This privacy policy explains how we collect and process your personal data through your use of this platform in a way that meets our transparency duties.
We look after your privacy and are committed to protecting your personal data.
Here are our promises to you:
- To collect personal information from you, only when it enhances your experience of our platform.
- To request and record your consent for the collection of personal information.
- To never sell your personal information to third parties.
- To explain why we ask for personal information when we request it (unless it is obvious).
- To protect your data and store it securely.
- To respect your wishes and rights in relation to the storage of your data.
- To send emails that are relevant only to your use of the website.
- To never send you marketing-related emails without your express consent.
Made Open and Carmarthenshire County Council have entered into an agreement where made open allows access to and use of their software and services by their Authorised and End Users.
Both parties agree that Carmarthenshire County Council owns all rights in relation to user-generated content and data, and Made Open owns the intellectual property rights in relation to their software, services and documentation.
As a result, both parties recognise that if Made Open processes any personal data on behalf of Carmarthenshire County Council in fulfilling its obligations under their agreement, for the purposes of data protection legislation, the data controller is Carmarthenshire County Council and the data processor is Made Open.
Carmarthenshire County Council's main address is:
3 Spilman Street,
Carmarthen,
SA31 1LE
The Made Open office address is:
Unit FF26
Health and Wellbeing Innovation Centre
Truro
Cornwall
TR1 3FF
Made Open is a limited company registered in England and Wales (our registration number is 4309700). We are also registered with the Information Commissioner's Office for data protection purposes (our registration number is Z2818556).
You can contact them by emailing hello@madeopen.co.uk.
All data captured through our platform is stored securely with our internet hosting provider Cloud Above Ltd, and their address is:
Uned 1,
1 King Mark House,
Tregunnel Hill,
Newquay,
Cernyw,
Lloegr,
TR7 1GF.
All the personal data we collect is outlined in the table below:
| Data type | What this means |
| Identity data |
|
|
Contact data |
|
| Location data | Your neighbourhood (optional) |
| Financial data | Nothing |
| Marketing data | Nothing |
| Activity data |
Date:
General interactions:
Time bank interactions:
|
| Exchange data |
Additional data needed to join the time bank:
|
| Technical data |
|
Aggregate data
We also collect, use and share "aggregate data" as statistical or demographic data for any purpose. Aggregate data may be derived from your personal data but will not constitute personal data for the purposes of the UPN as this data does not directly or indirectly reveal your identity.
We will treat any data that may identify you directly or indirectly as personal data that will be used in accordance with this Privacy Policy.
There are no special categories of personal dataWe do not collect any "special categories of personal data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinion, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions or offences.
We will only use your personal data for the purposes we collected as listed below, unless we reasonably believe that we need to use it for another reason and that reason is compatible with the original purpose.
If we need to use your personal data for a contactless purpose, we will update this Privacy Policy and will explain the legal basis that enables us to do so.
What is our "legal basis" for processing your personal data?The General Data Protection Regulation (NDDC) requires us to ensure that we have a legal basis for using your personal data. In most cases, we will rely on one of the following legal bases:
- Where we need to perform a contract we are about to enter into or have entered into ("Contractual Obligation").
- Where necessary for our legitimate interests and yours ("Legitimate Interests"). Further details of the specific legitimate interests for which we use your personal data can be found in the table below.
- Where we need to comply with a legal or regulatory obligation ("Compliance with the Law").
- Where we receive your explicit consent to carry out the processing for the purpose in question ("Consent").
We generally do not rely on your consent as a legal basis for using your personal data (except in the context of direct marketing communications).
We have set out below, in tabular form, the legal bases on which we rely in respect of the relevant purposes for which we use your personal data:
| Your messages |
Activity data |
To let you message other members. Ensure that any inappropriate messages are recorded for safeguarding and legal purposes. |
Legitimate interest / compliance with the law |
| Your contacts |
Activity data |
To let you manage your contacts. | Legitimate benefit |
| Join the exchange | Data hunaniaeth | To help the platform administrator decide if you are eligible to join the exchange. | Legitimate benefit |
| Management of members |
Identity / contact / activity data |
To keep our platform and services operational, safe and secure. To understand and monitor user behaviour. To make judgements on what we think you might want or need, or what might be of interest to you. |
Contractual necessity / legitimate interest |
|
Communicate |
Contact data |
To be able to provide technical assistance. To keep up to date with your activity on the website. To be able to share important updates to privacy policies, terms and conditions. To be able to share important information about changes to the website and updates. To be able to promote activities you may be interested in. |
Contractual necessity / legitimate interest |
Your information will be used for the purposes described. Third parties will only receive personal information about you when you have given your consent or in protecting our legitimate business interest. Scenarios where we may disclose your personal information may include:
- Sharing it with our employees to improve the platform user experience.
- When requested to do so by law.
- If we sell our business or the assets of our business.
- To establish, exercise or defend our legal rights.
- To protect the rights, property or security of Made Open, our clients, or others.
Except as described, we will not provide or sell your personal information to third parties.
