SP Broadway Limited Privacy and Cookies Policy
SP Broadway Limited understands that your privacy is important to you and that you care about the use of your personal data. We respect and value the privacy of individuals whose data we process, including our employees, our clients and the participants in consultations we run; this privacy statement explains what personal data or information we collect from you and from people who visit our website, and how we use it. We would encourage you to read the information below.
Who are we?
SP Broadway is a Limited Company registered in England under company number 08658102. Our registered address is: Radcot Lodge, Radcot, Bampton, Oxfordshire, OX18 2SX. SP Broadway Limited is a registered Data Controller (ICO registration number ZB144472).
What is Personal Data?
“Personal data” is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data means, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
What personal data or information do we collect?
We may collect personal data about: 1) our employees; 2) our clients; 3) our suppliers; 4) individuals participating in consultations we run, for example local residents and local elected representatives; 5) individuals participating in seminar events that we run; 6) subscribers to our newsletter; and 7) job applicants. The personal information we collect may include your name, address, email address, IP address, and information regarding what pages you access on our websites and when.
How do we collect data or information from you?
We collect personal information about you when you:
• Work for our company
• Use our website
• Make an enquiry via our website or via the telephone
• Communicate with us via email
• Engage us to deliver services to you
• Provide your feedback to a consultation on one of our websites or in person
• Attend one of our seminar events online or in person
• Subscribe to our newsletter
• Apply for a role with our organisation
• Exchange business cards with an employee of our company
How is your information used?
We collect your personal data or information to operate our business effectively and to provide a high-quality service. We may use your information:
• To deliver our range of services to you
• To answer enquiries that prospective clients make prior to any instruction
• To answer enquiries from individuals interested in joining our team
• To process an application to work for us
• To fulfil our obligations as a business and employer
• To provide benefits to our employees
• To manage the organisation of our seminar events
• To engage with you and gather your feedback relating to development proposals
• To maintain security of our IT infrastructure
• To share our newsletter with you, if you have subscribed to receive it
• To track financial transactions between our organisation and our clients
• To track financial transactions between our organisation and our suppliers
We believe that all these purposes are justified on the basis of our legitimate interests in running and promoting the business, our contractual requirements to deliver services you have requested or purchased from us, and our legal obligations as a limited company and responsible business. The exception is for sending email marketing, such as our newsletter, which we carry out on the basis of consent. If you would like to know more, please read below for relevant sections of the policy regarding:
• Current and Former Employees
• Clients
• Suppliers
• Individuals providing Feedback during Public Consultations on Development Proposals
• Elected Representatives and other Community Figures
• Seminar Event Attendees
• Newsletter Subscribers
• Job Applicants
• Enquirers
Current and Former Employees
When you work for us, we may hold the following information about you:
• Name, date of birth, address, contact information
• Information relating to your qualifications and experience
• National Insurance Number and Unique Tax Reference Number [URN], for tax purposes
• Information about your work with us, including our communications with you
• Information about your performance and development, which will include quarterly reviews
• Information about grievances or disciplinary processes
• Contract details
• Financial information, such as bank details, salary, pension details
• Emergency contact information, which you provide to us
• Information about annual leave, sickness and absence
• Your photograph, for use on our website
We use the MS Office suite of products to manage our business, and your information will be stored within them. We also use Dropbox for document storage and sharing within the organisation and use Sage to manage our payroll. Both Dropbox and Sage may use servers based in the USA and as such personal data may be transferred outside of the UK and European Economic Area (EEA). Further details about international transfers are available later in the policy.
If you are responsible for a consultation project, we may need to make your mobile phone number available to the public as the point of contact for the duration of the consultation, via a consultation website and / or via written communications with those living or working in the vicinity of a proposed development.
We will retain your personal data for the duration of your employment with us, and for a period of 6 years after the end of your employment. We retain financial information for 6 years after the end of the current financial year, in line with accounting requirements. Pension information is retained for 12 years after the end of benefits payable under the policy.
Clients
We work with a variety of developers, land promoters, landowners and estates, charities and individuals to support them with their community engagement activities regarding development proposals. If you or your organisation engages us to work with you, we may hold the following information about you:
• Name, address and contact information (primarily business contact information, but may on occasion be personal contact information such as a mobile phone number)
• Communications with you, relating to your project
• Invoice and payment information.
We use the MS Office suite of products to manage our business, and your information will be stored within them. We also use Dropbox for document storage and sharing within the organisation and use Quickbooks to manage our client accounts, including expenses. Both Dropbox and Quickbooks use servers based in the USA and as such personal data may be transferred outside of the UK and European Economic Area (EEA). Further details about international transfers are available later in the policy.
