Privacy Policy
This privacy policy ("Policy") describes how Website Operator ("Website Operator", "we", "us" or "our") collects, protects and uses the personally identifiable information ("Personal Information") you ("User", "you" or "your") may provide on the hydra.org.uk website and any of its products or services (collectively, "Website" or "Services"). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information.
This policy is linked to our services in www.waterstrategy.org, but it does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
1. Collection of your Personal Information
1.1 Personal Information means any information which relates to or identifies you as an individual and includes opinions about you or information which may not explicitly identify you (e.g. where your name has been removed) but which nevertheless does identify you if it is combined with other information that is readily available. We receive and store any information you knowingly provide to us when you create an account, publish content, and fill any online forms on the Website. When required this information may include your email address, name, or other Personal Information. You can choose not to provide us with certain information, but then you may not be able to take advantage of some of the Website's features. Users who are uncertain about what information is mandatory are welcome to contact us.
1.2 We will only use your Personal Information when the law allows us to do so by providing us with a legal basis or valid condition. Most commonly, we will use your Personal Information to be able to create an account and generate statistics of the number of users registered for the Services and user(s) location. Your personal information will not be shared with third parties’.
1.3 We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together as follows:
-
Identity Data- includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
-
Contact Data- includes billing address, delivery address, email address and telephone numbers.
-
Financial Data- includes bank account and payment card details.
-
Technical Data- includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the Website, the Services or any software therein.
-
Profile Data- includes your username and password, purchases or orders made by you, your interests, preferences and feedback.
-
Usage Data- includes information about how you use our Website, the Services or any software therein.
-
Aggregated Data- such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Information but is not considered Personal Information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this privacy policy.
1.4 We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
1.5 The University of Manchester is the controller and responsible for your Personal Information. We have a Data Protection Office responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy including any questions about how to exercise your legal rights please contact our Data Protection Office using the details below:
The University of Manchester
(a Royal Charter Corporation registered under number RC 000797, an exempt charity)
Oxford Road
Manchester
M13 9PL
Email: dataprotection@manchester.ac.uk
Telephone: 0161 306 6000
2. How is your Personal Information collected
2.1 Direct interactions - You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
-
Create an account on our Website;
-
Give us feedback or contact us.
2.2 Automated technologies or interactions- As you interact with our Website, we will automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
3. Collection of non-personal information
3.1 When you visit the Website our servers automatically record information that your browser sends. This data may include information such as your device's IP address, browser type and version, operating system type and version, language preferences or the webpage you were visiting before you came to our Website, pages of our Website that you visit, the time spent on those pages, information you search for on our Website, access times and dates, and other statistics.
4. Managing Personal Information
4.1 You are able to access, add to, update and delete certain Personal Information about you. The information you can view, update, and delete may change as the Website or Services change. When you update information, however, we may maintain a copy of the unrevised information in our records. Some information may remain in our private records after your deletion of such information from your account. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, Personal Information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
5. Use and processing of collected information
5.1 Any of the information we collect from you may be used to personalize your experience; send notification emails such as password reminders, updates, etc; run and operate our Website and Services. Non-Personal Information collected is used only to identify potential cases of abuse and establish statistical information regarding Website usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.
5.2 We may process Personal Information related to you if one of the following applies:
Purpose/Activity |
Type of Data |
Lawful Basis for Processing including basis of Legitimate Interest |
To register you on the Website and/or for use of the Services |
(a) identity (b) contact |
Performance of a contract with you |
To process your use of the Website and/or the Services including management of any payment(s) and charges if applicable and collection and recovery of money owed if applicable |
(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) |
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated) |
To use data analytics to improve our Website and/or the Services |
(a) Technical (b) Usage |
Necessary for our legitimate interests. |
6. Information transfer and storage
6.1 Depending on your location, data transfers may involve transferring and storing your information in a country other than your own. You are entitled to learn about the legal basis of information transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by us to safeguard your information. If any such transfer takes place, you can find out more by checking the relevant sections of this document or inquire with us using the information provided in the contact section.
