Effective date: October 04, 2018
ANTSCA (“us”, “we”, or “our”) operates the http://www.antsca.org website (the “Service”).
Information Collection And Use
We collect several different types of information for various purposes to provide and improve our Service to you.
Types of Data Collected
While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:
- Email address
- First name and last name
- Phone number
- Address, State, Province, ZIP/Postal code, City
- Cookies and Usage Data
We may also collect information how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Service.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Use of Data
ANTSCA uses the collected data for various purposes:
- To provide and maintain the Service
- To notify you about changes to our Service
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer care and support
- To provide analysis or valuable information so that we can improve the Service
- To monitor the usage of the Service
- To detect, prevent and address technical issues
Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
If you are located outside United Kingdom and choose to provide information to us, please note that we transfer the data, including Personal Data, to United Kingdom and process it there.
Disclosure Of Data
ANTSCA may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of ANTSCA
- To prevent or investigate possible wrongdoing in connection with the Service
- To protect the personal safety of users of the Service or the public
- To protect against legal liability
Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
We may use third-party Service Providers to monitor and analyze the use of our Service.
Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Service does not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
- By email: ENQ@antsca.org
“Agreement” means the agreement in place between ANTSCA and the other party to whom notice of these clauses has been given;
“Controller” has the meaning given to such term in the GDPR;
“Data Laws” means all applicable laws and regulations relating to the processing and privacy of personal data, including the Data Protection Act 1998 (up to including 24th May 2018) and (with effect from and including 25th May 2018) the GDPR;
“Data Regulator” means the Information Commissioner’s Office or any successor body which has regulatory authority for the purposes of the Data Laws;
“Data Subject” has the meaning given to such term in the GDPR;
“GDPR” means the General Data Protection Regulation (EU) 2016/679 and any applicable laws and regulations which supplement and/or replace the GDPR;
“Personal Data” has the meaning given to such term in the GDPR;
“Personal Data Breach” has the meaning given to such term in the GDPR;
“Processing” shall have the meaning given to such term in the GDPR (and “Process” and “Processed” shall be construed accordingly);
“Processor” shall have the meaning given to such term in the GDPR;
“Relevant Data Subject” means a Data Subject in respect of the Relevant Personal Data; and
“Relevant Personal Data” has the meaning given to such term in paragraph 1.1.
- DATA PROTECTION
1.1. Each party shall comply with its obligations under the Data Laws with regard to its Processing of any Personal Data in connection with the Agreement (“Relevant Personal Data”).
1.2. The parties acknowledge that the factual arrangement between them dictates the classification of each party as either a Controller and/or a Processor in respect of any Relevant Personal Data for the purposes of the Data Laws. Accordingly, in this paragraph 1:
1.2.1. references to the “Controller” shall be construed as a reference to the applicable party in its capacity as a Controller (as a matter of fact in accordance with the Data Laws) in respect of any Relevant Personal Data; and
1.2.2. references to the “Processor” shall be construed as a reference to the applicable party in its capacity as a Processor (as a matter of fact in accordance with the Data Laws) in respect of any Relevant Personal Data.
1.3. Without prejudice to the generality of paragraph 1.1, the Controller shall:
1.3.1. where required to do so under the Data Laws make notification(s) to the Data Regulator in relation to its Processing of the Relevant Personal Data;
1.3.2. ensure it is entitled to provide the Relevant Personal Data to the Processor as required for the Processor to perform its obligations under the Agreement in accordance with the Data Laws; and
1.3.3. ensure that, if and to the extent applicable, all fair processing notices have been given (and/or, as applicable, consents obtained) and are sufficient in scope to enable the Processor to Process the Relevant Personal Data as required as required for the Processor to perform its obligations under the Agreement in accordance with the Data Laws.
