Eat1958blog (“We”) are committed to protecting and respecting your privacy when you use our online, telephone and email services (“Services”).
This policy (together with our Terms and Conditions/Terms of Business/Terns of Service and any other documents referred to) set out why we collect your information and how it will be processed by us.
We have the right to update this Privacy Notice from time-to-time. We will provide you with an updated Privacy Notice if we make substantial changes. In the meantime, we will notify You about any minor changes to the processing of Your Personal Data.
“Controller” A controller determines the purposes and means of processing personal data.
“Data Protection Laws” Means any and all applicable legislation regarding the protection of Personal Data in England and Wales
“Data Protection Office” A Data Protection Officer oversees compliance of the Data Protection Laws. If you have any questions or concerns about this Privacy Notice please contact our designated Data Protection Officer John Road email@example.com tel. 07818061585
“Client” Anyone who books us..
“Personal Data” Means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
“Processor” A processor is responsible for processing personal data on behalf of a controller.
“Sensitive Personal Data” There are special categories of personal data, these specifically include genetic data and biometric data. They require higher levels of protection.
“Third Parties” This includes service providers (e.g. contractors and certain agents).
What Personal Data We collect
We can collect, use and store some or all of the following kinds of Personal Data:
Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses.
We may collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from Your Personal Data but is not considered Personal Data in law as this data does not directly or indirectly reveal your identity. If we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
How Personal Data is collected
We collect Personal Data through various means, as follows:
We receive personal information about You through the application and assessment process, either directly from You or sometimes from a referencing agency or background check provider.
We will collect additional personal information in the course of our relationship.
How We use Your Personal Data
We use Your Personal Data in accordance with Data Protection Laws. Usually this is in the following circumstances:
When We receive Your consent that You have freely given;
When We must fulfil Our contractual obligations to You or if You have asked for Us to do something before entering into the contract e.g. providing a quote;
When We must comply with common law or a statutory obligation;
When there is a vital interest for Us to process the Personal Data, the interest is necessary and reasonable i.e. to protect a life;
When We are to perform a specific task that is in the public interest;
When it is necessary for Our legitimate interests, the interests of a third party and/or Your interests.
Please contact the Information Commissioner’s Office for more information about the lawful basis upon which We may use Your Personal Data.
We will do Our best to provide you with the choice as to whether You would like Your Personal Data to be used for activities such as Marketing and/or Advertising.
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you, or we may be prevented from complying with our legal obligations (such as to ensure your health and safety).
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
How and Where We store Personal Data
We store your Personal Data will be stored within the European Economic Area (“the EEA”).
Your personal data is stored on a server within our premises and is backed up online in the cloud.
Sharing Your Personal Data
We may have to share Your Personal Data with Third Parties, including Third Party service providers, contractors and other entities in the group.
We require Third Parties to respect the security of Your Personal Data and to treat it in accordance with the law and Our policies. We only allowed Third Parties to process Your Personal Data for specific purposes.
We may share information in the following circumstances:
When it is required by law;
When it is necessary for Our working relationship;
Where We have a legitimate interest in doing so.
We may be required to share Your Personal Data with other Third Parties that are not listed above, for example if the company is sold or restructured. In these circumstances, we will do Our best to keep the information anonymised until the transaction is completed, at which point it will be shared under terms of the transaction.
When Personal Data is transferred outside the European Economic Area (EEA)
We will not transfer Your Personal Data outside the EEA.
How long Personal Data is kept
We keep Your Personal Data for a long as We need it in order to use it as described in section 4, and/or for as long as We have Your permission to keep it. When determining the retention period for Your Personal Data, we consider the amount, nature and sensitivity of the information along with the risk of disclosure to unauthorised persons/organisations.
As a Data Subject, you have the following rights under the GDPR, which this Policy, Our Company procedures and Our use of Your Personal Data is designed to uphold:
The right to be informed about the collection and use of Your Personal Data;
The right of access to the Personal Data We hold about You (commonly referred to as ‘subject access’);
The right to rectification of any inaccurate Personal Data We hold or for the Personal Data to be completed if it is incomplete;
The right to erasure i.e. for Us to erase the Personal Data We hold about You (commonly referred to as the ‘right to be forgotten’);
The right to request the restriction or suppression of Your Personal Data;
The right to data portability allowing You to obtain and reuse Your Personal Data for Your own purposes across different services;
The right to object to the processing of Your Personal Data in certain circumstances;
Rights in relation to automated decision making and profiling.
In some circumstances you have the right to withdraw your consent. When We receive the withdrawal of your consent, we will no longer process Your information for the purpose or purposes You originally agreed to, unless We have another legitimate basis for doing so in law.
Please contact us directly, using the contact information provided in this Privacy Notice, if you want to exercise any of the above rights.
Please contact the Information Commissioner’s Office or your local Citizens Advice Bureau for further information about Your rights.