PRIVACY POLICY

Introduction
It is important for you to understand who is responsible for keeping your personal data safe. The website www.darwingroup.co.uk is operated by Darwin Group Ltd (“we” or “us”). We are the “controller” of all personal data collected and used for the purposes of providing this website and for any other purposes set out in this Website Privacy Policy in accordance with the EU General Data Protection Regulation 2016/679 and the Data Protection Act 2018. This means that we are responsible for deciding how and why your personal data is used and for ensuring that your data is handled legally and safely.

Our Information Governance Committee have ultimate responsibility within Darwin for making sure that this Website Privacy Policy and the law are adhered to. Our Information Governance Committee can be contacted by emailing datacontroller@darwingroup.co.uk.


Keeping your data safe
At Darwin Group we are committed to keeping your personal data safe and secure, and handling it in compliance with current legislation. This Website Privacy Policy contains important information and we ask that you read it carefully. It details:

  • the personal data we collect about you;
  • the reasons and ways we process your personal data;
  • with whom your information might be shared;
  • your rights in relation to that data; and
  • anything else we think is of importance to you relating to our processing of your personal data.


Who are we?
The principal activity of Darwin Group Ltd is the design, manufacture and build of modular buildings within the healthcare sector.


Collection of your data
Data from you or your use of our website
We collect some data directly from you when you register an enquiry with us, contact us via email, or submit a comment or question on the Make an Enquiry section on our website.

This data includes the following:

  • full name;
  • company name;
  • telephone number;
  • email address;
  • postcode;
  • job title;
  • information about you in relation to your project (if you choose to provide it); and
  • marketing preferences.


There may be occasions where we also collect information that you voluntarily provide to us. For example, if you contact us with queries, complaints, comments or praise, or information that you post about yourself on public areas of various social media platforms (“Voluntary Data”).

Please note that we do not collect any information in relation to your payment information, such as credit/debit card details.

We collect data about your use of www.darwingroup.co.uk using cookies and similar technology. This includes your viewing history, IP addresses, device identifiers and information on the length of time you have stayed on certain pages or what pages you have clicked on (“Behavioural Data”). You can find more detailed information about this in the “Cookies and tracking” section of this Website Privacy Policy below.

We also collect and use information about any service errors or interruptions that may have occurred while you were on our site so that we can create fixes and make technical improvements to www.darwingroup.co.uk.


Data from third parties

From time to time, we may also collect some data about you from third parties (“Third Party Data”). This includes:

  • other companies who have obtained your permission to share data with us, such as advertisers or other companies you have bought associated products or services from;
  • research panels to carry out market research for us which may involve collecting personal data in order to conduct the research. This data collection will be subject to the privacy policies of the research panels. The information that is provided to us by the research panels is usually provided on an anonymous basis. We use the data from this research to:
    • inform the evaluation of our performance and to develop our products and services including advertising;
    • inform our marketing and promotional activities;
  • reputable third-party data providers who we have vetted. The data we obtain from these providers has been collected by them through publicly available records such as the electoral roll, or, with your consent, from surveys or other brands and companies that you engage with. Where these third-parties hold such information, it may include data such as:
    • name;
    • job title;
    • company name and address;
    • location;
    • email address;
    • telephone numbers.


We also collect publicly available information from social networking sites such as Twitter, Linkedin and Facebook for example likes, shares, tweets and posts about Darwin. This information is provided to us by using third party software and is fully anonymised so we cannot see who has posted the information. However from time to time we may identify individuals for internal analysis purposes only.

Third-Party Processors
Our carefully selected partners and service providers may process personal information about you on our behalf.

We may periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. 

What do we use your data for?
It is important that you understand how and why we use the personal data that we collect about you.

We will collect your personal data:

  • in order to take the necessary steps in preparation of, or to fulfil our obligations under, a booking contract to:
    • fulfil orders placed by you;
    • process any other transactions authorised by you;
    • where you are a consumer, with your consent, to:
      • inform you of special offers;
      • provide marketing information to you which we think you may find of interest;
  • in our legitimate interest* to:
    • undertake a product or customer research/development (by email, phone, fax or mail). We use the personal data to review your response to our surveys for the purposes of analysing insights and information to enable us to improve our products and services (including customizing our website according to your interests)
    • where you are a business:
      • inform you of special offers;
      • provide marketing information to you which we think you may find of interest;
      • respond to a comment or question submitted to us via the Make an Enquiry section on our website;
      • build up a picture of you and the types of products and services which might be of interest to you (“your Profile”). We may use profiling to create your Profile in order to provide you with a more customised and tailored experience on our website and to inform the advertising/information that is displayed to you;
  • archive data that may be of historical or statistical value. This data may then be used at a future time for internal purposes or third parties may be allowed access to this data for research purposes (“Historical Data”). This may include any of the Voluntary Data that you have provided. We will only ever capture personal data that has already been made publicly available on our website in this way and for these purposes. Where possible, when copies the website are archived we anonymise or remove personal data. From time to time the data that we keep in our archive is reviewed and any data that is no longer considered of interest will be deleted or anonymised.

