This privacy notice is designed to be used in a short form. Internally, we have a Privacy Policy, detailing rules for how we handle our data. The GDPR requires that privacy notices be simple and easy to understand. The ICO explains the concept of a multi-layer privacy policy here: https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/where-should-you-deliver-privacy-information-to-individuals/

CFA provides archaeology services within the UK for development, planning, consultancy, research and cultural heritage purposes.

By accessing the website, contacting us or purchasing our services, you agree to this Privacy Notice.

The Data Protection Officer at CFA Archaeology is Kevin Hicks. He is responsible for making sure that the Company does everything this Privacy Notice says. You can contact Kevin at privacy@cfa-arch.co.uk. We may require identification in order to discuss your personal data requests.

Privacy Really Matters

We collect as little of your personal data as we possibly can, we keep it for as little time as possible, we keep it safe and secure, we only store it on servers within the United Kingdom or the European Union, and we destroy it as soon as we can. If you ask us for a copy of your personal data, we will supply it to you for free. If you ask us to destroy your personal data, we will do so.

We are a data controller (registered with the ICO), as described in the GDPR. That means we take responsibility for what data we collect and what we do with it, and for making sure we are following the law at every step.

What Data We Collect

We only specifically collect personal data essential to our archaeology consulting business, and to assist in the operation of the CFA website.

We only automatically collect a small amount of personal data. This can be when visiting the website by means of cookies, web beacons or other technical means, and the information collection may include the IP address, identifying characteristics of your device or web browser, and the web pages you visit both on the site and just before and after you visited the site. We also may use these technologies to collect information when you communicate with us via email messages, informing when you click on, open or forward a message.

Personal Data may include full name, email address, mailing address, mobile phone number, billing and payment information, your preferences and approximate geographic location, among other items. This data can be collected when you contact us for any reason, for example, by email, when you send us payment information or send us customer service requests.

How We Use the Data We Collect

We use the data to operate CFA, and to improve the way we do business (because, if we don’t need a particular piece of personal data, then we don’t keep it.) For the website, we need to keep some information for a reasonable period of time to offer you a stable and reliable service, and to improve it over time. For services you purchase from us, the data we collect is for keeping in touch with you to ensure the smooth running and fulfillment of the contract.

We use Google Analytics (under review due to GDPR compliance), cookies and similar technologies to provide per-user content and information, to personalise the user experience and to monitor the usage of the website and other media. Cookies are explained at http://www.allaboutcookies.org.

We do not make automated decisions about you from your personal data, or profile you in any way.

How Long We Keep Your Data

Personal data we have collected for marketing purposes with your consent is deleted after six months, if we have not confirmed in that time.

Personal data related to invoices we keep for six years, as required by HMRC.

Personal data related to contracts we keep for [5 years Scotland, 6 years England & Wales] in case there is any legal complaint.

Access, Correction, Deletion

You may update, correct, or delete your personal data accessible to you via your user account if available within our IT, HR or networking systems. We will have both the new and the old data in backups and log files for the reasons explained elsewhere related to running our service and complying with the law. This data is deleted after a period of time like all other personal data we hold.

If you wish to access or amend any personal data we hold that is not accessible via your user account, please contact us.

If you wish to have your personal data entirely removed from our systems, subject to the legal and other exceptions listed elsewhere in this privacy notice, then we will do so without fee and according to the GDPR.

If you ask us to correct or update any of your personal data we hold, we will respond to you, and do the updates in a timely way.

Law Enforcement and Legal Activities

We may disclose Personal Data or other information if required to do so by UK or European law. We cooperate with law enforcement or other governmental agencies to the minimum extent required under applicable laws.

We may, in accordance with the GDPR, disclose personal data to protect ourselves against lawsuits or criminal activity, investigate claims from third parties, produce the security of CFA digital systems.

Comments are closed.