USE OF INFORMATION
We will use your information to provide and personalise our service. Where we collect personal data, we may store this securely in both hard copy and/or electronic copy. This data may be used to compile reports and statistics that comply with contractual requirements and for general administration purposes (eg. correspondence by letter). We ensure that the provisions and obligations imposed by the Data Protection Act 1998 and the Data Protection Principles together with any subsequent re-enactment or amendment thereof in storing and processing personal data, are complied with at all times. We may use your information to send you news about our products or services which we think may be of interest to you. We may contact you by post, email, telephone or fax for these purposes. We will never pass your personal data to anyone else, except for any successors in title to our business and suppliers that process data on our behalf.
IDENTITY & CONTACT DETAILS OF THE CONTROLLER & THE CHIEF PRIVACY OFFICER
Baldwins is committed to protecting and respecting your privacy whilst remaining compliant with The General Data Protection Regulation (EU GDPR) and the Data Protection Act (DPA). This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. For us to drive compliance, we have an Information Governance Framework imbedded within the organisation, which is compliant with The General Data Protection Regulation.
Baldwins is the Data Controller and has an appointed Data Protection Officer whom can be contacted via email: DPO@baldwinandco.co.uk
You can also contact Baldwins via post at: Churchill House, 59 Lichfield Street, Walsall, West Midlands, WS4 2BX
PURPOSE OF THE PROCESSING AND THE LEGAL BASIS FOR THE PROCESSING
Baldwins collects and creates personal data for several different purposes:
The legal basis for processing personal data for the purpose of recruitment and employment is the pursuit of our legitimate interests of developing our business (recruitment and selection) and subsequently in order to fulfil our legal obligations as an employer and our legitimate interest of striving to provide a safe and rewarding workplace. We will retain personal information we collect in the recruitment and selection process for up to two years following a successful application, non-successful applicants may be kept for up to 6 months. Employment which we receive either directly from you or via recruitment agencies. Further information about privacy and data retention is provided in our staff handbook for employees.
The legal basis for processing personal data for the purpose of business development is the pursuit of our legitimate interest in developing our business and undertaking sales and marketing activities. We acquire personal data from a number of sources including directly from data subjects, from referrals, from social media such as LinkedIn, and from our own research activities such as reviewing websites. We will retain personal information we collect through our sales processes for as long as we believe our products and services may be of interest to prospects, customers and former customers.
PROVISION OF SERVICES TO OUR CUSTOMERS
The legal basis for processing personal data for the purpose of providing services to our customers is either to fulfil our contractual obligations to customers or the pursuit of related legitimate interests including maintaining accurate records relating to accounting & finance and monitoring the quality of our services. We will retain personal information we collect through our service delivery processes for as long as such information is relevant to our service delivery model or as defined in our service delivery contract.
PROCUREMENT OF SERVICES
The legal basis for processing personal data for the purpose of procurement is the pursuit of our legitimate interest in maintaining efficient and effective procurement processes. Personal data we collect from suppliers and prospective suppliers is usually supplied directly by data subject or their employer. We will retain personal information we collect through our procurement processes for as long as we need to comply with accounting and taxation rules, policies and conventions.
We are required to obtain consent from individuals in order to send them unsolicited electronic marketing messages. We retain evidence of the details of consent which has been provided by our customers to process their information in this manner.
LEGITIMATE INTERESTS OF BALDWINS, OR THIRD PARTY
Baldwins may use your information for other specific legitimate purposes such as:
We do not sell, rent or lease customer lists to third parties. However, we may share personal information with companies whom we work closely with if there is a legitimate interest for them to act on your behalf. We would not provide your personal information to any of these companies without prior consent from you:
We feel that there is a genuine possibility of your interest in their services. The lawful basis for this data sharing is the legitimate interest of the third party in developing and growing their business.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
RECIPIENTS OF THE PERSONAL DATA
Baldwins is required to transfer the personal information provided by its customers to third parties in order to fulfil contractual obligations. The following are categories of recipients that customer information could be transferred to:
All information you provide to us is stored on our secure servers. However, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We may disclose your personal information to any member of our group (Baldwins Holdings Ltd), which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We will not disclose your information to any of the relevant third parties listed above for marketing purposes.
Our Data Protection Officer can provide you with contact details of our third parties upon request if required. You can do this by emailing our Chief Privacy Officer at DPO@baldwinandco.co.uk
DETAILS OF TRANSFERS TO THIRD COUNTRIES & SAFEGUARDS
DPP store personal data on information systems that require transfer to third countries as follows:
e.g. USA, controls are in place to ensure that the level of protection is not undermined and that security controls are at a level to commensurate with the type of information being transferred. This is applicable to the Email marketing system. Further information is available on the privacy shield web site:
Aside from this, we ensure that all other personally identifiable information held on our customers and employees remains within the EEA.
Baldwins retains all customer information for 6 years and contact details for 2 years after they last interacted with us unless:
a) you ask us to remove it
b) we believe that you are no longer interested in our business
c) we no longer need it for the purposes it was collected.
Where there has been a period of 5 years and there has been no interaction between the organisation and the customer, their information is erased and securely disposed of.
RIGHTS OF DATA SUBJECTS
As a Data Subject (individual) which Baldwins processes information on behalf of, you have the right to request access to and the rectification or erasure of personal data that we hold about you as well as a right to object to and to a restriction of our processing of your personal data at any given time. You can do this through the contact details provided within this policy. You can exercise the right at any time by contacting us at DPO@baldwinandco.co.uk
You also have a right to lodge a complaint with the Supervisory Authority (Information Commissioners Office (ICO) in the UK – at www.ico.org.uk), should you feel that we have not handled your information in line with legislative and regulatory requirements.
You have the right to make a Data Subject Access Request to Baldwins, Data Protection Officer if you wish to determine what information we hold on you. We welcome these requests and aim to respond within 72 working hours of receipt.
AUTOMATED DECISION MAKING, INCLUDING PROFILING & INFORMATION ABOUT HOW DECISIONS ARE MADE, THE SIGNIFICANCE OF THE CONSEQUENCES
We use email monitoring services to monitor the emails which we send to users. In doing this, we obtain information such as but not limited to:
We use systems that enable us to link your social media accounts to your account if registered with the same email address. This enables us to tailor our promotions and products as best as possible.
We may collect information about your computer, including where available your IP address, geographic location (if you allow when prompted by your browser), operating system and browser type, for system administration when you access our website or our DataWise platform. We use this information for This is statistical data about our users’ browsing actions and patterns when they access our website – logging IP addresses is used as a security feature of DataWise.
In the event that you wish to you alter your Privacy settings or opt-out, you are able to do this by emailing our Data Protection Officer at DPO@baldwinandco.co.uk. Our Data Protection Officer shall provide you with contact details of our third parties upon request if required.
We may send out email communication such as our newsletter to keep you up to date with all the latest Data Protection News and offers from the Baldwins Group. If you wish to unsubscribe from these emails you can do so at any time by simply clicking the unsubscribe link from within the footer of the received email and you will be removed from all promotional emails.
Please note that even if you decide not to subscribe to, or to unsubscribe, from promotional email messages, we may still need to contact you with important transactional information related to your account and your purchases. For example, even if you have unsubscribed from our promotional email messages, we will still send you confirmations when you confirm services from our Site.