*Any reliance on a legitimate interest shall not prejudice your interest or fundamental rights and freedoms.


How we use anonymised data
We use aggregated and anonymised data for certain purposes, such as to help us understand what type of content users like and to share with advertisers so that they know how effective their advertising is. When used for these purposes, this data does not enable you or any other individual user to be identified.


How do we use your data for marketing and advertising purposes?

Email marketing
Where you are a consumer and have signed up to receive email marketing from us or where you are a business and have not informed us that you do not want to receive email marketing from us, we will use your email address to send you information such as newsletters, information about products and services, industry news and competitions as well as any other relevant information which we believe you may find interesting and / or will improve our offering to you. You can opt out of receiving marketing emails at any time by following the instructions to unsubscribe in any of our email marketing communications. If you opt out of email marketing, we may still need to send you service communications by email occasionally, such as information about changes to our services.

Use of other platforms to promote our products and services
Our content might appear on third party sites based solely on your behaviours on these sites (for example, after liking our brand or its content on LinkedIn, or having been to our sites and then seeing our display advertising on other website platforms), or the behaviours of those within your networks (for example, a contact within your LinkedIn network likes our brand or its content on LinkedIn, so it appears in your News Feed). These branded messages are controlled by the third-party site, but you may be able to update your preferences within the third-party platform to stop these messages appearing in future (please see “Cookies and tracking” section below which applies to the use of our website but may be useful).


Who do we share your data with?
In some circumstances we need to share your personal data with closely vetted third-parties, for example where we use third-party suppliers to conduct services on our behalf. These third-parties include the following:

  • third-party service providers who help us to manage our customer database and enquiry forms process;
  • other service providers such as information security service providers who help us to manage our IT systems and ensure that they are secure; and
  • third-party marketing and advertising agencies to ensure our marketing and advertising is delivered effectively in accordance with this Website Privacy Policy.


We will share your personal data with the following categories of recipients for the following purposes:

  • third-party platforms to enable us to send you recommendations for our content and services through those platforms, as described “Use of other platforms to promote our products and services” section above; and
  • third-party media agencies, in which case data will be shared in a pseudonymised form as described in the “What we use your data for?” section of this Website Privacy Policy above.


We will also share your personal data with third parties in the following circumstances:

  • where you have specifically consented to us sharing your data with a particular third party;
  • where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party.


We do not transfer or store your personal data outside the European Economic Area (EEA); however in certain instances the third parties to whom we share your data may do so as part of their services to us. In the event that your personal data is shared transferred outside the EEA, we will ensure that adequate safeguards are in place to protect your personal data in accordance with data protection legislation.

If you share content from www.darwingroup.co.uk on social media, via the social media share buttons on our site, the relevant social media platform will know what page you are on in order to share that page. The use of that information will be governed by the social media platform’s own privacy policy and clicking the “share” buttons does not result in any other personal data being shared between Darwin and the platform.


How long we will keep your personal data
We shall only retain any personal data for as long as necessary for the original purpose in which it was collected. For further information in relation to specific retention periods, please contact datacontroller@darwingroup.co.uk.


Our approach to information security
To protect your information, Darwin Group Ltd has policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner and all systems that can access the information have the necessary security measures in place. To accomplish this, all employees, contractors and sub-contractors have roles and responsibilities defined in those policies and procedures.

To make sure all employees, contractors and sub­contractors understand these responsibilities they are provided with the necessary training and resources they need.

In addition to these operational measures, we also use a range of technologies and security systems to reinforce the policies.

To make sure that these measures are suitable, vulnerability tests are run regularly. Audits to identify areas of weakness and non-compliance are routinely scheduled. Additionally, all areas of the organisation are constantly monitored and measured to identify problems and issues before they arise.


Your rights
Your rights under data protection law and how you can exercise them are detailed in this section. In order to process any of the requests listed below, we may need to verify your identity for your security. In such cases your response will be necessary for you to exercise this right. We may also require additional information, i.e. to help us to locate the particular data specified in your request.

A request to exercise your rights will be responded to as soon as possible and no longer than one month from receiving your request and all necessary identification proof or further information. For particularly difficult or complex requests, or if you have submitted a large volume of requests, we may take up to three months to respond. In such cases we will advise you as soon as possible, explaining why it will take longer.


