Your Personal Data:
What we need
The Chartered Institute of Environmental Health (CIEH) trading as 15Hatfields, takes your data privacy seriously and will only use the details you provide to administer your account and provide you with our products and services. Under the terms of the Data Protection Act and GDPR, CIEH is the ‘Controller’ for this information. More information is available on the Information Commissioner’s Office website.
When doing business with CIEH we collect personal information about you including:
- Work contact details
- Financial information
Why we need it
We need to know your basic personal data in order to identify and contact you to provide our services. We only collect the necessary information required for us to effectively deliver and improve these services.
What we do with it
All of the personal data we process is done so by our staff in the UK. However, in order to provide our services, we engage with a number of third parties termed ‘Processors’ such as our hosting and webinar facilities who may host or process data outside the UK. We will always ensure the area of processing is in an area that the GDPR lists as providing suitable protection of your data rights. In instances where this is outside of the EU we will clearly inform you so that you may choose not to opt in to that service.
We only authorise access by third parties if they demonstrate strong data privacy practices and always limit their access solely to what is required for them to provide their services.
We have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
Where you have made a purchase with us we may contact you in the future about offers or promotions for that service, if you don’t wish to receive these you can opt out of these communications or adjust your preferences by clicking the personalised link at the bottom of our emails.
How long we keep it
We are required under UK tax law to keep your financial transactions and basic personal data (name, address, contact details) for seven years, after which time they will be destroyed
Any additional information that we have is kept until we are reasonably certain that you no longer wish to do business with us which is typically three years from the date of your last purchase unless you request that we do so sooner.
We keep email correspondence for seven years and an archive for up to ten years.
What are your rights?
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected or deleted.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Compliance Officer who will investigate the matter.
If you are not satisfied with our response, or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
Our Data Compliance Officer can be reached via email or post with the details below:
Data Compliance Officer