Data Protection Framework
twentysix has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for activities related to this website, and these are available upon request from the Company’s Data Protection Officer (see Section 9).
- Customer Data
We collect email addresses through our website, which are used for the exclusive purposes of sharing marketing information about twentysix to those that choose to sign up. The data collected will be stored until you choose to opt out to communications, this will be possible through any email we send you or through contacting our Data Protection Officer (see Section 9).
You may also decide to send us your personal information using links on this website, if you are seeking more information, enquiring about employment, seeking services or for other similar purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are taking an affirmative action by providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.
twentysix may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and services we provide to you. We will not use your personal information for any other purposes, for example for the communication of marketing materials, unless we have your specific consent that permits us to do so.
We will at all times handle and store your personal data in accordance with industry best practice aligned with ISO27001, the international standard for information security - twentysix is ISO 27001 accredited, and more information can be requested from the Company’s Data Protection Officer (see Section 9). This includes technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.
- Sensitive Personal Data
GDPR specifies a set of personal data categories which are “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from the Company’s Data Protection Officer (see Section 9).
- Children’s Personal Data
This website, and any services available from this website, are not directed to people under the age of 16. If you learn that a child under the age of 16 has provided us with their personal information without having parental consent, please contact the Company’s Data Protection Officer (see Section 9) immediately so that we can take appropriate action.
- Customer Data Rights
As prescribed within data protection regulations, you have specific rights with regard to personal data held by twentysix, collected through this website and otherwise. These include your rights to request we:
- confirm to you what personal data we may hold about you, if any, and for what purposes
- change the consent which you have provided to us in relation to your personal data
- correct any inaccurate or incomplete personal data which we may hold about you
- provide you with a complete copy of your personal data for you to move elsewhere
- stop the processing of your personal data, whilst an objection from you is being resolved
- permanently erase all your personal data promptly, and confirm to you that this has been done
(there may be reasons why we may be unable to do this)
To contact twentysix in order to exercise any of these rights, please see Section 9 below.
If we do not address your request, or fail to provide you with a valid reason why we have been unable to do so, you have the right to contact the Information Commissioner’s Office to make a compliant. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
- Third party processing
From time to time twentysix may, subject to your consent, share data collected from you with the following data processors:
- MSQ Partners, based in the United Kingdom, ICO registration number ZA156809, for the purposes of marketing group services
The activities delivered by each of these Data Processors have been recorded within the applicable Privacy Impact Assessment records (also known as Data Protection Impact Assessments under GDPR) and these are available upon request from the Company’s Data Protection Officer (see Section 9).
- Website Cookies
Cookies are small text files sent by us from your computer or mobile device each time you visit our website. They are unique to you and your device and web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser session. Persistent cookies last until you or your browser delete them.
Alternatively, most modern web browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
- Google Chrome, https://support.google.com/chrome/answer/95647?hl=en
- Firefox, https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Opera, http://www.opera.com/help/tutorials/security/cookies
- Internet Explorer, https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies
- Safari, https://support.apple.com/kb/PH21411
- Microsoft Edge, https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy
We use the following Third-Party cookie providers:
- Google.com (https://www.google.com/policies/privacy/), for analytics and tracking
- External Links
This twentysix website may include relevant hyperlinks to external websites not controlled by us. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be subsequently provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences from your use of them.
- Contacting twentysix
The Data Protection Officer
28 Sovereign Street,