Community Buying as CAS

Community Buying at CAS, part of Business Services at CAS Ltd

Privacy Policy

Introduction

For the purpose of this privacy policy, Community Buying at CAS is part of Business Services at CAS Ltd, Registered Company No 03332778. A company limited by guarantee and registered 08316345 residing at Brightspace, 160 Hadleigh Road, Ipswich, Suffolk, IP2 0HH, 01473 345400, info@communityactionsuffolk.org.uk 

Business Services at CAS Ltd is a part of Community Action Suffolk Registered Charity No 1150501. A company limited by guarantee and registered 08316345 also residing at the above address.

Community Action Suffolk’s other subsidiary companies include DBS At CAS Ltd (02919237) and IT Services At CAS Ltd (04281770), also residing at Brightspace, 160 Hadleigh Road, Ipswich, Suffolk, IP2 0HH.

The Privacy Policy

This privacy policy sets out how Community Action Suffolk and all it’s subsidiary companies listed above uses and protects any information that you give Community Action Suffolk when you use this website.

Community Action Suffolk is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Community Action Suffolk may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/05/2018.

“We” is defined as Community Action Suffolk and Business Services at CAS Ltd throughout this policy.

“The Service” is defined as the means of providing you an Oil Buying service.

  1. Data We Collect

Registration/Orders

On registration to become a member of Community Oil Buying,  we will collect various information to allow us to setup your membership. This data includes all your contact information such as name, address, telephone number, email address etc plus some logistical information about your property so that we can deliver the service to you. We may also collect payment information from you to process in order to provide you the service.

Service Use

We log usage data when you visit our website via Google Analytics. We use log in’s, cookies, device information and Internet Protocol (IP) addresses to log your use.

Cookies

As further described in our Cookie Policy, we use cookies to recognise you and/or your device(s) on, off and across different Services and devices. We also allow some others to use cookies as described in our Cookie Policy. You can control cookies through your browser settings and other tools.

Device and Location

When you visit or leave our Services (including our plugins or cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to next. We also get information about your IP address, proxy server, operating system, web browser and add-ons, device identifier and features, and/or ISP or your mobile carrier.

  1. How We Use Your Data

Communications

We may contact you via email, telephone and post, we will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use the Services, network updates, reminders, and promotional messages from us and our partners. You may change your communication preferences at any time by contacting us or by visiting one of our emails and using the unsubscribe function at any time.  Please be aware that you cannot opt-out of receiving service messages from us.

Advertising

We may contact you via email or telephone with information pertaining to services offered by ourselves or our Partners.

Support

We use the data (which can include your communications) to investigate, respond to and resolve complaints and Service issues (e.g., bugs).

Security

We use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of our User Agreement or this Privacy Policy and/or attempts to harm our Members or Visitors.

Service Development

We use data collected from Google Analytics for the further development of our Services in order to provide you and others with a better, more intuitive and personalised experience, drive membership growth and engagement of our Services.

  1. How We Share Information

Third Parties

We do not disclose your data or information to any third parties, other than the suppliers who we work with to provide you the services you are requesting access to. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

Related Services

We will share your information with other employees within Community Action Suffolk to process any payment information, develop the service and to provide the service on a day to day basis. We may also share it within Community Action Suffolk’s subsidiary companies (as detailed at the top of this policy) for marketing purposes.

Service Providers

We use others to help us provide our services – namely the company who we have chosen to host this website and also suppliers that enable us to provide the products you have signed up tp. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

Legal Disclosures

It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you, (3) investigate and defend ourselves against any third-party claims or allegations, (4) protect the security or integrity of our Service (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of Community Action Suffolk/Community Action Suffolk, our Members, personnel, or others. We attempt to notify Members about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

Change in Control or Sale

We can also share your personal data as part of a sale, merger or change in control, or in preparation for any of these events. Any other entity which buys us or part of our business will have the right to continue to use your data, but only in the manner set out in this Privacy Policy unless you agree otherwise.

  1. Rights to Access and Control Your Data

Data Retention

We retain your personal data while your account is in existence or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. We will continue to retain your data for future marketing purposes unless you tell us otherwise by unsubscribing from our mailing list or asking for your data to be removed. The retention period for your data, after cancellation of service or registration is for a period of 5 years, after which date, all data will be removed.

Rights to Access and Control Your Personal Data

For personal data that we have about you:

Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).

Change or Correct Data: You can ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.

Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).

Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

If you want to remove yourself from our mailing list which will stop ALL communications from Community Action Suffolk then from one of our emails, simply click on the “Unsubscribe” link at the bottom and follow any on screen instructions. Alternatively you can also contact us via email at info@communityactionsuffolk.org.uk or by telephone on 01473 345400 and we will process your request for changes, deletions or requests of data within 1 calendar month.

Account Closure

If you choose to close your Community Action Suffolk account, you will be automatically removed from our mailing list and all of your services associated with your account will end when your subscription period (that you have paid for) has ended.

We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce our User Agreement, or fulfill your request to “unsubscribe” from further messages from us.

  1. How we protect your data

We implement security safeguards designed to protect your data, such as HTTPS on our websites, hardware and software firewalls, username and password based permission systems as well as a variety of physical security methods on buildings that host your data. We regularly monitor our systems for possible vulnerabilities and attacks. More information on specific measures enforced can be seen below.

Physical Security

All Community Action Suffolk IT Services are provided in a locked, secured and alarmed building which is monitored by an external security company outside office hours. Servers hosted in the building are also stored in an airconditioned, locked room within the building to provide additional protection.

Software Security

Community Action Suffolk has a hardware firewall over it’s router to protect users within the building against online threats. All computers within the Community Action Suffolk network are protected with  business class Internet Security Software.

Any sensitive client data that Community Action Suffolk stores i.e. login passwords to systems are stored in password and credential based systems which only the IT team has access to.

Wifi Security

Community Action Suffolk enforces WPA2 password security methods to protect it’s wireless networks against threats.

Website Security

This website and all websites owned by Community Action Suffolk are protected with a “SSL” encrypted certificate.

However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.