Who we are (The Data Controllers)
26 Church Street
The nominated Data Protection Officer is
The Data Protection Officer
The categories of your information that we collect, process, hold and share includes:
personal information (such as name, telephone number, email address)
Why we collect and use this information
We use your personal data to:
enable us to provide our services to you under our terms of business with you.
inform our own marketing, risk and diversity policies
comply with our legal obligations, for example, to prevent fraud
We do not use your personal data to make automated decisions or for profiling.
The lawful basis on which we process this information
Processing is necessary for either:
the performance of our contract with you or for us to take steps for us to enter into a contract or
the legitimate interests of ourselves or a third party, except where such interests are overridden by your interests, rights or freedoms. Such as to enable us to run our business, make marketing and risk decisions or to enable us to comply with our compliance obligations or
the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller such our duty to identify fraud.
Collecting this information
The information you provide to us is on a voluntary basis. This data may be personal data. We may obtain personal data from publicly accessible sources (such as social media). We cannot provide our services to you without processing and disclosing your personal data.
Storing this information
We hold your data;
In the case of data processed in pursuance of a contract with you or due to our legal obligations, seven years following the last date we communicated with you;
In the case of data processed with your consent for marketing purposes, 1 year after you first gave us consent or earlier if you withdraw consent;
after which time it is securely disposed of and/or deleted.
In the case of data processed in respect of our legitimate interests after considering your own, we review this every year and we will delete the data as soon it is no longer necessary for our purpose or earlier if you object.
Who we share this information with
We routinely share this information with:
People in connection with the work we do for you with such as data lawyers and IT and marketing companies.
People in connection with the operation of our business such as accountants, lawyers and regulatory bodies.
People to whom we have a legal duty, such as the police.
Why we share your information
We do not share information about you with anyone without consent unless the law and our policies allow us to do so.
We only share your data if it is
Necessary for the purpose of our contract with you
Necessary due to a legal obligation
Necessary for a legitimate interest we have, after considering your own interests.
We have robust processes in place to ensure that the confidentiality of your personal data is maintained and there are stringent controls in place regarding access to it and its use.
Decisions on whether we release your personal data to third parties are subject to a strict approval process and based on a detailed assessment of:
who is requesting the data
the purpose for which it is required
the level and sensitivity of data requested; and
the arrangements in place to securely store and handle the data
To be granted access to your personal data, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
Sharing Your Data Outside the EU or EEA
Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or;
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe, or;
Where we use providers based in the US, we may transfer data to them if they are part of Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Requesting access to your personal data
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information contact,
The Data Protection Officer
26 Church Street
You also have the right to
object to the processing of personal data that is likely to cause, or is causing, damage or distress
prevent processing for the purpose of direct marketing
object to decisions being taken by automated means
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact the Data Protection Manager.