Website Privacy Policy

1. Purpose

Nuffield Technologies Ltd. (“The Company”) are committed to protecting your Personal Information when you use our website, products and services. We recognise that when you choose to provide us with information about yourself, you trust us to treat it in a responsible manner.

The purpose of this Website Privacy Policy is to inform you about how the Company may use your Personal Information.

In order to optimise the provision of our services to you and to facilitate some of our marketing efforts, we collect certain specific information about you.

This Website Privacy Policy explains the following:

  • What information we may collect about you;

  • How we will use information we collect about you;

  • Whether the Company will disclose your details to anyone else;

  • Where we might send your information;

  • The use of cookies on the Company’s websites;

  • How you can reject cookies.

The Company uses all Personal Information that you provide to us or that we collect from you in accordance with all applicable laws, including those concerning the protection of Personal Information such as the EU General Data Protection Regulation.

2. Definitions 

In this privacy policy, the following definitions are used:

Data Protection Law: all UK legislation and regulations in force from time to time regulating the use of personal data and the privacy of electronic communications including, but not limited to, UK data protection law and best practice guidance (from the Information Commissioner’s Office (ICO)), and any successor legislation or other directly applicable regulation relating to data protection and privacy in the UK. Data protection legislation in the UK consists of the “UK GDPR” and Data Protection Act 2018, based on the EU Regulation 2016/679 General Data Protection Regulation(“EU GDPR”) Throughout this document where we use the terms “GDPR” or “data protection”, we mean UK GDPR and the Data Protection Act 2018.

Encryption or encrypted data: The most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data can be easily accessed and therefore could be considered insecure.ICO: Information Commissioner’s Office. The supervisory authority for data protection in the UK.

Personal Data: any information relating to an identifiable person who can be directly or  from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data. The terms Personal Data and Personal Information are used interchangeably within this policy.

Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Special Categories of Personal Data: this data needs more protection because it is sensitive. It includes data which relates to an individual’s health, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).

3. Website Privacy Policy scope 

This Website Privacy Policy applies to the processing of personal data by the Company including the use of the Company’s website. The website may contain hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies. We recommend that you review these policies which will govern the use of Personal Information which you submit when visiting these websites and which may also be collected by cookies. We do not accept any liability for such third party websites and your use of such websites is at your own risk.

4. The collection and use of data

4.1. How do we collect information

This Policy relates to the Company’s use of any Personal Information collected from you when you interact with us, such as by the following ways:

  • Visiting and using Nuffield Technologies Ltd.’s website (e.g. filling out an online form, or if you download one of our resources);
  • Via social media;
  • Via messaging services;
  • Contacting us via email or telephone;
  • When you use our products and services
  • If you supply services to the Company
  • If you sign up for marketing
  • If you apply for a position to work for the Company

The Company also processes Personal Information of employees for the purposes of employment and meeting legal obligations. This Privacy Policy does not cover employee data – this is covered in a separate privacy policy that is available from the HR team.

    4.2. What information do we collect and process

    When you use our website

    When we collect personal data via our website, we will be upfront about it and it will be obvious to you that you’re providing personal data and how we will be using it. By using our website we may collect the following Personal Information about you:

    • Information regarding our use of cookies (see below)
    • IP address (numbers that can uniquely identify a specific computer or other network device on the internet) and other generic information provided by your browser
    • Your name and contact details if you sign up for our newsletter or download content and resources from our website
    • Your name, contact details and content of your conversations with us, when you use our online forms (e.g. the “Get in touch” form on our website), live chats or message boards. 

    Depending on your use of our site, we will use your personal information for a number of purposes including:

    • To provide our services, activities or online content, or communicating information about them (e.g. relating to upcoming promotions or new product launches) or dealing with your requests and enquiries.
    • To provide you with better ways of accessing information from this website.
    • For service administration, which means that we may contact you for reasons related to the service, activity or online content you have signed up for.
    • To contact you about any submission you have made.
    • To use IP addresses and device identifiers to identify the location of users, blocking disruptive use, establishing the number of visits from different countries, tailoring the content of our sites, apps or other services based on browsing behaviours, and determining the country from which you are accessing the services.
    • For analysis and research so that we may improve the services we offer.

    When you use our services

    When you participate in, access or sign up to any of the Company’s services, we may receive the following Personal Information about you:

    • your name
    • email address
    • job title
    • employer
    • postal address
    • telephone or mobile number
    • information collected about your use of Nuffield Technologies Ltd.’s services (e.g. if you submit a support ticket, or enter personal data into our systems)

    We will use this information for the purposes of delivering our services to you, billing you for the use of our services and keeping you updated about any changes with our services.

    Information provided by you in relation to submitting a job application to us

    In some situations (e.g. recruitment), as well as collecting your Personal Information, such as your name, contact details, CV and application information, etc., the Company may also collect Special Categories of Personal Data, such as the information you provide in a pre-start health and medical questionnaire. We may also collect information from you for the purposes of confirming your identity and vetting you as an appropriate person to work in the Company and with the Company’s clients. This information will be used to assess your suitability for a position at the Company and if you are successful in your application, most of the information you provide will form part of your personnel file and used for the purposes of employing you, in accordance with our Staff Privacy Policy.

    When you contact us

    Whenever you contact us we may keep a record of your contact details, your enquiry and any other information pertinent to the contact. If you fill out an online form it is sent to us as an email, which means as well as being stored in our website database, it will be stored with our email service supplier and accessible by the appropriate person within the Company to deal with your enquiry and may be downloaded to a local device. Likewise any emails we receive will be processed in a similar way. If we speak to you on the phone, we may store copies of your name, contact details and the nature of your enquiry, for future reference or as part of an ongoing discussion with yourself.

