MCRactive is committed to ensuring that personal information is held fairly, lawfully and securely in accordance with privacy laws. Please read the following carefully to understand our views and practices regarding your personal information and how we treat it. We may change this Privacy Notice from time to time, so please ensure that you check this page regularly.
How We Use Your Information
This Privacy Notice tell you what to expect when we, MCRactive, collect personal information. It applies to information we collect about:
- Users of our websites;
- People who register for an on-line account;
- People who register for and use our services (including registering for our newsletter);
- People who contact us with a comment, enquiry or complaint;
- People who are recorded on CCTV operated by us; and
- Job applicants and our current and former employees.
What is Personal Information?
Personal information (sometimes referred to as personal data) is any information that enables MCRactive to identify a living individual from that information, either directly or indirectly. For example, basic details such as your:
- Telephone number
- Date of birth
- Visual images
- Information held about you in files.
Some information is classed as ‘special category information’ and needs more protection because it is more sensitive. It is often information that you would not want widely known and is very personal to you. This is likely to including anything that can reveal your:
- Sexuality or sexual health
- Religious or philosophical beliefs
- Physical or mental health
- Trade union membership
- Political opinion
- Genetic/biometric data
- Criminal history
How will we use personal information about you?
MCRactive is known as a Data Controller for any personal information which we have collected, for example, from online or paper correspondence or forms, by telephone, email or in person. This means that we collect the information and decide how it should be used. As we are collecting it in relation to Manchester City Council owned facilities, Manchester City Council are also a joint Data Controller of this information. For details on how Manchester City Council use personal information, please click here http://www.manchester.gov.uk/cookies
We use some personal information to provide and manage services effectively. We do not share personal information unless it is necessary, lawful and appropriate to do so in the circumstances. Where we can, we’ll only collect and use personal information if we need to deliver a service or meet a requirement.
We will always try and tell you how and why the information will be used. For some of our services, we need to collect personal information so that we can get in touch with you, or provide the service.
We may need to use personal information about you to:
- Provide services to you, such as access to sports facilities;
- Promote the services we provide;
- Carry out money transactions, including payments and refunds for services;
- Check the quality of our services and to help with research and planning new services, such as by consulting, informing and gauging your opinion;
- Train, support and manage our staff;
- Help investigate any worries or complaints you have about our services;
- Prevent crime and prosecute offenders, including via the use of CCTV;
- Ensure we meet our obligations in relation to diversity and equal opportunity.
How do we use your personal information?
Generally, we collect and use personal information where:
- You have entered into a contract with us for the provision of services;
- You, or your legal representative, have given us consent;
- It is necessary for employment purposes;
- You have made your information publically available;
- It is necessary for archiving, research or statistical purposes;
- It is necessary for legal cases;
- It is required by law; and/or
- It is necessary to protect someone in an emergency or to protect public health.
Each individual service we provide will collect and use personal information in a particular way in order to provide and run that service. Further information about all our services and what we do can be found by clicking on the links below.
Who do we share personal information with?
We use a limited range of organisations to either store personal information or help deliver our services to you. We’ll sometimes complete a privacy impact assessment (PIA) before we share personal information to make sure we protect your privacy and comply with the law.
The list below is a broad summary of the types of organisations your personal information may be shared with:
Internally within MCRactive and/or Manchester City Council (as joint data controllers).
- In order to provide appropriate, timely and effective services, we may share basic information about you such as your name and address between services within MCRactive or Manchester City Council. This is so that we can keep information on you as up to date as possible and so we can improve our services to you. However, we ensure that staff within MCRactive, and within Manchester City Council, can only access information they need to do their job.
Partner organisations under data sharing agreements or protocols.
- MCRactive and Manchester City Council have data sharing agreements in place with local agencies and partner organisations, who we work with to provide certain services to you. Under a data sharing agreement, certain personal information is shared for a specific purpose. The agency or organisation receiving the information are obliged to only use that information to carry out that specific purpose to keep your data safe and secure.
- Sometimes the law requires that we have to pass on your personal data to a third party. For example, personal information may be provided to the courts, either because the court has ordered such information to be provided, or because MCRactive requires a court to do something (e.g. pursue an individual for settlement of a debt).
Even if not required to do so by law, we may also share your personal information when we feel there is good reason that doing so is more important than protecting your privacy. For all of these reasons, the risk must be serious before we can override your right to privacy. This does not happen often, but we may share your information:
- in order to find and stop crime and fraud;
- if there is a serious risk to the public, our staff or to other professionals;
- to protect a child; or
- to protect adults who are thought to be at risk, for example, if they are frail, confused or cannot understand what is happening to them.
- Information provided by you in response to our consultations, including personal information, may be disclosed in accordance with the Freedom of Information Act and the Data Protection Act.
- Please tell us if you want the information you provide to be treated as confidential. We cannot guarantee confidentiality, but we will take your views into account.
- We will not sell or give your personal information to a third party for marketing purposes unless we have asked your permission.
Services provided by contracted third parties
- We may share information with third party organisations that provide specific services on our behalf which enhance our products and your experience with us. These organisations act as a Data Processor under our instructions. They may process data securely outside of the EEA. Our Data Processors must also act to protect your privacy.
- Our current processing partners include Mailchimp.
You have the following rights with respect to your personal information:
You have the right to ask for access to the personal information we hold about you.
- This is known as a ‘subject access request’. You have the right to ask for all the information we have about you and the services you receive from us.
