One Oswestry is operated by Oswestry BID (Business Improvement District) Limited. Oswestry BID Limited is company incorporated in England and Wales under company’s number 10675349.
Oswestry Business Improvement District is a non-profit company which has been established by our business community to project manage improvements and services in Oswestry Town Centre. We carry out a range of activities, including sending out communications to and for the benefit of businesses and their employees, share information and opportunities which advance the key areas in our Business Plan.
Oswestry BID is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using any of our websites, you can be assured that it will only be used in accordance with this privacy statement.
Oswestry BID is registered as a data controller with the Information Commissioner’s Office (Registration number ZA428196)
Oswestry BID ALSO OPERATES UNDER THE FOLLOWING NAMES
- Oswestry Watch
- One Oswestry
Oswestry BID uses three separate lawful bases for our storing and processing of different sorts of personal data.
- The data subject has given consent to the processing of his or her personal data for one or more specific purposes
- Processing is necessary for compliance with a legal obligation to which the controller is subject
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party
DESCRIPTION OF PROCESSING
We hold information on our levy payers (members) to understand their relationship to the BID in terms of
- their membership with us
- to communicate with them about our activities
- to inform them of issues and activities relating to the town centre
We also hold data based on voluntary sign-ups to emailing lists to receive updates from Oswestry BID about our activities
REASONS/PURPOSES FOR PROCESSING INFORMATION
- We process personal information to enable us to promote our goods and services, to maintain our accounts and records and to support and manage our staff to comply with The Business Improvement Districts (England) Regulations (2004).
- We process personal information of those suspicious individuals breaching the law in accordance with the Licensing Act (2003) for the Pubwatch members (separately held database) and those breaching the rights of our members in line with the Private Property Act (1925) for our Shopwatch members (separately held database) and Business members (separately held database).
TYPE/CLASSES OF INFORMATION PROCESSED
We process information relevant to the above reasons/purposes. This may include:
- business details
- financial details
- goods or services provided
- contact details
- images, names, dates of birth
- details of offences captured by members
- length of bans/exclusions from premises
- CCTV footage
WHO THE INFORMATION IS PROCESSED ABOUT
We process personal information about our:
- customers and clients (our members and levy payers)
- suppliers and services providers
- advisers, consultants and other professional experts
- complainants and enquirers
- subscribers to our newsletters
- users of Shrewsbury Watch services
- individuals of concern to the members (i.e. banned individuals from premises, individuals who have committed anti-social behaviour, harassed staff or similar offences)
HOW WE SHARE PERSONAL DATA
We never sell or otherwise disclose your personal data, subject to some specific exceptions:
If we collect or update your personal data following an event or initiative that we deliver in partnership with another organisation, we would only share the data with that partner with your explicit consent.
We may share your personal data with service providers, employees or contractors that we have retained to perform services or work on our behalf. They are provided only with the personal data they need to perform their functions and can only use and disclose such personal data as is necessary to perform services on our behalf or to comply with legal requirements.
If we have agreed to conduct activity that promotes our businesses, or other services that you provide, or that highlights work or activity that you are undertaking, we may share your name, your job title, the name of your employer and your image. We may also share your professional contact details in circumstances where people will need to contact you, for our activity to be meaningful.
In addition, we may disclose your personal data (i) if we are required to do so by law or legal process, (ii) to law enforcement authorities or other government officials, or (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity.
HOW WE GET CONSENT
Consent is specific to distinct purposes. Silence, pre-ticked boxes or inactivity does not constitute consent; data subjects explicitly opt-in to the storage, use and management of their personal data. Separate consent is obtained for different processing activities, which means data subjects are clear about how the data will be used when you obtain consent.
OTHER DATA WE MAY COLLECT AUTOMATICALLY
When you visit our website, we may automatically collect certain personal data that we then aggregate so that it is not linked to a single, identifiable individual. This information provides us with statistics such as how many users visited our site and which pages were accessed. By collecting this information, we learn how to best tailor our Website.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on your browser or the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service. Some of the cookies we use are essential for the site to operate.
HOW WE PROTECT YOUR PERSONAL DATA
We maintain administrative, technical and physical safeguards to protect against loss, misuse or unauthorised access, disclosure, alteration or destruction of the personal data you provide to Oswestry BID.
ACCESS TO INFORMATION
You have the right to access the personal data held about you. Your right of access can be exercised by contacting us at email@example.com. Please state whether you wish to receive a copy of your personal data, amend it or remove it from our records, and provide your postal details.
If you would like to update your contact details and preferences, or to tell us you no longer want us to process your personal data, you may email us at firstname.lastname@example.org
Oswestry BID respects the rights acknowledged by the GDPR of any data subject and will respond to any request within 30 days. If you ask that we stop using your personal data, we will take reasonable steps and honour that request. However, we will retain records of your personal data as needed to comply with applicable law and for the purposes of voting in a BID renewal ballot.
CONSULTING AND ADVISORY SERVICES
Information is processed for consultancy and advisory services that are offered. For this reason, the information processed may include name, contact details, family details, financial details, and the goods and services provided. This information may be about customers and clients. Where necessary this information is shared with the data subject themselves, business associates and other professional advisers, current, past or prospective employers and service providers.
DATA STORAGE AND TRANSFERS
We store personal data using secure servers or using the services of companies that fully comply with GDPR legislation. It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA) or via the use of data processors that have the required security standards for processing data abroad. Any transfers made will be in full compliance with all aspects of the GDPR.
HOW TO CONTACT US
If you have any questions or comments about this Notice, or if you would like us to update the personal data we have about you or your preferences, please contact us via email: email@example.com
HOW TO MAKE A COMPLAINT
If you are unhappy with the way that we have processed your data, or with aspects of our data protection policy, we would encourage you to contact us in the first instance.
If you are dissatisfied with the way that we have handled your complaint (or if you would prefer to exercise your right to do so), you may contact the Information Commissioner directly. Information on how to do this can be found on their website.
UPDATES TO OUR PRIVACY NOTICE