This Privacy Notice sets out how we use and protect any information that you give to us when you use this website and during the course of interactions on this project with us, and is effective from 25 May 2018, when the new General Data Protection Regulation (GDPR) came into force. Any information you provide, or which we request in order to fulfil legal requirements, will only be used in accordance with this Privacy Notice.
This Privacy Notice may be changed from time to time by updating this page; any updates to this page take effect immediately. You should therefore check this page periodically for any updates.
Who we are
The CERTO project is hosted at Plymouth Marine Laboratory.
Lawful Reasons for Processing
When we collect your personal data we will make it clear to you which data is necessary in connection with a particular service.
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent, e.g. when you subscribe to our project newsletter or make an enquiry.
In certain circumstances we need your personal data to comply with our contractual obligations, e.g. if you are a project stakeholder we may need to get in touch with you.
If the law requires us to, we may need to collect and process your data.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running this project and which does not materially impact your rights, freedom or interests. For example, where you have provided us with your business card, we may use your address details to send you information on our project.
Collection of Personal Data
We may collect data in the following circumstances, when you:
- Attend a meeting with us, or register for or attend an event we organise in relation to the project.
- Engage with us during the course of the project - in person, by mail, by e-mail, by telephone, and by providing us with your business card
- Engage with us on social media
- Contact us by any means with queries, feedback, requests for information, complaints, etc.
- Fill in forms or applications, e.g. through our website
- Complete any surveys we send you
- Download data and information from our website
- Give any third party permission to share personal data they hold about you with us
We may also collect data from publicly available sources, where the information is made public as a matter of law, or when you have given your consent to share information. For example, before we enter into a contract or partnership with you we may need to carry out appropriate due diligence checks.
Examples of Personal Data we collect
We may collect both identifiable and anonymous information, depending on our relationship with you.
- If you subscribe to our newsletter we will collect your name and e-mail address.
- If you fill out and submit an enquiry/feedback form on our website, we will collect your name, e-mail address and message to respond to your query.
- If you interact with us via social media we will use your contact details to help us respond to your comments, questions or feedback.
- We may collect notes from our conversations and any correspondence between us on this project.
- If we are arranging travel for you as a partner, or visitor, we may require details such as your full name, address, date of birth, your passport details, driving licence details, etc., which may be passed to third parties, e.g. travel agents, for processing purposes.
Certain information is collected automatically using services such as Google Analytics to collect statistical data about how our website is used. This includes but may not be limited to:
- the Internet domain or IP address from which you access our website
- the type of browser and operating system used to access our site
- the date and time you access our site
- the pages you visit
This information is used to ensure that content on our site is presented in the most effective manner for you. No personal data is gathered to enable us to identify any individual.
Our Content Management System and server also log website interactions for the purposes of performance and addressing technical issues. This data does not identify individuals and is deleted regularly.
How and Why We Use Your Personal Data
We may use your personal data for the following purposes:
- To carry out our obligations arising from the project contract.
- To respond to your enquiry to us or contact with us. We may also retain a record of your enquiry and our response to inform any future communication with you/us. We may do this on the basis of contractual obligations to you, our legal obligations, or our legitimate interests in providing you with the best service, and understanding how we can improve our service.
- To protect both you and our partners’ business from fraud and other illegal activities. This may include using your personal data to maintain, update and safeguard the information we hold about you. We will also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our project website. We will do all of this as part of our legitimate interest.
- To comply with our contractual or legal obligations to share data with law enforcement.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, or legally required information.
How we protect your personal data
We are committed to ensuring that your personal data is secure. To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the personal data we collect.
How long will we keep your personal data?
Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected unless we need to keep it longer to comply with our legal obligations.
At the end of that period your data will either be deleted completely or anonymised e.g. by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis.
With whom do we share your personal data?
Our project partners may share your personal data with any member of their legal entity’s group, which means their subsidiaries, e.g. as defined in section 1159 of the UK Companies Act 2006.
The information you supply is collected solely to allow us to respond your enquiry, or request, or to conduct our research. We will not sell, license or trade your personal information to any third party. We would only share your personal information where required by law or to respond to a legal process, or where necessary in order to undertake our business, e.g. selected third parties who we use to provide services, such as travel agents, banks, couriers, etc.
In all cases, we ensure that third party companies only receive the minimum information necessary, and ensure that:
- Your data is only used for the exact purposes specified in our contract with them.
- Your privacy is always maintained.
- Your personal data is kept securely.
- Any data held by them will either be deleted or rendered anonymous when we stop using their services.
- Your data is always processed legally under the terms of the GDPR.
Where your personal data may be processed
Sometimes we will need to share your personal data with third parties and suppliers outside the European Economic Area (EEA).
If you are based outside the UK, where necessary, we will transfer the personal data that we collect from you to the UK.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. We may transfer personal data that we collect from you to third-party data processors in countries that are outside the EEA. If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact us.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop using your personal data for direct marketing (either through specific channels, or all channels).
- That we stop any consent based processing of your personal data after you withdraw that consent.
- Review of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
You have the right to request a copy of any information about you that we hold at any time and also to have that information corrected if it is inaccurate. To ask for a copy of your information or to ask for your information to be updated, please write to us, or contact the Steve Groom (Principal Investigator) at SBG @pml.ac.uk. If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How can you stop us contacting you?
Click the “unsubscribe” link in any e-mail communication that we send you.
Reply to any direct email and request that you are not contacted.
Email the Steve Groom (Principal Investigator) at SBG @pml.ac.uk
Write to us at Plymouth Marine Laboratory, Prospect Place, The Hoe, Plymouth, PL1 3DH
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated. You may also still receive communication from us if we are required to contact you for contractual or legal purposes.
If you wish to complain about PML has handled your personal data then in the first instance you can make a complaint to Steve Groom (Principal Investiagtor) at SBG @pml.ac.uk. If we are unable to satisfy your concerns, then under the General Data Protection Regulation you have a right to complain to the Information Commissioner’s Office at:
Information Governance Department
Information Commissioner's Office
Links to other sites
We may from time to time establish relationships with other companies that will enable you to access the websites of such companies directly from our site. Each individual company operates its own policy regarding the use of personal data. If you have a particular interest or concern regarding the way your data will be used then you are advised to read the Privacy Notice on the relevant site.
We will try to provide you with links to high quality, reputable sites which we believe will be of interest and relevant to you, but please note that such third party sites are not under our control and we do not contribute to the content of such websites. When you click through to these sites you leave the area controlled by us. We cannot accept responsibility for any issues arising in connection with either the third party's use of your data, the site content or the services offered to you by these sites.