Privacy Policy

Introduction

The EU General Data Protection Regulations (GDPR) require all companies to treat personal information collected or handled securely and maintain accurate records as to how this information is stored and used. This policy sets out how your personal data is collected, stored and used by the Eynsham Village Website. For details of how Eynsham Parish Council uses and shares your information, please view their Privacy Notice.

Who are we?

PumpkinPip Ltd, the operator of the website on behalf of Eynsham Parish Council, is a Limited Company, registered in England (No.7722171).

How is personal information collected from you?

The Eynsham Village Website (both eynsham-pc.gov.uk and admin.eynsham.org.uk) collects personal information via the following means:

  • via the website contact form
  • via the organisation registration process
  • via the website comments form, if enabled for an organisation

What type of information is collected from you?

The personal information we collect might include:

  • Your name and contact details (including email address and phone number) which you provide when you submit details through the above services
  • Other information relevant to your enquiry
  • Website usage data - we may monitor your use of this website through the use of cookies.

For example, we may monitor how many times you visit, which pages you go to, traffic and location data, IP address, operating system and browser type. This information helps us to build a profile of our users. Most of this data is aggregated or statistical, which means that we cannot identify you individually.

Only the IP address could be used to identify you individually (indirectly through your ISP and only by the relevant authorities). Your IP address is only stored in log files that are deleted after 30 days.

Please see further the section on ‘Use of cookies’ below.

How is your information used?

Collecting this data helps us understand what you are looking for from our website, enabling us to deliver improved products and services, and in particular for the following reasons:

  • to contact you in response to a specific enquiry or request
  • to seek your views or comments on the services we provide
  • to improve the products and services we provide
  • to notify you of changes to our legal terms or compliance requirements, etc.

Who has access to your information?

We will never lease, distribute or sell your personal information to third parties unless we have your permission or the law requires us to.

Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example our website hosting provider). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we’re under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Information submitted via the contact form is not retained by the website; it is forwarded to the organisation or person who you elect to send the message to.

How you can access and update your information

The accuracy of your information is important to us. If you change email address, or any of the other information we hold is inaccurate or out of date, please contact our Data Controller (see below).

You have the right to ask for a copy of the information we hold about you or to ask for it to be removed. We will only remove data we hold on you if we are not legally obliged to retain it (e.g. for tax or contractual purposes).

We will ask you to provide formal proof of identity before releasing, editing or removing any of your information.

Data Controller

The data Controller for Eynsham Parish Council can be contacted on epc.clerk@eynsham-pc.gov.uk. PumpkinPip's Data Controller can be contacted at: datacontroller@pumpkinpip.com.

Security precautions in place to protect the loss, misuse or alteration of your information

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

All customer and supplier details will be kept stored on secure servers, and access limited only to authorised personnel with password protected access.

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. This includes, for example, firewalls, password protection and other access and authentication controls. We use SSL and TLS encryption technology to encrypt data during transmission through public internet (your enquiry form submissions and their transmission via email services to us).

However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store, and you do so at your own risk. We also cannot guarantee that such information may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access any website hosted by us, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. If you believe your Personal Data has been compromised, please contact us.

Use of 'cookies'

Like many websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor (see below).

GA makes use of cookies, details of which can be found on Google’s developer guides.

Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies off may result in a loss of functionality when using our website.

Links to other websites

Our website contains links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

There may be instances where our website features social sharing buttons, which help share web content directly from web pages to the respective social media platforms. You use social sharing buttons at your own discretion and accept that doing so may publish content to your social media profile feed or page. You can find further information about some social media privacy and usage policies in the third party processors section below.

Email links

If you email us directly, or via a email mailto hyperlink (like this one), the email is transmitted to us via the Simple Mail Transfer Protocol (SMTP). Depending on your email provider, the email contents may or may not be encrypted from the point at which it leaves your computer, until it reaches your email provider or in some cases, until it reaches us. We have no control over this, but most popular email providers like Gmail do provide end-to-end encryption.

Website Forms

Our website forms operate with a SSL ('Secure Sockets Layer' or 'https'). This means that any information you enter on our contact form will be encrypted by your own web browser from the point you click the 'Send Message' button until it reaches our web server. It is briefly decrypted on our web server, but is then re-encrypted and transmitted to us via our email host where it is only ever transmitted in an encrypted form or held in a highly secure manner.

Website forms have a reCAPTCHA control, which is an additional safety feature to help prevent businesses from receiving spam or automated data, and thus protecting the website and customer data.

About this website’s server

This website is hosted in a virtual server by Amazon (Amazon Web services) within a secure UK data centre. The server may only be accessed by authorised personal and we have taken numerous security precautions including:

  • Anti-Virus and Anti-Malware scans (passive and active)
  • Secure SSH (Secure Shell) access with private/public key and password authentication for access by authorised personnel only
  • Firewall locking down all but essential ports
  • Security settings applied so server meets the technical level of PCI (Payment Card Industry) security requirements
  • Regular backups to secured backup storage.

Our third party processors

We use a number of third parties to process personal data on our behalf:

16 or Under

We are concerned about protecting the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information.

Data Breaches

We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Our lawful basis for processing this data

We will ensure we have your permission to use the data necessary for the fulfilment of services provided or in order to take steps to procuring further orders.

Data Retention

PumpkinPip Ltd will retain personal data we process on behalf of our customers for as long as needed to provide our services. We will retain this personal information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements. The Data will be reviewed at least annually.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in May 2018 but we may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.

Any questions regarding this Policy and our privacy practices should be sent by email to datacontroller@pumpkinpip.com.