Privacy Policy

Changingday Limited (together referred to as “we”, “us”, “our”) take your privacy seriously, and we are committed to protecting your personal data.

This privacy tells you:

  • Who we are.
  • How we collect, use, store and share your personal data.
  • Your privacy and other related rights under the provisions of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and the EU General Data Protection Regulation (EU GDPR) which applies across the European Economic Area (EEA).
  • How to contact the UK Information Commissioner’s Office if you have a complaint.

Please read this privacy policy. We want to be sure that you are fully aware of how and why we are using your data.

Please note that this website is not intended for children.

We have a separate privacy policy for people who are engaged by us as consultants, employees or workers.

Who are we?

We are Changingday Limited. Our contact details are as follows: Post: 46 Gordon Street Glasgow Scotland G1 3PU

Online: privacy@changingday.com.

We are the ‘data controller’ for the information that we collect when you visit our website. That means that we decide how to use information about you (referred to as ‘personal data’) and we are responsible for looking after your personal data in accordance with data protection legislation. We will explain below how we collect and use your personal data, and what we mean by the term ‘personal data’. Please note that when we refer to ‘processing’ your personal data, what we mean is using your personal data in connection with this website by acquiring it, using it, storing it, sharing it with other people (either with your consent or as part of our service to you) or deleting it.

We have appointed a Data Manager who will be able to help you if you have any questions about this privacy policy. If you do have any questions, or you would like to exercise any of your legal rights in relation to your personal data, then please contact us at: Data Manager, Changingday, 46 Gordon Street, Glasgow, Scotland, G1 3PU Email: privacy@changingday.com

Please note that we may update this privacy policy at any time. Any changes we may make to our policy in the future will be posted on this page. Please check back frequently to see any updates or changes made.

Complaints

Should you have any complaints or queries about anything relating to the privacy of your personal data, or any other data protection issues, please let us know using the contact details above and we will do our best to deal with them. However, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues. You can contact the ICO on its helpline number which is 0303 123 1113 between 9am and 5pm Monday to Friday, or by other contact methods as set out on their website: www.ico.org.uk.

Personal data we collect about you

The term personal data means any information about an individual from which that individual may be identified. It does not, therefore, include data where the identity has been removed (anonymised data).

We may collect, store and use some or all of the following categories of data about you.

When you use our website, we may record:

  • technical information, including the type of device you use to access our website, the Internet Protocol (IP) address, your login data, the type and version of your browser, your time zone setting and location, browser plug-in types and versions, operating system, platform and mobile network information; and
  • your usage of our website, including the full Uniform Resource Locators (URL), the pages you viewed, the page response times, any download errors, the length of time you were on a particular page, how you interacted with the page (such as scrolling, clicks and mouse-overs), and how you browsed away from the page.

When you contact us or when you purchase any of our products:

  • your name and contact information, including email address and telephone number;
  • date of birth, age and/or your gender information, if you choose to give this to us;
  • business/company details if you have contacted us on behalf of a business/company;
  • your personal or professional interests;
  • your social media engagement;
  • information about how you use our website, IT, communication and other systems;
  • your responses to surveys, competitions and promotions.

This personal data may be needed so that we can supply our products to you. If you do not provide the personal data asked for, we may be delayed or prevented from providing those products.

Normally we will not seek to obtain personal data from you that is referred to as ‘Special Category’ personal data. Special Category personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. If we do collect special category data it will be on the basis that you have given us your explicit consent to do that. You can withdraw that consent at any time. We tell you how to do that later on in this policy.

How we collect your data

We will collect most of your personal data directly from you, whether in person, by telephone, text or email and/or via our website. This might be when you:

  • subscribe to one of our publications/newsletters;
  • email or write to us;
  • send information to us using social media; or
  • provide feedback on products.

However, we may also collect information:

  • from other online information we receive, including usage information about your interactions with online advertising and media;
  • third party data providers that provide us with information such as demographics, transaction and purchase history;
  • from publicly-accessible sources (for example the internet); and
  • from automated technologies or interactions with our website.

