Joseph Dobson & Sons (Holdings) Ltd Customer Privacy Notice
General Data Protection Regulations GDPR
May 2018 R0
Joseph Dobson is committed to protecting your privacy and complying with the latest Data Protection Act.
This notice sets out the basis by which we collect, use and disclose the data of our Customers, as well as your rights in respect of such data.
We may update this Privacy Notice from time to time. If this notice is revised, copies will be sent to all customers once the revision has been completed.
If you have any questions relating to your data, please contact our Data Protection Officer or Controller. Please see Other Information at the end of this notice for contact details.
How we collect customer data
We may collect your data in a number of ways, for example:
When you register with us through a third party agency.
When you register with us to become a customer.
When you complete one of our customer forms, for example Application for New Account.
Changes to your data, for example contact details, bank details.
When we receive your data from third parties, for example references.
What type of customer data do we collect?
We may collect the following types of data:
Your company name, company contact names, address, email address, telephone and/or mobile, company registration numbers.
Any other contact/company information that allows us to meet our organisational and statutory obligations to you as our customer.
Some of the information we collect about your company may include sensitive data as defined in the Data Protection Act. We will not utilise this data unless we have your consent.
Using the information we collect?
We may use customer data in the following ways:
To ensure (with your help) that the information we hold about you is kept up-to-date.
To deal with any customer related disputes that may arise.
For assessment and analytical purposes to help improve the operation of our customer and/or business.
To help detect and prosecute fraud and other crimes.
For any other purpose for which you give us your consent to use your data.
We will keep your data only as long as is necessary for the purpose for which it was collected. For insurance purposes, we may store your data for up to 40 years.
We may share customer data:
With professional advisors, for example our insurers, accountants.
With accredited auditors, for example BRC.
With our management team within Joseph Dobsons.
Where we are under a legal obligation to do so, for example where we are required to share information under statute, to prevent fraud and other criminal offences or because of a court order.
Joseph Dobson will not share any customer data with a third party unless we have your consent.
Transferring customer data outside of the EEA
We currently do not transfer any customer data outside of the European Economic Area. Where we may transfer your data, we will not utilise the data unless we have your consent.
To be informed
This Privacy Notice provides the information you are entitled to receive.
You can request a copy (or view) the information that we hold about your company at any time, this is to be done in writing. The provision of this information may be subject to the latest payment fee.
Please inform us of any data which you would like rectified and we will respond as quickly as possible. We will pass on any changes to third parties who need to change their records.
You may exercise your right to have your data erased in a number of circumstances (e.g. if the data is no longer necessary in relation to the purpose for which it was created). Where possible we will comply with all such requests although some details are part of the company’s permanent records (e.g. VAT and payment records) which cannot reasonably be deleted.
You can tell us that we can keep your data but must stop processing it, including preventing future mailings and communications.
If possible we will inform any third parties to whom your data has been disclosed of your requirement.
Your data is across manual records and computer systems. We will do our best to provide information in a portable format only if our systems allow us to do so.
If we can, we will stop processing your data if you object to processing based on legitimate interests.
Your data will not be used for marketing purposes unless we have your consent.
We will stop processing your data if you object to processing for the purpose of research and statistics unless it is in the customers interest within the company.
Not to be subject to automated decision-making including profiling
We do not use any automated decision making including profiling
We reserve the right to judge what information we must continue to hold to be able to conduct our business and meet the needs of our customers and legislative requirements.
You have the right to lodge a complaint with the Information Commissioners’ Office at https://ico.org.uk
The security of our customer data is very important to us.
We will ensure that we have in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of your data.
All our servers/computers are password protected. Paper copies of company data are either stored numerically in binders in our office, a locked safe/cabinet or behind locked doors. We take all necessary steps to ensure your data is treated and stored securely.
The controller for customers data is the Managing Director who can be contacted by email firstname.lastname@example.org or in writing Joseph Dobsons & Sons Ltd 26 Northgate, Elland, West Yorkshire HX5 0RU.
Our Data Protection Officer for customer data is the HR Manager who can be contacted in person or in writing Joseph Dobsons & Sons Ltd 26 Northgate, Elland, West Yorkshire HX5 0RU.
Communications to you may be sent by post, telephone, or in person.
If you have any concerns or questions please contact the Data Protection Officer (HR Manager) who will help to answer any issues that may arise.
Where you may have a specific requests relating to how we manage your data, we will endeavour to resolve these, but please note that there may be circumstances where we cannot comply with specific requests.