Who we are
If you have any concerns, or would like more detail about how we process your Personal Data, you can contact us using firstname.lastname@example.org
Protecting Your Personal Data
Your Personal Data isn’t just protected by the quality, commitment and high standards of Gresham Collective, it’s also protected by law. The law states that we can only process your Personal Data when there is a genuine reason to do so and it must be one of the following:
- To fulfil any contract that we have with you
• We have a legal obligation
• Where you have consented to the processing
• When it is in our legitimate interest
• When it is in the public interest
• When it is in your vital interests
When we have a business or commercial reason to process your Personal Data this is referred to as a legitimate interest. Your Personal Data is still protected, and we must not process it in a way that would be unfair to you or your interests.
If we do use legitimate interests as a reason to process your Personal Data we will tell you that we are doing so, what our legitimate interests are and provide you with a method to raise any questions or objections you may have. However, compelling grounds for processing such information may over-ride your right to object.
How we store your Personal Data
We currently use an internal system for the purposes of data protection law and we act as a Data Processor and we act as a Data Controller. We collect personal data, enter it into our own databases and we decide how to use it further. We then process this data solely for our own use and in accordance with our Terms & Conditions (which are updated from time to time). We have implemented the following:
- To have a written agreement in place with our clients and suppliers
- To ensure employees with access to our data are subject to a duty of confidence
- To ensure the security of processing activities.
- To notify you of any sub-processing relevant to our business
- To fulfil our duties with respect to the exercise of our customers’ privacy rights.
- To fulfil our duties in our obligations relating to security, data breaches and data protection impact assessments
- To fulfil our duties in respect of inspections by the Information Commissioner’s Office
How long we keep your Personal Data
Whenever your data is kept by Gresham Collective Ltd we will ensure that it is appropriately protected and only used for acceptable purposes.
We will keep your data for the period that you are a customer or applicant of Gresham Collective Ltd.
If you are no longer a customer of Gresham Collective Ltd, we will keep your data for the minimum length of time required to comply with the purposes set out in this policy and relevant legal or regulatory obligations. Your Personal Data may be kept longer if we cannot delete it for technical reasons.
Provided we do not have a legitimate interest to retain your details, you have the right to be forgotten and removed from our marketing material. You can contact us by telephone, email or in person to confirm this.
Why we process your Personal Data
We process your data to ensure you receive the best service levels from Gresham Collective or any of its subsidiary businesses. We will keep your details on our secure system and will contact you by email or telephone with details of anything that could be of interest.
If you choose not to provide your Personal Data it may prevent us from meeting legal obligations, fulfilling a contract, or performing services you expect from Gresham Collective Ltd. Not providing your Personal Data may mean we are unable to provide you with our upcoming events or special offers.
The information and data about you which we may collect, use and process includes the following:
- Information that you provide to us by filling in forms on the Website or any other information you submit to us via our website, third party website or email
• Records of correspondence, whether via the Website, email, telephone or other means
• Details of the enquiries made with us, whether via the Website, telephone or other means
Where it is reasonable for us to do so and not detrimental to your rights and freedoms, we also collect Personal Data from publicly available sources such as internet searches, Companies House, HM Land Registry and broadcast media.
We also retain credit card information for all transactions and store them in our secure facility for the appropriate amount of time as laid down by UK law.
Telephone calls to and from our staff are not recorded. Notes are made and recorded on our secure system.
Personal Data we share with others
We may share your Personal Data within the Gresham Collective Ltd subsidiary businesses and with these other organisations:
- Law enforcement agencies, regulators and other authorities
• Organisations that introduce you to us
• Third parties you ask us (or permit us) to share your data with
• Third parties necessary to provide products or services which you have requested
Depending on the elements you choose to sign up for we may need to share your Personal Data with the third parties that provide those services, however your explicit consent will first be obtained. Where your Personal Data are transferred outside of the European Economic Area (“EEA”), we require that appropriate safeguards are in place.
Data Transfer Outside the EEA
We will only transfer your Personal Data outside of the EEA where:
- You have given your explicit consent, or
• • To comply with a legal duty or obligation
If we do transfer your Personal Data outside of the EEA, we will take measures to ensure it is protected to the same standards as it would be within the EEA by relying on one of the following:
- The country that is receiving your Personal Data has been found by the European Commission to offer the same level of protection as the EEA. More information can be found on the European Commission Justice website.
• We will use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA
• Where the transfer is to the USA and the recipient is registered with Privacy Shield. Privacy Shield is a framework that ensures Personal Data is protected to a level approved by the EU. Read more about Privacy Shield on the European Commission Justice website.
In some instances, we may be compelled by law to disclose your Personal Data to a third party and may have limited control over how it is protected by that party.
Your rights over your Personal Data
We will assist you if you choose to exercise any of your rights over your Personal Data, including:
- Withdrawing your previously granted consent; however, this will not invalidate any previously consented processing
• Lodging a complaint with any relevant Data Protection Authority
• Access to your Personal Data that we hold or process
• Correction of any Personal Data that is incorrect or out of date
• Erasure of any Personal Data that we process
• Restrict processing of your Personal Data in certain circumstances
• Asking us to provide you or another company you nominate with certain aspects of your Personal Data, often referred to as ‘the right to portability’
• The ability to object to any processing data where we are doing it for our legitimate interests
• The ability to contest a decision made entirely by automated processing, to express your point of view and to request that a human review the decision
For more information on these rights you can contact email@example.com
Changes to our Privacy Statement
We may update this policy from time to time, so please review it frequently.