How we use your data

We will only use your personal data when the law allows us to do so, and where we have a proper reason for doing so. Most often, we will use your personal data in the following circumstances:

  • Where you give us your consent to using your personal data; for example when you correspond with us (your consent may be withdrawn by you at any time as set out in this policy).
  • For the performance of our contract with you, or to take steps at your request before entering into a contract.
  • Where it is necessary for our legitimate interests (or those of a third party); for example, where we have a business or commercial reason for using your personal data and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Normally, we will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason, and that related reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.

We have set out, in the table below, details of the ways that we may use your personal data, the legal bases we rely on to do so, and what our legitimate interests are, where relevant.

Note that it may be necessary for us to process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

privacy_table.png

If you require more details about this, please contact us.

How we may share the information

We may also need to share some of the above categories of personal information with other parties, such as external contractors and our professional advisers and with potential purchasers of some or all of our business or on a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will usually be bound by confidentiality obligations. We may also be required to share some personal information with regulators or as required to comply with the law.

Storing and retaining your data

Personal data is stored on our secure servers. Special rules will apply to the protection of your data if it is stored outside the UK. Special rules will also apply where, for example, we need to contact third parties on your behalf who have offices outside the UK, where electronic services and resources are based outside the UK, or where there is an international element to your matter.

For further information please contact us.

We will keep your personal data only for as long as is necessary. In working out how long we need to keep your personal data we take into account the amount, nature and sensitivity of the personal data, the potential for harm to arise from its unauthorised use or disclosure, the purposes for which we process it, and as to whether those purposes may be achieved by other means, and the applicable legal requirements. Since retention periods will differ for different types of personal data please contact us for further details if you wish to know what retention period applies.

In order to ensure that your personal data is kept secure, and to prevent there being any breach of confidentiality or unauthorised use, we have put in place security measures which are intended to prevent your personal data from being accidentally lost or used or accessed unlawfully. Access to your personal data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that personal data is processed.

If there is a data security breach that is likely to result in a high risk to your rights or freedoms you will be notified. Where relevant we will also inform the appropriate regulator (including the Information Commissioner’s Office) of a suspected data security breach where we are legally required to do so.

Please bear in mind that the transmission of information via the internet is not completely secure, and whilst we will do our best to protect your personal data, we cannot guarantee the security of data transmitted via our website, or by email, and any such transmission is at your own risk.

How to withdraw consent

If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time.

You may withdraw consents by emailing privacy@changingday.com or by writing to us at:

Changingday 46 Gordon Street Glasgow Scotland G1 3PU

Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn.

Your legal rights

Under the UK GDPR you have certain legal rights which apply in certain circumstances. These include the right to:

  • Request access to your data: sometimes called a ‘subject access request’; this allows you to receive, from us, confirmation as to whether or not your personal data is being processed, and if so to gain access to that personal data and various other information about it, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights.
  • Request correction of your data: sometimes called a ‘right to rectification’, this is a right to obtain from us, without undue delay, the putting right of inaccurate personal data concerning you.
  • Request erasure of your data: sometimes referred to as the ‘right to be forgotten’; this is the right for you to request that, in certain circumstances, we delete data relating to you.
  • Restrict processing of your data: the right to request that, in certain circumstances, we restrict the processing of your data.
  • Object to the processing of your data where we are relying on our legitimate interests: this is, a right, in certain circumstances, to object to personal data being processed by us where it is in relation to direct marketing, or in relation to processing supported by the argument of legitimate interest.
  • Request the transfer of your data to another party: the right, in certain circumstances, to receive that personal data which you have provided to us, in a structured, commonly used and machine-readable format, and the right to have that personal data transmitted to another controller.
  • A right not to be subject to automated decision making: that is to say, a right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or similarly significantly affects you.

In some circumstances we may not be able to do what you have asked; for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop.

You may obtain further information on your rights from the website of the Information Commissioner’s Office at www.ico.org.uk.