What is Personal Data?
In the EU’s General Data Protection Regulation (GDPR), Personal Data is defined as “…any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.”
Who we are
Consumer Code for Online Dispute Resolution Ltd. (Company Number NI663641) is the controller and responsible for your personal data (collectively referred to as "CCODR", “the company” "we", "us" or "our" in this privacy policy).
How we use and store your information?
The following privacy policy will outline how the Consumer Code for Online Dispute Resolution will collect, store and use your data. This is done so that we can:
• Respond to your queries and information requests;
• Respond to service requests;
• Respond to any complaints;
• Store contact details, including but not limited to contact name, postal address, telephone, email address (if provided), your query with us, relationship to us, including information recorded through application forms, complaints, etc. on our Database:
• Create a suitable member listing for the public to contact;
• Provide member contact details to members of the public;
• Display the geographical location CCODR Members in our members Database;
• Refine our website and improve your experience when using it through cookies.
If your membership lapses, is resigned or is revoked, CCODR will still retain information under a lawful basis in order to assist members of the public with enquiries in relation to document storage, updates or complaints.
CCODR members understand that in the event a member of the public needs assistance in contacting them, for example due to an outstanding process, we are under obligation to provide such information in the best interests of said member of the public.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How is your personal data collected?
We use different methods to collect data from and about you including through:
Direct interactions.
You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
• apply for our products or services;
• create an account on our website;
• subscribe to our service or publications;
• request marketing to be sent to you;
• enter a competition, promotion or survey; or
• give us feedback or contact us.
Automated technologies or interactions.
As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Third parties or publicly available sources.
We will receive personal data about you from various third parties and public sources as set out below
• Technical Data from the following parties:
(a)analytics providers such as Google based outside the EU;
(b)advertising networks; and
(c)search information providers.
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services.
• Identity and Contact Data from data brokers or aggregators.
• Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
Why do we need to collect and store personal data?
In order for us to do any of the above, we must collect and store your data firstly for correspondence purposes. We will ensure that the information collected will only be used for its intended purpose and does not constitute an invasion of your privacy.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
CCODR may wish to contact you for marketing purposes, particularly as a CCODR member, however we would contact you for additional consent for that purpose if not already given.
Will we share your personal data with anyone else?
We may share your personal data with the parties set out below for the purposes set out in the table above.
• Service providers acting as processors based within the territories of the EU and United Kingdom who provide IT and system administration services.
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
• For our clients: we use Memberstack which is a data processor based outside of the EU which provides user management services to us. This transfer of data is covered by appropriate safeguards and we have entered into a contract with Memberstack incorporating data protection clauses. It is a fundamental part of our contract with you that you consent to our use of Memberstack as a data processor.
• For our clients’ users: we use Modron Spaces which is a data processor based outside of the EU which provides the platform for our product. This transfer of data is covered by appropriate safeguards. It is a fundamental part of our contract with you that you consent to our use of Modron Spaces as a data processor. Modron Spaces used AWS servers which is covered by Privacy Shield.
• Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How will we use the personal data we collect about you?
Processing data constitutes as collecting, storing and using. We will process this data in accordance with the GDPR. We will do our utmost to keep your information accurate and up to date and not keep it longer than is necessary. As a member of CCODR, if you have opted to have your contact details listed on our ‘Find a Member’ function, you must contact us to let us know of any changes necessary. CCODR will issue occasional reminders to all members to keep their contact details up to date and will update them accordingly. This is necessary for us to perform the contract that we are about to enter into or have entered into with you.
The personal data that we collect through this website will be added to our Database. In this regard we may use your personal data where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Please be advised that there is information that we are required to keep in accordance with the law, such as information needed for tax and audit purposes. Personal data may be held for longer than these periods, however this will depend on the individual needs of the company.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Under what circumstances will we contact you?
We will only ever contact you when necessary, or when you have requested that we do so. We do not mean at any point to be intrusive or ask for unnecessary information. We will do our best to ensure that the information we hold is as secure as possible to minimise the risk of unauthorised access or disclosure.
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Can you find out about the personal data that we hold about you?
If you want to see what personal data we hold on you and how it is processed, you may contact us to request this. This is known as a Data Subject Access Request (DSAR) and you must request this in writing (either by post or email), providing the necessary identification before any information is released. If CCODR do store any of your personal data, you may request information on the following:
• Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
• Contact details of the GDPR owner, where applicable.
• The purpose of the processing as well as the legal basis for processing.
• If the processing is based on the legitimate interests of CCODR or a third party, information about those interests.
• The categories of personal data collected, stored and processed.
• Recipient(s) or categories of recipients that the data is/will be disclosed to.
• If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.
• How long the data will be stored.
• Details of your rights to correct, erase, restrict or object to such processing or transfer your data to a third party.
• Information about your right to withdraw consent at any time.
• Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
• The source of personal data if it wasn’t collected directly from you.
• Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
CCODR is duly registered with the Information Commissioner’s Office (ICO) as per their assessment. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
What forms of ID will you need to provide in order to access this?
CCODR will accept the following forms of ID when information on your personal data is requested:
Passport; Photo Driving Licence; Utility Bill (from the last three months); Notarised ID Document;
Contact details of the GDPR Owner
If you wish to submit a DSAR, or have any questions regarding this privacy statement, you must do so in writing using the following information.
Address: 50 Bedford Street, Belfast, BT2 7FW
Email: info@ccodr.com
Use of cookies on this site
To make this site simpler, small data file are placed on your computer. These are known as cookies. Most big websites do this too.
They improve things by:
• remembering settings, so you don’t have to keep re-entering them whenever you visit a new page;
• remembering information, you’ve given (e.g. your postcode) so you don’t need to keep entering it;
• measuring how you use the website so we can make sure it meets your needs.
Our cookies aren’t used to identify you personally. They’re just here to make the site work better for you. Indeed, you can manage and/or delete these small files as you wish.
You can opt out of Google Analytics cookies for all sites. To learn more about cookies and how to manage them, visit AboutCookies.org
1) First Party Cookies
These are cookies that are set by this website directly.
We use Google Analytics to collect information about how people use this site. We do this to make sure it’s meeting its users’ needs and to understand how we could do it better. Google Analytics stores information about what pages you visit, how long you are on the site, how you got here and what you click on. We do not use cookies to collect or store your personal information (e.g. your name or address) so this information cannot be used to identify who you are.
There are also cookies that store basic data on your interactions with Webflow, the CMS running this website.
2) Third Party Cookies
These are cookies set on your machine by external websites whose services are used on this site. Cookies of this type are the sharing buttons across the site allow visitors to share content onto social networks. Cookies are currently set by Twitter, Facebook and Google+. If you want to prevent sites setting third party cookies, instructions to do so are here.
3) Log Files
Log files allow us to record visitors’ use of the site. These logs are automatically generated from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you.
We use the following cookies:
Strictly necessary cookies.
These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies.
They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies.
These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies.
These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
Links to other websites
Our website contains links to our partners, as well as other external sites. You should note, that if you click through to any of these external sites, we do not have control over that site (unless it is a website which forms part of the CCODR Group of companies.) We cannot be responsible for the protection of any information that you provide to these other websites as they are not governed by this privacy statement. You should always exercise caution and look at the privacy statement of whichever website it is that you are visiting.
Policy Changes
CCODR reserves the right to change this privacy policy and will post any revisions on this web site. Your continued use of this web site will be subject to the then-current privacy policy.
