This policy was last updated on 1st May 2018.
VisitBrighton (“we, “us” or “our”) is the official tourism delivery unit for Brighton & Hove City Council (BHCC). To see BHCC’s Privacy Policy please go to the Brighton & Hove City Council website.
We are committed to preserving the privacy of our customers. This Freedom of Information and Privacy Policy lets you know our policy for the collection of information about you and your transactions with us.
We don’t share your information with other companies without your permission and we will only send you emails if you specifically give us consent to do so.
1. Terms of Use
1.1 Accessibility of our website
1.2 Copyright notice
1.3 Our presence on social media sites
1.4 User Generated Content (UGC)
1.5 Freedom of Information
2. VisitBrighton Privacy Policy
2.1 Information that we collect
2.2 How we collect your information
2.3 How we use personal information
2.4 General
2.5 Sharing personal information
2.6 International transfers of your information
2.7 Security of your personal information
2.8 Cookies
2.9 Links to third party sites
2.10 Retaining and deleting personal data
2.11 Access to your personal information and your rights
1. Terms of Use
The Terms of Use below apply to your access to and use of any websites owned and/or operated by the “VisitBrighton” brand which is the official tourism delivery unit for Brighton & Hove City Council, with its offices at Brighton Town Hall, Brighton, BN1 1JA.
Accessing and/or using any part of this site constitutes your acceptance of these Terms of Use. We reserve from time to time the right to make amendments to these Terms of Use and your continued use of the site will constitute your acceptance of any changes made.
Whilst we endeavour to ensure that the information on this site is correct, no warranty, express or implied, is given as to its accuracy and we accept no liability for any errors or omissions,
Usage of the site is at your own risk. We shall not be liable for any damages (including, without limitation, damages for loss of business or loss of profits) arising in contract, tort or otherwise from the use of or inability to use this site, or any material contained in it, or from any action or decision taken as a result of using this site or any such material.
We accept no responsibility for any third party owned tools, products or content featured or made available to you on our site or for any third party site(s) which our site may link to via any hypertext links, banners, buttons or other such functionality. Such links to third party sites are provided for your convenience on an "as is" basis with no warranty, express or implied, for the information provided in any third party sites.
If any of these terms should be determined to be illegal, invalid or otherwise unenforceable by reason of the laws of any state or country in which these terms are intended to be effective, then to the extent and within the jurisdiction in which that term is illegal, invalid or enforceable, it shall be severed and deleted from the clause concerned and the remaining terms and conditions shall survive, remain in full force and effect and continue to be binding and enforceable.
These Terms shall be governed by and construed in accordance with English law.
1. 1. Accessibility of our website
We have developed this website to serve the largest possible audience by addressing the needs of people and systems with differing abilities. All pages on this site follow most of the W3C's WAI accessibility guidelines, and comply with the UK's Disability Discrimination Act.
1.2. Copyright notice
Unless otherwise stated, the copyright and any other rights in all material on this site are owned by us.
You are permitted to print and download extracts from this site on the following conditions:
1.3. Our presence on Social Media sites
We have accounts on social media sites such as Twitter, Instagram and Facebook.
We welcome your comments or questions on our social media pages and we encourage open debate.
However, we do ask that our followers adhere to certain good practices to ensure that our page complies with the law and regulations governing the Civil Service, and to create a welcoming environment for all of our followers.
Therefore, we will remove comments that:
We may remove any posts that violate the above rules without prior notice, and our decision will be considered final. We will not edit any of your comments.
1.4. User Generated Content (UGC)
Any user generated content such as any written content including blogs, photos, pictures, audio or video content posted or uploaded by you to our sites are subject to moderation.
Moderation guidelines
‘Pre-moderation’ means that comments will not be published instantly; they will first be checked by moderators. Moderators will be monitoring the site during office hours Monday to Friday, and aim to process comments as quickly as possible.
This is not about censoring your views. The aim is to ensure the discussion is fair, inclusive, relevant and constructive. Moderation will not be used to suppress legitimate, reasoned discussion about the issues in this document.
