New legislation has been introduced that changes how we hold and process your personal data. This legislation is called the General Data Protection Regulation, or GDPR. In summary, GDPR gives you greater control over the personal data that we hold about you. It also requires us to inform you of the data that we hold for you, what we do with your data and also when we remove it from our records. The Privacy Information Notice describes how Penny Blooms will collect, use and protect your personal information.
Privacy Information Notice
1. Who are we?
Penny Blooms, Selsﬁeld Place, Selsﬁeld Common, East Grinstead, West Sussex, RH19 4LW is the Data Controller.
2. Why we need to collect, use and process personal information
We collect, use and process personal information in order to supply our services and perform our contractual obligations.
3. The information that we collect, hold and process about you
The information will include:
Telephone contact numbers
Bank account details
Any other information which could be relevant to the provision of our service.
4. How we use your personal information
The way we use your personal information will include:
To enable you to receive information about our services.
To process your request for our services.
To administer the services provided including the receipt of monies due to us.
To comply with legal or regulatory requirements and in the protection of our legal rights.
To provide you with access to applications in relation to the services that you have requested.
To notify you of changes to our services.
To send you details by post, email, telephone or any other electronic means of applications and services we supply which we believe might be of interest to you.
5. How we collect information
You may give us information by ﬁlling in forms or by corresponding with us by: Phone, email, post or any other electronic means. This includes information when you apply for our services. We may also receive personal information from third parties who we work closely with and who are entitled to share that information, public sources or any other service providers, but in each case as permitted by applicable law.
6. Disclosure of your information
We may share your personal data (including storage and transfer of data) with any third party in order to meet our legal and regulatory obligations including statutory and regulatory bodies, law enforcement agencies and our advisers, our service providers or third parties who process information on our behalf, any third party in the context of actual or threatened legal proceedings provided we can do so legally and third parties to whom we sell or negotiate to sell our business or assets.
7. Data retention
We may retain information about you at the end of your contract, where you request for services is declined or where you decide not to proceed. This information will be held for as long as is necessary to meet any legal or regulatory requirements and for our lawful business processing. We regularly review our records to ensure that we only retain your personal information for as long as is necessary for the purposes set out in this Privacy Information Notice. Where we no longer need your personal information, we will dispose of it in a secure manner without further notice to you
8. Mobile and website data
We may obtain information through mobile applications or websites. Mobile applications and websites may be provided by us or third parties. Where mobile applications or websites are provided by a third party, you must read that third party’s own privacy information notice in relation to that application or website. We are not responsible for third party mobile applications or websites and their use of your personal information.
9. Marketing and Support
From time to time we may use your personal information to contact you by telephone, post, email or by any other electronic means with details about and services or to provide you with information and support services.
10.Transfers outside the European Economic Area (EEA)
The data that we collect from you may be transferred to and stored at a destination outside of the EEA. It may also be processed by our service providers (and their employees) operating outside of the EEA. We take steps to ensure that in the event that your information is transferred outside of the EEA by our service providers, appropriate measures and controls are in place to protect the information in accordance with applicable data protection laws and regulations in the UK.
11. Security and storage of information
The security and storage of your personal information and sensitive personal information is very important to us. The personal information we collect from you is stored in various ways:- (i) where information is stored electronically by our service provider in the cloud, it is stored using end to end encryption to protect personal data from exposure and unauthorised access. With end to end encryption, our cloud storage provider does not have access to our encryption keys or to the personal data in our ﬁles. (ii) where information is stored on personal computers and mobile devices, the data is automatically encrypted. We use standard security software and processes to guard against unauthorised or unlawful processing and against accidental destruction or damage.
13.Your information and rights
You have the following rights:
To be informed about how we obtain and use your information.
To ask for a copy of the information that we hold about you.
To have your information rectiﬁed. To request us to restrict processing of your data.
To request to have your information erased (Right to be forgotten). To object to the processing of your information (e.g. for direct marketing purposes).
To have information you provided to us, returned to you or sent directly to another company, in a structured, commonly used and machine-readable format where technically feasible (Data Portability).
Where the processing of information is based on your consent, the right at any time to withdraw that consent.
To object to any decisions based on the automated processing of your personal data, including proﬁling.
To lodge a complaint with the Information Commissioner’s Ofﬁce (ICO), the supervisory authority responsible for data protection matters.
You cannot opt out of receiving regulatory or legal information or updates (e.g. information about a change to our service terms and conditions). If you withdraw your consent to the processing of your personal information or ask for your information to be erased, we may not be able to provide you with access to our services. If you would like to use any of your rights please contact us at info@ pennyblooms.co.uk
14.Other sites and social media
If you follow a link from our website, applications or services to another site or service, this Privacy Information Notice will no longer apply. We are not responsible for the handling practices of third party sites or services and we encourage you to read the privacy information notices appearing on those sites or services.
15.Electronic mail containing personal information
You may, from time to time send personal information to us electronically. We are not responsible for the way in which you handle personal information.
16.Changes to our Privacy Information Notice
We may change, modify or adjust this Privacy Information Notice from time to time. Any changes we make to our Privacy Information Notice in the future will be found on our website www.pennyblooms.co.uk (Copies are also available from us by post).
We take your privacy and protection of your personal information very seriously. If you have any questions or comments or queries about the way we are collecting or using your personal information please contact us at Penny Blooms, Selsﬁeld Place, Selsﬁeld Common, East Grinstead, West Sussex, RH19 4LW or firstname.lastname@example.org If you have a concern about the way in which we are collecting or using your personal information you may also contact the Information Commissioner’s Ofﬁce directly at https://ico.org.uk/concerns/.