Privacy Notice

Data we collect and how we collect it

At City to Sea, we collect data directly from individuals, and we never purchase or acquire data outside of the public domain. We collect, process and store data of employees, prospective employees, clients, partners, customers of City to Sea, users of our Refill App and 3rd party suppliers.

The data we collect includes: name, address, phone number, job title, email address, IP address, location.

We collect special category data to satisfy laws outside of data protection, such as employment law or when you give it to us directly.

Data we collect for employment purposes can be found within our employee contracts and full data protection policy. This notice relates directly to customers of City to Sea, app users and website visitors.

Customers of City to Sea = customers who visit the City to Sea website, use our applications, receive marketing via email, post or SMS and have a client relationship with us

3rd Parties = suppliers of goods or services to City to Sea

Employee = someone who works for City to Sea

Prospective employee = someone who has applied for or has been approached directly by City to Sea for a vacant job role

We use the information collected for the following purposes:

  • To provide a service to you as a client or continue a relationship
  • To provide an online experience
  • To run our applications
  • To analyse website traffic and better understand our online audience

Your Privacy Choices and Rights

Your choices

You can choose not to provide us with personal data. If you choose to do this, you can continue to use the City to Sea website and browse its pages, but we will not be able to continue a relationship without personal data.

You can block cookies by activating a setting on our cookie banner, allowing you to refuse cookies. You can also delete cookies through your browser settings. If you turn off cookies, you can continue to use the City to Sea website and browse its pages. See the cookie section below for further detail.

You can opt-out of marketing by clicking the unsubscribe option in any marketing communications.

Refill Application

When you install our Refill Application to your mobile device we collect the following data:

  • Name
  • User Name
  • Email
  • Country
  • Refill stations visited, including dates and times
  • Cups borrowed from refill return stations including transaction time and return time
  • Location – accessed by your device via the application with your explicit consent
  • Google analytics tracking via cookies

To understand how Google Analytics processes your data please find their privacy notice here: Google Privacy Notice

 

Your rights

You can exercise your rights by sending an email to [email protected]

You have the right to access the information we hold about you. This includes the right to ask us supplementary information about:

  • the categories of data we’re processing
  • the purposes of data processing
  • the types of third parties to whom the data may be disclosed
  • how long the data will be stored (or the criteria used to determine that period)
  • your other rights regarding our use of your data

We will provide you with the information within one month of your request unless doing so would adversely affect the rights and freedoms of others (e.g. another person’s confidentiality or intellectual property rights). We’ll tell you if we can’t meet your request for that reason.

You have the right to make us correct any inaccurate personal data about you.

You can object to us using your data for profiling or making automated decisions about you.

We will use your data to determine whether we should let you know information relevant to you (for example, tailoring emails or social media advertising to you based on your behaviour).

You have the right to port your data to another service. We will give you a copy of your data in CSV format so that you can provide it to another service.

If you ask us, and it is technically possible, we will directly transfer the data to the other service for you. We will not do so to the extent that this involves disclosing data about any other individual.

You have the right to be ‘forgotten’ by us. You can do this by asking us to erase any personal data we hold about you if it is no longer necessary for us to store the data for purposes of your relationship with City to Sea or any other law.

You have the right to complain about our use of your data; please tell us first so we have a chance to address your concerns. If we fail in this, you can address any complaint to the UK Information Commissioner’s Office, either by calling their helpline or as directed on their website at www.ico.org.uk.

Or you can make a complaint to your local supervisory authority. Details can be found by following this link:

https://globalprivacyassembly.org/participation-in-the-assembly/members-online/

These rights apply to all the data categories listed in the ‘Data we collect and how we collect it’ section.

 

Security

We do everything we can to ensure the security of your data.

In today’s data-driven and connected world, the security of your data is more critical than ever. We recognise this and have implemented security to keep your data safe.

All staff are bound by confidentiality and will never disclose or share your data unless authorised to do so.

City to Sea’s data protection role

City to Sea is a controller in relation to data we collect online. There are instances where City to Sea is a processor, for example, where we process data for a client within our Refill App. As a controller and as a processor, we use 3rd parties to process data.

Where is your data stored?

Like most companies, City to Sea utilises 3 parties to provide services to our customers and to store data. An overview of the services our 3rd parties conduct on our behalf is listed below.

These 3rd parties will be based in the UK, EEA and in some cases outside of both the UK and EEA.

City to Sea conducts thorough reviews of all its 3rd parties, including implementing data processing agreements, where possible, to ensure that every possible safeguard is in place and that the data is secure. Should there be a possibility that data could be exposed to a high level of risk, a Data Protection Impact Assessment will be completed and will be available upon request.

Where data is transferred outside of the UK, and the EEA City to Sea has taken steps to ensure that your data is transferred under a lawful condition or safeguard as described in the GDPR.

3rd parties

City to Sea works with several 3rd parties to assist us in maintaining both our website, our applications and to assist us in running our company. Most of these 3rd parties do not process personal data; below is a list of those 3rd parties who have access to or process your data and a brief description of what they do.

