We believe that privacy and data protection are human rights, and understand the importance of collecting, using and storing it safely and responsibly.
We do not collect or store data about you unless absolutely necessary and with your permission, and we promise to never sell or distribute your personal information to other organisations or parties.
This document aims to provide clear guidance on any data we collect and hold about you, how we use it and how you can tell us to use it differently (including removing it from our systems).
2.0 WHAT WE COLLECT ABOUT YOU AND WHY
Site usage information
Like most websites, we use Google Analytics to help monitor and improve our website usage and performance. This third-party service tracks how you use our website such as recording what pages you visit, how long you read them and tells us what type of computer/browser you are using. None of the data identifies you personally to us.
Google Analytics operates using cookies (see more detail) and if you disable cookies on your internet browser it will stop the service tracking any part of your visit.
Mailing list sign-up
We also operate an email-based mailing list using the popular third party MailChimp service which we use for promotional and marketing purposes such as event invitations or sharing news and recent work.
When signing up to our list we ask for your name, email address and who you work for (optional). We also ask you explicitly at that time if you are happy for us to contact you via email to ensure you are happy with the arrangement. When you sign up you are also asked to confirm the accuracy of your email address via a ‘double opt-in’ email.
Any email we send includes a clear ‘unsubscribe’ link which allows you to remove yourself from the list if you decide you do not want to hear from us.
3.0 THIRD PARTY DATA PROCESSORS
We have selected a small number of third party services to help process our data such as sending out our newsletter. Although outside the European Economic Area, all are compliant with the EU-US Privacy Shield and provide their services in line with the European General Data Protection Regulation (GDPR). Further information about these organisations privacy policies can be found below:
4.0 SECURITY AND DATA BREACH
We take security of data very seriously. Our website and third-party service partners all utilise Secure Socket Layer (SSL) certificates to provide trusted encrypted connections between your browser and our sever. Data is held in secure databases behind robust, complex passwords.
Should we detect any breach of security that leads to the loss of personally identifiable data we will inform the relevant individuals and authorities within 72 hours.
5.0 CONTACT US
If you have any questions about this policy, your data or wish to be removed from our systems please contact our Data Protection Officer:
Dr Peter Hawkins
Director, Windmills Foundation
The data controller is Windmills.
6.0 CHANGES TO THIS POLICY
This policy may be updated from time to time to cover changes in legislation or company (or industry) developments. We recommend checking this page regularly for amendments.
Document last updated: October 2021