Community Buying at CAS, part of Business Services at CAS Ltd
The General Data Protection Regulation (GDPR)
This legislation replaces previous data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data.
One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information.
This means that we are publishing an updated privacy notice so you can access this information, along with information about the increased rights you have in relation to the information we hold on you and the legal basis on which we are using it.
How we use your information
Community Buying at CAS is part of Business Services at CAS Ltd (also referred to as “we”, “us”, or “our”), which is a registered company in England (Company no 03332778). Our registered address is Business Services at CAS Ltd, Brightspace, 160 Hadleigh Road, Ipswich, Suffolk IP2 0HH. We are a subsidiary of Community Action Suffolk, registered office as above. Registered Charity Number: 1150501. A company limited by guarantee and registered in England. Number 08316345.
This privacy notice tells you what to expect when Community Buying at CAS collects personal information. It applies to information we collect about:
- visitors to our websites;
- enquirers, complainants and other individuals in relation to an enquiry or complaint;
- people who use our services, e.g. who join Community Buying at CAS in order to purchase fuel or other goods or services.
Visitors to our websites
When someone visits any of our community buying websites (https://www.communitybuying.org.uk/, https://www.essex.communitybuying.org.uk and https://www.cambs.communitybuying.org.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
Security and performance
We implement security safeguards designed to protect your data, such as HTTPS on our websites, hardware and software firewalls, username and password based permission systems as well as a variety of physical security methods on buildings that host your data. We regularly monitor our systems for possible vulnerabilities and attacks. More information on specific measures enforced can be seen below.
All Community Action Suffolk IT Services are provided in a locked, secured and alarmed building which is monitored by an external security company outside office hours. Servers hosted in the building are also stored in an air conditioned, locked room within the building to provide additional protection.
Community Action Suffolk has a hardware firewall over it’s router to protect users within the building against online threats. All computers within the Community Action Suffolk network are protected with business class Internet Security Software.
Any sensitive client data that Community Action Suffolk stores i.e. login passwords to systems are stored in password and credential based systems which only the IT team has access to.
Community Action Suffolk enforces WPA2 password security methods to protect its wireless networks against threats.
This website and all websites owned by Community Action Suffolk are protected with a “SSL” encrypted certificate.
However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
RCCE Trading CIC
AF Affinity Ltd
Contact Relationship Management (CRM)
People who contact us via social media
Facebook, Twitter and LinkedIn are social networks. Integration of social network components allows them to track which page on our site you are accessing, but only if you are logged in to their account. If you do not wish this, please log out of your social network accounts before browsing the web.
People who call us by telephone
When you call Community Action Suffolk, we collect Calling Line Identification (CLI) information. We use this information to help improve its efficiency and effectiveness.
People who email us
We use Microsoft Exchange to process emails through Microsoft Outlook. We use Transport Layer Security (TLS) to encrypt and protect email. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. Microsoft Privacy Statement
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who make a complaint to us
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s delivery is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
People who use Community Buying at CAS services
Community Buying at CAS offer various services to the public, community groups and businesses. We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have requested a service to carry out a survey to find out if they are happy with the level of service they received. When people do subscribe as a member to obtain our services, they can cancel their membership at any time by simply letting us know.
Under the Data Protection Bill (Data Protection Act 1998 and subsequent GDPR Regulations) you have rights as an individual which you can exercise in relation to the information we hold about you.
We retain your personal data while your account is in existence or as needed to provide you services. This includes data you or others provided to us and data generated or inferred from your use of our services. We will continue to retain your data for future service provision and marketing purposes unless you tell us otherwise by unsubscribing from our mailing list or asking for your data to be removed. The retention period for your data, after cancellation of service or registration is for a period of 3 years, after which date, all personal identifying data will be removed.
Rights to Access and Control Your Personal Data
For personal data that we have about you:
- Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide services to you).
- Change or Correct Data: You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
- Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
- Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.
If you want to remove yourself from our mailing list which will stop ALL communications from Community Buying at CAS, then from one of our emails, simply click on the “Unsubscribe” link at the bottom and follow any on screen instructions. Alternatively you can also contact us via email at email@example.com or by telephone on 01473 345400 and we will process your request for changes, deletions or requests of data within 1 calendar month.
To make a request to Community Buying at CAS for any personal information we may hold you need to put the request in writing addressing it to the address provided below. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If we do hold information about you, you can ask us to correct any mistakes by, once again, contacting Community Buying at CAS.
If you choose to close your Community Buying account, you will be automatically removed from our mailing list and all of your services associated with your account will end when your subscription period (that you have paid for) has ended.
We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions, or fulfil your request to “unsubscribe” from further messages from us.
Complaints or queries
Community Buying at CAS try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you want to make a complaint about the way we have processed your personal information, you can contact us by emailing firstname.lastname@example.org
You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
Access to personal information
Community Buying at CAS try to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation concerned and with other relevant bodies.
You can also get further information on:
- agreements we have with other organisations for sharing information;
- circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics;
- our instructions to staff on how to collect, use and delete personal data; and
- how we check that the information we hold is accurate and up to date.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 21 May 2018.
How to contact us
Community Buying at CAS
Community Action Suffolk
160 Hadleigh Road
Suffolk IP2 0HH