- Important information and who we are
- The types of data we collect
- How we collect your data
- Personal data use
- Disclosures of your personal data, including international transfers
- Data security
- Data retention
- Your rights
1. IMPORTANT INFORMATION AND WHO WE ARE
If you remain dissatisfied you may raise any issue directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- THE TYPES OF DATA WE COLLECT
Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The types of personal data we may collect, use, store, transfer and otherwise process may include: ‘identity data’ such as names, marital status, date of birth and gender; ‘contact data’ including address, e-mail address and telephone numbers; ‘technical data’ such as your IP address, browser type and location information; and ‘profile data’, which includes your username and password.
We do not collect any Special Categories of Personal Data about you. This includes, for example, information relating to race or ethnic origin, religious or philosophical beliefs, and information about your health.
- HOW WE COLLECT YOUR DATA
We may use different methods to collect data from and about you. These are set out below.
- Direct interactions – we may collect contact and identity data from you, for example when you register as a user on our website and when you subscribe to our mailing lists for information, invitations and updates. More generally, we may also obtain personal data when you correspond with or visit us at NQ Minerals Plc or at events.
- PERSONAL DATA USE
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“legitimate interests” means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience).
- Where we need to comply with a legal obligation that we are subject to.
In accordance with the GDPR, we have identified below the ways we plan to use your personal data and which of the lawful bases we rely on to do so, and we have identified what our legitimate interests are where appropriate (note that we may process your personal data for more than one lawful ground depending on the circumstances). If you need details about the specific legal ground we are relying on to process your personal data, please contact us.
- We may process personal data in connection with the effective management and running of NQ Minerals Plc. This may include, but is not limited to: engaging suppliers; facilitating events; circulating company news updates and correspondence; ensuring the security of our systems and premises; for auditing, reporting and insurance purposes; for generating statistics (including measuring performance and website usage).
- In this context we process your personal data on the basis that it is in our legitimate interests (or those of a third party) to do so for the effective management of NQ Minerals Plc, and we are satisfied that your interests and fundamental rights do not override those interests).
- We may process personal data for tax and accounting purposes and fulfilling our statutory obligations. In these circumstances we are processing personal data in order to comply with our legal obligations.
- Generally we do not rely on consent as a legal basis for processing your personal data, although we will obtain your consent before telling you about our upcoming events and news directly related to NQ Minerals Plc. This may include receiving such further information by telephone, or email as approved by you at the time you gave us your consent. However, these decisions may be reversed at any time by opting-out of such communications or by emailing us at [email protected], and we will process your request as soon as possible.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- DISCLOSURES OF YOUR PERSONAL DATA, INCLUDING INTERNATIONAL TRANSFERS
We may share your personal data with the parties (and for the purposes) set out below.
- Companies and individuals who perform functions on our behalf which involve processing personal data. Examples include banking services, data analysis firms, customer support specialists, webhosting companies and IT services providers. Such third parties will only process personal data in accordance with our instructions.
- Regulators and other authorities when this is necessary for us to comply with any applicable law, regulation or governmental request.
- Other companies within our group.
We will always require all relevant third parties to respect the security of your personal data and treat it in accordance with the law. Such third parties may not use such personal data for any other purpose.
Such third parties may be located in countries both inside and outside the European Economic Area (“EEA”). Whenever we transfer personal data outside the EEA we ensure a similar degree of protection is afforded to it by ensuring that adequate safeguards are in place, for example: by virtue of the fact that the country has been deemed by the European Commission to provide an adequate level of protection; by using specific contracts approved by the European Commission; or (for third parties based in the US) by transferring data pursuant to the Privacy Shield framework
- DATA SECURITY
We implement appropriate security measures to protect the security of your personal data, and to prevent it being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- DATA RETENTION
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements
- YOUR RIGHTS
The GDPR provides individuals with certain rights in relation to their personal data. These are summarised below.
- Right of access – you can request a copy of the personal data we hold about you and check that we are processing it lawfully.
- Right to rectification – you can ask us to correct any inaccurate data we hold about you.
- Right to erasure – you can request that we delete personal data where there is no good reason for us continuing to process it (if specific legal reasons prevent us from complying with this request, we will notify you of this).
- Right to object – you can object to the processing of your personal data where we rely on a legitimate interest (or those of a third party) and you feel this impacts on your fundamental rights and freedoms. You can also object where we process your personal data for direct marketing purposes.
- Right to restriction of processing – you can ask us to suspend the processing of your personal data in certain situations – e.g. if you want us to establish the accuracy of the data, or if you have objected to our use of your data but we need to verify if we have overriding legitimate interests to use it.
- Right to data portability – you can ask us to transfer certain personal data to you or a third party in a structured, commonly used, machine-readable format.
- Withdrawal of consent – as mentioned in section 4 above, where we rely on consent to process your personal data, you can withdraw this at any time (this will not affect the lawfulness of any processing carried out before you withdraw your consent).
You can exercise any of these rights by contacting us at any time at [email protected]. Please contact us at [email protected] if you wish to withdraw your consent or unsubscribe from emails we send you.
Fees and time limits
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, if your request is unfounded, repetitive or excessive we may charge a reasonable fee or refuse to comply with your request. We try to respond to all legitimate requests within one month, though this may take longer if your request is complex or you have made a number of requests – we will notify you if this is the case.
When you exercise any of your rights we may need to request specific information from you to verify your identity and/or to help speed up our response.
It is important that the personal data we hold about you is accurate and current. We will take reasonable steps to create an accurate record of any personal data submitted through the website or otherwise processed by us. However, please keep us informed if your personal data changes during your relationship with us. We do not assume responsibility for confirming the ongoing accuracy of your personal data.