We respect your data
We won’t collect any personally identifiable information without first acquiring your consent to do so. Where we do wish to collect information, we will be explicit in detailing the way your information will be used so you can decide if you are happy for us to do so. We will never supply any of your details to anyone else to use for any other reason.
Visitors to our website
When someone visits the Plaster website we use a third party service, Squarespace to collect standard internet log information. We do this to find out things such as the number of visitors to various parts of our website. This information is processed in a way which does not identify anyone. We do not make and do not allow Squarespace to make any attempt to find out the identities of the people visiting our website without your consent.
We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way. This data enables us:
- To estimate our audience size and usage pattern.
- To store information about your preferences, and so allow us to customise our site according to your individual interests.
- To speed up your searches.
- To recognise you when you return to our site.
The Plaster website uses a third party service to help maintain the security and performance of our websites. To deliver this service it processes the IP address of visitors to the website. We will only use this information to maintain the security of our own website.
We use Gmail as our email service provider. Gmail supports Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
We keep the details of people who have subscribed to a service on our site as long as they require that service. For example if you subscribe to our email list we will keep your email address to provide you with information that you are interested in. When you unsubscribe we will remove you from this list and no longer contact you.
Access to personal information
Plaster tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information we will: give you a description of it; tell you why we are holding it; tell you who it could be disclosed to; and let you have a copy of the information in an intelligible form within one month.
To make a request for any personal information we may hold you need to put the request in writing to Business Manager, The Tobacco Factory, Raleigh Rd, Bristol, BS3 1TF or email firstname.lastname@example.org
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. When we are presented with an ‘erasure’ request we will evaluate each request individually with GDPR compliance in mind.
GDPR introduces data portability – the right for a data subject to receive the personal data concerning them, which they have previously provided in a ‘commonly use and machine readable format’ and have the right to transmit that data to another controller.
Under the GDPR, breach notification will become mandatory in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals”. This will be done within 72 hours of first having become aware of the breach. Data processors will also be required to notify their customers, the controllers, “without undue delay” after first becoming aware of a data breach.
Any information you provide during the job application process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.