As a part of the University of Exeter, Reed Hall (“Our”, “Us”, “We”) is a data controller and is committed to protecting your personal data and working in accordance with all relevant data protection legislation. It is necessary for Us to collect and process your data in order for Us to fulfil Our contract with you and deliver the products and services you have requested or purchased from Us. Dependent upon your consent, we may also provide you with information about our products and services. This Privacy Notice explains exactly how We process and use the data We collect.
2. What data do we hold?
We hold the personally identifiable information, such as the name, title, email address, home or work address and telephone number of Our customers and external providers under contract to Us. Where it has a direct bearing on booking requirements, We may also request other information pertaining to personal health and dietary preferences. We only hold the minimum amount of data necessary.
With regard to financial data, customers who book directly through the Reed Hall (www.reedhall.co.uk) and Event Exeter (eventexeter.com) websites, and delegates who book through the Online Delegate Registration website, will have their payment details (name, email, address, payment reference, amount paid) stored on the University of Exeter’s Web Payment Management (WPM) system.
We carry out market research activities (data capture competitions, face-to-face data capture, focus groups), through which We may capture personally identifiable information.
We also carry out customer research by providing customers with access to feedback questionnaires. Although this feedback is anonymous, the questionnaires provide the opportunity for free text comments, in which a customer may supply personally identifiable information about themselves, other customers or members of staff.
There is also information about your computer hardware and software that may be automatically collected when you visit the Event Exeter (eventexeter.com) or Reed Hall (www.reedhall.co.uk) webpages, or Our social media webpages. This information is held by the University of Exeter and relevant third party social media companies, and is accessible to Us. It can include: your IP address, domain names and access times. These sites may use “cookies” to help you personalise your online experience. You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer.
3. How do we use your data?
We process your data to enable Us to carry out Our activities in accordance with Our objectives, and for Our administrative purposes to enable Us to fulfil Our contractual obligations to you.
Primarily We use your data to deliver the products and services that you have requested or purchased from Us. Dependent upon your prior consent, We also use your personally identifiable information to provide you with more information about Our products and services.
We may also publish, with your consent, your personally identifiable information on the Event Exeter website (eventexeter.com), the Reed Hall website (www.reedhall.co.uk), or Our social media webpages. This may be in the form of customer testimonials, sounds, images and/or video.
Some of the personal data collected through Our customer feedback channels may be used as evidence that we have not fulfilled Our contract with you. However, the majority of personal data contained in customer feedback will be processed on the basis that it is in Our legitimate interest to do so. This means that it is in Our and your interest to ensure that We are delivering a service that meets your expectations. Processing customer feedback allows Us, therefore, to continually improve the products and services we offer.
Any personal data collected through market research activity is used to help Us gain a better understanding of Our existing customers, and make more informed decisions regarding the products and services We offer.
4. How will we share your data?
Where relevant, We may share data with other University of Exeter internal providers involved in the delivery of products or services you have purchased from Us: Event Exeter, Facilities Management, Engineering & Direct Works, Grounds, Residential Services, Retail Catering or Sport. Customers may also be contacted directly by the University of Exeter’s Finance Services, who hold personal data for invoicing purposes.
Where customers pay by debit or credit card using a payment terminal, personal and financial data is transmitted to the Merchant responsible for processing payments, Realex Ltd, and a limited amount of data (name, payment reference, amount paid and the last four digits of you card number) is held by University of Exeter Finance Services.
We may also share your personal data with relevant external providers under contract to Event Exeter, where it is directly related to the delivery of products or services you have purchased from Us. Ordinarily, this data will be used by these external providers solely for the purpose of delivering the products and services you have purchased. However, an external provider may wish to use your data for other purposes, such publishing information about your event (e.g. photos) on their social media or company webpages. If this is the case, either Event Exeter or the external provider in question will seek your explicit consent beforehand.
Personal data received from customer feedback will only be shared with those internal and external providers to which the feedback is directly relevant.
We ensure that appropriate data sharing agreements are in place prior to sharing your personal data.
5. How do we protect your data?
We use the Kinetic Solutions Management Database system to store and organise Our customer data, which is held securely on the University of Exeter’s servers. All staff who access the database have completed the University of Exeter’s data protection training. Only customer details are accessible to staff. No payment details are accessible.
Archived paper documents are held securely on University of Exeter premises for the duration of Our retention schedule, before being disposed of as confidential waste.
The University of Exeter’s Web Payment Management (WPM) system and Realex Ltd are both compliant with the Payment Card Industry Data Security Standard (PCI DSS). To find out more about PCI Compliance, visit: www.pcisecuritystandards.org
Our customer feedback surveys are created using software supplied by Online Surveys (OS), Customer Research Technologies (CRT) Ltd and Service Monitor Ltd. All survey data is held on the secure servers of these third parties.
Any personal data gathered through market research activities (data capture competitions, face-to-face data capture, focus groups) is held securely on the University of Exeter’s servers.
Any personal data used as part of ongoing marketing and publicity campaigns on our social media webpages is held on the secure servers of these third parties. These include: Facebook, Google+, Instagram, Pinterest, Twitter and Youtube pages.
6. How long do we keep your data?
We retain your personal information for six years after the year it is collected, in order to comply with the University of Exeter Finance Services’ retention schedule for financial accounting, and with the Limitation Act 1980. After this period, all customer data is anonymised. For more information on the University of Exeter’s data retention schedules, visit www.exeter.ac.uk/ig/records/guidance/
7. Your rights and preferences
If you no longer wish to receive communications by post, telephone or email, please contact Event Exeter on 0300 555 0214 or email@example.com, specifying which communication channels you wish to unsubscribe from, or click on the unsubscribe link in any of Our communications or websites.
This Privacy Notice will be kept under review. Any changes will be updated on our website and communicated to you as appropriate. This Privacy Notice was last updated in April 2018.
You have the right to:
- ask to see, correct or delete the data we hold about you
- object to specific data uses, as described above
- object to receiving communications and direct marketing
8. Further Information
The University of Exeter’s Data Protection Officer is responsible for monitoring compliance with relevant legislation in relation to personal data and can be contacted at firstname.lastname@example.org. You can also contact the DPO if you have any queries or concerns about Event Exeter’s processing of your personal data. You have the right to lodge a complaint with the Information Commissioner’s Office at www.ico.org.uk/concerns.