Privacy Policy

Visit Lincoln will not use the personal information collected on this website for any purpose other than that specified. Visit Lincoln declares that all information will be treated confidentially and in accordance with the legal provisions concerning data protection. We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information.

Privacy Policy – How we use your data

Who are we?        

We are Visit Lincoln, a brand owned by Destination Lincolnshire Community Interest Company, with offices at Office BT1, The Terrace, Grantham Street, Lincoln, LN2 1BD. Among other things, we own and operate the following website:

https://www.visitlincoln.com

If you have any questions about this Policy, or about how we look after your data generally, please contact hello@destinationlincolnshire.co.uk. Please note that use of our website is subject to our Website Terms.

This Policy is supplemental to our Cookies Policy.

Introduction

Visit Lincoln (‘we’ or ‘us’ etc), is a ‘controller’ of data. This means that, under the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA), we may control and process your personal data in connection with any personal information collected or received by us arising from your use of any of our products, services, applications, websites (including any e-commerce stores) and customer support communications.

We take privacy very seriously. We are committed to keeping your data secure and processing it fairly and lawfully. We ask that you read this policy very carefully because it contains important information about how we process your personal data.

This Policy explains the types of information that we may collect and hold, how that information is used and with whom the data is shared. It also sets out how you can contact us if you have any queries or concerns about this information. It is aimed at our staff, officers, volunteers, contractors, beneficiaries and any other third parties interacting with us.

We reserve the right to make changes to this Policy at any time and we may notify you of changes to this policy by posting an updated version of this policy on our website. Your continued use of our products, applications, services and websites that are subject to this Policy will signify your acceptance of any and all changes to this Policy made by us from time to time and you should check this page occasionally to ensure you are happy with any changes to this Policy.

Keeping us informed

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Personal data we may collect about you

Personal information means any information about you from which you can be identified, but it does not include information where your identity has been removed (‘anonymous data’).

As the ‘controller’ of personal information, we are responsible for how that data is managed. The GDPR and the DPA set out our obligations to you and your rights in respect of how we manage your personal information.

As the ‘controller’ of your personal information, we will ensure that the personal information we hold about you is:

  1. used lawfully, fairly and in a transparent way.
  2. collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  3. relevant to the purposes we have told you about and limited only to those purposes.
  4. accurate and kept up to date.
  5. kept only as long as necessary for the purposes we have told you about.
  6. kept securely.

Information collected by us:

We may collect, use, store and transfer information about you in several different ways and this information may be classified in different categories. Please take care when submitting information to us. Only provide us with information that you are happy for us to process in accordance with this Policy, particularly with regard to confidential or sensitive information.

In the course of providing our services, the following types of data may be collected from you:

  • Identity Data includes first name, last name, username or similar identifier, title, date of birth and gender.
  • Contact Data includes postal address, billing address, delivery address, email address and telephone numbers.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Enquiry Data includes data you provided us with when you contact us with an enquiry. This may be through our website, using our customer services assistance, emailing us, calling us or making contact with us at a trade show or other event.
  • Usage Data includes information about how you use our website and services, as well as the frequency and pattern of your service use.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Sources of Data:

We may collect personal data about you when you make an enquiry with us; apply for a job; interact with our personnel; visit or use our website; enter a competition or promotion; give us feedback; or complete a form and submit it to us.

We may collect data about you from third parties and publicly available sources. For example, we may collect:

  • Financial and Technical Data from analytics providers or search information providers
  • Contact, Financial and Transactional Data from providers of technical, legal, accountancy, payment and delivery services and other specialist agencies
  • Identity and Contact Data from Companies House, local sources such as the Lincolnshire Chamber of Commerce, Lincoln BIG etc and other publicly available sources
  • Identity and Contact Data from social media if you (i) interact with any of our social network pages or applications; or (ii) you use one of our products or services that allow interaction with social networks, we may receive information relating to your social network accounts

Reasons we collect and use your personal information

When we process your personal information, for whatever reason, we rely on one or more of the following grounds within the GDPR, depending on the reason why we are processing the information:

  • Article 6(1)(a) – processing is conducted with your consent to process personal data for specified purposes (‘Consent’)
  • Article 6(1)(c) – processing is necessary for us to demonstrate compliance with our regulatory framework and the law (‘Compliance’)
  • Article 6(1)(f) – to process your personal data in pursuit of legitimate interests (‘Legitimate Interests’)

We will only use your personal data to the extent permitted by the law. The following table sets out the types of data we may use, the reason we may use this data and the legal basis for doing so:

 

Reason for using data Type of data Legal basis
To communicate with you Identity, Contact, Enquiry Consent, Compliance or Legitimate Interests
Improvement of our service All data Legitimate Interests
To advise you of opportunities and advertising, including market research Contact, Marketing and Communication Consent
To detect, prosecute and prevent fraud and other crime All data Compliance, legitimate interests
To access and manage any potential risks to the proper running of our work Identity, Contact, Usage, Technical Legitimate interests
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting data Technical, Usage Legitimate interests
To use data analytics to improve and enhance our service Usage, Technical Legitimate interests
To create and manage our marketing database Identity, Contact, Marketing and Communications Consent, Legitimate interests
To enable you to participate in a draw, competition or promotion Identity, Contact, Usage, Marketing and Communications Consent, Legitimate interests

Marketing and opting out

We will not contact you for the purposes of direct marketing unless you have asked us to do so. However, if you have asked us to do so and later your change your mind, you can opt-out at any time with no hassle. To do this, just let us know. See further 'Your rights' below for details about how to contact us.

