The Norfolk Farming Conference website is managed by Anglia Farmers Limited. Anglia Farmers Limited (AF) and all of its wholly owned subsidiary companies (collectively known as “The AF Group”) are committed to protecting and respecting your privacy.

This Policy sets out the basis on which AF (“We” or “Us”) collects personal data from you when you visit and use this website – www.norfolkfarmingconference.org – and the way in which it will be processed by us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it. For further information about how The AF Group use your data please see the other privacy policies here – http://www.theafgroup.co.uk/privacy/.

For the purposes of the relevant data protection legislation, the “controller” (or “data controller”) is Anglia Farmers Limited of Honingham Thorpe, Colton, Norwich, Norfolk, NR9 5BZ. Questions, comments and requests regarding this Policy are welcomed and should be addressed to ops@theafgroup.co.uk.

Our website may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements.  When you leave our website, we encourage you to read the privacy policy.

1: Why we collect your information

When you visit or interact with this website, we collect different information about you for the following reasons:

• For our legitimate interest in order to improve this website and the services that we offer on this website.
• For our legitimate interest in order to maintain the security and performance of this website.
• To contact you in regards to any enquiry you have made using a form on this website.

We also collect information about you when you complete a delegate or exhibitor booking form, in order to process your booking.

2: When we collect your information

We collect information from you when:

• You use this website through the use of cookies.
• You complete an enquiry form on this website.
• You complete a delegate or exhibitor booking form.
• You contact us about the conference.

3: The types of personal data we collect

When you visit this website, we may collect your IP address and information regarding what pages are accessed and when using cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual. For example, we use cookies to store your country preference. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, please read our cookie policy.

We also collect any personal data you have chosen to send to us by filling in a form on this website, or by completing a delegate or exhibitor booking form.

All calls to and from the AF office landline phone numbers are recorded, with the exception of calls where payment is taken, when the recording is manually terminated.

4: How we use the data collected

For our legitimate interests, we may process your data;

• To maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users.

In order to fulfil our contractual obligations to you, we will also process you data in order to:

• Administer your delegate or exhibitor booking.
• Invoice you and take payment accordingly.

We also record all calls made to and from the AF office landline numbers. Access to a recorded call will only be given when the request has been approved by at least two senior managers and when there is a valid reason for needing to access the call recording. We process this data for our legitimate interests for;

• Complaints and disputes – In the event of a complaint or dispute, a call recording (if available), may provide additional information to help us quickly investigate and resolve a complaint or dispute.
• Employee safety and wellbeing – A recording may become a vital piece of evidence in the event of any threats being made to the organisation or an individual.

We will also process your data in order to respond to any enquiry you make by filling in a form on this website.

If we need to process your personal data for a reason which is not outlined above, we shall contact you in order to obtain your prior consent for such use.

5: When we will share your personal data

We will share your personal data with the following third parties for the reasons stated below:

• The personal data you send to us when you complete and enquiry form on this website or when you complete a delegate or exhibitor booking form may be shared between the AF Group of companies and its’ employees in order to facilitate and respond to your enquiry or booking.
• This personal data you provide may also be shared with other the other third party organisations who are involved in organising the conference in order to allow us to administer the event.
• Redshelf Ltd T/A InTouch Systems, 36 Hurricane Way, Norwich, Norfolk, NR6 6HU for back up and disaster recovery purposes.
• We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
• We use a third-party web application firewall provided by Defiant, Inc. to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, Defiant, Inc. processes site visitors’ IP addresses. We rely on Model Contract Clauses to transfer this information to Defiant, Inc.’s servers which are located in the US.

We reserve the right to disclose or share your personal data in order to comply with any legal requirements, enforce the terms and conditions in our contract, or any other agreement we enter into with you, or to protect the rights, property, or safety of our business and other members, suppliers and contractors. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

6: Where we store your personal data

The personal data that you provide to us is stored on our secure servers located at our head office. We use our best endeavours to ensure that your data is held securely and in accordance with this privacy policy.

Offsite backups are securely held by InTouch Systems as part of our disaster recovery plan, to ensure that we can get back up and running quickly in the event of a disaster.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data when it is being transmitted to us. Any transmission is at your own risk. Once we have received your information, we will use strict safeguarding procedures and security features to try to prevent any unauthorised access to your personal data.

7: How long we retain your personal data for

• Call recordings will be retained for a maximum of six months.
• Details about conference delegates and exhibitors will be retained for a maximum of 12 months.
• Transactional data including invoices will be held for at least the minimum amount of time that we are legally required to hold it for.
• Google Analytics retains your data for a maximum of 14 months.
• Defiant, Inc. retains your data for 90 days, unless you have been involved in malicious activity, where your IP address, for example, may be held on a blacklist.

8: Your rights

Please see the relevant sections below for further details on your rights as a data subject. You can exercise any of the above rights by emailing us at ops@theafgroup.co.uk.

We will endeavour to comply with any request made within one month from the date of your request. However, we may extend this date to two months if the request is excessive or of a repetitive nature. If we need more than one month to meet your request we will let you know.

Please note that where we receive requests under this section which are manifestly unfounded or excessive, in particular because of their repetitive character, we may:

1. Charge a reasonable fee taking into account the administrative costs of providing the information or taking the action requested; or
2. Refuse to act on the request.

8.1: Right to access / access request

You have the right to request access to the information that we hold on you. In order to protect your information, we may take reasonable steps to verify your identity before we can hand over your data.

8.2: Right to rectification

You have the right to ask us to update any personal information that is incomplete or inaccurate. We will endeavour to ensure that if we update your information, we will pass this onto our selected third parties, including suppliers and contractors.

8.3: Right to erasure / right to be forgotten

You have the right to ask us to delete your personal data if;

• The personal data is no longer necessary for the purpose which we originally collected or processed it for.
• You object to the processing of your data and there is no overriding legitimate interest for us to continue this processing.
• We have processed the data unlawfully.
• We have to in order to comply with a legal obligation.

8.4: Right to restrict processing

You have the right to ask us to restrict or supress the processing of your personal data if;

• You have previously informed us that the data is inaccurate.
• We no longer require the data for its original purpose, but we need to hold it, or you ask us to retain the information to comply with legal obligations.
• We have processed the data unlawfully.
• We are in the process of deleting your data.

We will endeavour to ensure that where you have asked us to restrict the processing of your data, we will inform our selected third parties, including suppliers and contractors accordingly.

8.5: Right to data portability

You have the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller, provided the data was processed for the purpose of a contract between us and the processing is being carried out by automated means.

This will allow you to move, copy or transfer personal data easily from one IT environment to another. Alternatively, we can transmit such data directly to another organisation. Please note that we will not be able to comply with a data portability request if this will affect the rights and freedoms of others.

8.6: Right to object

You have the right to restrict processing based on legitimate interests. If you exercise your right to object, we will stop processing your personal data unless;

• We are able to demonstrate compelling legitimate grounds for the processing.
• The processing is for the establishment, exercise or defence of a legal claim.

9: What to do if you are not happy with how we process your data

If you consider that we are in breach of our obligations under the GDPR you have the right to complain to the Information Commissioner’s Office (ICO).

10: Review of this policy

We keep this policy under regular review. This policy was last updated on 29/05/2018.