Privacy Notice Guidance
This is a general template for a GDPR compliant Privacy Notice, which can be customised to suit your business needs and offers generic guidance for use. It is important to understand your notification responsibilities and to customise this template to ensure it is relevant and compliant.
The ICO have also published guidance and examples on their website for Privacy Notices; what should be included and suggested formats - Privacy Notice Guidance
REMEMBER: You are obligated to provide a privacy notice to ALL individuals when you process their personal data, but the context/content of the notice will vary depending on the legal basis you are processing under.
If you are using consent as your lawful basis for processing, you must evidence that consent has been obtained via an affirmative action (i.e. signature, non-ticked box). We have provided some consent form templates which can be used in hard copy forms, at the bottom of a privacy notice or accompanying your electronic/website privacy notice if you are obtaining consent. You can also use your own consent form for each data subject, with an unticked, opt-in box or affirmative action mechanism for each processing activity.
If your services are provided to children, you must use child-friendly language in your notice, include any risks of providing data and if relying on consent, verify the age (under 13 for UK) and gain parental consent where applicable (template provided in Consent & Withdrawal Template). You will also need to customise the sections on Non-EU Transfers and Legitimate Interests if applicable, stating the reasons and safeguard mechanisms.
When sending marketing materials to customers, you have the option to use consent or legitimate interests, so we have added examples for each (which you can remove if you do not send marketing).
You can only use legitimate interests for marketing if you have assessed that the information being sent is relative and beneficial to the customer, that you have weighed their interests against your own, there is little to no risk posed, the method & content is non-intrusive, and the material being sent is something a customer would usually expect to receive and you offer the option to opt-out.
Who We Are
SW Race Support Limited (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
SW Race Support Limited trades at SW Race Support Limited, Clover Ct, Tibshelf, Alfreton DE55 5JA. We act as the data controller when processing your data. Our designated Data Protection Officer/Appointed Person is Simon Westwood who can be contacted at SW Race Support Limited, Clover Ct, Tibshelf, Alfreton DE55 5JA at email@example.com.
Information That We Collect
SW Race Support Limited processes your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice.
The personal data that we collect from is: -
We collect information in the below ways: -
Hard copy forms – Application forms etc.
Electronic platforms (e.g. Sage, Quickbooks, Xero etc)
“Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
“Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
Additionally when you make a purchase or attempt to make a purchase through the Site, we collect certain information from you, including your name, billing address, shipping address, payment information (including credit card numbers, Paypal information, email address, and phone number. We refer to this information as “Order Information.”
How We Use Your Personal Data (Legal Basis for Processing)
SW Race Support Limited takes your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law. We only retain your data for as long as is necessary and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time.
We use the Order Information that we collect generally to fulfil any orders placed through the Site (including processing your payment information, arranging for shipping, and providing you with invoices and/or order confirmations). Additionally, we use this Order Information to:
Communicate with you;
Screen our orders for potential risk or fraud; and
When in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our customers browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
You have the right to access any personal information that SW Race Support Limited processes about you and to request information about: -
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
SW Race Support Limited takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: -
How Long We Keep Your Data
SW Race Support Limited only ever retains personal information for as long as is necessary and we have strict review and retention policies in place to meet these obligations. We are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
Occasionally, UK Race Support would like to contact you with the products/services/promotions] that we provide. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by contacting UK Race Support directly.
If you consent to us contacting you with the above-mentioned marketing and offers, please tick to say how you would like to be contacted: -
Post ☐ Email ☐ Telephone ☐ Text Message (SMS) ☐ Automated Call ☐
Lodging A Complaint
SW Race Support Limited only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information, you have the right to lodge a complaint with the supervisory authority.
[Insert Organisation Name]
[Insert Data Protection Officer Name]
[Insert Organisation Address]
[Insert Organisation telephone and email]
[Insert Supervisory Authority]
[Insert Supervisory Authority Address]
[Insert Supervisory Authority telephone and email]