Who has access to your personal information?

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes. We may have to share your personal data with the third parties set out below:

Third Party Service Providers working on our behalf: We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.

Our website provider: to enable us and them to deliver their service to us, carry out analysis and research on demographics, interests and behaviour of our users and supporters to help us gain a better understanding of them to enable us to improve our services. This may include connecting data we receive from you on the website to data available from other sources. Your personally identifiable data will only be used where it is necessary for the analysis required, and where your interests for privacy are not deemed to outweigh their legitimate interests in developing new services for us.

Our professional advisors and agents for the purposes of advising and representing us in any matter connected with your account or your use of our website upon which we legitimately consider that advice or representation is needed. This may include managing risks, obtaining advice and representation, or services connected with legal proceedings.

Selected third party suppliers of goods and services as are identified on our website to which you have specifically consented to share your personal data with for the purposes set out in such consent or to fulfil our contractual obligations. Each such third party will act as a data controller in relation to the data that we supply to it. Upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party's use of your personal data.

Local Government and other stakeholders which includes our strategic partner Lincoln BIG and city, county and district authorities in Lincolnshire with whom we are working, although personal information will be anonymised and purely for analytical purposes.

In general, third parties who legitimately have access to your data under this Policy are operating inside the EU, but that is not always the case, particularly with regard to large corporations and analytical service providers.

Third party liability

We are not liable for the actions and inactions of these third parties, and it is condition of your use of our website that you agree to the Website Terms, which limit and restrict our liability in certain defined circumstances. In particular, you agree that when third parties are the controller of data (such as third party suppliers of goods and services), then they are responsible for keeping your data safe once you have provided data to them. We have no control or responsibility over this.

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Keeping your data secure

Whilst we cannot guarantee that unauthorised access to your data will never occur, we will use reasonable technical and organisational measures to safeguard your personal data, for example:

  • Access to our systems is controlled by password and username which are unique to the user;
  • We store your electronic personal data on secure servers;
  • We store your paper records in locked fire-proof storage rooms;
  • Payment details are encrypted;
  • We always limit access to data about you (for example, data is shared with staff on a need-to-know basis only);
  • We vet third party suppliers where they supply services to us that might involve processing your data to ensure that they also have proper technical and organisational measures to safeguard your personal data;
  • Where necessary, we enter into professionally drafted data sharing and data processing agreements with third parties that focus on safeguarding personal data and comply with the GDPR;
  • We take advice from experts on the GDPR and the DPA where we need it;
  • We train our staff in data protection and awareness and we have policies and procedures in place for dealing with the unlikely event of data breaches

We advise you to take great care over your personal data. Do not provide personal information about yourself or anybody else unless you are satisfied you are taking proper precautions first.

Non-sensitive details (your contact details and preferences for example) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk.

Transferring your information outside of europe

We may store your data temporarily on our cloud service operated by Google. This may include limited special categories of data. We have taken appropriate steps to satisfy ourselves that your data will be secure during this process; we have a contractual relationship with Google that underpins this. As part of that security, Google may store your data in one or more or its international data centres, meaning that your data may be stored temporarily outside of the European Economic Area. If you have any concerns about this, please contact us using the details below.

Information about other individuals

If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his/her behalf and has agreed that you can:

  • Give consent on his/her behalf to the processing of his or her personal data
  • Receive on his/her behalf any data protection notices

How long do we keep your data for?

As a general rule, we will not keep your data for any longer than is necessary to complete tasks or provide you with services. Usually, this is up to six years, although general enquiry data is usually kept for a maximum of two years. 

We have a separate policy setting out retention periods for specific types of data. You can ask to see this policy by writing to us, using the contact details under the “Your Rights” section below. You also have the right to ask us to delete your data (sometimes known as ‘the right to be forgotten’.)

Cookies

A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website. If you use our website, we may use cookies to:

  • Track your use of the site;
  • Recognise you whenever you visit this website (this speeds up your access to the site as you do not have to log on each time);
  • Obtain information about your preferences, online movements and use of the internet;
  • Carry out research and statistical analysis to help improve our content, products and services and to help us better understand our visitor/customer requirements and interests
  • Target our marketing and advertising campaigns more effectively
  • Make your online experience more efficient and enjoyable

If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this website. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org

If you visit our website when your browser is set to accept cookies, we will interpret this as an indication that you consent to the use of cookies. This includes cookies that are essential in order to enable you to move around the site and use its features and cookies that are not essential but gather information about your use of the site.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.

For more information, please see our separate Cookie Policy.

