Privacy notice and policy

Effective 24th May 2018

Scope: As a data controller we fully comply with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and other relevant legislation. As of May 25, 2018, this will include the processing of personal data as governed by the General Data Protection Regulation (GDPR). This is the privacy policy that applies to the websites of the Nature Stewardship Alliance CIO (NSA) (Registered UK charity 1172519) and The TOFTigers Initiative Ltd, the enterprise arm of NSA. It also covers the data controlling and processing activities of our affiliated organisation the Travel Operators for Tigers India Wildlife Association, a registered New Delhi, Section 25 not for profit company based in India. For the purposes of this document, TOFTigers will be taken to cover all the above organisations. Hereafter “TOFTigers” Personal Information:

  • We collect the information you provide to us, such as your name, your postal or email address.
  • We collect non-personal information such as browser type and web pages visited to help manage our websites and to improve your overall experience.
  • We use cookies and web beacons to manage our email programs and websites. We do NOT use these technologies to collect or to store personal information.

Uses:

  • We use the information you provide to place requests or orders through our websites
  • We send you information about promotions and other marketing events via mail and email that you have expressed an interest in
  • We do NOT share your information with unrelated third parties for their marketing purposes.
  • We use personal information consistent with the purpose you provided it to us.

Your Choices:

  • You may request to be removed from our system by contacting us.
  • You may request access and revisions to the personal information you submitted by contacting us.

Important Information:

  • TOFTigers respects your privacy, and we will do our best to earn and keep your trust.
  • TOFTigers complies with the UK and EU data protection laws.

How to Contact Us:

Glyn House
Westhill
Wincanton
BA9 9BY
Telephone: 01963 824514
Email: admin@toftigers.org (Strapline add Data Processing)

TOFTigers Privacy Policy - effective 24th May 2018

TOFTigers respects your privacy, and we will do our best to earn and keep your trust. All Personal Information that you share with us is treated with the utmost care. TOFTigers has created this Privacy Policy in order to demonstrate our firm commitment to the privacy of all our members, clients, sponsors, supporters and staff within the UK and Internationally.

This Privacy Policy identifies what Personal Information we collect when you use our websites or other online services, what choices you can make about your Personal Information, how we use this data, and how we protect your Personal Information, and applies to all Personal Information provided to us in our sites or through our websites or other online services.

We may, but shall not be required to, also process Personal Information submitted relating to individuals in the EU via other compliance mechanisms, including data processing agreements based on the EU Standard Contractual Clauses.

CONTENTS

What is Covered by This Policy?

This Privacy Policy applies to websites and sites operated by or on behalf of TOFTigers across the UK. The purpose of this policy is to tell you what information we collect, how it is used, where it is used, and how to contact TOFTigers with privacy inquiries. Websites of TOFTigers may contain links to websites not owned or operated by TOFTigers. TOFTigers, is not responsible for the content, privacy policies, or practices of those websites. We recommend that you review the privacy policies of each site you visit.

Personal Information We Collect

TOFTigers collects information, including Personal Information that you provide us when you visit our website. “Personal Information” that will be collected or processed by TOFTigers includes:

  • Title, first and last names, private or company addresses, country, contact number and enquiry details.
  • email address;
  • password;
  • Some web browsers may transmit “do not track” signals. Web browsers may incorporate or activate these features differently, making it unclear if users have consciously activated them. As a result, at this time we do not take steps to respond to such signals.

TOFTigers may collect Personal Information in a variety of ways including directly from browsers while online when you use any of our online tools or features or applications.

How We Use Your Personal Information

TOFTigers collects and uses your Personal Information to:

  • Conduct business with us or a third party.
  • Gain enquiries on our members or other features
  • Improve your experience with us
  • Process, support and follow up on events
  • Run award nominations and competitions
  • Create and maintain accounts
  • Help you receive email and direct mail
  • Help you send us testimonials or other communications
  • Permit you to apply for a job

We process Personal Information submitted by our members and stakeholders for the purpose of providing the above-referenced services (collectively, the “Services”) to them. To fulfill these purposes, we may access Personal Information to provide the Services, to prevent or address service or technical problems, to respond to customer support matters, to follow the instructions of a customer who submitted the Personal Information, or in response to contractual requirements with our students and service providers.

