Privacy Notice

About this policy

Who should read this policy

Everyone who accesses our website at [insert link] (Website) including customers of our business, prospective customers, and other business contacts, such as suppliers or service providers to our business.

What is covered

This policy sets out what information we collect about you, what we use it for and who we share it with. It also explains your rights and what to do if you have any concerns about your personal data.

Who to contact about this notice

If you have any questions about this privacy policy, how we handle your personal data or you are looking to exercise one of your rights, please contact us at [email protected]

Latest updates

This policy was last updated on 1st February 2022. We may sometimes need to update this policy to reflect changes to the way we provide our services or to comply with updates to data protection law. Where possible, we will notify you of any substantive changes but please check back regularly to see whether any changes have occurred. 

Who checks this policy is enforced

The Information Commissioner’s Office (ICO) is the UK regulator and is responsible for checking that businesses comply with UK Data Protection Law. 

About us

We are DNS Research Federation, registered in England and Wales with company number 13602141 whose registered address is Lincoln House Pony Road, Cowley, Oxford, Oxfordshire, England, OX4 2RD (DNS / we / us /our).

If you visit our Website or contact us about our services we are the controller of your information (which means we decide what information we collect and how it is used). We are registered with the Information Commissioner’s Office (ICO), the UK regulator for data protection matters, under number Z1513835.

If you have any questions about this privacy notice or the way that we use information, please get in touch using the following details:

Email address: [email protected]

Postal address: Lincoln House, 4 Pony Road, Oxford OX4 2RD.

Information we collect about you

Personal data means any information which does (or could be used to) identify a living person. We have grouped together the types of personal data that we collect and where we receive it from below:

How we use your information

Under UK data protection law, we need a legal reason (known as a lawful basis) for holding, collecting and using your personal data. There are 6 main legal reasons which organisations can rely on. The most relevant are:

to enter into and perform a contract with you;

pursue our legitimate interests (our justifiable business aims) but only if those interests are not outweighed by your other rights and freedoms (e.g. your right to privacy);

to comply with a legal obligation that we have;

where you have consented to us using your personal data a certain way. 

The following table sets out when we rely on each lawful basis. 

Where we need to collect your personal data (for example, in order to fulfil a contract we have with you), failure to provide us with your personal data may mean that we are not able to provide you with the services. Where we do not have the information required about you to fulfil an order, we may have to cancel the service ordered. 

When we send you marketing messages

You can opt out of receiving marketing information from us at any time. Just use the “unsubscribe” link in the relevant email, or let us know at [insert email]

Opting out of marketing will not affect our processing of your personal data in relation to any contract you (or your employer or any other party that has engaged you) has with us and where we required to use your personal data to fulfil that contract or provide you with certain information.

Who we share your information with

We may share your personal data with:

• Our personnel: our employees (or other types of workers) who have contracts containing confidentiality and data protection obligations in order to provide our services.
• Our supply chain: other organisations that help us provide our services. We ensure these organisations only have access to the information required to provide the support we use them for and have a contract with them that contains confidentiality and data protection obligations.
• Our website hosting provider: the company who provides website hosting services to us may have access to some information (e.g. information from cookies and tracking technologies) to ensure that the Website is working correctly.
• Our cloud service provider: which we use to store information about our customers and which enables us to deal with enquiries and provide our services.
• Regulatory authorities: such as HM Revenue & Customs.
• Our professional advisers: such as our accountants or legal advisors where we require specialist advice to help us conduct our business.
• Any actual or potential buyer of our business.

If we were asked to provide personal data in response to a court order or legal request (e.g. from the police), we would seek legal advice before disclosing any information and carefully consider the impact on your rights when providing a response.

Where your information is located or transferred to

We store company information (including your personal data) on servers located in the United States.

Otherwise, we will only transfer information outside of the US where we have a valid legal mechanism in place (e.g. by using contracts approved by the European Commission or UK Secretary of State).

How we keep your information safe

We have put in place appropriate security and safety measures to prevent your personal data from being lost or illegally accessed by those who do not have permission. These measures include:

• access controls and user authentication (including multi-factor authentication);
• internal IT and network security; 
• regular testing and review of our security measures;
• staff policies and training;
• incident and breach reporting processes;
• business continuity and disaster recovery processes;

In the event that there is an event or incident affecting your personal data, we will keep you informed. We may also need to notify the regulator (where required under data protection law) and if we make decisions about personal data about your data jointly with another party (for example, if a third party marketing provider), we may need to notify them. 

How long we keep your information

Where we are responsible for making decisions about how to collect and use your personal data, we will only keep your personal data for as long as necessary to fulfil the purposes we collected it for or as long as required to fulfil our legal obligations. 

When we consider how long to keep your personal data, we will consider whether it is still necessary to keep it for the purpose which we collected it or whether the same purpose could be achieved by holding less personal data. We will also consider the volume, nature, and sensitivity of the personal data and the potential harm to you if there was an incident affecting your personal data.

We may keep Identity Data, Contact Data and certain other data (specifically, any exchanges between us by email or any other means) for up to seven years after the end of our contractual relationship with our customer.

If you browse our Website, we keep personal data collected through our analytics tools for only as long as necessary to fulfil the purposes we collected it for (see our cookie policy below for further information). 

Your legal rights

You have specific legal rights in relation to your personal data. 

It is usually free for you exercise your rights and we aim to respond within one month (although we may ask you if we can extend this deadline up to a maximum of two months if your request is particularly complex or we receive multiple requests at once). 

We can decide not to take any action in relation to a request where we have been unable to confirm your identity (this is one of our security processes to make sure we keep information safe) or if we feel the request is unfounded or excessive. We may charge a fee where we decide to proceed with a request that we believe is unfounded or excessive. If this happens we will always inform you in writing. 

Your legal rights are as follows:

Access: You must be told if your personal data is being used and you can ask for a copy of your personal data as well as information about how we are using it to make sure we are abiding by the law.

Correction: You can ask us to correct your personal data if it is inaccurate or incomplete. We might need to verify the new information before we make any changes.

Deletion: You can ask us to delete or remove your personal data if there is no good reason for us to continuing holding it or if you have asked us to stop using it. If we think there is a good reason to keep the information you have asked us to delete (e.g. to comply with regulatory requirements), we will let you know and explain our decision.

Restriction: You can ask us to restrict how we use your personal data and temporarily limit the way we use it (e.g. whilst you check that the personal data we hold for you is correct).

Objection: You can object to us using your personal data if you want us to stop using it. We always comply with your request if you ask us to stop sending you marketing communications but in other cases, we decide whether we will continue. If we think there is a good reason for us to keep using the information, we will let you know and explain our decision.

Portability: You can ask us to send you or another organisation an electronic copy of your personal data.

Complaints: If you are unhappy with the way we collect and use your personal data, you can complain to the Information Commissioner or another relevant supervisory body, but we hope that we can respond to your concerns before it reaches that stage. Please contact us at [email protected]

If you would like to exercise any of your legal rights, please contact us at the email address provided above.