Privacy Policy & Cookies

We are required to provide you with the Ashfield Stone Privacy Policy under the new General Data Protection Regulations (GDPR). This Policy details how your personal data is handled and what you can do if you have concerns.

Ashfield Stone are committed to protecting and respecting your privacy and this policy sets out the basis on which any personal data we collect from you, that you provide us or that we receive from others about you will be processed by us. It includes data that is held electronically and on paper.

How and why we process personal data

We will process data to deliver the services Ashfield Stone are contracted to provide to you.

We confirm, when processing data on your behalf that we will comply with the provisions of all relevant data protection legislation and regulation.

We do not sell, rent or lease any of the personal information collected from you to third parties. We do not use or disclose sensitive personal information (e.g. race, religion, or political affiliations (in the event that we become aware of any) without your explicit consent.

What personal information we collect

The personal information that is collected will depending on what product or service is being delivered. These may include:

• Personal identifiable information (Name, email address, postal information)
• Qualifications
• Financial
• Restricted/sensitive/confidential
• IP Address

Where we collect personal information from

• Through formal engagement to provide services
• Questionnaires/forms or job applications
• Via the website (general enquiries, mailing lists)
• At events (marketing)
• Client feedback

Legal bases for processing data

The legal bases for the processing of client data where a formal client engagement exists is under the paragraphs of the GDPR article 6:

6,1,b. - the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
6,1,f – it is the legitimate interests of the data controller or a third party

Our legitimate interest means the interests of our company in conducting and managing the business to enable us to give you the best service and the most secure experience.
For example, we have an interest in making sure marketing is relevant to you, so we may process your information to send you marketing tailored to your interests.
It can also apply to processes that are in your interests as well.
Where no formal engagement exists, the legal basis for processing personal information is consent provided via our website or via formal consent. If you no longer wish to be included on our database please email rachel.shaw@ashfieldstone.com

How we use your personal data

The purpose for which personal information is processed may include any or all of the following (the list is not exhaustive):

• Deliver services and meet legal responsibilities
• Communication by post, email or telephone
• Understand needs and how they may be met
• Maintain records
• Meet legal compliance requirements
• Process financial transactions
• Prevent and detect crime, fraud or corruption
• Sending information about event, topical news or changes to legislation

Who has access and why?

Data will be held and processed for the purpose of providing the services that we are contracted to under our Terms of Engagement, or where you have provided information via our website or at a marketing event.

Only those staff who have a legitimate need to access data will be authorised to do so. We may also be required to share your data with some third parties, eg if there is an issue with some software it may be necessary to provide the software supplier with specific data,

How long we retain your personal data

To meet our legal data protection and privacy obligations, we only hold onto your information for as long as we need it and for the purposes we acquired it for in the first place.

Where we have a formal engagement, we will collect personal data and retain for as long as required under the current legislation as detailed in our Terms of Engagement.

Where we don’t have a formal engagement and you have submitted your data via the website or other marketing channels, we shall keep your personal information on our database, subject to an individual’s rights to unsubscribe or be forgotten at any time. (Please see Your Rights section).

Using our website and social media

Information Collection

We may collect information about the software on your computer (your browser version etc.) and your IP address (your connection with the internet) in order to improve your interaction with our website. This may happen automatically without your consent.

We may use cookies (small text files which we and other websites operators store on your computer when you visit our website) to deliver a better and more personalised interaction. They enables to recognise you when you return to the website, store information about your preferences and improve the way your searches are processed. This helps us to better manage and develop our website, to provide you with a more enjoyable, customised service and experience in the future and to help us to develop and deliver better products and services tailored to your individual interests and needs.

Cookies also enable us to generate statistics about the number of visitors we have and how they use the website and the internet to improve the service we provide. You can set your browser to reject our cookies if you wish (you should consult your browser help section for details), but this might restrict your use of the website and other websites.

Social Media

Any social media posts or comments you send us (e.g. LinkedIn) will be shared under the terms of the relevant social media platform on which they are written and could be made public. Other companies, not us, control these platforms. We are responsible for this kind of sharing. We recommend you should review their terms and conditions and privacy policies of the social media platforms you use.

Your Rights

You have a number of rights under GDPR:

Right to Access

You have the right, subject to a number of exceptions, to know what information we hold about you.

Right to Rectification

You have the right to have any information we hold about you corrected if inaccurate or incomplete

Right to Erasure

You have the right to ask us to delete personal information about you where:

• You consider that we no longer require the information for the purposes for which it was obtained
• We are using the information with your consent and you have withdrawn your consent – See Withdrawing consent
• You have validly objected to our use of your personal information – See right to Object
• Our use of your personal information is contrary to law or our other legal obligations

Right to Object

You have the right to object our processing of your personal data on the basis of legitimate interest, for direct marketing or for processing event bookings.

We will stop processing your data for direct marketing as soon as we receive an objection.

Right to Restrict Processing

You have the right to restrict processing of your data in certain circumstances, such as when there is a question over the way in which we are using it.

Right to Data Portability

You have the right to obtain and reuse your personal data for your data for your own purposes, subject to terms details in our Terms of Engagement where a formal client relationship exists.

Automatic Processing

We will not make any decision regarding you by purely automated means.

Withdrawing consent using your information

Where we use your personal information with your consent you may withdraw that consent at any time and we will stop using your personal information for the purpose/s for which consent was given.

Please contact us by emailing rachel.shaw@ashfieldstone.com if you wish to exercise any of these rights.

Changes to our Privacy Policy

We will keep this policy under review and will the current version will be placed on our website: http://www.ashfieldgroup.com/privacy

This policy was last updated on the 23th May 2018

Contact information and further advise

Any further questions or comments regarding this policy should be emailed to rachel.shaw@ashfieldstone.com

Complaints

We week to resolve directly all complaint about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

0303 123 11133
www.ico.org.uk/concerns