Where you have entered into a contract with TOFTigers, we will process your Personal Information in order to meet our obligations and exercise our rights in terms of that contract.

In other cases, TOFTigers has a legitimate interest in processing Personal Information which allows us to provide you with a better customer service; and to send marketing emails to you where you have enquired, downloaded or purchased goods from us and where you have not opted out from receiving those messages.

There may be some occasions where we seek your consent to process Personal Information but in those cases we will provide full details of what TOFTigers is seeking consent for, so that you will be able to carefully consider whether to provide that consent.

How we Process Your Personal Information

When processing Personal Information TOFTigers ensures that:

  • it is processed lawfully, fairly and in a transparent manner ('lawfulness, fairness and transparency');
  • it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; ('purpose limitation')
  • it is all adequate, relevant and limited to what is necessary in relation to the purposes for which the Personal Information is processed; ('data minimisation')
  • it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that Personal Information that is inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay ('accuracy')
  • it is kept in a form which permits identification of you for no longer than is necessary for the purposes for which the Personal Information is processed; ('storage limitation')
  • it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures ('integrity and confidentiality').

TOFTigers will facilitate any request from you to exercise you rights under data protection law and the General Data Protection Regulation as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay.

TOFTigers will also:

  • ensure that the legal basis for processing Personal Information is identified in advance and that all processing complies with the law.
  • not do anything with your Personal Information that you would not expect given the content of this policy.
  • ensure that appropriate information is provided advising how and why Personal Data is being processed, and in particular advising data subjects of their rights.
  • only collect and process the Personal Information that we need for the purposes we have identified in advance.
  • ensure that as far as possible the Personal Information we hold is accurate, or a system is in place for ensuring that it is kept up to date as far as possible.
  • only hold onto your Personal Information for as long as it is needed after which time we will securely erase or delete the personal data. TOFTigers Data Retention Policy sets out the appropriate period of time.
  • ensure that appropriate security measures are in place to ensure that Personal Information can only be accessed by those who need to access it and that it is held and transferred securely.

Your Choices and Access to Your Personal Information

Our email, website, and other interactive programs allow you to choose to receive or to stop receiving communications from us.

TOFTigers honors a “once out – always out” policy. Once you opt out, you are opted out of that type of communication and that brand until we are explicitly told in writing to opt you back in. You may opt out of email programs at any time by following the opt-out instructions provided in the email you receive. You also have the following rights:

Subject access: the right to request information about how Personal Information is being processed including whether Personal Information is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:

  • the purpose of the processing
  • the categories of personal data
  • the recipients to whom data has been disclosed or which will be disclosed
  • the retention period
  • the right to lodge a complaint with the ICO in the United Kingdom
  • the source of the information if not collected direct from the subject
  • the existence of any automated decision making.

Rectification: the right to allow data subject to rectify inaccurate Personal Information concerning them.

Erasure: the right to have data erased and to have confirmation of erasure, but only where:

  • the data is no longer necessary in relation to the purpose for which it was collected; or
  • where consent is withdrawn; or
  • where there is no legal basis for the processing; or
  • there is a legal obligation to delete data.

Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:

  • if the accuracy of the personal data is being contested; or
  • if our processing is unlawful but the data subject does not want it erased; or
  • if the data is no longer needed the data for the purpose of the processing but it is required by the data subject for the establishment, exercise or defence of legal claims; or
  • if the data subject has objected to the processing, pending verification of that objection.

Data portability: the right to receive a copy of Personal Information which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller.

Object to processing: the right to object to the processing of Personal Information relying on the legitimate interests processing condition unless TOFTigers can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defense of legal claims.

Personal Information is to be used for a purpose other than those for which it was originally collected or subsequently authorized by such user. We will treat as sensitive any Personal Information received from a third party where the third party identifies and treats it as sensitive.

Sharing Personal Information with Third Parties

We may disclose or transfer Personal Information in connection with, or during negotiations of, any merger, sale of company assets, product lines or divisions, or any financing or acquisition. We may also disclose Personal Information to prevent damage or harm to us, our Services, or any person or property, or if we believe that disclosure is required by law (including to meet national security or law enforcement requirements), or in response to a lawful request by public authorities. Except as described in this Privacy Policy, we will not otherwise disclose Personal Information to third parties unless you have been provided with an opportunity to opt in to such disclosure.

