Privacy Policy

https://www.greenstories.org.uk respects your privacy and is committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (https://www.greenstories.org.uk) (“our Website”) (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

IMPORTANT INFORMATION AND WHO WE ARE

Purpose of this privacy policy

This privacy policy aims to give you information on how https://www.greenstories.org.uk collects and processes your personal data through the use of our Website including any data you may provide through our Website when you register to use our Website, subscribe to our service, search for a product, place on order on our Website, fill in forms on our Website, participate in discussion boards or other social media functions on our Website (if any), enter a competition, promotion or survey or report a problem with our Website or when you correspond with us by telephone, email or otherwise.

It is important that you read this privacy policy together with any other privacy policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements the other policies and is not intended to override them. 

Who we are

https://www.greenstories.org.uk (“https://www.greenstories.org.uk” , “we”, “us”, “our”) is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data. You will find our contact details at the end of this policy (see ‘How to contact us’).

We have appointed a data protection officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact us using the details at the end of this policy (see ‘How to contact us’).

PERSONAL DATA WE COLLECT AND USE

 Personal data means any information relating to an identified or identifiable individual.

 We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes [first name, last name, username or similar identifier, title, business/trade name if applicable
  • Contact Data includes [address, post code, email address and telephone numbers].
  • Financial Data includes [payment card details].
  • Transaction Data includes [details about payments to and from you and other details of products and services you have purchased from us].
  • Technical Data includes [internet protocol (IP) address used to connect your computer to the internet, your login data, browser type and version, time zone setting [and location], browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Website].
  • Profile Data includes [your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses].
  • Usage Data includes [information about how you use our Website, products and services, including the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time), page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs) and methods used to browse away from the page].
  • Marketing and Communications Data includes [your preferences in receiving marketing from us and our third parties and your communication preferences].

We also collect, use and share aggregated data, such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature, for example an advertisement or to enable us to assist our advertisers in reaching the kind of audience they want to target. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

HOW YOUR PERSONAL DATA IS COLLECTED

We use different methods to collect data from and about you including:

  • Directly from you. You may give us your Identity, Contact and Financial Data via our Website or by corresponding with us by telephone, email or otherwise. This includes personal data you provide when you:
  • apply for our products or services;
  • create an account on our Website;
  • subscribe to our service or publications;
  • request marketing to be sent to you;
  • enter a competition, promotion or survey; or
  • give us some feedback.
  1. Automated technologies or interactions. As you interact with our Website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies. Please see our cookie policy for further details.
  1. 2.     Third parties, publicly available sources or other sources. We may receive personal data about you from various third parties as set out below:
  2. Technical Data from the following parties:
    1. analytics providers
    1. advertising networks and all our social media sites
    1. search information providers  
  3. Contact, Financial and Transaction Data from providers of technical, payment and delivery/courier services
  4. Identity and Contact Data from data brokers or aggregators
  5. Identity and Contact Data from publicly available sources such as Companies House, the Electoral Register and Postcode finder.

HOW AND WHY WE USE YOUR PERSONAL DATA

 Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:

  • to comply with our legal and regulatory obligations;
  • for the performance of our contract with you or to take steps at your request before entering into a contract;
  • for our legitimate interests or those of a third party; or
  • where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

The table below explains what we use your personal data for and our lawful basis for doing so.

What we use your personal data for 

Our lawful basis for processing data

To provide products and services to you

Necessary for the performance of our contract with you or to take steps at your request before entering into a contract 

To prevent and detect fraud against you

Necessary for our legitimate interests or those of a third party i.e. to minimise fraud that could be damaging for us and for you 

Necessary for our legitimate interests or those of a third party i.e. to ensure our customers are likely to be able to pay for our products and services

To manage our relationship with you which will include:

(a)   Notifying you about changes to our terms or privacy policy

(b)   Asking you to leave a review or take a survey

Necessary to comply with a legal obligation

 Necessary for our legitimate interests i.e. to keep our records updated and to study how customers use our products/services

To administer and protect our business and our Website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

Necessary for our legitimate interests i.e. for running our business, provision of administration and IT services, network security, to prevent fraud [and in the context of a business reorganisation or group restructuring exercise.

