WM5G

Privacy

What is a privacy notice?

The privacy notice is our opportunity to explain to you how your personal data will be processed. It provides details of the lawful purpose under which we are processing your personal data, who we may share your data with, how long we will keep your data, how it is protected and explain your rights and if necessary, how to raise a concern in regards to the use of your personal data.

We advise that you read all sections of the notice and encourage you to periodically visit the website to review any changes to this privacy notice.

WM5G summary of processing and control

The data protection laws are there to protect the rights and freedoms of an individual in regard to the use of their personal data. This includes giving data subjects rights under their provisions.

West Midlands 5G (WM5G) collects, holds and uses (processes) a considerable amount of information, including personal data about our employees, stakeholders, partners, commercial and public relationships. This information is necessary to allow us to provide services effectively and meet our legal obligations.

WM5G are known as the data controller in relation to the data we process about you.

WM5G also recognise that this information is important to you, the data subject. We take our responsibilities seriously and have processes in place to ensure that personal data is managed fairly, correctly and safely, in line with data protection laws.

WM5G will only collect and process the personal data that is necessary for the lawful purpose we collected it for. Where we need to share your personal data, we will do so only where there is a lawful purpose, with your consent, or if we are required to do so by law.

WM5G may need a little help sometimes in delivering their services. For example, to manage our marketing activities, process our payroll or provide physical security. These are known as data processors WM5G will ensure that we only engage with trusted providers and include clear data protection clauses in our service contracts.

If you would like to understand more about data protection laws like  the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA), or Privacy of Electronic Communications Regulations (PECR), please visit the UK Information Commissioners website at: www.ico.org.uk

Changes to this privacy notice

WM5G will regularly review and update this privacy notice to reflect changes in our services, as well as to comply with changes in the law.

WM5G encourages you to periodically visit our website to review this notice.

If there are substantial changes to this statement or in how we use your personal information, we will advertise the updated notice both on the front page of the WM5G website and by email, where we have the authority to do so.

This privacy notice was last updated August 2019.

You can download a copy of this privacy notice here.

If you do not have access to a computer or printer and you would like a copy of our latest privacy notice, please write to: –

Gurmit Sangha
Data Protection Officer
WM5G Limited
16 Summer Lane
Birmingham
B19 3SD

Or email dataprotection@wm5g.com using ‘Copy of latest privacy notice’ in the subject header.

Learn more about how WM5G process your personal data

This privacy notice has been designed to explain how WM5G process and protect your personal data. We have tried to make that as clear and user friendly as possible.

We have created a list of frequently asked questions, to help further explain some of the legal terms, in a non-legal way.

You can download a copy of this privacy notice here.

What is personal data?

Personal data is information relating to an ‘identifiable living individual’ (the data subject). It includes information such as a name, address, telephone number, date of birth, bank details, also your computers IP address or your employee or other reference number.

There are also ‘special categories’ of personal data – which are classed as being more sensitive in nature. These require stricter processing controls.

Wherever WM5G process personal data it is done so within the terms of data protection laws.

What are “special” categories of personal data?

Some personal data has been defined as ‘special’ due to its sensitive nature. This is information that relates to a characteristic such as racial or ethnic origin, political opinions, religious beliefs or philosophical beliefs, trade union membership, genetic data, biometric data (for example, fingerprint evidence), sexual life, criminal record, prosecutions and medical data.

The data protection laws ask that when processing special categories of data we have additional controls in place, which includes seeking your explicit consent before doing so.

At WM5G we ensure that any special data that we process has extra protections in place to ensure that it is looked after safely and securely.

What do you mean by ‘process’ my data?

This means that wherever WM5G are collecting, storing, sharing, using, updating, recording, disposing or deleting your personal data, they are ‘processing’ it.

Processing covers the lifecycle of the personal from the point of collection to the destruction or deletion of that data.

WM5G only process your personal data where we can demonstrate that we have a lawful basis to do so, and that during its lifecycle, it is protected in accordance with data protection laws.

