Here at Northumbrian Water Group (NWG) we take your privacy seriously and will only use your personal information provided by you to register you to attend NWG’s Innovation Festival 2019 activities and to provide you with information about the event.
We are registered with the ICO under the Data Protection Register, our registration number is: Z4657939.
process your personal data fairly and lawfully;
tell you how we will use your personal data;
only collect personal data about you when we need it for legitimate purposes, or legal reasons;
ensure that your personal data is adequate, relevant and not excessive for the purposes for which we collect it;
not keep your personal data for longer than we need to for those lawful purposes;
keep your personal data secure;
ensure we have robust controls in place to prevent unauthorised access to and use of your personal data;
ensure that you know how to exercise your rights in relation to your personal data; and
require any third parties we may share your personal data with to take appropriate steps to protect it.
“NWL” “we” and “us” refers to Northumbrian Water Limited.
“you” “the user” refers to the person(s) registering for the NWG Innovation Festival 2019
“Personal data” has the same meaning as defined in the General Data Protection Regulation, being any information relating to an identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Under the GDPR your rights are as follows. You can read more about your rights in details here;
the right to be informed;
the right of access;
the right to rectification;
the right to erasure;
the right to restrict processing;
the right to data portability;
the right to object; and
the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
You have the right to see all the personal information we hold about you.
We’ll handle routine enquiries as part of our usual customer service. If you want to see more of the information that we have about you, you can make a Data Subject Access Request (SAR).
As part of an access request you can also ask:
a) purpose of processing
b) categories of personal data concerned
c) the recipients or categories of recipients to whom the personal data has or will be disclosed
d) the period of time for which the information will be stored
e) your right to request rectification or erasure or restriction of processing
f) where the information is not collected directly from you, any detail as to its source
g) the existence of automated decision making, including profiling as well as the significance/ consequences of such processing
h) the right to be informed of the safeguards in place relating to the transfer to a third party company.
To help you make your request, we have produced a form which you can find on our website here. We may reply to you where we need further information to help respond effectively to your request
To ensure that we only give your information out to you and not someone else, you will need to provide us with two current forms of identification.
Once we receive your written request, any clarifications and identification, we respond as soon as we can within 1 calendar month.
You can either post your form to:
PO Box 200
Or email it to us:
PROCESSING OF YOUR PERSONAL DATA
The reason we need to collect your personal data will vary depending on what it is being used for. The table below provides examples of the types of data we collect about you, the reason it is collected and how long we keep it for (the retention period).
We need to collect and use your personal data for a number of purposes and we must have a lawful basis for processing it. This lawful basis will vary depending on how and why we have your personal data, and how we collect it. We have put together the table below to provide you with examples:
DATA SECURITY AND PROTECTION
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction or accidental loss of your personal data.
We take appropriate organisational and technical security measures and have rules and procedures in place to ensure that there is no unauthorised access to your personal data.
When we work with third party organisations we require them to assure us of their compliance with our data protection and security requirements. This is further detailed in the contracts we have with them.
We are working alongside Envoy, a visitor management software to provide you with the best possible customer experience.
To provide our attendees with the best experience possible, booking onto our Health & Wellbeing activities uses a service provided by Acuity Scheduling, a child company of SquareSpace (our website providers).