NatureSpace Partnership values your privacy and looking after your personal data is very important to us. We comply with the relevant data protection legislation and your information is stored securely on our systems. We are committed to the responsible collection, use, transfer, disclosure, and management of your personal information and to the principles of lawfulness, fairness and transparency. 

This privacy notice provides you with details of how we collect and use your personal data. Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. The personal data that we use is set out in Part 2, below. NatureSpace Partnership is both a controller and processor of data. 

1. INFORMATION ABOUT US 

NatureSpace Partnership Limited is a private limited company registered in England under company number 10755017, VAT number 269924745 and having its registered office at 22 St. Peter’s Street, Stamford, Licolnshire, England, PE9 2PF. 

For more information about data protection at NatureSpace please contact info@naturespaceuk.com or 01865 688307 or by post to the above registered address. 

2. TYPES OF DATA WE COLLECT 

We may collect some or all of the following personal data (this may vary according to your relationship with us): 

  • Name 
  • Address 
  • Email address 
  • Telephone number 
  • Business name 
  • Job title 
  • Profession 
  • Payment information 
  • Site details 

3. HOW WE COLLECT YOUR PERSONAL DATA 

We may collect data about you by you providing the data directly to us – for example via any communication you send to us, whether that be through email, text, through the enquiry form on our website or any other communication you send to us. 

We may also receive and process data from publicly available materials (such as planning websites) or from trusted third parties such as marketing and research experts. We use Barbour ABI, a provider of construction industry intelligence, to gain data on development projects in our areas of operation. Barbour ABI process personal data via the lawful bases of consent and legitimate interest obtained via strict procedures that comply with the GDPR – gaining consent from industry professionals to pass on their email addresses. Barbour ABI complies with the relevant data protection legislation and there is a two-fold consent process, verbal and via email stating what project they are connected to and how the data will be used. We ensure that any data we process is kept up to date and that any preferences indicated by customers are adhered to. 

We will ensure that any companies from whom we receive data are compliant with the relevant data protection regulations. 

4. OUR PURPOSES AND LAWFUL BASES 

Under the GDPR we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, or because you have consented for your personal data to be used, or because it is in our legitimate business interests to use it. The purposes and lawful bases for which we process your personal data include the following: 

Customer data – to manage, administer and provide services to you, such as: providing quotes and services to you, performing our obligations in connection with entry into the district licensing scheme and, taking payments. Our lawful ground for this processing is ‘contract’ – to enable us to provide you with advice, services and documents under the district licensing scheme and to enable us to keep the necessary records for the purpose of delivering, monitoring and reporting on the scheme, in compliance with and to meet, our legal obligations. 

Communications data – where it is necessary for our legitimate business interests, such as: supplying you with information, marketing and market research, improving customer services, quality assurance, training and analysis. We process personal data so that we can communicate with you. Our lawful ground for this processing is ‘legitimate interests’ – to enable us to respond to your queries, to keep you informed about the district licensing scheme and to grow our business. 

User data – to manage and operate our web-based services. This includes data about how you use our website and our online services. We process this data to operate our website and to ensure relevant information is provided to you, to ensure the security of our website, to maintain back-ups of our website and databases and to enable updating and administration of our website, online service and business. Our lawful ground for this processing is ‘legitimate interests’- to enable us to properly administer our business and website and to grow our business. 

We may use customer, communications and user data to deliver relevant information to you about the scheme, including updates, offers and events. Our lawful ground for this is ‘legitimate interests’ in order to grow our business. 

We do not collect any sensitive data about you. Sensitive data relates to information about your race or ethnicity, political opinions, religious or philosophical beliefs, sex life or sexual orientation, trade union membership, or information about your health and genetic or biometric data. 

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing. We may process your personal data without your knowledge or consent where this is required or permitted by law. 

We do not carry out automated decision making or any type of automated profiling. 

5. MARKETING COMMUNICATIONS 

Our lawful ground of processing your personal data to send you marketing communications is either your consent or our legitimate interests (namely to grow our business). We may use your personal data to contact you by email, telephone and or by post with information, news and offers on our services. You will not be sent any unlawful marketing or spam. We will always work to protect your rights under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003 and you will always have the opportunity to opt out of receiving marketing emails from us at any time by following the unsubscribe link on any marketing email sent to you. If you opt out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of your entry into the district licensing scheme and for which we have a legal obligation for us to retain records. 

We never sell your data. We only share customer data with third parties where required to perform the functions of the licensing requirements, namely: local planning authorities (e.g.certificates granted under the licensing scheme); the Compensation Partner (the Newt Conservation Partnership, to ensure that appropriate compensatory measures are provided to comply with legal requirements); and Natural England (the regulatory body responsible for licensing in England, for reporting purposes). We will not share your personal data with any third party for their own marketing purposes unless we have first obtained your express consent. 

6. DISCLOSURES OF YOUR PERSONAL DATA 

We may have to share your personal data with the parties set out below: 

  • Other companies in our group who provide services to us 
  • Service providers who provide IT and system administration services 
  • Professional advisers including lawyers, bankers, auditors and insurers 
  • Government bodies that require us to report processing activities 
  • An actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business 

7. STORAGE AND TRANSFER OF PERSONAL DATA 

We use OneDrive servers for electronic storage and their servers are based in the USA. OneDrive is secure for storage of NatureSpace Partnership business data and the personal data we hold. OneDrive servers are based in the USA and they comply with the EU-US Privacy Shield for data transfer in and out of the European Economic Area (EEA) and therefore are GDPR-compliant with respect to international transfers. OneDrive data is encrypted and protected. 

Our invoicing is done through Xero (UK) Limited, which is the European representative of Xero Limited, a global online platform for small businesses, providing cloud accounting software. Where personal data associated with invoicing is transferred outside of the European Economic Area, it will only be transferred to countries that have been identified as providing adequate protection for EEA data, or to a third party where there is an approved transfer mechanism in place to protect personal data – i.e. by entering into the European Commission’s Standard Contractual Clauses, or, for transfers to US-based third parties, by ensuring the entity is Privacy Shield certified. 

Our email servers are hosted by Microsoft and our website is hosted by 20i and both are encrypted. Our website uses Google Analytics and data may be transferred by Google to the United States. Google complies with the EU-US Privacy Shield Framework. 

8. DATA SECURITY 

We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business need to know such data. They will only process your personal data on our instructions and they must keep it confidential. We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach if we are legally required to. 

9. DATA RETENTION 

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting and reporting requirements. 

For customer data, legal obligations require us to retain certain information for twenty-five years and for tax purposes the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers. In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you. 

10. YOUR LEGAL RIGHTS 

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ To contact us about anything to do with your personal data and data protection, including if you wish to exercise any of the rights set out above, please email us at sarah.garratt@naturespaceuk.com and we will respond to your request within one month. There is not normally a charge for a ‘subject access request’ (a request for details of personal data) unless a request is ‘manifestly unfounded or excessive’, in which case a fee may be charged to cover our administrative costs in responding. 

11. THIRD-PARTY LINKS 

The NatureSpace Partnership website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit. 

12. CHANGES TO THIS PRIVACY NOTICE 

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way which affects personal data protection. Any changes will be made available on our website.