The right to access information we hold about you

At any point you can contact us to request access to the information we hold about you as well as why we have that information, who has access to the information and where we got the information. A request to exercise this right is called a “subject access request”.


The right to object to processing of your data

You have the right to request that Darwin Group Ltd stops processing your data. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer used by us, we may continue to hold your data to comply with our other rights. If we have compelling legitimate grounds to carry on processing your personal data, we will be able to continue to do so. Otherwise, we will cease processing your personal data.


Restricted processing rights

You can ask for the processing of your personal data to be restricted in some circumstances, for example if your personal data could be inaccurate and needs to be verified, or if we no longer require the data but need to keep for you to exercise your own legal rights. Restricting your personal data means that we only store your personal data. We cannot continue to process it unless permitted to by you or in order to exercise a legal claim or to protect a third party or the public.


The right to ask us to stop contacting you with direct marketing

You have the right to request that we stop contacting you with direct marketing or advertising. In order to process your request we may need to verify your identity for your security. To opt out of email marketing specifically, you can use the “unsubscribe” option in any of our email marketing communications. Please note: It can take a short time for opt-out requests to take effect.


The right to correct and update the information we hold about you

If the data we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated after we are satisfied that the new data you have provided is accurate.


The right to have your information erased

If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request, we will confirm whether the data has been deleted or tell you the reason why it cannot be deleted. If we are required by law to comply with your request, we will fully anonymise your data it so that it is no longer personal data and cannot be used to identify you.


The right to data portability

You have the right to request that we transfer your data to another controller. Once we have received your request, we will comply where it is feasible to do so.


Consent
In those cases where we need your consent to hold your information, we will ask you to check a box on any form requiring consent. By checking these boxes you are stating that you have been informed as to why Darwin is collecting the information, how it will be used, for how long it will be kept, who else will have access to it and what your rights are as a data subject.

If you wish to exercise your rights above, please email datacontroller@darwingroup.co.uk.


Cookies and tracking

What are ‘Cookies’?
Cookies are small text files which are downloaded to your computer or mobile device when you visit a website or application. Your web browser (such as Internet Explorer, Edge, Mozilla Firefox or Google Chrome) then sends these cookies back to the website or application on each subsequent visit so that they can recognise you and remember things like personalised details or user preferences.

Cookies are very useful and do lots of different jobs which help to make your experience on websites as smooth as possible. For example, they let you move between web pages efficiently, remembering your preferences, target our marketing and advertising campaigns more effectively by providing interest-based advertisements that are personalised to your interests and generally improving your experience. They can also help to ensure that adverts you see online are more relevant to you and your interests.

There are two types of cookies, session or persistent, depending on how long they are used:

  • Session cookies only last for your online session and disappear from your computer or device when you close your browser.
  • Persistent cookies stay on your computer or device after the browser has been closed and last for the period of time specified in the cookie. These persistent cookies are activated each time you visit the site where the cookie was generated.


In most cases we will need your consent in order to use cookies on this website. The exception is where the cookie is essential in order for us to provide you with a product or service you have requested.

Consent
If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this Website Privacy Policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely.

When you use our website, either on a web browser or a device, the following 4 categories of cookies may be set:

  1. Necessary cookies
  2. Functional Cookies
  3. Analytics Cookies
  4. Performance Cookies
  5. Third Party Cookies


How to turn off cookies
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. If you opt out of targeted advertising, you will still see advertising on www.darwingroup.co.uk, but this will not be specifically tailored to you. For further information about cookies and how to disable them please go to the Information Commissioner’s webpage on cookies.


Customer enquiries
When contacted with an enquiry, Darwin Group Ltd will hold the entity name and contact details only for the purposes of handling the enquiry.

The online forms are subject to the same cookies and tracking as the rest of the website (see the “Cookies and tracking” section of this Website Privacy Policy above for more information).


How can you contact us?
If you have any queries about this Website Privacy Policy and/or our processing of your data, or you would like to exercise any of the above rights, you can get in touch by emailing datacontroller@darwingroup.co.uk.


Complaints procedure
Should you be unhappy with the way we have processed your personal data, complaints can be made to the Information Commissioner’s Officer (ICO), which regulates data protection compliance in the UK. For details on how to do this visit www.ico.org.uk.


Changes to this Website Privacy Policy
We may change this Website Privacy Policy from time to time. You should check this Website Privacy Policy Policy occasionally to ensure that you are aware of the most recent version that will apply each time you access the website. You may also be notified of any significant changes by email.

Please provide the following details so we can follow up on your enquiry.

Please provide some details about your project.

Please provide any further details that will assist with your enquiry.

Please provide the following details so we can follow up on your enquiry.

Please provide some details about your project.

Please provide any further details that will assist with your enquiry.

Please leave your details, and a member of the team will be in touch.