What is personal data?
Personal data is, in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out below.
What does this policy cover?
This privacy information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
What are my rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details set out in the second to last section.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
The right to access the personal data we hold about you. We explain how to do this further down.
The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
The right to restrict (i.e. prevent) the processing of your personal data.
The right to object to us using your personal data for a particular purpose or purposes.
The right to data portability. This means that you can ask us for a copy of your personal data held by us to re-use with another service or business in many cases.
Rights relating to automated decision-making and profiling. Please see the section on how we use your personal data for further explanation.
What personal data do you collect?
We only collect personal data that you want to provide to us or that is needed to provide (and improve) our service to you. We may collect some or all of the following personal data (this will vary according to your relationship with us and/or which services you use):
To simply browse our websites and learn more about our products and services, you do not need to give us any personal information.
IP address and website usage information (please see further our Cookies Policy)
How do you use my personal data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one or more of the following purposes:
Providing and managing your account.
Supplying our services to you. Your personal details are required in order for us to engage with you, offer you services of value to you and enter into a contract with you.
Personalising our services for you.
Communicating with you. This may include responding to emails or calls from you.
With your permission and/or where permitted by law, we may use your personal data for marketing purposes, which will include contacting you by email with company news and offers on products. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
Supplying you with information by email that you have opted-in to (you may unsubscribe or opt-out at any time by using the unsubscribe link in any email you receive from us or by contacting email@example.com)
How will you protect my personal data?
We will process it lawfully, fairly and in a transparent manner.
It will only be collected for specified, explicit and legitimate purposes and be limited to what is absolutely necessary.
We will ensure it is completely accurate and will erase all inaccurate data without delay.
All data collected, held and processed by us will be kept secure and protected against accidental loss, destruction or damage using appropriate measures.
How long will you keep my personal data?
We will only keep your personal information for as long as it is reasonably necessary taking into consideration the reason for which it was first collected, our need to answer queries or resolve problems, provide improved and new services and comply with legal requirements under applicable law(s). This means that we may retain your personal information for a reasonable period after you stop using our services or stop using this website. After this period, your personal information will be deleted from all our systems, and we remind you that you have a right to have your personal information deleted at any time.
How and where do you store or transfer my personal data?
We store personal data using UK cloud storage and on our company server that is backed up to UK based cloud services. This means that information stored here is fully protected under the GDPR or to equivalent standards by law and we have strict security measures in place to prevent unauthorised access.
We also use Mailchimp, Caterquotes and Google Analytics where some personal information will be kept on their servers located in the United States of America. All data stored here is in line with the Privacy Shield agreement and we will never store your personal information using any service outside of the EU that we feel does not have an adequate level of protection.
For more information, please see the links below:
Do you share my personal data?
We may sometimes contract with third parties to supply services to you on our behalf in the course of dealing with you. These may include payment processing and delivery. In some cases, those third parties may require access to some or all of your personal data that we hold.
If any of your personal data is required by a third party, we will take steps to ensure that your personal data is handled safely, securely, and used only to fulfil the service they provide to you on our behalf. We will also ensure it is in accordance with your rights, our obligations, and the third party’s obligations under the law.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
How can I access my personal data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in the next section. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible. You can find a link to the form at the bottom of this page.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
How do I contact you?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
FAO Mr Jarrod Ashton - Data Protection Officer
Email address: firstname.lastname@example.org
Telephone number: 0844 811 7210
Postal Address: Unit A1, Axis Point, Hill Top Road, Heywood, Manchester, OL10 2RQ
What if we make changes to this policy?
Any changes made will be reflected here and you will be informed on the homepage of this website.