- When we receive a request in writing, we must give you access to everything we’ve recorded about you.
- Further information about subject access rights, including how to contact us, can be found here.
You have the right to request that your personal information be given back to you or another service provider of your choice in a commonly used format.
- This is known as ‘data portability’. However, this only applies if we’re using your personal information with consent (not if we’re required to by law) and if decisions were made by a computer, not a human being. It is likely that data portability will not apply to most of the services that you receive from MCRactive. Further information can be found here.
You have the right to ask MCRactive to stop using and/or delete your personal information.
This is commonly known as the ‘right to be forgotten’. This includes withdrawing your consent to processing your personal data if your consent was relied upon. In some circumstances, you can ask for your personal information to be deleted, for example:
- Where your personal information is no longer needed for the reason why it was collected in the first place;
- Where you have removed your consent for us to use your information;
- Where there is no other legal reason for the use of your information;
- Where deleting the information is a legal requirement.
Please note that we can’t delete your personal information where:
- We’re required to have it by law;
- It is used for freedom of expression;
- It is in the interest of the wider public, for example, public health purposes;
- It is for statistical purposes where it would make information unusable;
- It is necessary for legal claims;
- Where use of your personal information is not reliant on obtaining consent, for example, where your personal information is needed to comply with a legal obligation.
- For further details, please click here.
- This is commonly known as the ‘right to be forgotten’. This includes withdrawing your consent to processing your personal data if your consent was relied upon. In some circumstances, you can ask for your personal information to be deleted, for example:
You have the right to ask us to restrict what we use your personal information for, or to object to ways in which we process your personal information
- You have the right to ask us to stop using your personal information for any service. However, if this request is approved, this may cause delays or prevent us delivering that service to you.
- This request may be a temporary one (your right to restrict) or a more permanent one (your right to object). Where we process personal data for our legitimate interests, you have a right to object to that processing. We therefore encourage you to read our Data Objection Policy.
When you ask for the use of your personal information to be limited, this means that it can’t be used, other than:
- To securely store the personal information itself;
- With your consent, to handle legal claims; or
- Where we are legally obliged to do so.
- Where possible, we’ll seek to comply with your request, but we may need to hold or use your personal information because we are required to by law.
- Where we are able to limit the use of your personal information as requested, we will inform you of this.
- For further details on restricting the use of your personal data, please click here.
- For further details on objecting to how we process your personal data, please click here.
You have the right to change personal information that you think is wrong.
- You should let us know if you disagree with something written on your file.
- We may not always be able to change or remove that information, but we’ll correct factual inaccuracies and may include your comments in the record to show that you disagree with it.
- For further details, please click here.
You have the right to not be subject to automated decision making and profiling.
- Automated decision making is where decision are made about you by a computer, rather than a human. You have the right to ask to have any computer made decisions explained to you and details of how we may have ‘risk profiled’ you. You have the right to question decisions made about you by a computer unless it’s required for any contract you have entered into, required by law, or you have consented to it.
- Profiling is where decisions are made about you based on certain things in your personal information, e.g. your health conditions. If and when we use your personal information to profile you in order to deliver the most appropriate service to you, you will be informed.
- We do not currently undertake any automated decision making or profiling using your personal information. However, if that position changes, we will contact you to make you aware of this and to share our policy on this with you.
Can we use your information for any other purposes later on?
If we need to use your personal information for a different reason than we originally told you, or for an extra reason and we did not tell you about this in either this privacy notice or the privacy notice of the specific service using your personal information, then we will provide you with a new notice. This will be given either at the time the information is collected, or before we begin to use information we already hold. This notice will explain the new or additional reason we need to use your personal information, and on what legal basis we can do so.
>How long will your personal information be kept?
We will only hold your personal information for as long as necessary and in line with legal requirements or industry guidelines. If you would like a copy of our Data Retention Policy, please contact email@example.com.
Where is your personal information kept and how is it protected?
The majority of personal information is stored on electronic systems or computer servers which are located in the UK.
However, there are some occasions where your information may leave the UK. For example, this may be because it needs to be transferred to another organisation which may use systems which store information outside of the UK (for example, over the internet such as cloud-based servers). When doing so, we will ensure that procedures and technologies are put in place to maintain the security of all personal data which is processed overseas.
We will take appropriate steps to make sure we hold records about you in a secure way, including:
- All employees who have access to your personal data or are associated with the handling of that data are obliged to respect the confidentiality of your personal data; and
- We will have put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction.
Complaints or queries about personal data collection
MCRactive tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
If you have any concerns about the way we process your personal information, you have the right to complain to the Information Commissioner’s Office. The contact details are:
0303 123 1113 (Local rate) / firstname.lastname@example.org
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
If you require a paper copy of this Privacy Notice, or copies of our relevant privacy policies, or if you require this information in large print, please contact us via email@example.com.
Links to other websites
This privacy notice does not cover the links within our websites linking to other websites. We encourage you to read the privacy statements on the other websites you visit. We also have no control over the nature, content and availability of websites linked from our websites. The inclusion of any links does not necessarily mean that we endorse the views expressed within those websites and we accept no liability for any statements, information, products or services published or expressed on or accessible through any websites owned or operated by third parties.
Changes to this privacy notice
We keep our privacy notice under regular review. You should check this page from time to time to ensure that you are happy with any changes made. This privacy notice was last updated on 1st December 2018.
Next annual review date: 1st April 2019