Ashfield Stone are committed to protecting and respecting your privacy and this policy sets out the basis on which any personal data we collect from you, that you provide us or that we receive from others about you will be processed by us. It includes data that is held electronically and on paper.
How and why we process personal data
We will process data to deliver the services Ashfield Stone are contracted to provide to you.
We confirm, when processing data on your behalf that we will comply with the provisions of all relevant data protection legislation and regulation.
We do not sell, rent or lease any of the personal information collected from you to third parties. We do not use or disclose sensitive personal information (e.g. race, religion, or political affiliations (in the event that we become aware of any) without your explicit consent.
What personal information we collect
The personal information that is collected will depending on what product or service is being delivered. These may include:
• Personal identifiable information (Name, email address, postal information)
• IP Address
Where we collect personal information from
• Through formal engagement to provide services
• Questionnaires/forms or job applications
• Via the website (general enquiries, mailing lists)
• At events (marketing)
• Client feedback
Legal bases for processing data
The legal bases for the processing of client data where a formal client engagement exists is under the paragraphs of the GDPR article 6:
6,1,b. - the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
6,1,f – it is the legitimate interests of the data controller or a third party
Our legitimate interest means the interests of our company in conducting and managing the business to enable us to give you the best service and the most secure experience.
For example, we have an interest in making sure marketing is relevant to you, so we may process your information to send you marketing tailored to your interests.
It can also apply to processes that are in your interests as well.
Where no formal engagement exists, the legal basis for processing personal information is consent provided via our website or via formal consent. If you no longer wish to be included on our database please email email@example.com
How we use your personal data
The purpose for which personal information is processed may include any or all of the following (the list is not exhaustive):
• Deliver services and meet legal responsibilities
• Communication by post, email or telephone
• Understand needs and how they may be met
• Maintain records
• Meet legal compliance requirements
• Process financial transactions
• Prevent and detect crime, fraud or corruption
• Sending information about event, topical news or changes to legislation
Who has access and why?
Data will be held and processed for the purpose of providing the services that we are contracted to under our Terms of Engagement, or where you have provided information via our website or at a marketing event.
Only those staff who have a legitimate need to access data will be authorised to do so. We may also be required to share your data with some third parties, eg if there is an issue with some software it may be necessary to provide the software supplier with specific data,
How long we retain your personal data
To meet our legal data protection and privacy obligations, we only hold onto your information for as long as we need it and for the purposes we acquired it for in the first place.
Where we have a formal engagement, we will collect personal data and retain for as long as required under the current legislation as detailed in our Terms of Engagement.
Where we don’t have a formal engagement and you have submitted your data via the website or other marketing channels, we shall keep your personal information on our database, subject to an individual’s rights to unsubscribe or be forgotten at any time. (Please see Your Rights section).
Using our website and social media
We may collect information about the software on your computer (your browser version etc.) and your IP address (your connection with the internet) in order to improve your interaction with our website. This may happen automatically without your consent.
Cookies also enable us to generate statistics about the number of visitors we have and how they use the website and the internet to improve the service we provide. You can set your browser to reject our cookies if you wish (you should consult your browser help section for details), but this might restrict your use of the website and other websites.
Any social media posts or comments you send us (e.g. LinkedIn) will be shared under the terms of the relevant social media platform on which they are written and could be made public. Other companies, not us, control these platforms. We are responsible for this kind of sharing. We recommend you should review their terms and conditions and privacy policies of the social media platforms you use.
You have a number of rights under GDPR:
Right to Access
You have the right, subject to a number of exceptions, to know what information we hold about you.
Right to Rectification
You have the right to have any information we hold about you corrected if inaccurate or incomplete
Right to Erasure
You have the right to ask us to delete personal information about you where:
• You consider that we no longer require the information for the purposes for which it was obtained
• We are using the information with your consent and you have withdrawn your consent – See Withdrawing consent
• You have validly objected to our use of your personal information – See right to Object
• Our use of your personal information is contrary to law or our other legal obligations
Right to Object
You have the right to object our processing of your personal data on the basis of legitimate interest, for direct marketing or for processing event bookings.
We will stop processing your data for direct marketing as soon as we receive an objection.
Right to Restrict Processing
You have the right to restrict processing of your data in certain circumstances, such as when there is a question over the way in which we are using it.
Right to Data Portability
You have the right to obtain and reuse your personal data for your data for your own purposes, subject to terms details in our Terms of Engagement where a formal client relationship exists.
We will not make any decision regarding you by purely automated means.
Withdrawing consent using your information
Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose/s for which consent was given.
Please contact us by emailing firstname.lastname@example.org if you wish to exercise any of these rights.
We will keep this policy under review and will the current version will be placed on our website: http://www.ashfieldgroup.com/privacy
This policy was last updated on the 23th May 2018
Contact information and further advise
Any further questions or comments regarding this policy should be emailed to email@example.com
We week to resolve directly all complaint about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office:
Information Commissioner’s Office
0303 123 11133