We will normally approve comments for publication as long as they:
If you are aged 16 or under, please get your parent/guardian’s permission before submitting a comment. Users without this consent are not allowed to participate or provide us with personal information
We reserve the right to suspend any UGC at any time. Where we choose not to publish a comment for a reason other than those listed above, we will reply to the user by email explaining our reasons and inviting them to make appropriate changes so that the UGC can be reconsidered for publication on our sites.
The copyright of the original texts and the copyright of all comments remain with their respective authors.
If you wish to contact us for official correspondence, visit the “contact us” section of our website.
1.5. Freedom of information
The Freedom of Information Act 2000 gives the public a right of access to information held by public authorities. The “About” section on our website contains information about us as an organisation including our roles and responsibilities, organisational structure and our Board.
If the information you require is not available on our website, please email FreedomofInformation@brighton-hove.gov.uk
2) VisitBrighton Privacy Policy
VisitBrighton (“we, “us” or “our”) is the official tourism delivery unit for Brighton & Hove City Council (BHCC), , with its offices at Brighton Town Hall, Brighton, BN1 1JA. To see BHCC’s Privacy Policy please go to the Brighton & Hove City Council website.
VisitBrighton is the data controller in connection with any personal information collected or received by us arising from your use of any of our products, services, applications, websites and customer support communications.
This Policy explains the types of information that we may collect and hold, how that information is used and with whom the data is shared. It also sets out how you can contact us if you have any queries or concerns about this information.
We reserve the right to make changes to this Policy at any time. Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time.
2.1. Information that we collect
We may collect, use, store and transfer information about you in several different ways and this information may be classified in different categories. Please take care when submitting information to us, particularly when completing free text fields or uploading content, documents and other materials. Some of our services may be automated and we may not recognise that you have accidentally provided us with incorrect or sensitive information.
If you register to use the password protected areas of our website, we will ask you to provide us with certain up to date data about yourself which we will handle in accordance with the United Kingdom's Data Protection legislation. We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff. We use leading technologies such as (but not limited to) data encryption, fire walls and server authentication to protect the security of your data. All VisitBrighton companies, all our staff and any third parties hired to provide support services, will be required to observe our privacy standards and to allow us to audit them for compliance.
2.1.1. Information that you provide to us
Whenever you interact with us, you may be asked to provide us with information relating to you. The following types of data may be collected from you:
2.1.2. Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
2.1.3. Contact Data includes billing address, delivery address, email address and telephone numbers.
2.1.4. Financial Data includes bank account and payment card details.
2.1.5. Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us and may include applicable device ID (s) relating to your particular product(s), delivery date and place of purchase.
2.1.6. Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
2.1.7. Enquiry Data includes data you provided us with when you contact us for customer service assistance (by any means of communication including written communications or via our website(s), support forums, telephone, email, SMS, or our social media channels) or when you visit us at a public event, such as a trade show or exhibition or participate in one of our surveys, competitions or prize draws, we may record all customer service communications and keep information about the particular communication, including your name, the product(s) you bought, the reason why you contacted us, and the advice we gave you so we can track the resolution of any customer service issues and for customer service training purposes.
2.1.8. Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses. We may also receive content that you choose to upload or post, such as your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details, product reviews, comments, photos and forum posts, or details of your interests and preferences that you choose to tell us about when, for example, selecting the services that you wish to receive.
2.1.9. Usage Data includes information about how you use our website, products and services, as well as the frequency and pattern of your service use.
2.1.10. Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
Aggregated Data
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.
2.2. How we collect your information
We use different methods to collect data from and about you including through:
2.2.1. Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
2.2.2. Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies, this Technical Data may include:
a) Details of your usage patterns, the content (including any advertisements) that you view and interact with including information on the services and applications you are using in-device to personalise services to your specific needs. For example, when you use our websites, we may collect information about your visit, such as your browser software, which pages you view and which items you ‘clicked’ on or added to your shopping basket.
b) Service, product or server logs, which hold technical information about your use of our service, product or websites, such as your IP address, device ID(s), domain, device and application settings, errors and hardware activity. We may use your IP address to determine your location/country of origin.
c) Device Information such as your device ID(s), including information about where your device is physically located. For example, when you are using a geo-location service or application and you have given consent to your location being shared.
d) Interests and preferences that you specify during set up or registration of any product or service.
