- Information about Numerise and Sparx
- Information about this Notice
- Why does Numerise use personal data?
- How does Numerise get personal data?
- What personal data does Numerise collect?
- Cookies and third party websites
- How does Numerise share your data?
- How long is data stored for and what happens to it?
- International transfers
- Security of personal data
- Your rights
- How to contact us
Information about Numerise and Sparx
Sparx Limited (company number 07907042) (Sparx) is the entity responsible for the collection and use of personal data by Numerise. Sparx is registered as a data controller at the Information Commissioner’s Office (ICO) with registration number ZA006725.
Information about this Notice
This Privacy Notice applies to individuals who provide personal data directly to Numerise, including any personal data provided through our website (www.numerise.com) or social media channels (including our Twitter, Facebook, Instagram and YouTube accounts), or which Numerise obtains other than through the provision of our learning technology. It does not apply to any personal data collected and used by Numerise in connection with the learning technology that we provide to Numerise users. Privacy information in respect of our learning technology provided to Numerise users is available at https://www.numerise.com/privacy-notice/.
Numerise is committed to protecting and respecting your privacy and ensuring best practice compliance with data protection laws. Our Privacy Notice gives you information about how Numerise collects, uses and protects any personal data that you provide to us, including any personal data provided through our website. It is important that you read our Privacy Notice.
Any changes we may make to our Privacy Notice in the future will be posted on this page, so you will always know what personal data we collect about you, the purposes we might use it for and to whom we might disclose it.
This version of our Privacy Notice was published in November 2020 and applies to the collection and use of personal data by Numerise from 1 November 2020. It aligns with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR). Earlier versions of our Privacy Notice can be obtained by contacting Numerise’s Data Protection Officer (whose contact details are set out in the ‘How to contact us’ section of our Privacy Notice).
Why does Numerise use personal data?
Personal data is any information about an individual which can identify that person. It does not include any information where the individual’s identity has been removed (this is known as anonymous data), which we may collect, use and share for any purpose.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- Where we need to perform the contract we are about to enter into or have entered into with you.
Generally we do not rely on consent as a legal basis to use your personal data, other than where you have agreed that your personal data may be used by us or any third party to send you marketing information. You have the right to withdraw your consent to such uses at any time.
Set out below is a description of all the ways we plan to use your personal data. We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and will explain the legal basis which allows us to do so.
Please note that we may use your personal data without your knowledge or consent where this is required or permitted by law.
Personal data you give to us or that we collect about you
We may use personal data in the following ways:
- to allow you to access our website;
- to provide you with information, guides, products and services that you may request from us;
- to provide you with other information that is similar to that which you have already enquired about or that we feel may interest you;
- to improve our products and services;
- to improve our website and ensure that content from our website is presented in the most effective manner for you and for your computer;
- to monitor and administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to allow you to participate in any interactive features of our service, when you choose to do so;
- to allow you to participate in any competitions that we may run from time to time, when you choose to do so;
- as part of our efforts to keep our website safe and secure; and
- for internal record keeping.
Personal data we receive from other sources
- We may combine personal data we receive from other sources with the personal data you give to us or that we collect about you.
- We may use personal data we receive from other sources and/or combined personal data for the purposes set out in paragraph 2 of this section of our Privacy Notice (depending on the types of personal data we receive).
Save where provided for in paragraph 2 of this section of our Privacy Notice, we will not use your personal data for marketing purposes without your explicit consent. We will inform you (before collecting your personal data) if we intend to use, or disclose to any third party, your personal data for such purposes. Where you have provided your consent to receive marketing information from us or any third party, you will be given the opportunity to opt out of receiving any future marketing information by checking certain boxes on the forms we use to collect your personal data or unsubscribing from marketing emails via the hyperlink provided in such emails. You may also opt out of receiving any future marketing information at any other time by contacting Numerise’s Data Protection Officer using the contact information set out in the How to contact us section of our Privacy Notice.
How does Numerise get personal data?
You may provide your personal data to us by filling in forms or submitting information via our website or linked third party websites (including social media channels), or by corresponding with us by phone, e-mail or otherwise.
What personal data does Numerise collect?
We may collect the following personal data about you:
- Personal data you give us: The personal data you give us may include your name, address, e-mail address, social media handles and phone number, information about personal activities and circumstances, feedback, comments and other correspondence containing personal data.
