Retail Evolution (Revo) ('we' or 'us') are a 'data controller' for the purposes of the Data Protection Act 1998 and, after 25th May 2018, the General Data Protection Regulation (EU) 2016/679 ("Data Protection Laws"), and we are responsible for, and control the processing of, your personal information.
We are registered in England under company number 1755476 and our registered office is located at Revo, Charter House, 13-15 Carteret Street, Westminster, London, SW1H 9DJ. Our VAT number is GB 438 1165 56.
We take your privacy very seriously and we ask that you read this Privacy Notice carefully as your use of our site means that you understand and accept all points made in this Notice, and also because it contains important information on:
- Your Rights
- the personal information we collect about you
- what we do with your information, and
- who your information might be shared with.
If you need extra help
- Our Data Protection Officer
We have appointed the following Data Protection Officer:
- Name of Data Protection Officer: Edward Cooke
- Address: Charter House, 13-15 Carteret Street, London, SW1H 9DJ
- Telephone number: +44 (0) 207 2221122
- Email: firstname.lastname@example.org
USEFUL WORDS AND PHRASES
Please familiarise yourself with the following words and phrases as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice:
meansany information from which a living individual can be identified.
This will include information such as telephone numbers, names, addresses, e-mail addresses, photographs, voice recordings. It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).
It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
Sensitive Personal Data
means any information relating to:
This covers virtually anything anyone can do with personal data, including:
The person whom the data is about.
The UK Information Commissioner is responsible for implementing, overseeing and enforcing the Data Protection Laws.
This means any person who determines the purposes for which, and the manner in which, any personal data are processed.
This means any person who processes the data on behalf of the data controller.
Data Protection Officer
This is the designated person within [Insert Company] who is responsible for ensuring that the Data Protection Rules are adhered to.
Data Protection Laws
This means the laws which govern the handling of data. This includes the Data Protection Act 1998, and from the 25th May 20
WHAT INFORMATION DO WE COLLECT?
- Personal information provided by you
We collect and process personal information about you when you visit our site, contact us, book an event, buy any of our papers or register with us to have an account. We also collect personal information when you subscribe to our mailing list or choose your preferences.
We collect the following:
- Your personal details such as name, email, date of birth and phone number that you fill out when creating an account with us.
- Your account activity, for example pages you visit or purchases you have made.
- Your activity from our email communications, for example whether you have opened an email from us and what you have clicked on.
- Your IP address, web browser, operating system, geographical location and similar, as standard from Google Analytics.
Some of this information is gained from cookies, web beacons and our site user tracking. If you want to know more about these tracking records please read below the cookies clause.
- Personal information about other individuals
If you give us information on behalf of someone else, you confirm by doing so that the other person has appointed you to act on his/her behalf and has agreed that you can
Personal information about other individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
WHY DO WE PROCESS YOUR PERSONAL DATA?
We use your personal data for the following purposes listed in this section.
1 We collect your information so that we can:
- To tailor and personalised your user experience by making it easier for you.
- To deal with your membership
- To make sure that you receive the documents you purchase
- To send you information about an event you have booked
- To keep you informed about Revo related news, events and updates
- For compliance and fraud prevention;
We may, occasionally, send you information by electronic means (this includes email, telephone, text message (SMS) or calls about Revo related news, events and updates which may be of interest to you.
We will also regularly send you information via email to ask you to consider setting or updating marketing preferences for us to tailor our communications to your interests.
We will also ask you to confirm whether you would like to receive marketing messages when you tick the relevant boxes. You can also manage your preferences by using you dashboard at https://www.revocommunity.org/account/dashboard.
If you have consented to be updated on Revo's news, you can opt out at any time. See 'Your Rights’ for further information.
A cookie is a small text file which is placed onto your computer (or other electronic device) when you use our website. Our website required cookies to help the website function properly, improve the website appearance and user experience by tracking your visits and usage statistics.
For example, we may monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of a user's internet service provider. This information helps us to build a profile of our users. Some of this data will be aggregated or statistical, which means that we will not be able to identify you individually.
WHEN WILL WE DELETE YOUR DATA?
The table below provides details about how long we will process your data.
Please provide GWLG with information regarding your data retention policies and we will draft this clause accordingly].
Data we process
How long this will be held for
e.g. information on your trade union membership
e.g. [2 years] after your employment with us has ended.
HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL?
We are allowed to process your personal data for the following reasons and on the following legal basis:
You have given consent for the following purposes:
Purpose for which consent was obtained from you:
How you have given your consent:
To keep you updated on Revo's events and news.
Read and signed the consent box for this purpose, or updated your preferences.
- It is necessary for the performance of the contract you have agreed to enter with us. For example, because you are a Revo member, we are required to process your data for the purposes of performing the membership matters.
- Legal obligation
- If it is necessary to comply with any law or statutory duty. For example if we are required to provide certain information to legal authorities.
- Legitimate interest
- Processing your data is also legal if it is based on our ‘legitimate interests’. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The table below explains the personal data processed on this basis.
- Please be aware that you have the right to object to the processing of your data of any of the legitimate interests identified.