2.2.3. Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
2.2.3.1. Financial and Technical Data from parties such as:
a) analytics providers based outside the EU;
b) advertising networks based inside the EU; and
c) search information providers based outside the EU.
2.2.3.2. Contact, Financial and Transaction Data from providers of technical, payment and delivery services based outside and inside the EU.
2.2.3.3. Identity and Contact Data from data aggregators and other specialist agencies based inside or outside the EU.
2.2.3.4. Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
2.2.3.5. Identity and Contact Data from social media if you (i) interact with any of our social network pages or applications; or (ii) you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts. For instance:
2.3. How we use your personal information
We will only use your personal data to the extent permitted by the law. We may use the personal information you provide to us or which we collect for the following range of purposes, including:
Purpose/Activity
|
Type of data
|
Lawful basis for processing including basis of legitimate interest
|
|---|---|---|
To register you as a new customer
|
(a) Identity (b) Contact
|
Performance of a contract with you
|
To process and deliver your order including: (a) Manage payments, fees and charges; and (b) Collect and recover money owed to us; and (c) Provide you with a product or service you have requested (including any back-up and restore service), delivering your purchase to you or ensuring that you benefit from any relevant special offer or promotion (and to fulfil our obligations under any other agreement we may have with you) |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications
|
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us)
|
To manage our relationship with you which will include: (a) Notifying you about changes to our terms and conditions or Policy (b) Asking you to leave a review or take a survey
|
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications
|
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated; and to study how customers use our products/services; and for research purposes)
|
To enable you to partake in a prize draw, competition or complete a survey
|
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Financial
|
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to study how customers use our products/services and to develop them)
|
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
(a) Identity (b) Contact (c) Technical
|
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|
(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical
|
Necessary for our legitimate interests (to study how customers use our products/services, to develop such products/services, to grow our business and to inform our marketing strategy)
|
To use data analytics to improve and enhance our existing products, services and applications and develop new offerings, recommendations, advertisements and other communications and learn more about customers’ shopping preferences in general.
|
(a) Technical (b) Usage
|
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|
To make suggestions and recommendations to you about goods or services that may be of interest to you, including carrying out surveys to better understand your preferences.
|
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile
|
Necessary for our legitimate interests (to develop our products and services)
|
To prevent fraud and for investigation purposes, for example, using device information such as device ID(s) to ensure that any vouchers or discounts relating to any promotions or campaigns are not being redeemed fraudulently, checking that a payment is not made fraudulently. |
(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Financial
|
Necessary to comply with a legal obligation
|
To create and manage customer database(s). As part of our ongoing customer relationship management activities, we may consolidate several databases into one or otherwise link separate databases to more effectively manage your accounts. Information may be linked via a unique identifier, such as a cookie or account number. Alternatively, we may decide to combine two or more databases into a single database of customer information. We may do this for your and/or our convenience (for example, to allow you to more easily register for a new service), to allow us to provide more seamless customer support whenever you contact us and to provide you with better, personalised services, content, marketing and adverts. |
(c) Financial (d) Transaction (e) Technical (f) Enquiry (g) Profile (h) Usage (i) Marketing and Communications |
Necessary for our legitimate interests (to ensure that we have optimal data management practices in place) |
To consider employing you if you contact us via one of job application areas or pages of our websites.
|
(a) Identity (b) Contact
|
Necessary for our legitimate interests (to ensure that we employ high performing staff and to ensure an optimal performance of our business operations)
|
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
2.4 General
We may also use information we collect for the following general purposes:
2.4.1. Marketing communications
2.4.1.1. We may use your Identity, Contact, Technical, Usage and Profile Data to provide you with product and service updates, newsletters and other communications about existing and/or new products and services by post, email, telephone, in-device messaging and/or text message (SMS).
