Keeping your data safe
Who are we?
The principal activity of Darwin Group Ltd is the design, manufacture and build of modular buildings within the healthcare sector.
Collection of your data
Data from you or your use of our website
We collect some data directly from you when you register an enquiry with us, contact us via email, or submit a comment or question on the Make an Enquiry section on our website.
This data includes the following:
There may be occasions where we also collect information that you voluntarily provide to us. For example, if you contact us with queries, complaints, comments or praise, or information that you post about yourself on public areas of various social media platforms (“Voluntary Data”).
Please note that we do not collect any information in relation to your payment information, such as credit/debit card details.
We also collect and use information about any service errors or interruptions that may have occurred while you were on our site so that we can create fixes and make technical improvements to www.darwingroup.co.uk.
Data from third parties
From time to time, we may also collect some data about you from third parties (“Third Party Data”). This includes:
We also collect publicly available information from social networking sites such as Twitter, Linkedin and Facebook for example likes, shares, tweets and posts about Darwin. This information is provided to us by using third party software and is fully anonymised so we cannot see who has posted the information. However from time to time we may identify individuals for internal analysis purposes only.
Our carefully selected partners and service providers may process personal information about you on our behalf.
We may periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information.
What do we use your data for?
It is important that you understand how and why we use the personal data that we collect about you.
We will collect your personal data:
*Any reliance on a legitimate interest shall not prejudice your interest or fundamental rights and freedoms.
How we use anonymised data
We use aggregated and anonymised data for certain purposes, such as to help us understand what type of content users like and to share with advertisers so that they know how effective their advertising is. When used for these purposes, this data does not enable you or any other individual user to be identified.
How do we use your data for marketing and advertising purposes?
Where you are a consumer and have signed up to receive email marketing from us or where you are a business and have not informed us that you do not want to receive email marketing from us, we will use your email address to send you information such as newsletters, information about products and services, industry news and competitions as well as any other relevant information which we believe you may find interesting and / or will improve our offering to you. You can opt out of receiving marketing emails at any time by following the instructions to unsubscribe in any of our email marketing communications. If you opt out of email marketing, we may still need to send you service communications by email occasionally, such as information about changes to our services.
Use of other platforms to promote our products and services
Our content might appear on third party sites based solely on your behaviours on these sites (for example, after liking our brand or its content on LinkedIn, or having been to our sites and then seeing our display advertising on other website platforms), or the behaviours of those within your networks (for example, a contact within your LinkedIn network likes our brand or its content on LinkedIn, so it appears in your News Feed). These branded messages are controlled by the third-party site, but you may be able to update your preferences within the third-party platform to stop these messages appearing in future (please see “Cookies and tracking” section below which applies to the use of our website but may be useful).
Who do we share your data with?
In some circumstances we need to share your personal data with closely vetted third-parties, for example where we use third-party suppliers to conduct services on our behalf. These third-parties include the following:
We will share your personal data with the following categories of recipients for the following purposes:
We will also share your personal data with third parties in the following circumstances:
We do not transfer or store your personal data outside the European Economic Area (EEA); however in certain instances the third parties to whom we share your data may do so as part of their services to us. In the event that your personal data is shared transferred outside the EEA, we will ensure that adequate safeguards are in place to protect your personal data in accordance with data protection legislation.
How long we will keep your personal data
We shall only retain any personal data for as long as necessary for the original purpose in which it was collected. For further information in relation to specific retention periods, please contact email@example.com.
Our approach to information security
To protect your information, Darwin Group Ltd has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.
To make sure all employees, contractors and subcontractors understand these responsibilities they are provided with the necessary training and resources they need.
In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.
To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.
Your rights under data protection law and how you can exercise them are detailed in this section. In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right. We may also require additional information, i.e. to help us to locate the particular data specified in your request.
A request to exercise your rights will be responded to as soon as possible and no longer than one month from receiving your request and all necessary identification proof or further information. For particularly difficult or complex requests, or if you have submitted a large volume of requests, we may take up to three months to respond. In such cases we will advise you as soon as possible, explaining why it will take longer.
The right to access information we hold about you
At any point you can contact us to request access to the information we hold about you as well as why we have that information, who has access to the information and where we got the information. A request to exercise this right is called a “subject access request”.
The right to object to processing of your data
You have the right to request that Darwin Group Ltd stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer used by us, we may continue to hold your data to comply with our other rights. If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.
Restricted processing rights
You can ask for the processing of your personal data to be restricted in some circumstances, for example if your personal data could be inaccurate and needs to be verified, or if we no longer require the data but need to keep for you to exercise your own legal rights. Restricting your personal data means that we only store your personal data. We cannot continue to process it unless permitted to by you or in order to exercise a legal claim or to protect a third party or the public.
The right to ask us to stop contacting you with direct marketing
You have the right to request that we stop contacting you with direct marketing or advertising. In order to process your request we may need to verify your identity for your security. To opt out of email marketing specifically, you can use the “unsubscribe” option in any of our email marketing communications. Please note: It can take a short time for opt-out requests to take effect.
The right to correct and update the information we hold about you
If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated after we are satisfied that the new data you have provided is accurate.
The right to have your information erased
If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. If we are required by law to comply with your request, we will fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.
The right to data portability
You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.
In those cases where we need your consent to hold your information, we will ask you to check a box on any form requiring consent. By checking these boxes you are stating that you have been informed as to why Darwin is collecting the information, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject.
If you wish to exercise your rights above, please email firstname.lastname@example.org.
Cookies and tracking
What are ‘Cookies’?
Cookies are small text files which are downloaded to your computer or mobile device when you visit a website or application. Your web browser (such as Internet Explorer, Edge, Mozilla Firefox or Google Chrome) then sends these cookies back to the website or application on each subsequent visit so that they can recognise you and remember things like personalised details or user preferences.
Cookies are very useful and do lots of different jobs which help to make your experience on websites as smooth as possible. For example, they let you move between web pages efficiently, remembering your preferences, target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests and generally improving your experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.
There are two types of cookies, session or persistent, depending on how long they are used:
When you use our website, either on a web browser or a device, the following 4 categories of cookies may be set:
How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. If you opt out of targeted advertising, you will still see advertising on www.darwingroup.co.uk, but this will not be specifically tailored to you. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies.
When contacted with an enquiry, Darwin Group Ltd will hold the entity name and contact details only for the purposes of handling the enquiry.
How can you contact us?
Should you be unhappy with the way we have processed your personal data, complaints can be made to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK. For details on how to do this visit www.ico.org.uk.