David Aster ("We" or "us") are committed to protecting and respecting your personal data and privacy. This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we treat it.
For the purpose of the General Data Protection Regulation (GDPR) ("the Act") we are registered as a Data Controller with the Information Commissioner’s Office (Registration Reference No A8273178) and a description of how we use personal information is included in our entry on the data protection register which is maintained by the Information Commissioner’s Office.
Under GDPR we have a legal duty to protect any information we collect from you. We have procedures and security features in place that aim to keep your data secure once we receive it. We may collect and process the following data about you:
- Information you give us. You may give us information by paper, corresponding with us via email, social media, phone, fax, by contacting our staff, one of our sales agents or otherwise. This includes information you provide when you visit our websites, use our services, network, and correspond with us. The information you give us may include your name, address, email contact details, phone number(s), and other information required by us to deliver our products and services.
Information we collect about you. With regard to each of your visits to our websites we may automatically collect the following information:
- Information about your visit to our websites – products you viewed or searched for, page response times, download errors, and length of visit.
The GDPR protection sets out a number of different reasons for which a company may collect and process your personal data including:
Consent – in specific situations, we can collect and process your data with your consent e.g. when you tick a box to receive email newsletters
Performance of a Contract –we need your personal data to enable us to perform a contract and deliver our products and services
Legal compliance – If the law requires us to, we may need to collect and process your data – e.g. we can pass on details of people involved in fraud or other criminal activity or details to HMRC
Legitimate interest – in specific situations, we require your data to pursue our legitimate interest in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests’ e.g. to carry out our marketing activities and seeking your consent when we need to contact you.
We need to collect and hold information about you, for a variety of reasons including:
- the delivery of our products and services
- confirming your identity to provide some product and services
- contacting you by post, email or telephone
- understanding your needs to provide the products and services that you request
- understanding what we can do for you and inform you of other relevant products
- obtaining your opinion about our products and services
- updating your customer record
- helping us to build up a picture of how we are performing at delivering services to you and what products and services are needed
- Providing information on our products and services by way of a newsletter
- processing financial transactions
- preventing and detecting fraud and corruption in the use of funds
- making sure we meet our statutory obligations including those related to diversity and equalities We may not be able to provide you with a product or service unless we have enough information, or your permission to use that information.
We will use the information you provide in a manner that conforms to the GDPR Act. We will endeavour to keep your information accurate, up to date and not keep it for longer than is necessary. In some instances the law sets the length of time information has to be kept.
- to carry out our obligations arising from any contracts entered into between you and us and to provide you with information, products and services that you request from us or which we feel may interest you (where you have consented to be contacted for such purposes or by Legitimate Interest)
- to monitor and improve our performance in responding to your request
- to allow us to be able to communicate with you and provide products and services appropriate to your needs
- to ensure that we meet our legal obligations
- where necessary for the law enforcement functions
- to prevent and detect fraud or crime
- to process financial transactions including payments, or where we are acting on behalf of other government bodies, e.g. Department for Work and Pensions
- to collect tax and monies owed to us
- where necessary to protect individuals from harm or injury
- to allow the statistical analysis of data so we can plan the provision of our products and services
- to notify you about changes to our services
- for other legitimate business purposes
We also embrace the use of social media and may wish to process any comments made public by you.
Our aim is not to be intrusive, and we won't ask irrelevant or unnecessary questions. The information you provide will be subject to rigorous measures and procedures to make sure it can't be seen, accessed or disclosed to anyone who shouldn't see it.
We will not disclose your personal information that you provide to us, to anyone else without your permission, except in the few situations where disclosure is required by law, or where we have good reason to believe that failing to share the information would put someone else at risk. You will be told about this.
We will not keep your information longer than it is needed taking into account the following:
- Whether we have any legal obligations to continue to process your information (imposed by relevant law or regulations)
- The purpose(s) and use of your information both now and in the future (such as whether it is necessary to continue to store that information so we can continue to perform our obligations under a contract with you or a contract in the future)
- Where we have a legal basis to continue to process information (such as your consent)
- How difficult it is to ensure that the information can be kept up to date and accurate – and –
- Any relevant surrounding circumstances (such a the nature and status of our relationship with you)
We will keep your information within the organisation except where disclosure is required or permitted by law or when we use third party service providers to supply and support our services to you. We use trusted third parties including IT companies who support our websites, Exact who provide our accounting software, HM Revenue & Customs, accountants, couriers, fraud management, secure document disposal service, and to administer our mailing list for e-newsletters with an organisation called Moo Send. If you have purchased from us and used a credit or debit card with us, we will share transaction details with companies which help us to provide this service (such as Visa and MasterCard).
