Privacy policy

The UK Telecom Innovation Network (UKTIN) is committed to protecting your privacy. 

 

We comply with all applicable UK Data Protection Laws (the Data Protection Act 2018 (DPA 2018) (and regulations made thereunder); UK GDPR as defined in section 3(10) (as supplemented by section 205(4)) of the Data Protection Act 2018), the Privacy and Electronic Communications Regulations 2003/2426 and any other law which may apply in the United Kingdom from time to time which relates to the protection of personal data) when controlling and processing your data.

 

This policy sets out when, how and why we may collect and use your personal information, as well as the type of personal information we may collect from you when you use the www.UKTIN.net website, and other services based on the UKTIN.net domain (the "Platform")

 

This policy also sets out your rights and our obligations in respect of the controlling and processing of such information by us.

 

To the extent that we provide personal information to third party processors, those processors are obliged to comply with this policy when processing personal information on our behalf. Any breach of this policy by that third party may result in disciplinary action being taken against them.

 

 Who we are

UKTIN is a project, sponsored by the Department of Science, Innovation and Technology (“DSIT”) and delivered by a consortium formed from four delivery partners:

 

  • Digital Catapult (a company limited by guarantee, registered under Company Number: 07964699 at Level 9, 101 Euston Road, London, NW1 2RA) (Digital Catapult) – Lead Partner

  • Cambridge Wireless Limited (a company limited by guarantee registered under Company Number: 06529916 at Salisbury House, Station Road, Cambridge, CB1 2LA) (Cambridge Wireless

  • WM5G Limited (a company limited by guarantee registered under Company Number: 11848619 at 16 Summer Lane, Birmingham, West Midlands, United Kingdom, B19 3SD) (WM5G)

  • The University of Bristol (Company Number: RC000648, Beacon House, Bristol BS8 1QU) (University of Bristol) together the “Delivery Partners”.

UKTIN itself is not a legal entity. This privacy policy is issued on behalf of the Delivery Partners so when we mention UKTIN, "we", "us" or "our" in this privacy policy, we are referring to each of the relevant Delivery Partners individually responsible for processing your data.

Each Delivery Partner is individually (not jointly) a Controller (the term as defined in the Data Protection Laws). Each Delivery Partner is individually responsible to you for how that Delivery Partner respectively stores, uses and processes your personal data in accordance with that Delivery Partner’s privacy policy. No Delivery Partner is responsible to you for any other Delivery Partner’s storage, use or processing of your data.  Actions taken by one Delivery Partner (e.g. deleting personal data) will be independent of the other Delivery Partners. If you need to make a data request, please make such request directly to the relevant Delivery Partner.  Each Delivery Partner’s privacy policy, including details regarding data requests, can be found at:

 

Digital Catapult: https://www.digicatapult.org.uk/legal/privacy-policy/

Cambridge Wireless: https://www.cambridgewireless.co.uk/CW-Policies/privacy-policy/

WM5G: https://www.wm5g.org.uk/privacy-policy/

University of Bristol: https://www.bristol.ac.uk/style-guides/web/policies/legal/privacy/

We set out the contact details for each of the Delivery Partners at section 18 below. If you are not sure which Delivery Partner to contact, please contact enquiries@UKTIN.net in the first instance. 

 

The Platform is operated by Cambridge Wireless on behalf of the Delivery Partners. For the purpose of the Data Protection Laws, Cambridge Wireless, acting as a Controller, will collect personal data provided by you through the Platform (please see sections 2 “Information we may collect and process” and 3 “How we collect Personal Information” for more information). 

 

Cambridge Wireless will share such data with the other the Delivery Partners, in accordance with the Data Protection Laws, for the sole purpose of delivering the UK Telecom Innovation Network.  Digital Catapult, WM5G and the University of Bristol will therefore be individual, severable data Controllers for any such data shared with them by Cambridge Wireless. 

 

In some instances, you may agree to share your personal data for the purposes of UKTIN directly with Digital Catapult, WM5G and the University of Bristol (rather than via the Platform).  In these instances the respective Delivery Partners will act as data Controller(s) and accordingly the other Delivery Partners will act as individual, severable data controllers of any such data shared with them.

 

The Platform may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

 

 Information we may collect and process

The Delivery Partners may collect and process various types of personal information or personal data at the time you register to use, and during your actual use of, our Platform. Personal information does not include data where the identity has been removed (anonymous data). We may also collect personal information when you correspond with us or our Delivery Partners by phone, email, or register for an event, or otherwise.

 

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.