6.2 We will only keep your Personal Information for as long as reasonably necessary to fulfil the purpose we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, tax or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
7. Your rights in connection with Personal Information
7.1 Under certain circumstances, by law you have the right to:
-
Request access to your Personal Information (commonly known as a "data subject access request"). This enables you to receive a copy of the Personal Information we hold about you and to check that we are lawfully processing it;
-
Request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
-
Request erasure of your Personal Information. This enables you to ask us to delete or remove Personal Information where there is no legitimate reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have exercised your right to object to processing;
-
Object to processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your Personal Information for direct marketing purposes;
-
Request the restriction of processing of your Personal Information. This enables you to ask us to suspend the processing of Personal Information about you, for example if you want us to establish its accuracy or the reason for processing it;
-
Request the transfer of your Personal Information to another party.
7.2 You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
7.3 We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it.
7.4 If you would like to exercise any of these rights, you should contact the University Data Protection Officer by email: dataprotection@manchester.ac.uk. Alternatively you can write to:
The Information Governance Office
The University of Manchester
Christie Building
Oxford Road
Manchester
M13 9PL.
Further information about your rights is available from the University’s data protection web pages.
8. Privacy of children
8.1 We do not knowingly collect any Personal Information from children under the age of 13. If you are under the age of 13, please do not submit any Personal Information through our Website or Service. We encourage parents and legal guardians to monitor their children's Internet usage and to help enforce this Policy by instructing their children never to provide Personal Information through our Website or Service without their permission. If you have reason to believe that a child under the age of 13 has provided Personal Information to us through our Website or Service, please contact us.
9. Cookies
9.1 The Website uses "cookies" to help personalize your online experience. A cookie is a text file that is placed on your hard disk by a web page server. They may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website and may be used for analytics and personalisation of the site, such as storing your preferences. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you.
9.2 There are three type of cookies in our website:
-
Strictly Necessary Cookies: These are required to enable basic website functionality;
-
Personalisation Cookies: These allow the website to remember choices you make (such as your user name, language, or the region you are in) and provide enhanced, more personal features.
-
Statistics Cookies: These items help the website operator understand how its website performs, how visitors interact with the site, and whether there may be technical issues. These cookies do not collect information that identifies a visitor.
9.3 Most web browsers automatically accept cookies, but you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking cookies categories may impact your experience on the website.
9.4 Cookies cannot be used to run programs or deliver viruses to your computer.
10. Information security
10.1 We secure information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use, or disclosure. We maintain reasonable administrative, technical, and physical safeguards in an effort to protect against unauthorized access, use, modification, and disclosure of Personal Information in its control and custody. However, no data transmission over the Internet or wireless network can be guaranteed. Therefore, while we strive to protect your Personal Information, you acknowledge that (i) there are security and privacy limitations of the Internet which are beyond our control; (ii) the security, integrity, and privacy of any and all information and data exchanged between you and our Website cannot be guaranteed; and (iii) any such information and data may be viewed or tampered with in transit by a third-party, despite best efforts.
11. Data breach
11.1 In the event we become aware that the security of the Website has been compromised or users Personal Information has been disclosed to unrelated third-parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will post a notice on the Website.
12. Changes and amendments
12.1 We reserve the right to modify this privacy policy relating to the Website or Services at any time, effective upon posting of an updated version of this privacy policy on the Website. When we do, we will post a notification on the main page of our Website giving not less than twenty-one (21) days advance notice. Continued use of the Website and Services after any such changes shall constitute your consent to such changes.
12.2 We keep our privacy policy under regular review. It is important that the data we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with us.
13. Acceptance of this policy
13.1 You acknowledge that you have read this Policy and agree to all its terms and conditions. By using the Website or its Services you agree to be bound by this Policy. If you do not agree to abide by the terms of this Policy, you are not authorized to use or access the Website and its Services.
14. Contacting us
14.1 If you have any questions about this Policy, please contact us at waterstrategy@manchester.ac.uk. If you have any questions about how your personal information is used by the University as a whole, or wish to exercise any of your rights, please consult the University’s data protection webpages at https://www.manchester.ac.uk/discover/privacy-information/data-protection/privacy-notices/. If you need further assistance, please contact the University’s Data Protection Officer (dataprotection@manchester.ac.uk)”.
This document was last updated on June 24, 2021.