Our Data Protection & Communication Policy 2018
Gilroy is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement and current GDPR legislation.
We do and may have to collect and use information about people with whom we work. This personal information will be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means.
How we communicate with people reflects on us as a business. As a result of this the company values its ability to communicate with colleagues, clients/customers and business contacts but we also ensure that such systems and access are managed correctly, not abused in how they are used or what they are used for.
We regard the lawful and correct treatment of personal information as very important to our successful operation and to maintaining confidence between us and those with whom we carry out business. We will ensure that we treat personal information lawfully and correctly.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- Internal record keeping.
- We may use the information to improve our products and services.
- We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
To this end we endorse and strive to adhere to the principles of the General Data Protection Regulation (GDPR).
This policy applies to the processing of personal data in manual and electronic records kept by us in connection with our human resources function as described below. It also covers our response to any data breach and other rights under the GDPR.
- We will use our and our clients’ information technology and communications facilities sensibly, professionally, lawfully, consistently in accordance with this policy and other Company rules and procedures.
- At all times we will behave with honesty and integrity and respect the rights and privacy of others in relation to electronic communication and information.
- All information relating to our clients/customers and our business operations is confidential. We will treat our paper-based and electronic information with utmost care.
“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.
“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
B) DATA PROTECTION PRINCIPLES
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
- processing will be fair, lawful and transparent
- data be collected for specific, explicit, and legitimate purposes
- data collected will be adequate, relevant and limited to what is necessary for the purposes of processing
- data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
- data is not kept for longer than is necessary for its given purpose
- data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
- we will comply with the relevant GDPR procedures for international transferring of personal data
C) TYPES OF DATA HELD
We keep several categories of personal data on our clients, suppliers and employees in order to carry out effective and efficient processes. We keep this data in protected and encrypted files, in our encrypted email and mobile phones relating to each contact and we also hold the data within our computer systems.
Specifically, we hold the following types of data:
- personal details such as name, address, phone numbers
In order to protect the personal data of relevant individuals, those within our business who must process data as part of their role have been made aware of our policies on data protection.
We have also appointed employees with responsibility for reviewing and auditing our data protection systems.
E) LAWFUL BASES OF PROCESSING
We acknowledge that processing may be only be carried out where a lawful basis for that processing exists and we have assigned a lawful basis against each processing activity, for example, legitimate interest.
Where no other lawful basis applies, we may seek to rely on consent in order to process data.
Where consent is to be sought, we will do so on a specific and individual basis where appropriate.
F) ACCESS TO DATA
You have a right to understand the personal data that we hold on you. To exercise this right, you should make a Subject Access Request. We will comply with the request without delay, and within one month unless, in accordance with legislation, we decide that an extension is required. Those who make a request will be kept fully informed of any decision to extend the time limit.
We won’t normally charge for complying with a request unless we believe that the request is manifestly unfounded, excessive or repetitive, or where duplicate copies are to be provided to parties other than the person making the request. In these circumstances, a reasonable charge will be applied.
G) DATA DISCLOSURES
We may be required to disclose certain data/information to any person. The circumstances leading to such disclosures include:
- any client benefits operated by third parties;
- to assist law enforcement or a relevant authority to prevent or detect crime or prosecute offenders or to assess or collect any tax or duty.
These kinds of disclosures will only be made when strictly necessary for the purpose.
H) DATA SECURITY & SYSTEM SECURITY
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
We have policies and training in place for our people to help them to manage data effectively under the terms of GDPR legislation.
I) THIRD PARTY PROCESSING
Where we engage third parties to process data, we will ensure, via a data processing agreement with the third party, that the third party takes such measures in order to maintain the Company’s commitment to protecting data.
J) INTERNATIONAL DATA TRANSFERS
The Company does not transfer personal data to any recipients outside of the EEA.
K) REQUIREMENT TO NOTIFY BREACHES
All data breaches will be recorded on our Data Breach Register. Where legally required, we will report a breach to the Information Commissioner within 72 hours of discovery. In addition, where legally required, we will inform the individual whose data was subject to breach.
More information on breach notification is available in our Breach Notification policy.
All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential data breach.
The nominated data controller/auditors/protection officers for the Company are trained appropriately in their roles under the GDPR.
All employees who need to use the computer system are trained to protect individuals’ private data, to ensure data security, and to understand the consequences to them as individuals and the Company of any potential lapses and breaches of the Company’s policies and procedures.
The Company keeps records of its processing activities including the purpose for the processing and retention periods. These records will be kept up to date so that they reflect current processing activities.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Controlling your personal information
You may choose to restrict the collection or use of your personal information in the following ways:
- whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind and preferences at any time by writing to or emailing us at email@example.com
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
You may request details of personal information which we hold about you under the 2018 GDPR European Legislation Act. A small fee will be payable. If you would like a copy of the information held on you please write to Gilroy Corporate Communications Ltd, Belvedere House, Basingstoke, Hampshire, RG21 4RG.
You have the right to see any personal data we might hold. If you believe that information to be incorrect or wish to adjust your preferences, please write to or email us as soon as possible, firstname.lastname@example.org . We will promptly correct any information found to be incorrect and alter your contact preferences.