The Cotswold Directory takes data privacy seriously, and as such we will be open with you about what data we collect and how we use it. We collect and use personal data for a range of reasons during the course of our business operations, including data needed to fulfil our contractual obligations as outlined in the rest of this policy.
Identity and contact details of the Data Controller and Data Protection Officer
Boze Durston of The Cotswold Directory is the Data Controller (referred to as “we”, “us” or “our” in this privacy notice) and is committed to protecting the rights of individuals in line with the Data Protection Act 1998 (DPA) and the new General Data Protection Regulation (GDPR). The Data Protection Law is changing on 25th May 2018 and we have made every effort to comply with the new law. This Policy sets out your rights under the new law and we’ll update it as and when we learn of changes to be made.
The Data Controller in respect of the Cotswold Directory is Boze Durston of Mistle Cove, Seabrook Road, Brockworth, Gloucester, GL3 4LY.
You can contact the Data Controller by writing to Mistle Cove, Seabrook Road, Brockworth, Gloucester, GL3 4LY or sending an email to firstname.lastname@example.org
Data we Collect
We collect some personal information about you in the context of delivering business related services. Details may include:
- Your name/company name/job title
- Business or personal telephone numbers
- Business or personal email address
- Business or personal mobile numbers
- Business or personal address
- Website where applicable
- Enquiry details
- Your IP address
- Information about your device (e.g. device and browser type)
- Information about how you use our website (e.g. which pages you have viewed, the time you viewed them and what you clicked on)
- Information about your mobile device (such as your geographical location)
- Additional information that you may give us
Why we collect your information and what it is used for
We collect personal information about you in order to carry out our activities as a business in the context of providing a service to your organisation:
- To enable us to provide you with information, products or services about the Cotswold Directory or the Cotswold Directory Online that you request from us or which we feel may interest you
- Manage general record keeping
- Processing enquiries
- Enable you to make bookings with us and payments
- Enable us to email Proposals and Invoices
- Meet any legal and/or regulatory requirements
- Unless we are obliged or permitted by law to do so, and subject to any third-party disclosures specifically set out in this policy (see Third Party Websites and Services), your Data will not be disclosed to third parties.
- All personal Data is stored securely in accordance with the principles of the EU’s General Data Protection Regulation (GDPR) 2018. For more details on security see the section below (Security).
How we Collect your Data
We collect your data through a variety of different methods, including:
- Direct communication with us by post, email, phone or other
- When you sign up and create an account on our online directory
- When you request details about our products and services
- When you give us a business card
- Where it’s available in the public domain
- From your marketing material/website
We never buy or sell personal data.
Where your data will be stored
Data maintained by us will be stored in a secure UK data centre based in Nottingham. Only direct employees with the adequate data protection training will have access to your data.
Who we share data with
We use Cloud applications to manage and run our business. Different parts of your data will be stored in different locations based on the nature of the activity. Below is a summary of the systems we use, the purpose for the system and where to find more information about their data policies.
If you require a full list of suppliers that may have access to your personal data then please contact the GDPR data controller at Cotswold Directory by writing to Mistle Cove, Seabrook Road, Brockworth, Gloucester, GL3 4LY or sending an email to email@example.com
|Third Party System||Purpose||Data Stored||More Info|
|freeagent.com||Accounts and Invoicing.||Email, Name, Business Name, Business Address, Phone Numbers, Bank Details (for suppliers)||https://www.freeagent.com/features/security/|
|capsulecrm.com||Project management, support and issue tracking.||Email, Name, Business Name, Phone Numbers, Details relating to your advertising requirements||https://capsulecrm.com/security/|
What is our legal basis for processing your personal data?
Our legal reasons for processing data are based on our legitimate interests, fulfilling a contractual obligation or legal obligation where applicable.
The new GDPR law says we are allowed to use personal information only if we have a proper reason to do so, and that we must have one or more of these reasons:
- When you have given consent
- To fulfil a contract we have with you
- When it is in both our legitimate interests to do so
- When it is our legal duty to do so
Direct Marketing by phone, text, email or mail
We may use your personal information to tell you about relevant products and offers. We can only use your personal information to send you marketing messages if we either have your consent or a ‘legitimate interest’.
- We specify methods of communication (e.g. by email, text, phone or post)
- We do not use mass marketing methods, opt-in or opt-out boxes, contact is only on an individual basis and you can tell us at any time if you no longer wish to hear from us, email firstname.lastname@example.org
- We will only use your personal information to let you know, or keep you informed about forthcoming editions of the printed directory, special offers or details regarding listing on our Online Directory
- We record when and how we got consent, and exactly what it covers
- We screen names and addresses against the Mail Preference Service
- We screen telephone numbers against the Telephone Preference Service (TPS) (for corporate subscribers the Corporate Telephone Preference Service (CTPS))
- We keep our own ‘do-not-call’ list of anyone who says they don’t want our calls
- We screen against our ‘do-not-call’ list
- We display our number to the person we’re calling
- When marketing by post or email we include our company name, address and telephone number in the content
- We tell people where we obtained their details
- We provide people with our privacy notice
- You can ask us to stop sending you marketing messages at any time by emailing us at email@example.com or by phone 01452 226595 or write to Mistle Cove, Seabrook Road, Brockworth, Gloucester, GL3 4LY.
