How we use your information
We are committed to protecting your privacy. This privacy notice tells you what to expect when The Organisation collects personal information. It applies to information we collect about:
- visitors to our websites;
- complainants and other individuals in relation to an enquiry;
- people who use our services; and
- job applicants and our current and former employees.
We use information held about you in the following ways:
- to ensure that content from our site is presented in the most effective manner for you and for your computer;
- to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
- to carry out our obligations arising from any contracts entered into between you and us;
- to notify you about changes to our service;
If you are an existing Customer, we will only contact you by electronic means with information about goods and services similar to those which were the subject of a previous sale to you or our customer.
We do not disclose personal information about individuals to advertisers or sell your information to any other organisation for marketing purposes.
Visitors to our websites
When someone visits www.athe.co.uk we do not make any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
People who enquire with us
Where enquiries are submitted to us we use the information supplied to process the enquiry. When consent is given, we will continue to contact the enquirer with information on services that we provide.
We may retain personal information, in the form of names and email addresses, for direct marketing communications.
Individuals can opt out of these communications at anytime by unsubscribing via a link included in our emails or contacting us directly using the details at the end of this Policy.
We will not share any personal data received through this method with 3rd parties.
People who use ATHE’s services
ATHE offers various services to the public.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have subscribed to any of our services to carry out a survey to find out if they are happy with the level of service they received.
When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this. We do not store financial details of our clients (credit or debit card numbers).
Job applicants, current, and former ATHE employees
When individuals apply to work at ATHE we will only use the information they supply to us to process their application. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Once a person has taken up employment with ATHE, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with ATHE has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
Disclosure of personal information
In many circumstances we will not disclose personal data without consent. However, when we investigate a complaint, for example, we will need to share personal information with the organisation or individual concerned and with other relevant bodies.
There are also circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics.
Access to personal information
ATHE tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulation. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to ATHE for any personal information we may hold, you need to put the request in writing and either address it to us at the address provided below, or you can contact us directly on email@example.com
As an individual, if you have issues accessing your personal information with any organisation you have the right to lodge a complaint with the ICO.
Alternatively, for more information you can view our Privacy Notice here.
Your Rights as a Data Subject:
Right to Rectification - the right to request us to rectify inaccurate personal data.
Right to Object - the right to object to processing based on either public interests or legitimate interests. Processing must stop, unless we demonstrate compelling grounds for continuing the processing or that the processing is necessary in connection with our legal rights.
Right to Object to Direct Marketing
Right to be Forgotten - the right to have us erase personal data without undue delay. Contingent on the occurrence of one of the following: - The data is no longer necessary; - You withdraw your consent (where consent is our legal basis for processing); - We have no overriding grounds for continuing processing against the objectification; - Processing was unlawful; - Erasure is necessary with EU or national law.
Right to Restrict Processing - the right to have us restrict processing if: - The accuracy of the data is contested; - Processing is unlawful; - We no longer need the data for its original purpose, but need it for legal purposes; - Erasure is pending.
Right of Data Portability - the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller. This will either be in .xls or .csv format.
ATHE never makes a decision solely by automated means without any human involvement nor engages in automated processing of personal data to evaluate certain things about an individual. Hence your right related to automated decision-making including profiling does not apply with us.
Any formal subject access request should be made in writing to the address below. This will be provided free of charge. However, we may charge a reasonable fee for repetitive, unfounded, or excessive requests or additional copies.
Who has access to your information?
We will not sell or rent your information to third parties.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purpose of performing a contract we have agreed with you, identifying and communicating with you, responding to your requests or enquiries, and improving our services.
However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
We may also pass your information to governmental or regulatory bodies where a legal obligation arises.
Our policy towards children
The Organisation's services are not directed to individuals under 18. We do not knowingly collect Personal Information from children under 18. If we become aware that a child under 18 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us.
Data storage, transfer and security
ATHE takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
Any sensitive information (such as credit or debit card details) is encrypted and protected using industry standard SSL (HTTPS). Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure.
ATHE hosts data with hosting service providers within the EEA. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store on our Websites are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Retention & Deletion
ATHE retains your information while you or your company remains an active centre, unless you ask us to delete your information. If you stop being an active centre, we will retain your information for the periods defined in our retention policy unless you request that your details be deleted. However, we will only contact you if we believe the information we intend to send to you could be of 'legitimate interest' to you or your company.
If you have signed up to receive our newsletter or requested information from us, we will retain your information until you request to be removed/deleted. Subject to the exceptions described below, ATHE deletes or anonymizes your information when it's reached the end of its retention period as per our policy or upon request from you. For further information regarding our retention periods and policy, please contact us on firstname.lastname@example.org or at the address provided at the end of this policy.
Subject to applicable law, ATHE may retain information after account deletion: - If there is an unresolved issue relating to your account, such as an outstanding invoice on your account. - If necessary for its legitimate business interests, such as fraud prevention. - If we are required to by applicable law; and/or in aggregated and/or anonymized form.
Complaints or queries
ATHE tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you believe we have processed your personal data in a way that does not comply with GDPR, we ask that in the first instance you contact us directly. Under GDPR you also have a right to make a complaint to the Information Commissioner’s Office (ICO) or other relevant supervisory body.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of ATHE’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 22nd June 2020.
How to contact us