1.Data protection policy
- We take our responsibility to protect personal data very seriously. This policy sets out how we handle your personal data.
- We have appointed a Data Protection Officer who is accountable for ensuring your personal data is processed lawfully. If you have any questions about this policy or the processing of personal data, they would be delighted to help you to answer them.
What personal data do we hold?
The following table gives you an idea of the personal data that we process:
A full list of personal data which we hold is available.
Please contact our Data Protection Officer for more information.
Protecting personal data
- There are eight principles that are followed when processing personal data. They are that it must be:
- Processed fairly, lawfully and transparently;
- Relevant and not excessive;
- Processed for limited purposes and in an appropriate way;
- Not kept longer than necessary;
- Processed in accordance with the laws dealing with personal data;
- Kept secure;
- Not transferred to people or organisations in countries without adequate protection.
- We process personal data fairly and lawfully. Grounds for processing personal data include; with consent, to comply with a legal obligation, in the data subject’s vital interests, in the performance of a contract with the data subject or in our legitimate interests. If the personal data is sensitive, additional conditions will be met.
- Where we don’t have an alternative lawful basis to process your personal data we’ll ask you for your consent to do so. In particular, we will only send you marketing emails or make contact about marketing initiatives where you have agreed to us doing so.
- We will always be transparent about how we’re using your personal data. We’ll provide you with information about who controls your data, how and why it will be used, how it’s protected and how long it’s retained for within a privacy notice (which will usually be found on our website).
- We might contact you:
- to ensure that the information that we hold remains accurate;
- to invite you to participate in surveys;
- to update you on material changes to polices and practices;
- in relation to any correspondence that we receive from you;
- for marketing purposes; or
- in respect of any complaint we receive.
- If you know that the personal data that we hold is inaccurate please notify us as soon as possible so that we can make the necessary changes, where appropriate.
- Wherever possible, personal data will be anonymised, encrypted or password protected so that it is not easily accessible to others.
- Personal data will be deleted in accordance with ‘our policy for retaining your personal data’. Please ask us for a copy.
- If you become aware that personal data has been lost, stolen or transferred to someone inappropriately or without authorisation, please inform the Data Protection Officer immediately in writing.
Requests to see your personal data
- If you want us to show you personal data that we hold on you then you need to make a request in writing to the Data Protection Officer. We might ask you for more details about the request or give you a template letter to help with your request. Where the request isn’t made in person we will always ask for two forms of identity to confirm that it is you making the request.
- We’ll always try and acknowledge your request when we receive it. We’ve got between 30 days and three months to respond in full to your request.
- We may ask you to contribute towards the administration fee in processing your request.
Your rights to deletion, freezing data processing and corrections
- You can ask us to delete your personal data where:
- Processing it is no longer necessary bearing in mind the reason it was collected;
- It is being processed unlawfully;
- You object to us processing your personal data (unless we have an over-riding legitimate interest for continuing to process it in which case we may continue to do so).
- Where information we hold on you is inaccurate or incomplete you can ask us to rectify the data.
- You can ask us to stop processing your data where:
- Processing is unlawful;
- You say that the information that we hold is inaccurate;
- You don’t consider we have a ‘legitimate interest’ for processing the data (unless we have an over-riding legitimate interest for continuing to process it in which case we will continue to do so).
If we think that you’re abusing these rights and making unfounded or excessive requests, we may refuse your request or may charge a reasonable administration fee for processing the request.
Training and audit
- Our employees have undergone training to enable them to comply with this policy.
- We test our systems and processes to ensure we meet with our obligations under this policy.
- Generally, automated decision making is prohibited where the decision has a significant or legal effect on an individual. The exceptions to this are where:
- The data subject has explicitly consented;
- The automated processing is automated by law; or
- The automated processing is necessary for performing or entering into a contract.
- If a decision is to be based on automated processing, we will inform you of this and let you know of your right to object. We’ll give you information on the logic involved in the decision making and give you the right to request human intervention, or to challenge the decision.
- Before any automated processing is carried out, an impact assessment must be carried out.
Sharing personal data
- Generally, we don’t share your personal data with third parties. We’ll only do so where:
- It is required by law (for example, to government bodies);
- They need to know the information in order to fulfil their contract with us (but provided they will not use your information for their own purposes);
- Internally where we need to do so to comply with our obligations to you;
- You’ve been informed, and your consent has been obtained (where we have identified it is needed);
- The third party has adequate security measures in place;
- The transfer complies with any applicable restrictions on cross-border transfers;
- A fully executed written contract which contains GDPR compliant clauses has been obtained.
- Please do not share this document with anyone other than with the prior written consent of our Data Protection Officer.
Our commitment to your privacy
Personal data that we collect
The personal data that we collect includes your name, address, email address, telephone number, preferences.
We collected your personal data from you.
We always ensure that we have a lawful basis for processing the personal data that we collect. In this case the lawful basis for processing your data is to ensure that we can continue to provide our service to you.
Your rights in respect of your personal data
You have the right to request access to your personal data, amendments to it and for it to be deleted. Further information about those rights along with your right to withdraw any consent you’ve given or object to our processing your data can be found in our Data Protection Policy. That policy also includes who to speak with if you have any queries about our approach to processing your personal data.
How and when we use your personal data
We’re committed to using your personal data responsibly and lawfully. Here’s what we do with your personal data:
Contact Details – to ensure we use it to deal with your enquiries about our service quickly and efficiently.
To help us to maintain the accuracy of the personal data that we hold please let us know if we hold out of date or inaccurate information about you.
Sharing your personal data
There are only a few occasions where we will share your personal data with a third party. They are:
The data controller collecting your personal data for the purpose of this policy is Fielden Factors (Holdings) Limited. We use accepted standards of technology and security to protect your personal data.
For how long will we keep your personal data
Our ‘retention policy’ lists the type of data we process and for how long it is kept. If you would like us to delete your data and we don’t have a lawful reason to retain it, you can make a deletion request in writing, addressed to the Data Protection Officer.
How you can access your personal data
You can ask us for a copy of the personal data that we hold on you in writing, addressed to the Data Protection Officer. We’ll ask you for copies of two types of approved identity in order to process your request (such as a passport and driving licence). You can also ask us to make corrections to data you consider to be inaccurate in writing, addressed to the Data Protection Officer.
If you have any questions or queries about this notice, please contact us.