Last Updated: April 2018
Who we are
This policy applies to Ordnance Survey Limited, and its group of companies which comprise Ordnance Survey Leisure Limited and Ordnance Survey International Services Ltd. For the purposes this policy Ordnance Survey and its Group of Companies will be referred to as we, us, our.
Legal Basis and purpose for processing your personal data
We are committed to protecting your personal information and respecting your privacy. We process your personal data when you access our Sites and Services. These include:-
We use your personal data in the following ways:
Our Legitimate Interests
There are times when we will rely on legitimate interests to process personal data, particularly when it is not practical to obtain consent. We will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Examples are:-
Categories of personal data you give to us
The personal data you give us includes:-
Your Location information:
Your Device information
Each time you visit or use our Sites and Services, we may automatically collect the following information:
We use the Device information in the following ways
We use the Log Information in the following ways
Information we pass to Third Parties and other Data Sharing
In order to facilitate your use of our Sites and Services, we may have to share your personal data with third parties to provide elements of our Sites and Services to you. We will provide your personal data to third parties when they need the data to perform particular functions in delivering our Sites and Services to you or as part of our regulatory compliance. These include:-
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Data transfers to third countries
The data we collect from you may, on occasion, be processed at a destination outside the European Economic Area (EEA). It may also be processed by organisations operating outside the EEA who work for us or for one of our suppliers. These organisations may be engaged in the fulfilment of your request, order or reservation, and the provision of support services.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Once it is within our control, we will do our utmost to ensure your personal data is processed in a way that ensures appropriate security from unauthorised or unlawful processing, accidental loss, destruction or damage
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Retaining your personal information
We will retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We may also retain your personal data for a reasonable period afterwards to allow us to respond to any follow up enquiries or complaints, or for as long as you remain a registered user of our products and services.
To determine appropriate retention periods for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, we may use or store this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data: see Right to Erasure below for further information.
Your Data protection rights
Withdraw Consent – Where we are using your personal information on the basis of your consent, you have the right to withdraw that consent at any time.
Right to be Informed – You have the right to be told how your personal information will be used. This policy document, and shorter summary statements used on our communications, are intended to be a clear and transparent description of how your data may be used.
Right of Access – You can write to us asking what information we hold on you and to request a copy of that information. This is called a Subject Access Request. From 25thMay 2018 we will have 30 days to respond to you once we are satisfied you have rights to see the requested records and we have successfully confirmed your identity. Details on how to submit a Subject Access Request can be found on our data protection page.
Right of Erasure – From 25th May 2018, you have the right to be forgotten (i.e. to have your personally identifiable data deleted). However, we may not always be able to comply with your request of erasure for specific legal reasons, which will be notified to you. In some cases, we may recommend that we supress you from future communications, rather than data deletion, particularly is you have purchased an item from our e-commerce shop which comes with a warranty. Our Customer Services Team will be happy to advise you.
Right of Rectification – If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may need to verify the accuracy of the new data provided to us.
Right to Restrict Processing – In certain situations you have the right to ask for processing of your personal data to be restricted because there is some disagreement about its accuracy or legitimate usage.
Right to Data Portability – Where we are processing your personal data under your consent, the law allows you to request data portability from us to another service provider. This right is largely seen as a way for people to transfer their personal data from one service provider to another. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to Object – You have an absolute right to stop the processing of your personal data for direct marketing purposes. Simply contact our Customer Service Team and they will amend your contact preferences or alternatively if you have an OSMaps or shop account you can update your details in your Preference Centre.
Right to object to automated decisions – In a situation where a data controller is using your personal data in a computerised model or algorithm to make decisions “that have a legal effect on you”, you have the right to object. This right is more applicable to mortgage or finance situations. We do not undertake complex computerised decision making that produce legal effects.
Changes to this policy
Data Protection Officer: Leah Smith
Call: 02380 055396
Post: Ordnance Survey, Explorer House, Adanac Drive, Southampton, SO16 0AS
Ordnance Survey and/or Ordnance Survey International Services Ltd:
Call: 03456 05 05 05 (Monday – Friday: 8.30am-5.30pm – call charges apply)
Post: Customer Services, Ordnance Survey, Explorer House, Adanac Drive, Southampton, SO16 0AS
Ordnance Survey Leisure Limited:
Call: 03454 56 04 20 (Monday – Friday: 8.30am-5.30pm – call charges apply)
Post: Ordnance Survey Leisure, Customer Services, Explorer House, Adanac Drive, Southampton, SO16 0AS
If, for any reason, you have a complaint, please contact the Data Protection Officer to discuss your concerns.
Following this, if you are still dissatisfied, you are able to contact the Information Commissioner’s Office directly at the contact details below.
Information Commissioner: Contact telephone number: 0303 123 1113.
Website: ICO website https://ico.org.uk/