We retain information relating to your project for the duration of our relationship with you and then for 1 year after the end of the project. We retain financial information relating to payments for 6 years, after the end of the current financial year as required by financial regulations.
Suppliers
When you work with us as a supplier, we may hold the following information about you:
• Name and business contact information.
• Information relating to your business activities
• Information and documents relating to the services or products you offer, including our communications with you.
• Financial information, such as invoices, payments and bank details.
We use Dropbox and the MS Office Suite of products to manage our business, and your information will be stored within them.
We will retain your information for the duration of our relationship with you and 2 years after the last purchase we made with you, at which point we will review the data to determine whether we will continue to retain it. We retain financial information for 6 years after the end of the current financial year, in line with accounting requirements.
Individuals providing Feedback during Public Consultations on Development Proposals
We give individuals the opportunity to provide their opinions about proposed developments in their local area during the public consultation phase – either online via a feedback form on a consultation website, or on paper via a feedback form provided to the individual at an event organised by SP Broadway Ltd (such as a public exhibition of the proposed development).
We may collect the following information as part of the feedback form:
• Name, address and contact information
• Opinions and feedback about the proposed development
Your opinions and feedback about the proposed development are collated and summarised in a report provided to the client, so that our clients can understand better the potential impacts of proposed developments, both positive and negative, on local communities. Feedback included in the report is always anonymised. If a planning application is ultimately submitted to the local planning authority for the proposed development, the application will likely include a document prepared by SP Broadway Ltd – a ‘Statement of Community Involvement’ – that incorporates a summary of the feedback received during the public consultation period. Again, this feedback is always anonymised.
If we request your name, address and contact information as part of the feedback form, you have the choice whether or not to provide these to us (either in person or online). If you do provide them, we will only use them to contact you to answer queries you raise via the form, or to contact you to explore your responses in more detail. In addition, it is helpful for us to understand where you live in relation to the proposed development, as it gives additional context to the feedback you’ve provided. We don’t routinely share your personal data with third parties; we will only share your details with the client in circumstances where it is necessary; for example, either you or they wish to explore the points you made in more depth directly. We will never use your information for marketing purposes.
You may receive a letter or leaflet about proposed developments to your residence or business in the post. We engage a mailing house to send information to all residential and commercial addresses within a radius of the proposed development. We send this on the basis of the proximity of the address to the proposed development, with the intention of making you aware of the plans and your opportunity to engage in the public consultation process. We have no details about your name or other ways to contact you prior to you engaging with us directly and giving us this information.
We use the MS Office suite of products to manage our business, and your information will be stored within them. We also use Dropbox for document storage and sharing within the organisation; their servers are based in the USA and as such personal data may be transferred outside of the UK and European Economic Area (EEA). Further details about international transfers are available later in the policy.
We store your information for the duration of the consultation period and our ongoing project with our client. Once the project is complete, we review the personal data held and delete your information when it is no longer required, up to one year after the project ends.
Elected Representatives & Other Community Figures
As part of our preparation for a consultation on development proposals for our clients, we will note the details of the area’s elected representatives – from local parish councillors to the Member of Parliament – and, if relevant, other community figures (the Headteacher of a local school, for example). We source this from publicly available data. It is used to engage with you directly on the developments proposed, and to invite you to relevant events, including meetings with the client and public consultation events. We will record the following information:
• Name, address and contact information
• Information relating to your position in the community
• Communications with you relating to our client’s project
If a planning application is ultimately submitted to the local planning authority for the proposed development, the application will likely include a document prepared by SP Broadway Ltd, a ‘Statement of Community Involvement’. The ‘Statement of Community Involvement’ will include references to contact made by SP Broadway Ltd with elected representatives or other community figures during the consultation on the development proposals. These references will identify the elected representative or community figure by name, on the basis that this data is already in the public domain.
We use the MS Office suite of products to manage our business, and your information will be stored within them. We also use Dropbox for document storage and sharing within the organisation; their servers are based in the USA and as such personal data may be transferred outside of the UK and European Economic Area (EEA). Further details about international transfers are available later in the policy.
We will retain your personal data for the duration of consultation period, at which point we review whether or not there are likely to be further imminent projects in your local area for which we may need to retain your information, up to one year after the project ends.
Seminar Event Attendees
This applies to anyone attending one of our seminar events in person or online. When you attend one of our events, we will hold the following information about you:
• Name and contact information: email address, telephone number
• Information relating to the event organisation, such as your dietary requirements (if the event is held in person)
• Communications with you relating to the event you’re attending
• Your photograph or image (via recordings)
• Invoice and payment information
We use Zoom to host our online seminar events and Eventbrite to manage bookings and payment for our in-person seminar events; their servers are based in the USA, which means your data is transferred outside of the UK and European Economic Area (EEA). Further information about international transfers is available later in the policy. We use Dropbox and the MS Office suite of products to store and edit documents relating to our events and email communications with participants. Access to this information is restricted to SP Broadway employees, as required for their role in managing and hosting the event. We may need to share relevant information about you (e.g. dietary requirements) with the venue hosting the seminar event in order to ensure it runs smoothly and meets your needs.
