GRANT & STONE LIMITED
Date of policy: 4th July 2019 v2.0
Grant & Stone Limited (“The Company”, “we, “us”, “our”) is committed to protecting your privacy and conducting its business in accordance with all applicable Data Protection laws and regulations.
This policy aims to inform you how The Company, its employees and associated third parties collect, use, retain, transfer, disclose and destroy any personal data provided to us. It also tells you about The Company’s responsibilities as a Data Controller as well as your rights and how the law protects you, as a Data Subject, when you supply us with personal data.
Grant & Stone Limited, it’s leadership, employees and third-party associates should at all times aim to uphold this policy, and the associated General Data Protection Regulations (GDPR). Any breach of this policy or the GDPR will be taken seriously and may result in disciplinary action or business sanction.
Our GDPR representative can be contacted directly by emailing email@example.com.
2.0 POLICY SCOPE
This policy applies to the whole of Grant & Stone Limited, including all its offices and branches where a Data Subjects’ personal data is collected and processed.
This policy supplements the applicable notices, terms and conditions attached to the use of our websites, apps, staff and customer accounts, and is not intended to override them.
Where the law or additional notice imposes a requirement, which is stricter or more comprehensive than that imposed by this policy, the relevant law or notice must be adhered to. If you believe there are conflicting requirements with this policy and other notices or the law, please contact us.
Grant & Stone Limited employees are not considered within this document and those employed by The Company, wishing to understand how their data is collected and processed, should refer to the ‘Data Protection for Employee Data’ policy. Such information is not within the scope of this general policy.
3.0 SOURCES OF PERSONAL DATA
Personal data refers to any information about a Data Subject from which an individual may be identified. It does not include data where the identity of the person has been removed or anonymised.
Grant & Stone Limited may collect personal data and information about you when you, or your business:
We may also obtain personal data and information about you from our associate company, Trading Depot UK Ltd, from other third-party companies, and from public information shared via social networks. In such circumstances, we will endeavour to inform you of our source.
4.0 TYPES OF PERSONAL DATA COLLECTED AND PROCESSED
The Company may collect, use, store and transfer different kinds of personal data about you and/or your business, as follows:
From time to time criminal records and county court judgements will be supplied to the Company through credit references and fraud checks. This assists us with decision making, account management and legal claims.
Grant & Stone Limited does not intend to collect “special categories of personal data” or sensitive information about you. For clarification, through the normal course of business we do not hold records on your physical or mental health, sexual orientation, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data.
5.0 PURPOSE OF PERSONAL DATA COLLECTION
Grant & Stone Limited uses personal data for the following purposes:
6.0 DISTRIBUTION AND TRANSFER OF PERSONAL DATA
Where it is within our legitimate interests we will distribute and transfer your personal data with our associate company, Trading Depot UK Limited and with third parties. Particularly:
Third parties with whom we share your personal data will only provide data perceived as necessary, and are limited in their ability to use your personal information. They are not permitted to use your personal data for any purpose other than to provide services to us, or to act on our behalf by providing a service to you. We will always ensure that any third parties with whom we share your data with are subject to privacy obligations, practices and/or laws consistent this policy.
In some circumstances, third parties will store, process or access your personal data outside the European Economic Area. Whenever we are aware that this will be the case, we secure contractual assurances that your data is adequately secured and protected and cannot be used for any purpose other than that for which it was provided. This is in line with our obligations under the GDPR.
7.0 STORAGE OF PERSONAL DATA
The length of time data is stored will vary depending on the purposes for which it was collected. However, Grant & Stone Limited endeavour to keep your personal data for no longer than is necessary.
In some circumstances, such as in the case of tax and legal claims, your data will be kept for up to seven years to ensure we comply with applicable laws and professional requirements.
In all circumstances, we are committed to ensuring your data is kept safely and securely.
More information on storage of your particular details is available upon request.
Unless you have indicated otherwise, Grant & Stone Limited will use your personal information to contact you with promotional offers, special or charity events from time to time using post, email, text messaging, or telephone or alternate communication channels.
We may also use your personal data to ensure these communications are tailored and appropriate for you.
If you do not wish to be contacted by Grant & Stone Limited for marketing, events or public relations purposes, we will make every reasonable effort to ensure future communications are ceased, however, if you wish to opt out of communications from our associate company you will need to contact them directly.
From time to time Grant & Stone Limited will purchase a list of potential customers from an external database. If we have acquired your details through these means, we will provide you with the option of opting out of future communications from us by unsubscribing or contacting our GDPR representative.
9.0 YOUR RIGHTS
Under the GDPR, individuals have a number of rights, including:
Not all of these rights apply automatically and, in some cases, we may have a legal basis for overriding your request. However, unless there is a legitimate and lawful reason for doing otherwise, we will take reasonable steps to comply.
There is normally no charge for exercising these rights, and if you would like to do this please contact our GDPR representative who will endeavour to respond within 30 days.
Please be aware that if you contact us about your personal data, we may request proof of identity. If we request this information our response may be delayed until proof is received.
10.0 POLICY CHANGES AND REVISIONS
11.0 HOW TO CONTACT US
If you have any queries or concerns about your personal data, the way we process your data or this policy please email us at firstname.lastname@example.org.
Alternatively, you may call us on 01494 430 348 or write to us at Grant & Stone Ltd, GDPR, Unit 2 Mill End Road, High Wycombe, HP 12 4AX.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would appreciate the chance to deal with your concerns so please contact us using the specified email address, phone number or postal address in the first instance.