1.4. Without prejudice to the generality of paragraph 1.1, the Processor shall:
1.4.1. subject to paragraph 1.4.2, Process the Relevant Personal Data for and on behalf of the Controller for the purposes of performing its obligations under the Agreement and only in accordance with the terms of the Agreement and any written instructions from the Controller from time to time;
1.4.2. unless prohibited by law, immediately notify the Controller (and prior to undertaking the applicable Processing) if:
18.104.22.168. the Processor is required by the Data Laws or any other applicable law to act other than in accordance with the instructions of the Controller with regard to any Processing of Relevant Personal Data; and/or
22.214.171.124. the Processor considers, in its opinion, that any of the Controller’s instructions with regard to any Processing of Relevant Personal Data infringe the Data Laws or any other applicable law;
1.4.3. ensure that only the Processor’s properly authorised personnel (including contractors where applicable, but without prejudice to paragraph 1.9) shall have access to or Process the Relevant Personal Data and that such personnel have entered into appropriate contractually-binding obligations to keep the Relevant Personal Data confidential or are subject to an appropriate statutory obligation of confidentiality;
1.4.4. implement and maintain technical and organisational security measures against the unauthorised or unlawful Processing of Relevant Personal Data and against the accidental loss or destruction of, or damage to, Relevant Personal Data sufficient to comply at least with the obligations imposed by the Data Laws;
1.4.5. without prejudice to the generality of paragraph 1.4.4, ensure that the measures implemented pursuant to such paragraph are appropriate to the harm that might result from the unauthorised or unlawful Processing or accidental loss, destruction or damage and the nature of the Relevant Personal Data to be protected, having regard to the state of technological development and the cost of implementing any measures;
1.4.6. assist the Controller (taking into account the nature of the Processing), by the implementation, provision and use of appropriate technical and organisational measures (insofar as possible), to fulfil its obligations to respond to requests from Relevant Data Subjects for exercising their rights under the Data Laws;
1.4.7. without prejudice to the generality of paragraph 1.4.6:
126.96.36.199. notify the Controller promptly (and in any event within seven (7) days) following its receipt of any subject access request the Processor receives from any person who is a Relevant Data Subject (and not respond to any such subject access request without the Controller’s prior written consent);
188.8.131.52. promptly provide the Controller with all reasonable co-operation and assistance (including the provision of all relevant records and information) required by the Controller in relation to any subject access request made by any person who is a Relevant Data Subject;
1.4.8. notify the Controller promptly (and in any event within seven (7) days) following the Processor’s receipt of:
184.108.40.206. any notice or communication from the Data Regulator which relates to the Processing of the Relevant Personal Data; or
220.127.116.11. any complaint from any person who is a Relevant Data Subject and which relates (directly or indirectly) to the Processing of Relevant Personal Data;
1.4.9. not respond to any notice, communication or complaint referred to in paragraph 1.4.8 without the Controller’s prior written consent (except if and to the extent otherwise required by the Data Laws);
1.4.10. promptly provide the Controller with all reasonable co-operation and assistance (including the provision of all relevant records and information) required by the Controller in connection with any notice, communication or complaint referred to in paragraph 1.4.8;
1.4.11. notify the Controller promptly upon becoming aware of any:
18.104.22.168. breach of this paragraph 1;
22.214.171.124. any breach of the Data Laws in relation to the Relevant Personal Data; or
126.96.36.199. any Personal Data Breach in relation to the Relevant Personal Data,
providing full details thereof to the extent known to the Processor (or, where necessary, in phases but always without undue delay);
1.4.12. in respect of any matters referred to in paragraph 1.4.11:
188.8.131.52. promptly implement any measures reasonably necessary to restore the security of compromised Relevant Personal Data; and
184.108.40.206. provide reasonable co-operation and assistance (including the provision of all relevant records and information) to the Controller in connection therewith, including in respect of the making of any notifications to the Data Regulator and affected Data Subjects relating to any such matter;
1.4.13. carry out, without undue delay, any request from the Controller requiring it to amend, transfer or delete the Relevant Personal Data or any part of the Relevant Personal Data; and
1.4.14. except if to the extent otherwise required by the Data Laws and any other applicable law, cease Processing all Relevant Personal Data after termination of the Agreement as soon as such Processing is no longer required for the purposes of the Agreement and return or delete (as directed in writing by the Controller) all Relevant Personal Data and all copies in its possession or control.