We will retain information about your attendance at our event for the duration of our relationship with you, and may use your contact information to notify you of future seminar events. You always have the opportunity to opt-out from further communications of this nature. We will retain financial records for 6 years, following the end of the current financial year as required by law.
Newsletter Subscribers
As a subscriber to our weekly newsletter, you will have signed up to receive it through our website. We may hold the following information about you:
• Name and contact information (email address)
We use Mailchimp to manage the distribution of the newsletter; their servers are based in the USA, which means your data is transferred outside of the UK and European Economic Area (EEA). We will continue to send you the newsletter until you unsubscribe. If you do unsubscribe, we will retain minimal personal data about you (name and email) within Mailchimp to manage our suppression list. The suppression list allows us to check we are not marketing to people who have opted-out or withdrawn consent.
Job Applicants
When you apply for a job with us, we may hold the following information about you:
• Name, address and contact information
• Information relating to your qualifications and experience
• References where we take them up
• Information and documents relating to the review, interview and selection process, including communications with you.
We use the MS Office suite of products to manage our business, and your information will be stored within them. We may also store paper records relating to the interview process. We also use Dropbox for document storage and sharing within the organisation. Dropbox uses servers based in the USA and as such personal data may be transferred outside of the UK and European Economic Area (EEA). Further details about international transfers are available later in the policy.
Where we have engaged a recruitment agency to support us in finding candidates, we will share feedback about your performance in the interview process with them. We will retain your personal data relating to the review, interview and selection process for 6 months after the interview date.
Enquirers
When you make an enquiry to one of the team about our events or services, we may hold the following information about you:
• Name and contact information
• Information you provide within your initial enquiry
• Communications with you relating to your enquiry, prior to any booking you make or services you request.
We use Dropbox and the MS Office Suite of products to manage our communications with prospective clients and other individuals interested in the projects we’re responsible for delivering.
Who has access to your information?
We limit access to your personal data to our employees who have a legitimate need to know and to third-party service providers (see below), who provide a service to us within the scope of our business operations. We ensure that they are aware of their duty of confidentiality.
We do not sell or rent your personal data or information to any third party or share your information with third parties for their marketing purposes.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
We may pass information about you to other parties as required to provide requested services to you. For example, we will need to provide information to the venue where we host our seminar events to manage your attendance and dietary requirements. Alternatively, we may on occasion pass an individual’s details to our client, where a direct discussion between the two parties will be beneficial to our client’s understanding of the feedback provided by the individual regarding a development proposal. We will always be involved in arranging that discussion.
We may pass your information on to third-party service providers for the purposes of completing a task or providing services to you on our behalf. The majority of these service providers are software providers whose systems we use to enable us to store information and communicate with you. However, we disclose only the personal information necessary to deliver that service and have a contract in place that requires them to keep your information secure and not to use it for other purposes. The purposes for which they can access your data are limited in scope and they cannot use your data for their own purposes.
We currently use third-party service providers in the following areas of our business:
Service Provider | Activity Carried Out | Sector | Location |
Managed IT Service Provider
(data processor) |
IT Support and Communications | Information Technology | UK |
Accounting Software
(data processor) |
Provision of accounting software | Information Technology (software) | USA |
Event and Marketing Automation Tools
(data processor) |
Provision of marketing automation tools used to communicate with customers and prospective clients. | Information Technology | USA |
Mailing House
(data processor) |
Leaflet drop to all residents (address only) in local area | Communication | UK |
Marketing Tools
(data processor) |
Management of Newsletter distribution | Information Technology | USA |
Document Storage and Sharing Software
(data processor) |
Document management | Information Technology | USA/EEA |
Website Design & Hosting | Website hosting, design and support | Information Technology | UK & EEA |
Webinar Software
(data processor) |
Webinar hosting platform | Information Technology | USA |
If any of your personal data are shared with a third party, as described above, we will take steps to ensure that your personal data are handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above.
Transfers outside of the UK and European Economic Area
We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA” consists of all EU member states, plus Norway, Iceland, and Liechtenstein). These are known as “third countries” and may not have data protection laws that are as strong as those in the UK and/or the EEA. This means that we will take additional steps in order to ensure that your personal data are treated just as safely and securely as they would be within the UK and under our Data Protection Legislation as follows:
• We share your data with external third parties, as detailed throughout and in the table above, that are based outside of the UK & EEA. The following safeguards are applied to such transfers:
- We will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission. More information is available from the European Commission.