2.4.1.2. You will only receive marketing communications from us (i) if you have requested information from us; or (ii) purchased goods or services from us; or (iii) if you provided us with your details when you entered a competition or registered for a promotion and, in each case, if you have opted in for receiving such marketing.
2.4.1.3 We will get your express opt-in consent before we share your personal data with any third party company for marketing purposes.
2.4.2. Opting out of marketing communications
2.4.2.1. You can ask us or third parties to stop sending you marketing messages at any time by clicking the "unsubscribe" button at the bottom of the emails or by contacting us or such third parties at any time.
2.4.2.2. Where you opt out of receiving these marketing messages, such opt out will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
Please note that we may occasionally send you important information (including via email) about our products and services that you are using or have used including essential software updates, changes to applicable terms and conditions and/or other communications or notifications as may be required to fulfil our legal and contractual obligations to provide warranty or after sales repair services. These important product and/or service communications are not affected by your opt-out of any marketing communications.
2.4.3 Publish your reviews, comments and content
Where you have uploaded product reviews, comments or content to our websites or services and made them publicly visible, we may link to, publish or publicise these materials elsewhere including in our own advertisements.
2.4.4 Forums
Each time you create or reply to a post or thread on a website forum from us, in addition to providing this forum service, we may also record the forum name and the time and date of your post or thread with your account details. We do this to better understand the ‘typical users’ of our forums and to select or tailor our marketing communications to reflect your forum activity. We do not use the actual content of your forum posts or threads for purposes of sending marketing communications.
2.5. Sharing your personal information
We may have to share your personal data with the third parties set out below for the purposes set out in the table in paragraph 2.3. above.
(a) our payment services providers for services relating to our website and services to which you have subscribed to which may be handled by our payment services provider. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
(b) one or more of the selected third party suppliers of goods and services identified on our website to which you have specifically consented to share your personal data with for the purposes set out in such consent or to fulfill our contractual obligations. Each such third party will act as a data controller in relation to the data that we supply to it; and upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party's use of your personal data.
(c) our authorised data processors and service providers for the purposes of providing certain data processing services for us (acting as our authorised data processors). Examples of authorised data processors could include evaluation and research agencies, billing and fulfilment partners, data analytics providers who process information on our behalf for the purposes outlined above. For example, we may use the services of third parties to personalise content, fulfil orders, deliver packages, send postal mail and emails, send text messages (SMS), provide marketing assistance, process credit card payments, provide fraud checking services and provide customer services. When acting as our authorised data processors, our service providers are required to only process data in accordance with our instructions, in line with this Policy, and are subject to appropriate confidentiality and security obligations. Authorised data processors currently used, but not exhaustively, include: www.newmind.co.uk, Pure360 and Cvent
(d) our professional advisers insofar as reasonably necessary for the purposes of managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
(e) to government bodies such as the Department for Digital, Culture, Media & Sport and law enforcement agencies to prevent fraud, to comply with applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies.
Anonymous statistics
We prepare anonymous, aggregate or generic data (including “generic” statistics) for a number of purposes as outlined above. As we consider that you cannot reasonably be identified from this information, we may share it with any third party (such as our partners, advertisers, industry bodies, the media and/or the general public).
2.6. International transfers of your information
In this paragraph, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
2.6.1. The hosting facilities for our website(s) are situated in Ireland and the United Kingdom.
2.6.2. Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
2.6.3. Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us using the details set out at the bottom of this Policy if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
2.7. Security of your personal information
While we can’t guarantee that unauthorised access will never occur, rest assured that we take great care in maintaining the security of your personal data to prevent unauthorised access to it, through the use of appropriate technology and internal procedures.
What we do to protect your information
We take a number of steps to protect your information from unauthorised access, use or alteration and unlawful destruction, including where appropriate:
What you should do to protect your information
As general best practice on the Internet, it is recommended that individuals take great care with user accounts, and follow some basic rules:
2.8. Cookies
2.8.1. Our websites use industry-wide technologies, such as “cookies”, to collect information about the use of our websites and email communications. When we provide online services, we want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your device, for example, computer or mobile phone. These include small files known as “cookies”. They cannot be used to identify you personally. For instance, these technologies may tell us which visitors clicked on key elements (such as links or graphics) on a website or email and recognise your browser the next time you visit our websites.