TOFTigers does not release the Personal Information it collects from you to any unrelated third parties so that they may send you commercial promotions or offers for products or services.

Except as described in this Privacy Policy, we will not otherwise disclose personal data to any third parties unless you have provided consent to such disclosure and, in the case of personal data collected from children, the appropriate verifiable consent is obtained.

If an individual wishes to opt out or limit the use and disclosure of their personal data to a third party or a use that is incompatible with the purpose for personal data was originally collected or authorised, the individual may send such request to admin@toftigers.org

Personal Information Security

TOFTigers maintains reasonable and appropriate security measures designed to help protect against loss, misuse, and alteration of Personal Information collected by TOFTigers, which include:

  • physical and logical access controls, including firewall, limited access, and SSL encryption technology, that limit who can access personal data based on business/processing need;
  • All logins are performed via Secure Sockets Layer (SSL) communication.
  • All modifications you make to your user profile are performed via Secure Sockets Layer (SSL) communication.
  • All online payments are performed via Secure Sockets Layer (SSL) communication with a secure third party payment gateway service.
  • All server software used by our website is password protected.
  • All server hardware used by our website is physically secured against theft.
  • Privacy policies for personal data (this document) and for employee personal data (a copy of which may be requested at admin@toftigers.org );
  • Annual employee training on our privacy policies;
  • Employees who are bound by confidentiality obligations;
  • The appointment of a Privacy Officer to handle all personal data incidences or issues, including, without limitation, the handling of individual requests related to his/her personal data processed by TOFTigers; and

Passive Data Collection – Cookies and Web Beacons

Our website may also collect Personal Information passively, through the use of cookies. A cookie is a small text file that writes to your hard drive. The cookie file contains your computer’s IP address and a user ID. The user ID links any orders you have placed on our site to your Personal Information. A user ID has no personally identifiable information attached to it unless you place an order on our site. Our website uses cookies to enhance the customer/ site visitors’ experience and help us improve our services. For example, the cookies we set are:

Cookies We Set

  • Account related cookies

    If you create an account with us, then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out.

  • Login related cookies

    We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

  • Email newsletters related cookies

    This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.

  • Forms related cookies

    When you submit data to through a form such as those found on contact or enquiry ages or comment forms cookies may be set to remember your user details for future correspondence.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

  • This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

    For more information on Google Analytics cookies, see the official Google Analytics page.

  • From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features, these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.

  • We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including Facebook, Twitter, LinkedIn, Instagram and YouTube, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

TOFTigers uses web beacons in emails to track traffic from the email to specific pages on our websites. You may be able to adjust your browser so that your computer either does not accept cookies, or notifies you when a website tries to deposit a cookie into your computer. Our cookies do not contain confidential Personal Information such as your home address, telephone number, or credit card information.

Changes to This Privacy Policy

We may amend this Privacy Policy at any time. If we make any changes in the way we collect, use, and/or share your Personal Information, we will notify you by sending you an email at the last email address that you provided us, or by prominently posting notice of the changes on the web sites covered by this Privacy Policy.

Data Controller

Your Personal Information is protected in the United Kingdom by the Data Protection Act 2018 (the “Act”), the General Data Protection Regulation 2016/679; and all relevant EU and UK data protection legislation. Under the Act we will only process your Personal Information in a lawful and fair manner. We will secure your Personal Information to prevent unauthorized access by third parties.

For the purposes of the Act, the data controller of TOFTigers is Glyn House, Westhill, Wincanton, BA99BY and registered with the Information Commissioner’s Office with registration number ICO:00010267384

All Personal Information collection and processing in the United Kingdom or India by TOFTigers will be undertaken by TOFTigers in accordance with the terms of this privacy policy.

TOFTigers are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. We cooperate with country data protection authorities if they believe that a privacy problem has occurred.

Contact Us

If you have any questions regarding your privacy, please contact TOFTigers directly:

Glyn House
Westhill
Wincanton
BA9 9BY
Telephone: 01963 824514
Email: admin@toftigers.org (Strapline add Data Processing)

If you believe that TOFTigers has not complied with your rights in relation to your personal data in relation to processing in or related to the United Kingdom, you can complain to the Information Commissioner’s Office. Their contact details are available at www.ico.org.uk