  • Contact Data includes billing address, delivery address, email address and telephone numbers.

  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.

  • Profile Data includes your username and password, your interests, preferences, feedback and survey responses.

  • Usage Data includes information about how you use our website and services.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

The type of information collected, and the manner in which such information is used by us, will vary depending on how you use our Platform and whether or not you have consented for us to collect and/or process that information Further details are set out below in Clause 3 -– How we collect Personal Information

 

By using the UKTIN Platform you are agreeing for us to collect and process the personal information provided as part of that process, for the purposes made clear to you at the time of collection.

The personal information we collect from you may be held on paper or on a computer or other media, and is subject to certain legal safeguards specified in the law.

 

How we collect Personal Information

Identity, Profile, Marketing and Communications and Contact Data will be collected by us when you complete and submit registration forms through the Platform  (including requesting marketing to be sent to you) or give us feedback or contact us or when you correspond with by post, phone or email. 

We may also use Identity, Profile and Contact, Marketing and Communications Data for the purpose of providing you with information about similar services UKTIN may provide as we consider ourselves to have a legitimate interest in doing so.  You may choose to stop receiving this information at any time through clicking the “unsubscribe” link at the bottom of our marketing emails.

 

Technical and Usage Data. This data is passively collected by us in the course of you using and browsing the Platform.  We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy.

 

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

 

We do not collect any special categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

 

 

How we use your personal information

The Delivery Partners may use the personal data we collect for several purposes.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

 

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To register you as a new user creating your personal user account, granting a user account to you, and in order for you to gain full registered user accessibility to the Platform.

(a) Identity

(b) Contact

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (provision of members area and IT services)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(a) Identity

(b) Contact

(c) Profile

(d) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect the Platform (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) and provide the services to you.

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for provision of administration and IT services, network security, to prevent fraud)

(b) Necessary to comply with a legal obligations

To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (to the extent we use advertising)

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

Necessary for our legitimate interests (to study how customers use our services, to develop them, and to inform our marketing strategy)

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

 

 

Where you have chosen (or where we have given you) a password which enables you to access certain parts of our Platform, or use our Platform in a particular way, you are responsible for keeping this password confidential. We ask you not to share this password with anyone and to change it if you suspect someone has gained access to it.

 

 

Direct Marketing

We may also use such data in order for us to send UKTIN newsletters and UKTIN direct marketing to you if you have consented to receiving such information. 

 

You may prevent us using your data for this purpose at any time by following the unsubscribe procedure described in the marketing and newsletter emails you receive.

 

 

Direct Marketing from Delivery Partners 

You will, from time to time, be offered the opportunity to consent to the receipt of direct marketing from the individual delivery partners (Digital Catapult, Cambridge Wireless, WM5G and the University of Bristol) and for your data to be shared for their organisational purposes. 

 

  1. You will be offered the opportunity to opt-in to direct marketing from each organisation. 

  2. Your personal data will then be subject to the individual data protection policies exercised by each relevant Delivery Partner and subject to UK law. 

Storage of Personal Data

All personal information we collect and process is stored on our Delivery Partners’ secure servers.

 

We also provide personal data collected from you to Google, Inc. for use in respect of its Google Analytics service on EU based servers. 

 

Lawful Basis for Processing

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We may process your personal information if we are able to do so without explicit consent under the UK Data Protection Laws. For example, we may be able to legally control and process your personal information without your consent if it is necessary in order for us to provide the service you have asked us to provide, or if we have a legitimate interest in doing so, or if doing so is in the public interest.

 

We may also process your personal information without your consent if we have a legitimate interest in doing so, for example, for some internal administrative purposes, or for the purpose of ensuring electronic information security.

 

We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

 

Please see the table in section 4 for more information. 

 

8A        Your Rights and Obligations

 

Where we are processing your personal information on the basis of you having given us your consent to do so, you do have the right to withdraw that consent at any time, but this will not affect the lawfulness of processing prior to the withdrawal of such consent.

 

You can exercise your right to withdraw consent to processing at any time by contacting us via enquiries@UKTIN.net.