2.8.2. Cookies allow us to customise your experience to better match your interests and preferences, or to simply facilitate your signing in to use the services. Most browsers will allow you to erase cookies from your computer hard drive, block acceptance of cookies or receive a warning before a cookie is stored. However, if you block or erase cookies, we may not be able to restore any preferences or customisation settings you have previously specified, and our ability to personalise your online experience would be limited. Please refer to your browser instructions to learn more about these functions.
2.8.4. Cookies are used to improve online services for you through:
2.8.5. We are using cookies for the following purposes:
The following third-party plugins and scripts that set data in cookies are embedded in our site, meaning we are responsible if they are stored without the user’s consent.
2.8.6. First Party Cookies
Cookies set by VisitBrighton’s web domain are known as 'first-party' cookies. Some are necessary to the functionality of the site, others provide information to us that we analyse to monitor and improve the site. Our cookies do not store details such as your name, address, telephone number, payment information or anything else that makes you personally identifiable to us. Typically, the cookies set by us generate a random, unique number to store information about a user. The cookies are simply used to record the areas of a site that you visit and for how long. This helps us to monitor the usability of our website and to improve its quality. If you would like to block, restrict or delete cookies from our sites, you can use your browser to do so. Each browser is different, so you may need to refer to the 'Help' section of your browser to find out how to alter your cookie preferences.
How to manage cookies
If you want to disable cookies in your browser, you can set your browser accordingly, using its menu bar. You should be aware that, if cookies aren’t enabled on your computer, we are unable to personalise and improve our service to you.
You can find out more about opting out of cookies and safeguarding your online experience by visiting the Network Advertising Initiative website (please note that we are not responsible for the content of external websites).
2.8.7. Third-party cookies
When you visit our websites you may notice some cookies that are not related to us. When you visit one of our pages containing embedded content, such as a video hosted on YouTube, you may be sent cookies from these third party websites. We have no control over the setting of these cookies set by third parties. If cookies concern you, it’s best to check the third-party websites for more information about their cookies and how to manage them.
This site also uses content from third party media, which may set third party cookies. VisitBrighton does not control the dissemination of these cookies. You should check the relevant third party website for more information about these.
YouTube
2.8.8. Other third party cookies
To offer the best user experience on our site, we sometimes embed other widgets, photos and video content from external websites such as flickr. Pages with this embedded content may present cookies from these websites.
VisitBrighton does not control the dissemination of these cookies. You should check the relevant third party website for more information about these.
2.9. Links to third party sites
Some of our websites may contain links to other third party websites that are not operated by us. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those third party websites. We strongly encourage you to view the privacy and cookie policies displayed on those third party websites to find out how your personal information may be used.
2.10. Retaining and deleting personal data
2.10.1. This paragraph sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
2.10.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
2.10.3. Subject to paragraphs 2.10.4. and 2.10.5. below, we will retain your personal data as follows:
(a) personal data categories will usually be retained for a maximum period of 24 months following receipt unless such data is updated;
(b) general files can be retained for a period of 6 years since receipt by us;
(c) emails can be retained for a period of 7 years since receipt by us.
2.10.4. In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention by taking into consideration the period necessary for retention for its lawful purpose.
2.10.5. Notwithstanding the other provisions of this paragraph, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.11. Access to your information and your rights
In this paragraph, we have provided a summary of the rights that you have under current data protection law. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
2.11.1. Your principal rights under data protection law are:
2.11.2.. You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first electronic copy will be provided free of charge, but additional copies in specific formats may be subject to a reasonable fee.
2.11.3. You have the right to rectify any inaccurate personal data we hold about you and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
2.11.4. In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
2.11.5. In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
2.11.6. You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
2.11.7. You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
2.11.8. You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
2.11.9 To the extent that the legal basis for our processing of your personal data is:
2.11.10. To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
2.11.11. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk (link is external)). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.