- We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts require the same levels of personal data protection that would apply under the Data Protection Legislation. More information is available from the European Commission.
- Where we transfer your data to a third party based in the US additional steps have been taken to ensure your personal data will be treated as securely and safely as it would be in the UK and under the GDPR. We have signed Data Processing Agreements with our data processors based on model contract clauses provided by the European Commission (also known as ‘standard contract clauses’), which impose suitable data protection standards on a contractual basis.
Please contact us using the contact details provided below for further information about the particular data protection mechanisms used when transferring your personal data to a third country.
What are my rights?
Under Data Protection Legislation, you have the following rights, which we will always work to uphold:
• The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the contact details provided at the end of this policy.
• The right to access the personal data we hold about you. The section “How Can I Access My Personal Data?” will tell you how to do this.
• The right to have your personal data rectified if any of your personal data held by us are inaccurate or incomplete. Please contact us using the contact details provided at the end of this policy.
• The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold, in certain circumstances. Please contact us using the contact details provided at the end of this policy to find out more.
• The right to restrict (i.e. prevent) the processing of your personal data.
• The right to object to us using your personal data for a particular purpose or purposes.
• The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
• The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data are processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
• Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact using the contact details provided at the end of this policy.
It is important that your personal data are kept accurate and up-to-date. If any of the personal data we hold about you change, please keep us informed for as long as we have those data. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first using the contact details provided at the end of this policy.
How can I update my information?
The accuracy of your information is important to us. If you change your contact details or if you want to update any of the information we hold on you, you can email us at office@spbroadway.com or by post at Radcot Lodge, Radcot, Bampton, Oxfordshire, OX18 2SX.
How can I access my Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests can be made in writing, either via email or via the postal addresses shown below, or verbally, either in person or on the phone.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data, within that time. In some cases, however, particularly if your request is more complex, more time may be required, up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
You also have the right to lodge a complaint about our processing of your personal data with the UK’s Information Commissioner’s Office.
Keeping your data secure
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
• Limiting access to your personal data to those employees and third-party processors with a legitimate need to know and ensuring that they are subject to duties of confidentiality.
• Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.
• Adhering to our policies and processes including, physical security, back-up, encryption, access control and password protocols.
Contacting us via email
We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government standards. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Cookie Information for Visitors to our Websites
What are Cookies?
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
How do we use Cookies?
Cookies provide information about individuals’ usage of the website, which may identify you as the same individual even if we do not know your name, we can identify location, IP address and device information. As such, we make sure you have a choice about the cookies that are placed on your device for our statistical purposes by Google Analytics, which help us to understand more about the ways in which people use our website. We would appreciate it if you opt-in to accept these cookies when the website asks you, as it will help us to improve it over time.
We use cookies on our main website (www.spbroadway.com) and some of our consultation websites. When non-essential cookies such as Google Analytics are in use on one of our websites, you will always be asked whether or not you consent for the cookies to be placed on your device via the cookie consent tool. If you don’t see a cookie consent banner on your first visit to the site, no non-essential cookies are being placed as you use it.
What Cookies do we use?
We use first-party cookies (Cookies set by SP Broadway) and third-party cookies (cookies set by other providers, e.g. analytics providers such as Google). Details of the cookies in use are available below:
Cookie | Name | Purpose | More information |
Necessary Cookies: Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. No consent is required for Necessary cookies. |
|||
PHPSESSID | Session ID | A session ID allocated by the webserver, which preserves user session state across page requests. | |
Non-essential cookies: Non-essential cookies have a range of functions, from allowing the website owner to understand how users are moving around and using their website (Statistical) to third-party cookies which look to build a profile of individuals that can inform their online marketing decisions (Marketing). Non-essential cookies require a user to ‘opt-in’ to accept the cookie onto their device. |
|||
_ga
_gid |
Google Analytics
(Statistical) |
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.
The cookies collect information, including IP address, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. |
Click here for an overview of privacy at Google. |
_gat_gtag_UA* | Google Analytics
(Marketing / Tracking) |
These cookies are used to enable us to store and track conversions for specific goals we’ve set. | Click here for an overview of privacy at Google.
|
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
Links to other websites
Our website may contain links to other websites run by other organisations. This privacy policy applies only to our websites‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to one of our websites from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.
How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details for the attention of:
Data Protection Lead: David McFarlane
Email address: david@spbroadway.com
Postal address: SP Broadway Ltd, Radcot Lodge, Radcot, Bampton, Oxfordshire, OX18 2SX
Changes to this privacy notice
We keep our privacy notice under regular review. This notice was last updated on 12 August 2021.