 

Rectification and Erasure

You benefit from the right to rectify inaccurate personal information we hold which relates to you (also known as the “right to rectification”). This means that, taking into account the subject of the processing, you shall have the right to have incomplete personal information completed. You can exercise your right to rectification by contacting us via enquiries@UKTIN.net

 

You also benefit from the right to erasure (also known as the ‘right to be forgotten’). This means that you have the right to request us to erase personal information we hold about you, and that we should erase such data without undue delay, provided that you are able to demonstrate one of the following to us:

 

that our processing of the personal information is no longer necessary in relation to the purpose for which it was collected;

that you withdraw your consent to the processing and there is no other legal ground for us to continue to process the data;

that you object to the processing under regulation 21 of the Regulation and there are no overriding legitimate grounds for processing;

that the personal information must be erased in order to comply with a national legal obligation; or

the personal information in question belongs to a child under the age of 16 and no consent is given or authorised by the holder of parental responsibility over the child.

 

Data Portability

You also have the right to receive the personal information concerning you in a structured, commonly used and machine-readable format. You have the right to transmit such data to other data controllers without hindrance from us where we are processing that data on the basis of having your consent to do so, or where it is necessary for the performance of a contract, and the processing is carried out by automated means.

 

Subject Access Requests

You as a data subject are entitled to make a formal request for information we hold about you. We must provide you with a copy of this information, the reasons it is being processed and whether it will be given to any other organisations or people. We would prefer that you make this such a request in writing to enquiries@UKTIN.net so that we have a clear record of what you are requesting, but would be happy to speak to you if that is easier for you +44 (0) 1223 967101 (we are generally available during standard business hours in the United Kingdom).

 

Sharing and Transferring Personal Information

We use industry-standard encryption for transmission of data to our systems. Although we cannot guarantee the absolute safety of transmission of data via the internet, we adhere to the highest standards to give your data the strongest protection possible.

 

Sharing of Personal information

Each Delivery Partner may share personal information it holds with any member of its group, which means its subsidiaries, its ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

 

We may also disclose personal information we hold to third parties, with your consent, or on the basis of an otherwise lawful reason for doing so under Data Protection Laws:

  1. in order to facilitate, provide and improve the products and services we provide to you through our Platform;

  2. in order to analyse the manner in which our services are used by services and product users;

  3. in the event that we sell or buy any business or assets, in which case we may disclose personal information we hold to the prospective seller or buyer of such business or assets;

  4. if we or substantially all of our assets are acquired by a third party, in which case personal information we hold will be one of the transferred assets; and

  5. if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or in order to enforce or apply any contract with the data subject or other agreements; or to protect our rights, property, or safety of our employees, users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Sharing of information with DSIT

From time to time anonymised aggregated data will be shared with DSIT (or, in the event of machinery of Government changes, the responsible Department) for the purpose of auditing and monitoring the performance of the grant funded project, and the development of Government policies.

 

Upon request we will provide DSIT with the identity of the organisations who are forming the UKTIN ecosystem.

 

Transfers outside the EEA

We will not transfer any personal information we hold to a country outside the European Economic Area (EEA), which for the purposes of this policy includes the UK. 

 

Changes to this policy

We reserve the right to change this policy at any time. Where appropriate, we will notify you, as a data subject, of those changes by email.

We recommend that you also regularly review this privacy policy for any changes.

 

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

 

Concerns or Complaints

If you have any concerns or complaints relating to this policy, its subject matter, or the manner in which we collect, control and/or process your personal information, please do let us know by sending an email to enquiries@UKTIN.org.

 

You also have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal information has infringed the Regulation. In the UK, the relevant supervisory authority is the Information Commissioner’s Office  (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

 

Contact Details

In the first instance or if you are unclear who to contact, please email enquiries@UKTIN.org.

The contact details of the Delivery Partners are set out below:

 

 

 

Digital Catapult

FAO

Digital Catapult Legal Team

Email Address

privacy@digicatapult.org.uk

Postal Address

Digital Catapult, Level 9, 101 Euston Road, London, NW1 2RA, marked as a “Data Protection query”.

Telephone Number

020 3882 3557

Cambridge Wireless

FAO

Data Protection

Email Address

data.protection@cambridgewireless.co.uk

Postal Address

Peters Elworthy & Moore (PEM), Salisbury House, Station Road, Cambridge, CB1 2LA

Telephone Number

+44 (0) 1223 967 101

WM5G Limited

FAO

Gurmit Sangha

Email Address

Gurmit.Sangha@wmca.org.uk

Postal Address

WMCA, 16 Summer Lane, Birmingham, B19 3SD

Telephone Number

0121 214 7301

The University of Bristol

FAO

Henry Stuart

Email Address

data-protection@bristol.ac.uk

Postal Address

Information Governance Manager & Data Protection Officer, University Secretary's Office, University of Bristol, Beacon House, Queen's Road, Bristol, BS8 1QU

Telephone Number

0117 45 56325