Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘Water Hygiene Centre, it refers to Water Hygiene Centre Ltd (Our ICO registration number is Z3492843).
The Water Hygiene Centre Limited (Reg. Co. number 6813146) was established in 2009 to address the lack of independent consultancy within the industry. We have experienced, qualified and dedicated consultants totalling over 60 years’ experience, all of whom offer unbiased advice and support based on their individual and collective experiences from within the team.
What personal data do we collect?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need.
You can give us your personal data by visiting our website and registering to receive weekly blogs, information on upcoming training courses in your area, useful tools, guidance and information updates, social media functions on our website, entering a competition, promotion or survey or by corresponding with us (by phone, email, post or social media).
Personal data provided by you
This includes information you give when interacting with us, for example joining or registering, placing an order or communicating with us. For example:
Please note, that certain areas on our website won’t be available to you until you’ve registered to use our website.
Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work, we may be able to build a profile which helps us decide which of our communications are likely to interest you. The website sections on Research and Profiling provides more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details, to keep in touch about things that may matter to you.
If you choose to hear from us, we may send you information based on what is most relevant to you, or things you’ve told us you like. We may also show you relevant online content. This might be about training courses in your area or blogs relating your role.
We’ll only send these to you if you agree to receive them and we will never share your information with companies outside the Water Hygiene Centre for inclusion in their marketing. (We may however share cookie data with third parties to help with our own advertising targeting). If you do agree to receive marketing information from us, you can change your mind at a later date by managing your preferences or unsubscribing.
However, if you tell us you don’t want to receive marketing communications, then you may not hear about events or other work we do that may be of interest to you.
We may sometimes use third parties to capture some of our data on our behalf, but only where we are confident that the third party will treat your data securely, in accordance with our terms and inline with the requirements set out in the GDPR.
We carry out research (client satisfaction certificates) with our clients to get feedback on their experience with us. We use this feedback as part of our ongoing commitment to quality and to continually improve the services we deliver. Your feedback may also be used for marketing purposes i.e sent to prospective clients or tender applications.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part.
We use automated profiling and targeting to help us understand market trends and buyers needs and to make sure that:
To do this we’ll analyse how you interact with us (e.g. on our website, subscription preferences) and use geographic and demographic information to let you know what’s happening in your local area and understand your interests.
We use specific tools to profile how you interact with us online, for example, Adobe Analytics and Google Analytics.
If you’ve agreed that we can contact you for marketing purposes, we may also gather additional information about you from external sources, for example: LinkedIn.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Disclosure of personal data to other bodies
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:
Open 8.30am – 5.00pm Monday – Friday
Verification, updating or amendment of personal data will take place within 30 days of receipt of your request.
Your data protection rights (DPO)
Where the Water Hygiene Centre is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask the Water Hygiene Centre to stop using your personal data for direct marketing purposes.
Tell us by clicking here or contact us using the details above.
Subject access rights
If you would like further information on your rights or wish to exercise them, please email the Data Protection Officer at firstname.lastname@example.org
You will be asked to provide the following details:
If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Cookies and links to third party websites
Links to other websites
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our clients, prospects and employees records safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape.
Disclosing and sharing information
When we allow third parties acting on behalf of the Water Hygiene access to your information, we will always have complete control of what they see, how long they see it for and what they are allowed to do with it. We do not sell or share your personal information for other organisations to use.
Personal data collected and processed by us may be shared with the following groups where necessary:
Storage of information
Water Hygiene Centre operations are based in the UK. We store our data within the European Union (EU) and the USA through our CRM partners, who have a robust privacy programme that is designed to align with many regions’ data hosting needs, including data-handling processes which meet rigorous policy requirements.
Payment card Security
Our online payment solutions are carried out using a ‘payment gateway’ (e.g. Stripe) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us.
Stripe undergoes a PCI Level 1 Service Provider evaluation each year, the most stringent level of security certification available in the payments industry. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.