Who we are
Our website address is: https://wavenetwork.org.uk.
Wave is a collaboration between American International Group UK Limited; The Bank of New York Mellon – London Branch; Barclays Bank PLC; Bryan Cave Leighton Paisner LLP; Deloitte LLP; and Google UK Limited, each of which is responsible (i.e. they are the data controllers) for the personal information they respectively collect about you (including through this website).
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
We use Google Analytics Cookies to obtain an overall view of user habits and volumes, and to help improve the overall experience on our Websites. Google Analytics is a third-party web analysis service provided by Google Inc. (“Google”), which uses performance Cookies and targeting Cookies. The information generated by these Cookies about your use of our Websites (including your IP address) will be transmitted to and stored by Google Inc. on servers in the United States.
We collect data through https://www.eventbrite.co.uk/ to use in connection with our events. We request users who intend to attend our events to provide information regarding their dietary and accessibility requirements, so that we are able to ensure our events cater to the needs of those attending them. We will store this information as required for the event, and will usually destroy the data following the event.
We collect data through https://mailchimp.com/ to maintain and service a mailing list which we use to inform members about our events, information and general updates.
Social media channels
We collect data through https://www.facebook.com/, https://www.instagram.com/, https://www.linkedin.com/ and https://twitter.com/ where users access or leave information through our pages on those websites, in order to better understand the general interests of our members.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
The following privacy rights apply under the EU General Data Protection Regulation (“GDPR”). Although applicable data protection legislation in relevant jurisdictions afford similar rights, there may be circumstances where some of these rights do not apply under or are modified by, local law. Further information can be sought from our privacy contacts. In the event of any inconsistency, the applicable local legislation will prevail.
Right to be informed
You can ask us to provide you with privacy information about how we process your personal information. That information is set out in this privacy notice, together with any other specific notices which are provided to you at the time of collection of your Information.
Right of access
You can request us to confirm whether we process your personal information. You can also ask us to access your personal information.
Right to rectification and erasure
In the event that we hold inaccurate or incomplete personal information, you can ask us to rectify or complete that information.
You can also ask us to erase your personal information. This right is not absolute and only applies in certain circumstances.
Right to restrict processing
You can ask us to restrict the processing of your personal information (or to suppress it) for a certain period of time. This right is not absolute and only applies in certain circumstances.
Right of data portability
You can ask us to move, copy or transfer your personal information back to you or to another person under certain circumstances. This right only applies: (a) to personal information you have provided to us as a data controller; (b) where the processing is based on your consent or for the performance of a contract; and (c) when processing is carried out by automated means.
Right to object
You can ask us at any time to stop processing your personal information for marketing purposes. Where there are legitimate grounds to do so, you can also object to us processing your personal information on the basis of our legitimate interests and in certain other situations.
Right to withdraw consent
Where we are processing your personal information on the basis of your consent, you can withdraw that consent at any time.
Rights in relation to automated decision-making and profiling
You have the right to:
(a) ensure that any significant decisions affecting you are not made purely by automated means based on an online profile or other information (i.e. a person is involved in the decision-making), and
(b) that you can express your views and to challenge the decision.
We are also under obligations to ensure that any profiling is undertaken in a fair and transparent way.
For further details about these privacy rights under GDPR (including their limitations), please see the European Commission’s website.
To exercise your rights, please send a written and dated request (a “Request”) to admin [at] wavenetwork.org.uk, or speak to your relevant contact.
Please note that:
- We will need to verify your identity in order to be able to comply with certain of your requests.
- When you request access to your personal information, there will be some personal information which we are not able to disclose to you, such as documents which include confidential or personal information about another entity or person; documentation relating to management forecasting or planning; legally privileged documents; and copies of references.
- We will not be able to comply with your request in certain circumstances, for example where your request is manifestly unfounded or excessive.