By providing us with your data, you warrant to us that you are over 13 years of age.
Pat Duckworth is the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.
1.1 We are committed to safeguarding the privacy of our website visitors and service users; in this policy we explain how we will handle your personal data.
2.1 This document was created using a template from SEQ Legal (http://www.seqlegal.com).
3. How we use your personal data
3.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) the purposes for which we may process personal data; and
(c) the legal bases of the processing.
3.2 We may process certain types of personal data about you as follows:
Identity Data may include your first name, last name.
Contact Data may include your email address and telephone numbers.
Financial Data may include your bank account and payment card details.
Transaction Data may include details about payments between us and other details of purchases made by you.
Technical Data may include your internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data may include your username and password, purchases or orders, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.
3.4 We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
- order our products or services;
- subscribe to our service or publications;
- request resources or marketing be sent to you;
- enter a competition, prize draw, promotion or survey; or
- give us feedback.
3.5 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.6 Please do not supply any other person’s personal data to us, unless we prompt you to do so.
4 Providing your personal data to others
4.1 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
4.2 In addition to the specific disclosures of personal data set out in this Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5 International Transfers
5.1 Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.
5.2 Many of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
5.3 Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:
5.4 We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission; or
5.5 Where we use certain service providers, we may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
5.6 Where we use providers based in the United States, we may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between The EEA and the US.
5.7 If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
6. Retaining and deleting personal data
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
6.3 To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
6.4 By law, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes. We also need to keep all sensitive data for a minimum of 8 years (CNHC requirement) and ideally indefinitely.
6.5 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
6.6 In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7.3 We may notify you of changes to this policy by email or through the private messaging system on our website.
8. Your rights
8.1 In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
8.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
8.3 You can see more about these rights at:
8.4 You may exercise any of your rights in relation to your personal data by written notice to us.
9 About cookies
9.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
9.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
9.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
10. Cookies used by our service providers
11. Managing cookies
11.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
11.2 Blocking all cookies will have a negative impact upon the usability of many websites.
11.3 If you block cookies, you will not be able to use all the features on our website.
12. Our details
12.1 This website is owned and operated by Pat Duckworth.
12.2 Our principal place of business is at White House, Meeting Lane, Litlington, Cambs, SG8 0QF.
12.3 You can contact us:
(a) by post, using the postal address given above;
(b) using our website contact form;
(c) by telephone, using the contact number published on our website from time to time; or
(d) by email, using the email address published on our website from time to time.
13. Data protection officer
13.1 Our data protection officer is Pat Duckworth. Contact details are as shown in Section 12 above.