Discover Boston will not use the personal information collected on this website for any purpose other than that specified. Discover Boston declares that all information will be treated confidentially and in accordance with the legal provisions concerning data protection. We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.
We are Discover Boston, a brand owned by Destination Lincolnshire Community Interest Company with its offices at Office BT1, The Terrace, Grantham Street, Lincoln, LN2 1BD. Among other things, we own and operate the following website:
If you have any questions about this Policy, or about how we look after your data generally, please contact email@example.com. Please note that use of our website is subject to our Website Terms.
This Policy is supplemental to our Cookies Policy.
Discover Boston (‘we’ or ‘us’ etc), is a ‘controller’ of data. This means that, under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), we may control and process your personal data in connection with any personal information collected or received by us arising from your use of any of our products, services, applications, websites (including any e-commerce stores) and customer support communications.
We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this policy very carefully because it contains important information about how we process your personal data.
This Policy explains the types of information that we may collect and hold, how that information is used and with whom the data is shared. It also sets out how you can contact us if you have any queries or concerns about this information. It is aimed at our staff, officers, volunteers, contractors, beneficiaries and any other third parties interacting with us.
We reserve the right to make changes to this Policy at any time and we may notify you of changes to this policy by posting an updated version of this policy on our website. Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time and you should check this page occasionally to ensure you are happy with any changes to this Policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (‘anonymous data’).
As the ‘controller’ of personal information, we are responsible for how that data is managed. The GDPR and the DPA set out our obligations to you and your rights in respect of how we manage your personal information.
As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:
We may collect, use, store and transfer information about you in several different ways and this information may be classified in different categories. Please take care when submitting information to us. Only provide us with information that you are happy for us to process in accordance with this Policy, particularly with regard to confidential or sensitive information.
In the course of providing our services, the following types of data may be collected from you:
We may collect personal data about you when you make an enquiry with us; apply for a job; interact with our personnel; visit or use our website; enter a competition or promotion; give us feedback; or complete a form and submit it to us.
We may collect data about you from third parties and publicly available sources. For example, we may collect:
When we process your personal information, for whatever reason, we rely on one or more of the following grounds within the GDPR, depending on the reason why we are processing the information:
We will only use your personal data to the extent permitted by the law. The following table sets out the types of data we may use, the reason we may use this data and the legal basis for doing so:
Reason for using data
Type of data
To communicate with you
Identity, Contact, Enquiry
Consent, Compliance or Legitimate Interests
Improvement of our service
To advise you of opportunities and advertising, including market research
Contact, Marketing and Communication
To detect, prosecute and prevent fraud and other crime
Compliance, legitimate interests
To access and manage any potential risks to the proper running of our work
Identity, Contact, Usage, Technical
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting data
To use data analytics to improve and enhance our service
To create and manage our marketing database
Identity, Contact, Marketing and Communications
Consent, Legitimate interests
To enable you to participate in a draw, competition or promotion
Identity, Contact, Usage, Marketing and Communications
Consent, Legitimate interests
We will not contact you for the purposes of direct marketing unless you have asked us to do so. However, if you have asked us to do so and later your change your mind, you can opt-out at any time with no hassle. To do this, just let us know. See further 'Your rights' below for details about how to contact us.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. We may have to share your personal data with the third parties set out below:
Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Our website provider: to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us.
Our professional advisors and agents for the purposes of advising and representing us in any matter connected with your account or your use of our website upon which we legitimately consider that advice or representation is needed. This may include managing risks, obtaining advice and representation, or services connected with legal proceedings.
Local Government and other stakeholders which includes our strategic partner Lincoln BIG and city, county and district authorities in Lincolnshire with whom we are working, although personal information will be anonymised and purely for analytical purposes.
In general, third parties who legitimately have access to your data under this Policy are operating inside the EU, but that is not always the case, particularly with regard to large corporations and analytical service providers.
We are not liable for the actions and inactions of these third parties, and it is condition of your use of our website that you agree to the Website Terms, which limit and restrict our liability in certain defined circumstances. In particular, you agree that when third parties are the controller of data (such as third party suppliers of goods and services), then they are responsible for keeping your data safe once you have provided data to them. We have no control or responsibility over this.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Whilst we cannot guarantee that unauthorised access to your data will never occur, we will use reasonable technical and organisational measures to safeguard your personal data, for example:
We advise you to take great care over your personal data. Do not provide personal information about yourself or anybody else unless you are satisfied you are taking proper precautions first.
Non-sensitive details (your contact details and preferences for example) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.
We may store your data temporarily on our cloud service operated by Google. This may include limited special categories of data. We have taken appropriate steps to satisfy ourselves that your data will be secure during this process; we have a contractual relationship with Google that underpins this. As part of that security, Google may store your data in one or more or its international data centres, meaning that your data may be stored temporarily outside of the European Economic Area. If you have any concerns about this, please contact us using the details below.
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:
As a general rule, we will not keep your data for any longer than is necessary to complete tasks or provide you with services. Usually, this is up to six years, although general enquiry data is usually kept for a maximum of two years.
We have a separate policy setting out retention periods for specific types of data. You can ask to see this policy by writing to us, using the contact details under the “Your Rights” section below. You also have the right to ask us to delete your data (sometimes known as ‘the right to be forgotten’.)