1.0 Our philosophy
- User privacy and data protection are human rights
- We have a duty of care to the people whose data we collect
- Data is a liability. It should only be collected and processed when absolutely necessary
- We hate spam just as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
2.0 Relevant legislation
This website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
3.0 Information we collect
This website collects and uses personal information as outlined below.
3.1 Visitor tracking
Like a lot of websites, this site uses analytics to track user interactions. We use this data to monitor the number of people using our site, to help to understand how they find and use our web pages, and to see their journey through the website.
Unlilke a lot of websites we do not use Google Analytics. Instead, we use Fathom Analytics, a privacy focused website analytcis provider, fully compliant with GDPR, PECR and CCPA.
Fathom Analytics doesn’t track you with your IP address, fingerprints or cookies. Nobody can be identified.
3.2 Our blog
If you choose to add a comment to any blog posts that we have published on our blog, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third party data processors detailed in section 6.0 below. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed.
Your comment and its associated personal data will remain on this site until we see fit to either (1) remove the comment or (2) remove the blog post. Should you wish to have the comment and it’s associated personal data deleted, please email us using the email address that you commented with.
If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog.
NOTE: You should avoid entering personally identifiable information in the actual comment field of any blog post comments you add to this website.
3.3 Contact forms & email links
If you choose to contact us using any of the contact forms on this website or using an email link, none of the data that you supply will be stored by this website or passed to/be processed by any of the third party data processors detailed in section 6.0. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP).
3.4 Payments
If you pay by credit or debit card, these financial transactions are handled through Stripe, a third-party payment services provider. We recommend that you read Stripe’s privacy policy. We will provide your personal data to Stripe only when necessary for processing payments. We do not store your financial details.
3.4 Children’s data
We do not knowingly process data of any person under the age of 16, except for ‘Event Cover’ see section 3.5 below. If we come to discover, or have reason to believe, that you are under 16 and we are holding your personal information, we will delete that information within a reasonable period and withhold our services accordingly.
3.4 Event Cover
When covering events such as Martial Arts tournaments, or Triathlons etc. we may be handed personal data that you have provided to the event organisers. This will be purely for the purposes of providing appropriate medical cover should you require it, allergies, existing medical conditions etc. This information is either handed back to the event organisers at the end of the event or destroyed. This data may include information on children under the age of 16.
4.0 Storing your information
As detailed in section 3.2 above, if you submit a comment to a blog post published on this website, some personal information will be stored within this website’s database. This is the only occasion where personal data will be stored on this website. This data is stored in an identifiable fashion; a limitation of the content management system that this website is built on (WordPress).
5.0 Our website server
This website is hosted by Stablepoint within a UK data centre located in London.
More details of Stablepoint’s technology can be found Stablepoint’s website.
All traffic (transfer of files) between this website and your browser is encrypted and delivered over HTTPS.
6.0 Data processors
We use the following third parties to process personal data on our behalf:
- Fathom Analytics (Privacy policy)
- Gravatar (Privacy policy)
These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0 above.
7.0 Data breaches
We will report any unlawful data breach of this website’s database, or the database(s) of any of our third party data processors, to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 Data controller
The data controller of this website is: Beyond First Aid.
Whose registered office is:
Radstock Lane,
Earley,
Reading
RG6 5UZ
9.0 Change log
27/NOV/2021
Privacy policy instigated
02/JUL/2023
Microanalytics privacy page link updated
07/JUL/2024
Changed to Fathom Analytics