GDPR Privacy Policy and T&Cs | Break Free Support CIC

GDPR, PRIVACY POLICY AND T&Cs

The General Data Protection Regulations (GDPR) and Privacy Policy, Cookie Policy and Security Systems Policy.

This policy is to comply with the General Data Protection Regulations (also known as GDPR), and includes an updated Privacy Policy, Cookie Policy and Security Systems Policy – dated 02-10-2021.

Break Free CIC is committed to ensuring that your privacy is protected. Our services such online support, face-to-face meetings, WhatsApp groups is aimed at the public to them to join our programme. However, it also covers any personal data that might be held by us.

 General Data Protection Regulations (GDPR)

The information you need to know about us:

We are Break Free Support CIC.

The information we collect and how we use it:

What information is being collected?

Break Free CIC will be what’s known as the ‘Data Controller’ of the personal data you provide to us. If we do collect any data, we only collect basic personal data about you which does not include any special types of information other than to undertake our programme and keep in contact with our members.. This does, however, include information which can identify you as an individual in the terms of the GDPR including your name, email address and phone number.

How is it collected?

We collect data electronically from our website through the Contact Us or Join page. By giving us this information, you will be deemed to have given consent to this. By mutual agreement we will need to share this information with the other founders of Break Free to ascertain how best to help you.

How long we keep your information

Any information we use for emailing you details about updates, invoicing/direct debit arrangemeents and general business information in the running of Break Free and your business isn’t covered by GDPR. However, any marketing emails you receive will be kept by us until you notify us that you no longer wish to receive this information. You may do this at any time by unsubscribing.

What we do with your information

Any personal data we process is processed by us and wholly in the UK. However, for the purposes of website, email hosting and maintenance this information is located on servers within the UK. No 3rd parties have access to your personal data unless the law allows them to do so. Your first name and email address may be stored in our MailChimp database if you have actively consented to us sending you information via email.

Who we share your data with

We do not share or sell your data to any other company other than those data processors we use for our business operations who process your data under our control:

Fasthosts who provide our hosting and emailing services
GoCardless who we use to process your direct debit
In all cases, the servers where your personal data is stored and processed are located in the UK, European Economic Area and the USA and are all GDPR compliant.

Sharing your data with other 3rd parties

We will only share your details under special circumstances such as when we believe in good faith that it is required by law.

How you can find out about the information we hold about you

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email us.

We will get in contact with you to verify your identity and If we do hold information about you we will:

give you a description of it
tell you why we are holding it
tell you who it could be shared with
let you have a concise and clear copy of the information 

Our legal basis for processing your information

Much of our processing will be under the basis of “contractual obligation” in other words we need and use your information for providing the services you have requested or have contracted with us.

Asking us to suppress or remove your personal information

Should you wish to not receive information from us in future then you can quickly action this by emailing or WhatsApp us asking for your details to be removed from any groups and databases.

Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this – but we would encourage you to let us use it for suppression purposes only.

What to do if you have a complaint

If you have a complaint please contact the Data Protection Officer at break_free2021@outlook.com and we will deal with your request as reasonably practicable.

If you are still not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office. https://ico.org.uk/concerns/

Sale of business

In the event that this CIC is sold or integrated with another CIC, your details may be disclosed to our advisers and any prospective purchasers’ advisers and will be passed on to the new owners of the business. It is therefore intended that any consents given above or on the relevant pages will benefit any purchaser of our business. However, if that were to occur, as part of our due-diligence process, we will ensure that they too are GDPR compliant.

Your use of our services

Please be sure you are aware of these policy terms while you use our site. should our terms change these will be shown on this page, and we may place notices on other pages of the website, so that you may be aware of the information we collect and how we use it at all times.

Cookie Policy

This site incorporates the use of Cookies. Cookies are small data text files that are sent from a server computer during a browsing session. Cookies are typically stored on your computers hard drive and are used by websites to simulate a continuous connection to that site. In order to make our site more responsive to your needs, we use cookies to track and manage information relative to your specific interests. In this way we can tailor our site to your needs, deliver a better and more personalised service and track the pages on our site that you visit. The use of cookies automatically identifies your browser to our computers whenever you interact with our site. Your browser options allow you to disable cookies. You should note that if you do disable cookies, you may not be able to access all the services on this site.

Security and Systems Policy

Firewall

Our website is protected by a firewall. This secures the users’ data. It effectively creates a ‘buffer zone’ between our IT network and external websites. Within this buffer zone, incoming traffic can be analysed to find out whether or not it should be allowed to access the website.

Secure Socket Layering

Sometimes referred to as SSL and TLS is in its most basic terms is when a website uses a padlock in the address bar and in parallel uses the https address rather than the unsecured http address. The certificates are issued by Let’s Encrypt and are renewed every 3 months.

Protection of your data

Passwords

IT systems: All passwords used have to meet the ‘11 thousand years’ time to crack using the: https://www.my1login.com/resources/password-strength-test test as a minimum.

This is used for all website administration. Any sharing of data with a partner of Break Free CIC for processing purposes also have to adhere to these strict security guidelines along with 2FA where possible.

Protection from viruses and malware

Our website is protected by a firewall and antivirus software. Systems are routinely scanned for malware, bots and spyware. This is in addition to the pro-active systems already in place such as built-in antivirus protection.