Who is responsible for the processing of my personal data?

It is the responsibility of the data controller, in this case WM5G. We are the organisation who determine how and why we are processing your personal data.

This means that we have the overall responsibility to ensure that any processing of your personal data meets the conditions of data protection laws.

We may choose to outsource some of those activities to a data processor. WM5G will ensure that these third party, external partner, or agencies have adequate systems, procedures and contracts in place to prevent the loss or misuse of personal information.

How do we use your personal data?

We collect and process various categories of personal data at the start of and throughout the duration of your relationship with us.

WM5G will only process personal data where it is able to demonstrate that an appropriate lawful basis is available.

We may process personal data for one or more of the following purposes:

  • For the purpose for which you provided the data to us (e.g. to subscribe to our newsletter or to respond to a contact or access request.
  • To satisfy a legal obligation (e.g. Health and Safety, Prevention and detection of crime, Tax laws, Payroll and Regulatory condition)
  • To meet the terms of an active contractual agreement.
  • For marketing purposes to keep you updated on the latest news and services.
  • To enable us to communicate with you about the provision of services to you.
  • To maintain a legitimate relationship with you (commercial and personal).
  • Where necessary to protect individuals from harm or injury.
  • To provide adequate physical and technical security controls (e.g. CCTV, Visitor tracking, access control, event management).
  • To provide a service which has been outsourced to a data processor, or where WM5G are acting as a data processor.
  • To share data with authorised stakeholders (e.g. other Government bodies).
  • To monitor our performance in providing services to you, to gather statistical information to allow us to understand our user engagement and obtain your opinion about our services.
  • For the purposes of research and development.

What are the lawful bases for processing my personal data?

For any organisation to process your personal data, they must be able to demonstrate that one of the lawful bases applies, prior to any process activity taking place.

These are set by data protection law and are a way of protecting the data subject. and the data controller.

Whatever the lawful basis is the conditions of processing still apply. For example, just because there is a law that states we must provide HMRC with certain payroll data we must only provide the data necessary to meet the requirement and in a safe and secure way.

WM5G will only process your personal data where they are able to demonstrate that a lawful basis applies.

Lawful basis:

  • There is a LEGAL obligation. The law requires it! This may be to satisfy employment laws such as equality and diversity monitoring, meet financial obligations, or in the detection or prevention of crime. Where a legal obligation applies the conditions of processing still apply.
  • There is a CONTRACTUAL agreement in place. This includes collecting and processing data necessary to enter into a contract or the performance of an existing contract. For example, making an application to participate in a trial or competition, or to meet the terms of an employment contract.
  • It would be in the LEGITIMATE INTEREST of the controller or third party. There is a balance of legitimacy which must take place to consider if the rights and freedoms of the data subject are breached, prior to any processing taking place. In order to be legitimate, there must have a minimal impact on the individuals privacy and must take in to consider what they would reasonably expect would happen with their data.
  • With the CONSENT of the individual. When using consent as a lawful basis WM5G must be able to demonstrate that the consent was freely given, unambiguous and that the data subject was fully informed. Where this applies to the processing of ‘special categories’ there are stricter guidelines and you would need to provide your ‘explicit’ consent. For example, we have a signature from you. As the data subject, you have the right to withdraw consent at any time.
  • It is in the VITAL INTEREST of the data subject. This is so that we can protect you or another data subject. For example, if you were involved in an accident on site and we needed to contact the emergency services, we may need to share vital medical information from your employee file, to assist in providing critical care to you. For example, due to religious beliefs or pre-existing medical conditions.
  • It is in the PUBLIC INTEREST. This is always an interesting one! It refers only to ‘carrying out a task in the public interest, or that in exercising an official authority’. It is not linked to ‘publicly available’ information. This is a separate subject, hence why data protection laws are very specific in their definition. There are specific controls around how this basis can be used and administered. It is not simply justified as a ‘public interest story’.