1.5. Without prejudice to the generality of paragraph 1.1, the Processor shall maintain complete and accurate records and information to demonstrate its compliance with the Data Laws regarding Relevant Personal Data and this paragraph 1, including (with regard to Relevant Personal Data):
1.5.1. records of its details, the Controller’s details and the details of its data protection officer;
1.5.2. records of the categories of Processing carried out on behalf of the Controller;
1.5.3. records of the details of any transfers to any third countries, where applicable, and the safeguards in place for that transfer;
1.5.4. records of the measures it has in place pursuant to paragraph 1.4.4; and
1.5.5. such other records as are required to be maintained pursuant to the Data Laws;
1.6. The Processor shall promptly provide to the Controller (and to the Data Regulator where applicable), upon request:
1.6.1. copies of the records maintained pursuant to paragraph 1.5;
1.6.2. a copy of the Relevant Personal Data which is Processed by the Processor at that time, in the format and on the media reasonably specified by the Controller; and
1.6.3. all information necessary to demonstrate the Controller’s and the Processor’s compliance with the Data Laws regarding Relevant Personal Data and the Processor’s compliance with this paragraph 1, including to demonstrate compliance by any third party of any obligations imposed on them by the Processor pursuant to any requirements of the Controller as contemplated by this paragraph 1.
1.7. Without prejudice to any other provisions of this paragraph 1, the Processor shall permit the Controller or its representatives (upon reasonable prior notice) to audit and inspect the Processor’s compliance with the Data Laws regarding Relevant Personal Data and this paragraph 1 (and shall promptly provide all reasonable co-operation, information and assistance with regard to any such audit).
1.8. At the Controller’s request (and taking into account the nature of the Processing and the information available to the Processor), the Processor shall promptly provide such assistance to the Controller (including the provision of all relevant records and information) as is required to ensure compliance with obligations imposed on the Controller in respect of:
1.8.1. the implementation of technical and organisational security measures relating to the Processing of Relevant Personal Data;
1.8.2. obligations relating to notifications to the Data Regulator and/or any Relevant Data Subjects required by the Data Laws regarding any Personal Data Breach; and/or
1.8.3. considering and undertaking any Data Protection Impact Assessments (including any required consultation with the Data Regulator) in accordance with Data Laws.
1.9. The Processor shall not, without the Controller’s prior written consent:
1.9.1. transfer any Relevant Personal Data to a country, territory or jurisdiction that is outside both the United Kingdom and the European Economic Area (and then only in accordance with the terms of that consent and ensuring that it meets the requirements of the Data Laws regarding such transfer, including ensuring that adequate safeguards are in place);
1.9.2. disclose or allow access to the Relevant Personal Data to a third party, including to a sub-processor (and then only in accordance with the terms of that consent and any specific written instructions given by the Controller relating to such disclosure or access); or
1.9.3. appoint any sub-processor to Process any Relevant Personal Data (and then subject always to paragraph 1.10).
1.10. Where the Controller gives written consent to the appointment of a sub-processor for the purposes of paragraph 1.9.3, the Processor shall:
1.10.1. only appoint any such sub-processor in accordance with the terms of that consent;
1.10.2. where such consent is of a general nature, inform the Controller of any intended changes concerning the addition or replacement of sub-processors and shall not effect any such changes without the Controller’s prior written consent;
1.10.3. prior to the sub-processor undertaking any Processing, put in place a written contract with the sub-processor which:
220.127.116.11. contains the same terms as the provisions of this paragraph 1 relating to such Processing and which otherwise meets the requirements of the Data Laws; and
18.104.22.168. prohibits the sub-processor from appointing any third party to Process the Relevant Personal Data; and
1.10.4. remain fully liable to the Controller for the performance of the sub-processor’s obligations under such contract and for any breach of those obligations.
1.11. The Processor shall, without undue delay, enter into such additional agreements with the Controller and/or agree to such amendments to the Agreement as may be required to comply with the Data Laws.