Welcome to Tendertec’s privacy notice.
We are a company incorporated in England & Wales with company number 10663165 whose registered office is at The Maltings, East Tyndall Street, Cardiff, Wales, CF24 5EA.
You can find out more information about us here : https://tendertec.org/ .
This document (our “privacy notice”) sets out information relating to how we use personal information relating to individuals we have dealings with. It also sets out information about what rights individuals have in relation to their personal information and various other matters required under data protection law.
In particular, this privacy notice provides information to individuals about how they can object to our use of their personal information, how they can withdraw any permissions they have given to us to enable us to process their personal information and how they can make a complaint.
This privacy notice contains the following sections:
We take your privacy extremely seriously and want you to feel confident that your personal information is safe in our hands. We will only use your personal information in accordance with data protection law applicable to England and Wales, from time to time.
Under data protection law, when we use your personal information, we will be acting as a controller. Essentially, this means that we will be making decisions about how we want to use your personal information and why.
Below, we summarise the main rules that apply to us under data protection law when we use your personal information:
|We must be upfront about how we intend to use your personal information and must use your personal information fairly. Providing privacy information to individuals (such as in this privacy notice) is one aspect of using personal information fairly.|
|We must only use your personal information if we have a legal basis to do so under data protection law.|
|We are only permitted to share your personal information with others in certain circumstances and if we take steps to ensure that your personal information will be secure.|
|Generally speaking, we must only use your personal information for the specific purposes we have told you about. Subject to certain legal exceptions, if we want to use your personal information for other purposes, we need to contact you again to tell you about this.|
|We must not hold more personal information about you than we need to for the purposes we have told you about and must not retain your personal information for longer than is necessary for those purposes (this is known as the “retention period”). We must also dispose of any information that we no longer need securely.|
|We must ensure that we have appropriate security measures in place to protect your personal information.|
|We must act in accordance with your rights under data protection law.|
|We must not transfer your personal information outside the United Kingdom unless certain safeguards are in place.|
How we will use your personal information, the legal bases we will rely upon, how long we will keep your personal information and other details will depend upon who you are and why we need your personal information in the first place.
In this section, we provide specific privacy information relating to the different categories of individuals that this privacy notice applies to.
|What personal information we will use?|
· Identity data: includes first name, last name, marital status, date of birth, ethnic background, gender and clothes size.
· Contact data: includes telephone number; residential address, email address.
· Hestia Sensor data: includes environment sensor data; body and device heat data.
· Wearable Device data: includes heart rate data, GPS data, activity and sleep data, joint angle, speed and movement.
· User Centred Design data: includes answer to surveys, minutes from focus group meetings, activity diaries, photographs and videos we might ask you to take during your participation in the FitBees project.
|How we will obtain the personal information?|
· The identity and contact data will be provided by you when registering with and participating in the FitBees project.
· Sensor data will be collected by our sensors located in your property.
· Wearable Device data will be collected by the wearables devices you will be offered by the FitBees project during your participation.
|What purposes we will use the personal information for?|
· We will use your identiy and contact data to determine if you would be suitable for the FitBees project, to ensure that we have adequate represention of our target groups and that we have suitable size for the wearable garments offered by the FitBees project.
· We will analyse and monitor your data we collect via Hestia’s sensors for the purpose of monitoring your activity and providing with you targeted support as part of the FitBees project.
· We will analyse and monitor your data we collect via the wearables devices you will be offered by the FitBees project for the purpose of monitoring your activity and providing you with targeted support as part of the FitBees project.
· We will keep a record of the information listed above for our internal administrative purposes.
· We will also use the information above for legal and regulatory purposes.
|The legal bases for processing we rely upon|
· Where we have your express consent to the processing of your data.
· Where processing of your data is necessary in order to protect your vital interests;
· Where processing is necessary for the performance of a task carried out in the public interest.
· Where we need to comply with our legal and regulatory obligations and/or to enable us to bring, defend or deal with legal claims.
|How long we retain the personal information and why|
· We shall retain Identity data, contact data, Hestia Sensor data, Wearable Device data and User Centred Design data for eight (8) years.
· We will ensure that personal data shall not be retained or processed for longer than is necessary for the purposes it was originally collected, save where required in accordance with any statutory or professional retention periods that may apply in which case we shall retain that personal data for the relevant statutory retention period which may be up to eight (8) years.
· In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Sometimes, we will need to share your personal information with others. This section sets out details of who we will share your personal information with and why. It also tells you about our legal basis for doing so under data protection law and steps we will take to protect your personal information.
Our FitBees project partners currently include:
· HF TRUST LTD
· COMMUNITY HOUSING GROUP LIMITED
· KYMIRA LIMITED
· UNIVERSITY OF THE WEST ENGLAND, BRISTOL
· DESIGN RALLY LTD
We may add additional project or service partners to the list above by notice in writing to you.
|Why we need to share your personal information with them||· We share data with these third parties in order to determine if you would be suitable for the FitBees project, to ensure that we have adequate represention of our target groups, to ensure that we have suitable size for the wearable garments offered by the FitBees project and to provide you with targeted support as part of the FitBees project.|
|The legal bases we rely upon when sharing your personal information|
· Where you have provided your consent to the processing and sharing of your personal data;
· Where processing is necessary in order to protect your vital interests;
· Processing is necessary for performance of a task carried out in the public interest (research into acitivity monitoring of under-represented groups to improve physical and social activity).
|What precautions do we take?||· We require third parties with whom we share your personal data to have in place appropriate technical security measures to ensure against unauthorised or unlawful processing, damage to or accidental loss.|
We do not transfer your personal data outside the United Kingdom.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under data protection law, you have a number of different rights relating to the use of your personal information. The table below contains a summary of those rights. More information about your rights and our obligations can be found on the ICO website https://ico.org.uk/.
|Your rights||What this involves|
|A right of access||This is a right to obtain access to your personal data and various supplementary information.|
|A right to have personal data rectified||This is a right to have your personal information rectified if it is inaccurate or incomplete.|
A right to erasure
This is a right to have your personal information deleted or removed.
This right only applies in certain circumstances (such as where we no longer need the personal information for the purposes for which it was collected).
We have the right to refuse to delete or remove your personal data in certain circumstances.
A right to data portability
This is a right to obtain and re-use your personal information for your own purposes;
It includes a right to ask that your personal information is transferred to another organisation (where technically feasible).
This right only applies in certain limited circumstances.
A right to object
This is a right to object to the use of your personal information.
The right applies in certain specific circumstances only.
You can use this right to challenge our use of your personal information based on our legitimate interests;
You can also use this right to object to use of your personal information for direct marketing.
|A right to object to automated decision making||This is a right not to be subject to a decision which is made solely on the basis of automated processing of your personal information where the decision in question will have a legal impact on you or a similarly significant effect.|
A right to restrict processing
This is a right to ‘block’ or suppress processing of your personal information.
This right applies in various circumstances, including where you contest the accuracy of your information.
|A right to withdraw consent||If you have given us your consent to use any of your personal information, you can withdraw your consent at any time.|
If you wish to exercise any of your rights, please contact us.
You can get in touch with us in the following ways:
East Tyndall Street
|Phone number||+44 (0)7580 626362|
If we are unable to deal with a complaint to your satisfaction or if you are unhappy with the way we are using your personal data, you also have the right to make a complaint at any time to the UK’s supervisory authority for data protection issues, the Information Commissioner’s Office.
We may update this privacy notice from time to time. If we make any substantial updates, we will provide you with a new privacy notice. We may also notify you in other ways from time to time about the processing of your personal information.