The table below describes who we share your personal data with (including ourselves), what we share and why we share it. We do not and will not pass on your personal data to any parties based outside the European Economic Area.
| Who we share data with | What we share | Why we share it |
| Made Open Communications Ltd |
All data |
As a supplier of this software, Made Open processes data on behalf of their customers. |
|
Carmarthenshire County Council and their authorised users. Partners CAVO PAVS West Wales Care Partnership Pembrokeshire County Council Ceredigion Council Hywel Dda University Health Board Public Health Wales |
All data |
As the customer, Carmarthenshire County Council is the data controller. |
| Cloud Above Ltd | Technical data |
All data collected through our software service is stored securely with our internet hosting provider Cloud Above Ltd. |
| Mailgun |
Email address Username / Full name |
To process relevant system notifications. (For example "You have a request for a new connection.") |
| Mailchimp |
Email address Username / Full name |
To send website updates and relevant information. For example: "We have updated our terms and conditions" |
| Google Analytics |
IP Address Language settings |
To process data using the website to help us improve the user experience. For example: "20% of users leave the site after page X" Please note: This data is anonymised, we cannot view the data of the individual IP address. |
We respect people's data and make sure your personal data is stored securely. We store all your personal information on our secure UK servers:
- Which uses a strong security password system.
- Which receives regular security and system updates.
- Which includes an industry standard Protection Wall policy.
- Which uses authentication.
- Which applies consumer audits.
We have industry-recognized security measures to prevent our platform from being hacked including: masking and curing passwords, SQL injection projection techniques applicable to all data input forms, regular updates and security reviews.
Transferring information via the internet is not entirely secure. Whilst we will do our best to protect your personal data, we cannot guarantee the security of your data transferred to the site. Any transfer is at your own risk.
You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in). We ask that you do not share your password with anyone.
We will only keep your personal data until any of the following occurs (or unless a longer retention period is required by law):
- You decide to delete your account.
- You wish to act on your right to be forgotten.
- The website is being terminated.
In accordance with the law, you have the following rights:
- The right to request access to your personal data This enables you to obtain a copy of the personal data we hold about you and to ensure that we process it lawfully.
- The right to request a correction of the personal data we hold about you. This allows you to correct any incomplete or inaccurate information we hold about you.
- The right to request that your personal data has been erased. This allows you to ask us to delete or dispose of personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or dispose of your personal data where you have exercised your right to object to processing (see below).
- The right to object to the processing of your personal data. This right exists where we rely on legitimate interest as the legal basis for processing us and there is something about your particular situation, which makes you want to object to processing on this basis.
- Request that the processing of your personal data be restricted. This allows you to ask us to stop processing personal data about you; for example, if you want us to check its accuracy or the reason for processing it.
- Request the transfer of your personal data. We will provide you, or a third party you have chosen, with your personal data in a format that is structured, commonly used, machine readable. This right applies to automated information that you consented to us using at the outset or where we used the information to perform a contract with you.
- Withdrawal of consent. This right exists only when we rely on consent to process your personal data ("Withdrawal of consent"). If you withdraw your consent, we may not be able to give you access to the specific functions of our platform. We will advise you if this happens at the time you withdraw your consent.
Our policy on children
This platform is not intended for children under the age of 16 and we do not knowingly collect data relating to such children.
Personal data from third parties
This platform does not currently collect any personal data from third parties. For members joining our exchange, our servers can check you from third-party sources. This will only be done with your consent, using the references you have provided. This is to protect your legitimate interests – allowing you to make exchanges freely after authorisation, and allowing our administrators to provide an additional safeguarding check for the benefit of all our members.
This platform may also include links to third party websites, plug-ins and programmes. Clicking on or enabling those links may allow third parties to collect or share your personal data. We do not control these third party websites and are not responsible for their privacy statements. When you leave our platform, we encourage you to read the privacy policy of each site you visit.
What happens if we need more personal data?
Where we need to process your personal data either to comply with the law, or to meet the terms and conditions of use you have, and you fail to provide that data when asked, we may have to prevent you from using our platform. We will let you know at the time if this is the case.
Marketing options
This platform does not, and will not, send out any marketing messages from a third party. You can ask us to stop sending you marketing messages at any time by logging into the platform and ticking or unchecking relevant boxes to modify your marketing preferences and/or by following the opt-out links on any marketing messages sent to you.
If you choose not to receive these marketing messages, this will not apply to personal data provided to us as a result of using our platform.
If you wish to exercise any of the rights described above, please contact us by e-mail to hello@madeopen.co.uk or call us on +44 (0)1872 862547.
You will not normally have to pay a fee to access your personal data (or to exercise any of the other rights). However, except in relation to the withdrawal of consent, we may charge a reasonable fee if your application is manifestly unfounded, repetitive or excessive, or we may refuse to comply with your request in these circumstances.
We may need to ask for specific information from you to help us confirm your identity and secure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person to which they are not entitled. We may also contact you to request further information in relation to your request in order to speed up our response.
We try to respond to all valid requests within one month. From time to time, it can take more than a month if your application is particularly complex or you have made a number of applications. In this case, we will let you know and update you.
If you would like to make a complaint about this Privacy Policy or our practices in relation to your personal data, please contact us by email: hello@madeopen.co.uk.
We will respond to your complaint as soon as we can.
If you feel that your complaint has not been adequately resolved, please note that the UPN gives you the right to contact your local data protection supervisory authority, the UK Office of the Information Commissioner.