Necessary to comply with a legal obligation

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you

Necessary for our legitimate interests i.e. to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy

To use data analytics to improve our Website, products/services, marketing, customer relationships and experiences

Necessary for our legitimate interests i.e. to define types of customers for our products and services, to keep our Website updated and relevant, to develop our business and inform our marketing strategy

To make suggestions and recommendations to you about goods or services that may be of interest to you that are similar to those that you have already purchased or enquired about

Necessary for our legitimate interests i.e. to develop our products/services and grow our business

To enforce or apply our Website terms and conditions or any other agreements

Necessary for our legitimate interests or those of a third party i.e. to enforce our legal rights and protect our business

Your social media accounts,posts, messages directed to https://www.greenstories.org.uk

When you interact with us on any of our social media platforms

When we target social media posts

 Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

Marketing communications

We may use your personal data to send you periodic communications by email about products, goods or services we feel may interest you.

We have a legitimate interest in processing your personal data for marketing purposes. This means we do not usually need your consent to send you information about our goods or services. However, where consent is needed, we will ask for this consent separately and clearly.

We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.

You have the right to opt-out of receiving marketing communications at any time by:

  • Emailing greenstories@soton.ac.uk
  • using the ‘unsubscribe’ link in our emails

We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Website may become inaccessible or not function properly. For more information about the cookies we use, please see our cookies policy.

 WHO WE SHARE YOUR PERSONAL DATA WITH

  • External service providers e.g. analytics and search engine providers who assist us in the improvement and optimisation of our Website
  • Advertisers and advertising networks that require Aggregated Data to select and serve relevant adverts to you and others. 
  • Delivery/Courier companies We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us.

We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.

We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. If all or substantially all of our assets are acquired by a third party, personal data held by us about our customers will be one of the transferred assets.

HOW LONG YOUR PERSONAL DATA WILL BE KEPT

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for (e.g. whilst we are providing a product or service to you), including;

  • to respond to any questions, complaints or claims made by you or on your behalf;
  • to show that we treated you fairly;
  • to keep records required by law to comply with our legal and regulatory obligations.

We will not retain your data for longer than necessary for the purposes set out in this policy.

TRANSFERRING YOUR PERSONAL DATA OUT OF THE EEA

 We do not transfer your personal data outside the European Economic Area

YOUR RIGHTS

You have the following rights, which you can exercise free of charge:

Access

The right to be provided with a copy of your personal data

Rectification

The right to require us to correct any mistakes in your personal data

To be forgotten

In certain situations, the right to require us to delete your personal data

Restriction of processing

In certain situations, the right to require us to restrict processing of your personal data e.g. if you contest the accuracy of the data

Data portability

In certain situations, the right to ask us to transfer any personal data you provided to us to another organisation

To object

The right to object at any time to your personal data being processed for direct marketing and in certain other situations to our continued processing of your personal data e.g. where processing is carried out for the purpose of our legitimate interests

 We do not use personal data for automated decision making.

For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please email greenstories@soton.ac.uk and let us have enough information to identify you e.g. your full name and address as well as what right you want to exercise and the personal data to which your request relates.

KEEPING YOUR PERSONAL DATA SECURE

We have put in place reasonable and appropriate security measures to endeavour to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

All personal data you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our Website, you are responsible for keeping this password confidential.  We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Website; any transmission is at your own risk. 

Our Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these third-party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy policy of every website you visit.

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

HOW TO COMPLAIN

We hope that we can resolve any query or concern you may raise about our use of your personal data.  If you want to complain about how we have used your personal data, please email greenstories@soton.ac.uk, if we are not able to resolve your complaint to your satisfaction, you can complain to the UK’s supervisory authority, the Information Commissioner’s Office (ICO). Further information about how to make a complaint to the ICO can be found on the ICO website www.ico.org.uk.

The EU General Data Protection Regulation also gives you right to lodge a complaint with the supervisory authority in the European Union state where you work, normally live or where any alleged infringement of data protection laws occurred.

CHANGES TO THE PRIVACY POLICY

This version was last updated in July 2021.

We may change this privacy policy from time to time and when we do so, we will inform you via our Website and where appropriate we will notify the changes to you by email.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.

HOW TO CONTACT US

Email: greenstories@soton.ac.uk  

Do you need extra help?

If you would like this notice in another format (for example large print) please contact us.