Your rights

You have various rights under the GDPR, including the following rights:

  • Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
  • Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, providing you with services), or consent to market to you, you may withdraw your consent at any time.
  • Data Subject Access Requests (DSAR): Just so it's clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or delete such information. At this point we may comply with your request or, additionally do one of the following:
    • we may ask you to verify your identity, or ask for more information about your request; and
    • where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
  • Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. 
  • Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format. 
  • Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, details of which can be found below.

To exercise any of your rights concerning your information, please send an email to the following address:

hello@destinationlincolnshire.co.uk

Or write to us at the following postal address:

Destination Lincolnshire CIC, Office BT1, The Terrace, Grantham Street, Lincoln, LN2 1BD.

We may ask you to provide us with proof or your identity. Please do not be offended; this may occur even if we know you. It is a requirement of the GDPR in some cases.

Review

This Policy was last reviewed in November 2021.

The information commissioner’s office

More information about privacy laws can be found at www.ico.org.uk

Details of your local supervisory authority: The Information Commissioner's Office. You can contact them in the following ways:

  • Phone: 0303 123 1113
  • Email: casework@ico.org.uk
  • Live chat, via the ICO website
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

 


Cookies used by our site

Essential cookies

Web site

These cookies are used to store anonymous user-specific data in order to maintain a session state for the visitor. Our site uses this data to process requests, such as submitting a Contact Us enquiry or Events Submission. Some functions of the site depend on these cookies and may not work properly, or at all if they are disabled.

Name Where is it used? Typical content Expires
visitlincoln_tracker All pages Contains the last 5 pages you have viewed on our site. This is essential for displaying error and thank you messages when completing forms on our site, such as the Contact Us form. End of session.
visitlincoln_last_visit All pages The Date of your last visit to our site. 1 year
visitlincoln_last_activity All pages Records the time of the last page you viewed on our site. 1 year
visitlincoln_cookies_allowed All pages Indicates whether you have given for cookies to be set on our site. 1 year
__hs_opt_out All pages Used by the opt-in privacy policy to remember not to ask visitors to accept cookies again.  13 months
__hs_do_not_track All pages

Set to prevent the tracking code from sending any information to Visit Lincoln's HubSpot.

13 months
__hs_initial_opt_in All pages Used to prevent the banner from always displaying when visitors are browsing in strict mode. 7 days
__hs_cookie_cat_pref All pages Used to record the categories a visitors consented to. 13 months
hs_ab_test All pages Used to consistently serve visitors the same versions of an A/B test page they've seen before. End of the session
<id>_key All pages When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. 14 days
__hsmen All pages This cookie is set when visitors log in to a HubSpot-hosted site. It contains encrypted data that identifies the membership user when they are currently logged in. 1 year
       

Performance Cookies


Google Analytics

These cookies are used to identify new and returning visitors to our site, how long visitors stay on our site and how they reached our site. The results are sent to our Google Analytics account so we can understand how visitors arrive at our website and how long they stay for. To prevent Google Analytics cookies being set, you may install the Google Analytics Opt-Out Browser Add-On.

Name Where is it used? Typical content Expires
__utma All pages Created upon your first visit to our website using a randomly generated number. This cookie is used to determine unique visitors to our website. 2 years from set/update
__utmb All pages Created to establish your user session on our site, using a randomly generated number. When you view a page on our site, this cookie is updated to expire in 30 minutes. 30 minutes from set/update
__utmz All pages This cookie stores the way in which you reached our site, whether via a direct method, a referring link, a site search, or a campaign such as an ad or an email link. It is used to calculate search engine traffic, ad campaigns and page navigation within our site. The cookie is updated each time you view a page on our site. 6 months from set/update
__hstc All page The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session). 13 months
hubspotuk All page This cookie keeps track of a visitor's identity. It is passed to HubSpot on form submission and used when deduplicating contacts. It contains an opaque GUID to represent the current visitor. 13 months
__hssc All pages This cookie keeps track of sessions and is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.  30 minutes
__hssrc All pages Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. It contains the value "1" when present. End of the session.

 


Functionality cookies

Google Translate

Google Translate sets two cookies through our website. These are third-party cookies that would register on other websites that check for the existence of a translate cookie.

Name Where is it used? Typical content Expires
NID All pages The cookie stores the translation preference. When you close your browser
PREF All pages This is the Google cookie containing: ID - a browser identifier; TM - a timestamp of when the cookie was created; LM - a timestamp of when the browser preferences were last changed; S - a digital signature generated by Google which works in combination with page address settings. On the Google books site for example, it is used to only show you a few pages of the book from the page you started reading. 2 years from set/update

ShareThis
     


Many of our pages include a ShareThis button, which allows you to share our content via email, Twitter, Facebook etc. These cookies enable that service to work smoothly.

Name Where is it used? Typical content Expires
_stid All pages A random unique identifier and is used to associated users with topics of interest, based upon the content they consume and share. Unknown
_uset All pages Used to indicate when a user has been cookied so that the task is not repeated in the next 8 hours. Expires after 8 hours
_unam All pages Counts number of unique users that share content and how many page views are generated from the resulting share. Unknown