Ways we collect your personal data

Face to Face

There are several ways we may collect personal data face to face. We may have met you at an event or had a meeting with you. We may keep a record of your attendance or business card details so that we can follow up with you.

We will inform you at the point of collection how we will be processing your personal data. This will be by a written notice or verbal confirmation.

Where it is obvious to you that we will need to process your data, we may not need to notify you. An example of this would be where you have provided a business card or emailed us and asked for us to contact you. However, we will make every effort to notify you where we believe there may be ambiguity

Any such records will be kept securely and processed in accordance with data protection laws.

Telephone calls

As with face to face collection of data, we may also do the same over the phone. It will depend on the method used in contacting us, or vice versa.

Should we need to record or maintain your personal data record, this will be in accordance with the purposes detailed in this privacy notice and/or explained to you at the time of collection, if it is not obvious to you.

If calls are being recorded, you will be notified at the time of collection. Ordinarily this will be for training and/or quality purposes.

Emails

If you email us, we may keep your email as record that you have made contact. This includes your email address.

We will not include any personal or otherwise confidential information in any email we send to you unless it is sent securely, or you have agreed to us contacting you with this information.

We would also recommend that you keep the amount of personal or confidential information you send to us via email to a minimum.

Online

Cookies

When you visit our website, small text files may have been placed on your computer, known as cookies. They are widely used in order to make websites work, or to make them work more efficiently, as well as to provide information to the owners of the site.

When you first enter our website, you will have been provided with ‘cookie notice’. This notice will ask you for your permission for the site to use cookies and/or alter your cooking setting for our site.

Cookies are not a condition of you being able to access our site but if disabled may alter your user experience.

Most web browsers also allow some control of cookies through the browser settings on your computer. You may wish to amend these setting according to your personal privacy requirements.

Other Websites

From time to time we may provide links to external websites. We do this to enhance and tailor your user experience.

When you visit other websites, we recommend that you take time to read their own privacy notices.

Please note, this privacy notice applies solely to West Midlands 5G. We are not responsible for the content of those sites.

What will we do with your personal data?

Whenever WM5G processes (collects, holds or uses personal data)  we are committed to ensuring that it will: –

  • Recognise that we handle and hold personal data on behalf of individuals.
  • Adopt and maintain high standards in respect of the handling and use of that personal data.
  • Only collect, hold and use personal data where it is necessary and proportionate to do so.
  • Keep personal data securely and will destroy it securely when it is no longer needed.
  • Consider and address the privacy risks first when planning to use or hold personal information in new ways, such as when introducing new systems.
  • Make it easy for individuals to access and correct their personal information and be open with individuals about how we use their information and who we share it with.
  • Ensure that there are effective safeguards and systems in place to make sure personal information is kept securely including having a robust data strategy to protect against any disasters as well as malware, hacking, etc.
  • Train our staff to properly handle personal information.
  • Apply appropriate financial and human resources towards looking after personal information to make sure we can live up to our promises.

Who we may share your personal data with?

WM5G will not share your personal data with anyone outside of West Midlands 5G except in the following circumstances:

  • Where we have your permission.
  • Where required for the service we are providing you.
  • Where we are required by law and by law enforcement agencies, juridical bodies, government, tax authorities or other regulatory bodies.
  • With third parties, external partners, and agencies assisting us in delivering our service to you.
  • With external partners to improve, and advance, the service we provide to you.

If we are permitted to share your data, we will only share what is necessary and permitted under law.

WM5G will ensure that any third party, external partner, or agency (data processors) have adequate systems, procedures and contracts in place to prevent the loss or misuse of personal information.

How do we protect your personal data?