Data we will process
Legitimate interest identified
Your financial information
For the purposes of debt recovery on behalf of third parties, such as debt collection agencies.
To legally process your personal data, we also keep your data secure
We use technical and organisational measures to safeguard your personal data and have in place a variety of security technologies and procedures to help protect your personal information from unauthorized access, use, or disclosure. For example, we store the personal information you provide on computer systems with limited access, which are located in controlled facilities.
Our website has third-party links and resources. Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only.
We have no control over the content of third-party sites or resources. The inclusion of any links to other sites does not imply a recommendation or endorsement of the views expressed on those sites. We are not responsible for any ill effects experienced to you, software or hardware from third parties. You follow such links entirely at your own risk.
The Internet is not a 100% secure medium for communication and, accordingly, we cannot guarantee the security of any information you send us via the Internet. We have all reasonable precautions possible in place to ensure data is kept and processed fairly and we are not responsible for any loss or damage you or others may suffer as a result of the loss of confidentiality of such information.
Protecting your account and password.
If you so choose to register an account with us on our site, you will create a password as part of our security procedures. You must treat such information as confidential and must not disclose it to any third party.
We have the right to disable any account at any time if in our reasonable opinion you have failed to comply with any of the provisions within this document.
If you know or suspect that anyone other than you knows your password, you must promptly notify us by emailing email@example.com.
As a data subject, you have the following rights under the Data Protection Laws:
- the right of access to personal data relating to you
- the right to correct any mistakes in your information
- the right to ask us to stop contacting you with direct marketing
- rights in relation to automated decision taking
- the right to restrict or prevent your personal data being processed
- the right to have your personal data ported to another data controller (e.g. if you decide to contract with a different supplier).
- the right to erasure
- The right to withdraw consent
These rights are explained in more detail below, but if you have any comments, concerns or complaints about our use of your personal data, please contact [insert company] at [insert details]. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.
Right to access personal data relating to you
You may ask to see what personal data we hold about you and be provided with:
- a copy;
- details of the purpose for which it is being or is to be processed;
- details of the recipients or classes of recipients to whom it is or may be disclosed, including if they are overseas and what protections are used for those oversea transfers;
- the period for which it is held (or the criteria we use to determine how long it is held);
- any information available about the source of that data; and
- whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.
- Requests for your personal data must be made to firstname.lastname@example.org writing and a copy will be retained on your personnel file.
- To help us find the information easily, please give us as much information as possible about the type of information you would like to see.
- If, to comply with your request, we would have to disclose information relating to or identifying another person, we may need to obtain the consent of that person if possible. If we cannot obtain consent, we may need to withhold that information or edit the data to remove the identity of that person if possible.
- There are certain types of data which we are not obliged to disclose to you, which include personal data which records our intentions in relation to any negotiations with you where disclosure would be likely to prejudice those negotiations.
Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold free of charge. If you would like to do this, please:
- email, call or write to us (see ‘How can you contact us?’ below)
- let us have enough information to identify you (eg account number, user name, registration details), and
- let us know the information that is incorrect and what it should be replaced with.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:
- email, call or write to us (see ‘How to contact us?’ below). You can also click on the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up to [insert figure] days for this to take place.
- provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- provide us with details of your preferred method of contact (for example, you may be happy for us to contact you by email but not by telephone)
Rights in relation to automated decision taking/making
You may ask us to ensure that, if we are evaluating you (for example when doing a credit check on you), we don’t base any decisions solely on an automated process and to have any decision reviewed by a member of staff.
These rights will not apply in all circumstances, for example where the decision is authorised or required by law and steps have been taken to safeguard your interests.
Right to prevent processing of personal data
From 25 May 2018 and in accordance with the General Data Protection Regulations 2018, you may request that we stop processing your personal data temporarily if:
- You do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
- the processing is unlawful but you do not want us to erase your data;
- we no longer needs the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
- you have objected to processing because you believe that your interests should override Revo's legitimate interests.
Right to erasure
From 25 May 2018 and in accordance with the General Data Protection Regulations 2018, you can ask us to erase your personal data where:
- you do not believe that we need your data in order to process it for the purposes set out in this privacy notice;
- if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
- you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
- your data has been processed unlawfully or have not been erased when it should have been.
Right to withdraw consent
We will not process your personal data until you have given your consent for one or more specific purposes as listed above. As well as clearly expressing consent, you also have the right to withdraw consent you have given us at any point. This is a vital and necessary aspect of consent, and at Revo we are aware that you may wish to withdraw consent at any time. We make this easy for you by giving you the opportunity of changing your preferences or directly unsubscribe from mailing list to which you expressly requested to be included.
What will happen if your rights are breached?
- You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.
Complaints to the regulator
It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. Similarly, you may complain to the Information Commissioner's Office. Information about how to do this is available on his website at www.ico.org.uk.
Copies of your personal data (Data portability)
From 25 May 2018, and in accordance with the General Data Protection Regulations 2018, you may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
Changes to the Privacy Notice
We may change this Privacy Notice from time to time. You should check this Notice occasionally to ensure you are aware of the most recent version that will apply each time you access this website.