South Chesthill Partnership (We, Us, Our) is committed to preserving the privacy of all visitors to Our website and Our Clients.
This notice describes how we collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR) and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (Data Protection Legislation).
For the purpose of the Data Protection Legislation, We are the data controller. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
Information that we collect from you:
– When you enquire about Our services, you may be asked to provide certain information about yourself including Your name and contact details.
– We may collect information about your usage of Our website, information about you from messages you post to the website and e-mails or letters you send to Us.
Use of your Information:
– By completing an enquiry or sending Us an email You agree that We have the following lawful reasons for processing your personal data:
(a) consent: you have given clear consent for Us to process your personal data for completing your enquiry, although generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you, and you may withdraw your consent in those circumstances.
(b) We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for business development, statistical and management purposes.
– Where you have consented, We will use your information to let you know by email about products and services We offer. If You change your mind about being contacted in the future, you will be able to withdraw your consent by unsubscribing.
Disclosure of your Information:
– We will not pass your information to any third parties other than parties who provide support services on Our behalf, such as MailChimp who we use for email sending and management.
– Some Vendors, partners, or other third parties who act for Us for the purposes set out in this policy may be located outside the European Economic Area (EEA). Wherever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
- Where we transfer your personal data to the US, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
– We may also pass aggregate information on the usage of Our website to third parties but this will not include information that can be used to identify you.
– If Our business enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our New business partners or owners.
– Unless required to do so by law, We will not otherwise share, sell or distribute any of the information you provide to Us without your consent.
Where we store your personal data:
– All information you provide to us is stored on our PCs which are password-protected and up to date with Windows Defender anti-virus software.
– Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Us; any transmission is at your own risk. Once we have received your information, We use strict procedures and security features to prevent unauthorised access.
Security and Data Retention:
– We employ commercially reasonable and appropriate security measures to protect your information from access by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. In addition, where we share your personal data with a “data processor” for the purposes of the Data Protection Legislation, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
– We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
– We will retain your information on Our secure servers for an unlimited period (this is because you may wish to login to Our websites at any time to make another booking, update your personal data, or access your historic booking data) unless you request deletion in line with your Rights (see below).
– You have the right to object to Us processing or retaining your personal data for any purpose. To do this, please email us. In this case, We will be unable to process any future bookings for you unless you re-enter your personal data. On receiving Your instruction We will request any additional proof of identification then permanently delete your personal data from Our live systems within a maximum of 30 days. Your diagnostics data which does not contain personal data will retained for up to two years in line with Our data retention policy.
– You have the right to request access information held about you. Any initial request is free of charge; any subsequent request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you. Alternatively We may refuse to comply with the request in the circumstances where the request for access is clearly unfounded or excessive.
– You have the right to request correction of the personal data We hold about you.
– You have the right to object to Us processing your personal information specifically for direct marketing purposes.
– If You are booking on behalf of a child aged under 16, You must have permission of a person with parental responsibility for them to process their data. We will not send direct marketing communications to children, but their rights under this notice are otherwise the same.