We have a data protection policy which explains how we look after your personal data. We also have lots of practical measures to protect your information such as:

  • Limiting access on systems to only which staff that need to access the information.
  • Providing regular training for staff to make them aware of how to handle your data safely and in accordance with the data protection legislation.
  • Having a clear desk policy and guidance about keeping personal data, especially ‘special categories’ of data in locked places with limited access.
  • Having clear policies and guidance for staff who take data out of the building and clear working at home guidance for all staff to follow.
  • Encrypt our data and systems where necessary. For example, communications such as e-mails as well as encryption of disks and memory sticks.
  • Regular testing of our IT equipment and keeping up to date with regular security updates.

How long can we keep your personal data for?

We only keep personal data if it is necessary to do so and for as long as necessary. Often there is a legal reason why we must keep the data and a prescribed period of retention.

The period of retention is determined by the type of record, the nature of that activity, product or service.

Using personal data for marketing

WM5G will only send you information about our services if you have asked us to do so or, based on the information we hold, we consider it a benefit to you (within the scope of data protection law).

This means that your personal data may also be shared with other service providers who may contact you independently. This will only happen where WM5G are able to demonstrate that this was in the interest of you, the data subjects. Please note that you can opt out of this at any time.

On our websites, you have the option to join our Marketing Database. We will notify you at the time of collection how your personal data will be processed and where necessary, ask you to confirm you understand and consent to your personal data being processed this way. This is known as a ‘fair processing notice’.  We may also ask you for additional details to help tailor your experience.

You can unsubscribe from receiving our emails by clicking the unsubscribe link placed at the bottom of our emails. Alternatively, you may contact us at dataprotection@wm5g.com to request removal.

Your personal details will remain active in our marketing database until such time as you unsubscribe, have not opened any of our campaigns in the last 6-12 months, or your email address appears to no longer work.

While WM5G tries to ensure that any personal data it holds about you is correct, there may be situations where the data it holds is no longer accurate. For example, if you change your name or move to a new house or jobs.

To help us maintain accurate records, we would ask that where you know of a change (as described above) as soon as possible so that we can update our records.

Please note that WM5G may use data processors to deliver its marketing campaigns.

WM5G will only share the personal data necessary to fulfil the activity they have been tasked. We will also ensure that any third party, external partner, or agency (data processors) have adequate systems, procedures and contracts in place to prevent the loss or misuse of personal information.

Competitions run in conjunction with our partners may have explicit terms and conditions around data sharing. These will be highlighted to you when you enter the competition.

What are my rights?

The data protection laws are there to protect the rights and freedoms of an individual regarding the use of their personal data. This includes giving data subjects. ‘rights’ under their provisions.

We have explained, in brief what these rights are and how you can exercise them rights with WM5G. However, you should be aware that these rights are not absolute and are conditional to the purpose that the data is being processed for. 

Because there may be instances where we are unable to action your request, each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

You have the right to:

You can have Access to the personal data we hold about you

You are legally entitled to request access to any personal data records held by WM5G about you (the data subject).

Upon receipt of a request for access (referred to as a Subject or Data Access Request SAR or DAR) WM5G must ensure that the request is legitimate. This may mean that we will need to contact you for some additional information. This is so that we can protect your information and ensure that it is not disclosed unlawfully to someone.

WM5G will seek to comply with your request but there may be some situations where we will not be able to do this in full, e.g. where information held was given in confidence or when a professional thinks that it could cause serious harm to you or another’s physical or mental wellbeing if the information was given to you. Also, if we think that giving you the information may stop us from preventing a crime.

Each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

You can ask for any inaccuracies to be rectified

If you receive a copy of your personal data or become aware that our records may be inaccurate, you have the right to ask us to correct it.

We may not always be able to change or remove the data, but we will correct factual inaccuracies. In some cases, if we are unable to amend the data, we may record your comments to show that you disagree with information held about you.

While WM5G tries to ensure that any personal data it holds about you is correct, there may be situations where the data it holds is no longer accurate. For example, if you change your name or move to a new house or jobs.

To help us maintain accurate records, we would ask that where you know of a change (as described above) as soon as possible so that we can update our records.

You can ask for your personal data to be erased

You have the right to ask for your personal data to be erased although this is not an absolute right.