- Personal data we collect about you: With regard to each of your visits to our website, we may automatically collect the following personal data:
- Technical information, including the internet protocol (IP) address used to connect your computer to the internet, your browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from our website.
- Personal data we receive from other sources: We may receive personal data about you if you use any of the other websites operated, or other services provided, by Sparx or other members of our group. We may also receive personal data about you from:
- commercial data providers;
- research partners and project collaborators (including prospective research partners and project collaborators); and
- publicly available sources.
Cookies and third party websites
Our website may, from time to time, include links to third party websites (including social media platforms), plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third party websites, plug-ins or applications and are not responsible, and do not accept any liability, for their compliance with data protection laws.
When you leave our website, we encourage you to read the privacy policies of every website you visit or plug-in or application you download, in particular before submitting any personal data to those websites, plug-ins or applications.
How does Numerise share your data?
To other members of our group
We may share your personal data with any companies within our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006, and any associated companies which have common ownership.
To third parties
We may share your personal data with selected third parties, including:
- business partners and service providers in connection with the performance of any contract we enter into with them or you;
- third parties who provide email delivery, customer relationship management and helpdesk services, or any other services which we choose to outsource;
- IT hosting services;
- research partners and project collaborators (including prospective research partners and project collaborators); and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
A list of the third parties with whom we share your personal data is available here. This list will be updated regularly. We may also share your personal data with other third parties:
- in the event that we sell any business or assets or enter into any joint venture arrangements, in which case we may disclose or transfer your personal data to the buyer of such business or assets or our joint venture partners;
- if we are under a duty to disclose or share your personal data with any regulatory or law enforcement authorities and are required to do so;
- in order to exercise or defend our legal rights or in connection with any legal proceedings or anticipated legal proceedings; and
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to use your personal data for specified purposes and in accordance with our instructions.
How long is data stored for and what happens to it?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we use your personal data, whether we can achieve those purposes through other means and applicable legal requirements.
The majority of the personal data we collect will be stored and used in the UK at our offices and in our secure data centres. We will only transfer your data outside of the European Economic Area (EEA) where it is necessary for us to do so because there are no reasonable and commercially appropriate alternatives based in the EEA. Where any of our sub-processors store data we send to them for processing on our behalf outside of the EEA, we ensure protection is afforded to it by implementing at least one of the following safeguards:
- We will only transfer your personal data to service providers located in countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers (including those based in the US), we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- We will undertake a detailed adequacy assessment of the service provider to validate that it has good privacy safeguards and security features in place to prevent unauthorised access of data we send it.
A list of the support companies with whom we share personal information can be found [here]. This list will be updated regularly.
Security of personal data
We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also conduct regular penetration testing and have obtained the Cyber Essentials certification.
In addition, we limit access to your personal data to those directors, employees and other third parties who have a business need to know. They will only use your personal data for specified purposes and are required to keep your personal data confidential.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our website; any transmission is at your own risk.
In certain circumstances, you have legal rights under GDPR in relation to your personal data which are known as data subject rights. Those rights are:
- The right to be informed of processing.
- The right to access personal data by making a subject access request.
- The right to rectification where personal data is inaccurate or incomplete.
- The right to erasure, sometimes called ‘the right to be forgotten’.
- The right to restrict processing.
- The right to data portability.
- The right to object to processing.
- The right not to be subject to a decision based solely on automatic processing.
Where you seek to exercise any of your data subject rights, we may need to request specific information from you to help us confirm your identity and establish your right to exercise such rights. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to exercise your data subject rights to speed up our response. Your legal rights do not apply in all instances. We will inform you if, in the context of your request, we do not consider that your legal rights apply.
If you wish to exercise any of your data subject rights set out above, please contact the Data Protection Officer using the contact information set out in the How to contact us section of our Privacy Notice.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to make a complaint at any time to the ICO regarding the collection and use of personal data by Numerise. However, we would appreciate being given the chance to help you with your concerns before you approach the ICO, so please contact us using the details below in the first instance.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
How to contact us
Numerise has appointed a Data Protection Officer who can answer questions in relation to this Privacy Notice. If you have any questions or would like more information about the collection and use of personal data by Numerise, you can contact our Data Protection Officer by sending an email to [email protected] or by writing to us at Numerise, Sparx Limited, Oxygen House, Grenadier Road, Exeter, Devon EX1 3LH.