We retain your personal data for as long as necessary to fulfil the purposes for which it is collected, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period of personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.
Notwithstanding the fact that you do have the right to request erasure of your personal data, (see Your Rights) because we use Direct Marketing as one of the ways to reach out to potential customers, we would like to retain your basic information even if you have requested not to be contacted, in storage for an indefinite period of time, for the reason that we can then cross reference your details to ensure none of our sales team contact you in the future.
Disclosure of your Personal Data
- We may have to share your personal data with third parties as follows:
- Service providers who provide IT and system administration services
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the UK and other relevant jurisdictions who require reporting of processing activities in certain circumstances
- Third parties to whom we sell, transfer, or merge parts of our business or our assets
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Any data sent to us via this website will pass through our own systems which are located in Nottingham (UK). Data is processed differently depending on the nature of how you are submitting data, a full list is shown below:
- Data submitted through contact forms relating to general enquiries for The Cotswold Directory is not saved on our website.
- Data submitted through contact forms relating to contacting businesses listed on our website are saved securely so we can log and monitor use and respond to abuse claims.
- Data submitted relating to leaving reviews or comments are saved on this website along with your IP address and email address. Only data submitted in the comment or review field is publicly visible.
Automatic Collection of non-personal Information (Cookies, Log files and IP Addresses)
“Cookies” are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. The Interactive Advertising Bureau (IAB) is an industry body which provides in-depth information about cookies. For further information, you may wish to visit www.aboutcookies.org. You can set your browser not to accept cookies and the IAB website provides instructions on how to do so.
When you visit our website, we automatically log your IP address (the unique address which identifies your computer on the internet) which is automatically recognized by our web server. We use IP addresses to help us administer our Web Site and to collect broad demographic information for statistical use. We do not link IP addresses to personally identifiable information. We may automatically collect non-personal information about you such as the type of internet browsers you use or the site from which you linked to our web site. You cannot be identified from this information and it is only used to assist us in providing an effective service on our web site. Session based information about your visit may also be stored automatically within your own browsing history using html-5 local storage.
- Data security is of great importance to The Cotswold Directory and Cotswold Directory Online and to protect your Data we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.
- If password access is required for certain parts of the Website, you are responsible for keeping this password confidential.
- We endeavour to do our best to protect your personal Data. However, transmission of information over the internet is not entirely secure and is done at your own risk. We cannot ensure the security of your Data transmitted to the Website.
- We ensure that any internal systems are password protected and that all reasonable steps have been taken to ensure the physical protection of personal data.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Data is only shared with third parties if required and is never shared or sold to other organisations for the purposes of marketing, profiling or other uses.
Scope of this Privacy
We use LinkedIn, Facebook, Instagram, Snapchat, YouTube, Vimeo and Twitter to promote our organisation. Whilst we are not responsible for data privacy of these social media channels we wanted to let you know that we may engage with you and your organisation on these platforms. Your privacy for the social media channels we use can be found on their respective websites.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org or write to us at Mistle Cove, Seabrook Road, Brockworth, Gloucester, GL3 4LY.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within 28 days. Occasionally it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.
You also have the right to lodge a complaint with a supervisory authority, which, for the purposes of the UK, is the Information Commissioner’s Office (ICO), the contact details of which are available here: https://ico.org.uk/global/contact-us/
Changes to your information
Please inform us of any changes to any information (including personal information) which we hold about you, so we can keep the information we hold about you accurate and up-to-date.
Sending data outside the EEA
When we transfer information outside the EEA we make sure that it is protected in the same ways as if it was being used in the EEA. We only transfer it to organisations that are part of the Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
How to make a Complaint
We hope you won’t ever need to, but if you are unhappy with how we have used your personal information, in the first instance please send an email to email@example.com or write to with details of your complaint. If we are unable to resolve the problem, you also have the right to register a complaint with the Information Commissioner’s Office (ICO) (the UK data protection regulator). For further information on your rights and how to complain please go to the ICO website, the link is https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
Where we intend to use your personal information for a new purpose other than the purpose(s) for which we originally collected it, we will provide you with information about that purpose and any other relevant information before we use your personal information for that new purpose and obtain your consent if required. This Policy was last reviewed on May 21st, 2018.