A valid request whereby your personal data is no longer necessary for the purpose for which it is collected and/or there are no other lawful reasons to keep it.

WM5G will seek to comply with your request but there may be some situations where it will not be able to do this, e.g. where WM5G is required to hold or process information to comply with a legal requirement.

Where your personal data has been shared with others, we will do what we can to make sure they also comply with your request for erasing the data.

Each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

You can ask us to restrict processing

You have the right to ask WM5G to limit the processing of your personal data in certain circumstances.

For example, where you have contested the accuracy of your personal data or if you believe WM5G no longer needs the data. 

WM5G will seek to comply with your request but there may be some situations where it will not be able to do this. For example, where we are required to do so by law. 

Also note that if this request is approved, it may cause delays or prevent us from delivering a service to you.

Each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

You have the right to object to the processing of your data

You have the right to object to WM5G processing your personal data unless we can demonstrate compelling and legitimate grounds to do so. Whilst an objection to processing is being managed, you can request that the processing be restricted until this is resolved.

WM5G will seek to comply with your request but there may be some situations where it will not be able to do this. For example, where we are required to do so by law. 

Also note that if this request is approved, it may cause delays or prevent us from delivering a service to you.

Each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

This right relates to the processing of your personal data where ‘consent’ was the lawful basis upon which it was processed originally. In most cases it relates to where your personal data is being processed for marketing purposes and in this instance, it is an absolute right.

Where it is in relation to non-marketing-based processing, WM5G will seek to comply with your request but there may be some situations where it will not be able to do this. For example, where we are required to do so by law. 

Also note that if this request is approved, it may cause delays or prevent us from delivering a service to you.

Each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

You can request the portability of your data to another provider

You have the right, in certain circumstances, to get an electronic copy of your personal data so that you can re-use it with other service providers.

This right only applies to information processed by automated means or information obtained by consent from you. It is likely that data portability will not apply to most of our services. However, each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

You can object to automated decision making, including profiling

Automated decision making is where a computer makes a decision about you based on information you have shared with it or it has legitimate access to. For example, online loan applications.

You have the right to ask for any automated decisions to be explained to you.

This means that you can question decisions made about you by a computer, unless it’s required for any contract that you have entered into, required by law, or you have given your agreement to this form of processing.

You also have the right to object if you are being profiled. This means that decisions are made about you based on certain things in your personal data.

Each case will be looked at individually and you will be notified of any outcomes or restrictions which apply to your request.

Who is the Data Protection Officer and how do I contact them?

The role of the DPO it to provide impartial advice and guidance to both the data subject (you) and the data controller (WM5G), in regard to the processing of personal data.

Should you have any concerns, queries or wish to exercise one of your rights, please contact Gurmit Sangha, our Data Protection Officer (DPO).

He can be contacted at dataprotection@wm5g.com.

You can also write to the Gurmit at:

Data Protection Officer
WM5G Limited
16 Summer Lane
Birmingham
B19 3SD

Who is the UK regulator and how do I contact them?

The UK regulatory body is known as the Information Commissioners Office. They are a representative body of Government and are tasked to provide guidance and support to individuals and organisations, as well as investigate and manage enforcement.

If you would like to understand more about data protection laws like the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA), or Privacy of Electronic Communications Regulations (PECR), please visit their website at: www.ico.org.uk

If you have a complaint about how WM5G are processing personal data, we would ask that you contact Gurmit Sangha, our Data Protection Officer, in the first instance. He will independently investigate your concern and hopefully resolve the issue in a timely manner.

He can be contacted at dataprotection@wm5g.com

You can also write to the Gurmit at:

Data Protection Officer
WM5G Limited
16 Summer Lane
Birmingham
B19 3SD

For more information regarding data protection issues you may wish to contact the Information Commissioners Office (ICO) at casework@ico.org.uk

You can also contact the Information Commissioners office at:

Information Commissioners office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK95AF

For more information about the ICO visit: www.ico.org.uk