If we use products or services which process personal information, we will only use GDPR compliant companies to help deliver our services, we will only provide information they need to perform their specific service and we will work closely with them to ensure your privacy is respected at all times. These providers are obliged to keep your details securely, and use them only to fulfil your request. If we do transfer any information outside the European Economic Area (EEA) we will ensure the following safeguards:
- Transfer to a non-EEA country with privacy laws that give the same protection as the EEA.
- Put in place a contract with the recipient that means they must protect the data to the same standards as in the EEA
- Transfer to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used in the EU. You can find out more about data protection on the European Commission Justice website.
We may disclose information to other partners where it is necessary, either to comply with a legal obligation, or where permitted under GDPR.
We will inform you if we record or monitor any telephone calls you make to us and obtain your consent to do so. This will be used to increase your security, for our record keeping of the transaction and for our staff training purposes.
Please remember that transmission of information over the internet is not secure and if you submit any information to us over the internet (such as emails, or via our website(s) or by any other means you do so at your own risk. If you email us we may keep a record of your contact and your email address and the email for our record keeping of the transaction. For security reasons we will not include any confidential information about you in any email we send to you. We would also suggest that you keep the amount of confidential information you send to us via email to a minimum and use our secure online services or post.
Applications to work for us
If you apply to work for us (directly or indirectly) in any role (including volunteers) we may receive data about you from third parties. In addition, we will keep the details of your application and any additional information provided to us by you or others during your application so that we can keep you informed of future opportunities that you may be interested in. If you do not wish for us to keep your detail for this reason, please let us know by contacting us using the details provided in the policy.
When will we contact you?
We may contact you:
- In relation to any product, service or activity in order to ensure that we can deliver our products and services
- In relation to any correspondence we receive from you
- To invite you to participate in surveys about our products and service so we can make improvements if necessary
- To deliver product brochures
- For marketing purposes – we will only send you marketing emails or contact you for marketing purposes if you have agreed for us to do so
- We offer regular emails and newsletters to let you know about our products and services and you can opt out of these at any time
Legitimate Interest & Marketing
Where we use Legitimate Interest we will record our decision and our method on making this decision. This can be requested by you at any time.
If you are an existing contact or customer we will only contact you by postal, telephone or electronic means (e-mail) with information about services or goods which you have previously purchased from us or enquired about. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by post, telephone or electronic means only if you have consented to this. You can choose to not receive these types of communication by contacting us.
You have the right to request that we stop processing your personal data in relation to our products and services. However, this may cause delays or prevent us delivering a products or service to you. Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement.
You can legally ask to see any information that we hold about you, and get a copy. To do so please contact our Data Protection Manager (contact details are at the end of the Policy).
You have the right to be forgotten and may terminate your arrangement with us at any time, in which case we will permanently delete your record(s) and all data associated with it. To request this please contact our Data Protection Manager. Where possible we will seek to comply with your request but we may be required to hold or process information to comply with a legal requirement.
We try to ensure that any information we hold about you is correct. There may be times where you find the information we hold is no longer accurate and you have the right to have this corrected.
Please contact us if you wish to exercise any of these rights, or if you have a complaint about how your information has been used. We will need to record your personal contact details to be able to respond to, and track the progress of, your request. Where you request access to your information we are required by law to use all reasonable measures to verify your identity before doing so. These measures are designed to protect your information and to reduce risk of identity fraud, identity theft or unauthorised access to your information.
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to use regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office. You can contact them by calling 0303 123 1113. Or go online to www.ico.org.uk/concerns (this opens in a new window, please note we can’t be responsible for the content of external websites).
David Aster Data Protection Manager
Unit 60 Marsh Lane
We want to make sure that the personal data we hold about you is accurate and up to date. If any of the details are incorrect, please let us know and we will amend them.