    If you interact with us using social media

    If you contact us via any of our social media channels we will only collect and store information that is relevant to the reason for contacting us. All discussions will be stored within our social media service providers.

    Supplier or contractor data

    If you are one of our suppliers we will collect the minimal information about you and your services as required to make use of your services and deal with invoices and payments for your services. Such information will be stored within our accounting package for the purposes of our accounts and will be retained accordingly, and is likely to include your name, your company name and contact details. Individual employees within the Company may also retain your contact details within their email application or via business cards that you may provide to them.

    4.3. Sharing information with third parties

    We use a number of third-party cloud-based services for the purposes of effectively running ourbusiness and providing our services to you. We also use a number of third-party companies, e.g. accountants, IT support, etc.

    In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.

    We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data.

    We may disclose personal information to third parties when we reasonably believe we are required by law, and in order to investigate, prevent, or take action regarding suspected or actual unlawful or otherwise prohibited activities, including, but not limited to, fraud.

    4.4.  Where may your information be stored

    The Company may be required to transfer personal data to a country/countries around the world including ( Europe , US ), for the purposes of delivering our services. We will, where the country to which your data is transferred has not been found to provide an adequate level of protection, put in place appropriate safeguards to ensure your Personal Information is protected. 

    5. Cookies

    We may use information obtained from cookies or similar technology.

    Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org. You can set your browser not to accept cookies and the above website tells you how to remove cookies from your browser. However, if you do so in a few cases some of our website features may not function as a result.

    During the course of any visit to our website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our website. However, you can change your cookie settings at any time.

    5.1.  What do we use cookies for? 

    This website uses cookies that fall into one or more of all the categories below:

    • Strictly necessary cookies – these enable services you have specifically asked for. These cookies are essential to enable you to move around our website and use its features, such as accessing secure areas of the website. Without these cookies certain services you have asked for cannot be provided. 

    • Performance cookies – these collect information on the pages visited. These cookies collect information about how users use a website, for instance which pages users go to most often, and if they get error messages. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. They are only used to help us make improvements to the website for a better user experience.

    • Functionality cookies – these remember choices you make to improve your experience. These cookies allow the website to remember choices you make and provide enhanced, more personal features. They may be used to help provide services you have asked for such as watching a video. The information these cookies collect may be anonymised and they cannot track your browsing activity to other websites.

    6. Keeping Data Secure 

    6.1.  Third Party Websites 

    Our website links to third party sites which we do not operate or endorse. These websites may use cookies and collect your personal information in accordance with their own privacy policies. This privacy policy does not apply to third party websites and we are not responsible for third party websites.

    6.2.  How do we protect your information? 

    We take appropriate measures to ensure that any personal information which you disclose to us is kept secure, accurate and up to date and kept only for so long as is necessary for the purposes for which it is used. The security measures taken may include, but are not limited to, data encryption.

    6.3 Retention of your personal information

    Unless stated elsewhere in this document or in our terms of services we only store the data necessary to provide the services we provide to you. We will keep this data for as long as it is lawful for us to do so (this may be for as long as you are a customer or because of a legal obligation to retain the information, whichever is the longest).

    7. What are your rights? 

    Under the “GDPR”, you have the following rights, which the Company will always work to uphold:

    • Right to access – for a copy of the Personal Information we hold about you, and details about how we are processing your Personal Information. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is “manifestly unfounded or excessive”. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

    • Right to correct – to have any inaccuracies in your Personal Information corrected. Right to erase – to have your Personal Information erased, or for our use of it to be restricted (for example, if your preferences change, or if you don’t want us to send you the information you have requested).

    • Right to restrict use – the right to “block” Nuffield Technologies Ltd. from using your data or limit the way in which we can use it;

    • Right to data portability – if we are processing your Personal Information by automated means and on the basis of your consent (see “How do we use it?”, above), for us to provide your personal information to you in a structured, commonly-used and machine-readable format. You can also ask us to provide your personal information directly to a third party in this format, and, if technically feasible, we will do so;

    • Right to object – the right to object to our use of your data including where we use it for our legitimate interests.

    7.1.  Right to opt out 

    You can request that we stop sending you marketing materials at any time. Electronic communications typically include an unsubscribe link that allows you to manage your communication preferences including the ability to unsubscribe from all future marketing. If for any reason that has not been successful please contact us using the details provided below.

    7.2.  How to contact us 

    This Website Privacy Policy should tell you everything you need to know, but you can always contact us to ask any questions or if you wish to exercise any of your rights in relation to your Personal Information, using the contact information below:

    Email address: [email protected]

    Postal address: The Old Bank, 42 High Street, Poole, Dorset. BH15 1BT

    You have the right to make a complaint to the supervisory authority if you are unhappy with how we’ve handled your Personal Information. In the UK, the supervisory authority is the Information Commissioner’s Office (http://www.ico.org.uk).

    8. More information

    For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk

    9. Changes to our privacy notice

    We may change or update elements of this privacy notice from time to time or as required by law. The most current version of our privacy notice is available on our website at https://nuffieldtechnologies.com/privacy-policy.

    10. Policy Governance 

    Responsibility for the Website Privacy Policy rests with Helen Craig. Duties include, but are not limited to:

    • Ensuring that all staff in scope and appropriate external parties have read and confirmed their acceptance of the latest version of this policy
    • Monitoring for legal, regulatory or industry best practice developments in relation to this policy
    • Coordinate with senior management, IT, and legal counsel to communicate and review issues related to this policy
    • Review and update this policy at least every 12 months, in order that it remains fit for purpose

    Exceptions to this policy shall be allowed only if previously approved by Helen Craig.

    This policy has been approved by senior management and is effective from 01-Dec-2023.