘privacy’.
Disputes, modification and review
Any dispute arising between a customer and Urban Foundry Ltd. will be settled by the Law in England and Wales and with the exclusive jurisdiction of the courts of England and Wales.
Disclaimer
Urban Foundry Ltd. strives, to the fullest extent possible, to provide accurate and updated content on this website. Unfortunately, there may occasionally be price changes, unavailable services and other unintentional errors on our site.
Changes to this policy
We reserve the right not to be liable for any errors or changes and neither Urban Foundry Ltd., nor any employee or representative of the company will be liable for damages arising from the use of this website or the products/services sold here as a result of any such unintentional errors.We regularly review all our policies and this policy may be updated from time to time to reflect changes in law and/or the evolving nature of how we conduct our business.
We will update the policy on our website as soon as any changes have been made. We will be as open and transparent as we can be with any changes that affect collection of data and draw user attention to any major changes via our blog page and social media. For clients and those that we engage with directly to gather data (rather than via our website) we will always draw their attention to the key issues of privacy at the point of first contact. If you principally (or exclusively) engage with us via our website then your use of the Site is based on the Privacy Policy that is published on the site during each visit to the site, so you should check this policy regularly to keep up-to-date.
This policy was last updated on 27th September 2018 – the substantive changes for this most recent update related to: some further clarification in the existing key principles and lawful basis sections of the policy; the addition of a separate section to provide more information on sensitive data; the addition of a CCTV section to reflect a change in our business as we now use CCTV monitoring at one of our venues; and a cross reference to the contact us page for any queries related to privacy.