Who we are
Our website address is: https://www.pilotspider.com.
What information do we collect?
We hold personal data about you that you have given us during your visit to our website including your name and your email address.
We may collect information about your computer, including your IP address, operating system and browser type, for system administration and in order to create reports.
This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. The only cookies in use on our site are for Google Analytics. Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website.
Google Analytics customers can view a variety of reports about how visitors interact with their website so that they can improve it. Like many services, Google Analytics uses first-party cookies to track visitor interactions as in our case, where they are used to collect information about how visitors use our site. We then use the information to compile reports and to help us improve our site. Cookies contain information that is transferred to your computer’s hard drive.
These cookies are used to store information, such as the time that the current visit occurred, whether the visitor has been to the site before and what site referred the visitor to the web page. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit the Google page.
You may refuse to accept cookies by changing the settings on your browser. However, doing so may affect your ability to access or use certain parts of the Website. We do not use cookies to collect personally identifiable information about you, track your behaviour or share information with third parties.
What are your rights?
Under the regulations, you have various legal rights, including the following.
You have the right to:
– See any data we hold about you free of charge
– Have inaccuracies in any data held about you corrected
– Have information erased (and forgotten by us), subject to retaining commercial and accounts information as described above)
– Prevent direct marketing to you by us
– Data portability (to be provided with an electronic copy of the data relevant to you)
– Complain to the regulator (ICO)
You may request to see the data we hold about you or instruct us on any of these rights you wish to invoke, by getting in touch via any method on the contact page. We will respond within 30 days.
You can also unsubscribe from our mailing list by clicking the ‘unsubscribe’ button at the bottom the newsletters or emails that we send you. This will result in your data being automatically erased from the relevant mailing list.
Links to other websites
Our website include links to other websites of interest. If you have used these links to leave our site please note we cannot control and are not responsible for the contents or for any privacy or data collection policies they may employ.
Schedule 1 – Data Protection
DEFINITIONS
Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organisational measures: as defined in the Data Protection Legislation.
Data Protection Legislation: all applicable data protection and privacy legislation in force from time to time in the UK including the UK GDPR; the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended [and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications);] [and the guidance and codes of practice issued by the Information Commissioner or other relevant regulatory authority and applicable to a party].
Domestic Law: the law of the United Kingdom or a part of the United Kingdom.
UK GDPR: has the meaning given to it in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018.
1.1. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 1 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
1.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Supplier is the Processor. Annex 1 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Personal Data and categories of Data Subject.
1.3 Without prejudice to the generality of clause 1.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier for the duration and purposes of this agreement.
1.4 Without prejudice to the generality of clause 1.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that Personal Data only on the documented written instructions of the Customer which are set out in Annex 1 unless the Supplier is required by Domestic Law to otherwise process that Personal Data. Where the Supplier is relying on Domestic Law as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Domestic Law unless the Domestic Law prohibits the Supplier from so notifying the Customer;
(b) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
(c) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
(d) not transfer any Personal Data outside of the UK unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
(e) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(f) notify the Customer without undue delay on becoming aware of a Personal Data Breach;
(g) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the agreement unless required by Domestic Law to store the Personal Data; and
(h) maintain complete and accurate records and information to demonstrate its compliance with this clause 1.
1.5 The Customer provides it consent to the Supplier for appointing any third party processor of Personal Data under this agreement, provided the Supplier provides notification of such third party processor to the Customer. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party’s standard terms of business and in either case which the Supplier confirms it will continue to reflect the requirements of the Data Protection Legislation. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 1.5.
1.6 Either party may, at any time on not less than 30 (thirty) days’ notice, revise this clause 1 by replacing it with any applicable controller to processor standard clauses or similar terms adopted under the Data Protection Legislation or forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).