Process Brief Description
We send marketing communications via a specialist email marketing tool The 3rd party processes your data in order to send you marketing communications
Website analytics We use web analytics tools to track behaviours etc
Data Storage We use trusted partners to store data securely
Application data We store data within our applications to enable users to access refill stations and for refill stations to access individuals who wish to use their refill station
Payment for refill return cups that aren’t returned We use specialist payment processors to process your card details. We do not process this data independently

If you would like to see a full list of processors who City to Sea shares your data with please contact [email protected]

 

Marketing

City to Sea would love to keep in touch with you. When provide us with your details or where we have collected your data lawfully, we will send you marketing emails, postal marketing and SMS messages (where you have submitted your phone number) to keep in touch and keep you updated on City to Sea. We will also display customised advertising when you log in to your social media profiles.

These messages will be City to Sea specific; we do not sell your data or share it with other brands for advertising purposes; your data is used only to promote City to Sea.

Our marketing messages are sent via a specialist marketing tool. You can opt-out of marketing at any time by clicking the unsubscribe link in your emails and SMS messages or by contacting us directly.

There will be occasions when City to Sea sends administrative messages. These messages are not deemed marketing and cannot be opted out of.

Marketing and administration emails you receive from City to Sea contain a tracking pixel. This pixel lets us know things such as our email campaigns’ open rates and click rates.

The pixel also lets us know if an email has not been delivered to update our records and keep them current.

When we analyse the data, we do so from an aggregated perspective, meaning that we report upon an overall number of open rates and click rates.

When you provide a postal address to City to Sea we will send you postal marketing. Postal marketing can be opted out of by contacting [email protected]

Payment processing

City to Sea does not collect your payment details or process them in any way. We use specialist payment processors to take payments on our behalf.

How long is your data stored?

Once per year, we cleanse data to ensure that we only process the data of those individuals who have an ongoing and active relationship with City to Sea or where City to Sea has a legitimate interest to continue to process the data.

As part of our Record of Processing Activities, we have defined the length of time we store our data. Should your data be due for deletion, it will be erased during the yearly data cleanse.

To understand data retention in relation to your data, please contact

[email protected]

Cookies

To further improve your online experience, we store information about you using cookies which are files sent by us to your computer or another access device that we can access when you visit our site at some point in the future.

We use several different cookies on our site. If you do not know what cookies are or how to control or delete them, we recommend that you visit http://www.aboutcookies.org for detailed guidance.

There are four main types of cookies we store – here’s how and why we use them.

(1) Site functionality cookies (necessary) – these cookies allow you to navigate the site and use our features.

(2) Site analytics cookies – These cookies allow us to measure and analyse how visitors use the site to improve both its functionality and your online experience.

(3) Customer preference cookies – when you are browsing on the City to Sea website, these cookies will remember your preferences (like your language or location), so we can make your online experience as seamless as possible and more personal to you.

(4) Targeting or advertising cookies – These cookies are used to deliver ads relevant to you. They also limit the number of times that you see an ad and help us measure the effectiveness of our marketing campaigns.

You can manage your cookie preferences via the cookie banner.

First Party Cookies

These are cookies that are set by this website directly.

Third-Party Cookies

These are cookies set on our website by 3rd parties, such as Google.

Governing Law

The terms and conditions shall be governed by and construed by the laws of England, and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales.

We use several different cookies on our site. If you do not know what cookies are or how to control or delete them, we recommend that you visit http://www.aboutcookies.org for detailed guidance.

Further Information

More information on session cookies and what they are used for can be found here, All About Cookies 

To view a list of the cookies present when browsing our site, you can right-click within the browser page, click inspect and then click application.

Breaches

Should a breach of your data occur that is likely to result in harm to the rights and freedoms of you as an individual or group of individuals, City to Sea will notify you within 72 hours along with the ICO, where applicable.

Additional information

City to Sea has not appointed a statutory Data Protection Officer as we are not required to by law. However, we have committed resources to manage our compliance with all applicable Data Protection laws.

A Record of Processing Activities (ROPA), in which the lawful basis for processing all of the City to Sea customer data is maintained. Wherever Legitimate Interests is relied upon, an impact assessment has been created, available upon demand to those whose data is included.

As of January 1st, 2021, the UK left the European Economic Area (EEA). As City to Sea does not process the data of EU Residents/Citizens we are not required to appoint a European representative to comply with Article 27 of the GDPR.

This notice was created on the June 2023 and is due for review no less than one calendar year from this date.

If you would like to speak to a human regarding your data, please email [email protected] and we will be happy to talk further.

How to contact us

Please contact us if you have any questions about our privacy policy or information we hold about you:

  • by email at [email protected]
  • by telephone on 01173 735870
  • or write to us at our registered office, Studio 5, York Court, Wilder St, St Paul’s, Bristol BS2 8QH