Your personal data is data which by itself or with other data available to us can be used to identify you. We are Wandsworth Group Ltd, the data controllers. This data protection statement sets out how we’ll use your personal data. You can contact our Data Protection Officer (DPO) at The Wandsworth Group, Ritchie House, Woking Business Park, Albert Drive, Sheerwater, Woking, Surrey GU21 5JY firstname.lastname@example.org if you have any questions.
Whether or not you become a customer, we’ll use your personal data for the reasons set out below and if you become a customer, we’ll use it to manage the account, product(s) or service you have requested. We’ll collect most of this directly during the process of taking you requirements, providing a quote and processing your order. The sources of personal data collected indirectly are mentioned in this statement. The personal data we use may be about you as a personal or business customer and may include:
Subject to applicable laws, we may monitor and record our communication exchanges with you; calls, emails, text messages, social media messages and other communications in the course of your dealings with us. We may do this for a variety of reasons, including regulatory compliance, self-regulatory practices, crime prevention and detection, protecting the security of our communications systems and procedures, checking for obscene or profane content, for quality control and staff training, and when we need to see a record of what’s been said.
We’ll tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we will require your personal data in order to fulfil your request (i.e. an order, a sample request, a brochure request, etc) unless you’re a customer and we already hold the necessary information.
If you’d prefer not to receive up-to-date information on our products and services, or to be included in market research, you can indicate this by updating your marketing preferences at any time.
You have the right to find out what information, if any, is held about you. This is known as a data subject access request.
A data subject access request is not designed to deal with general queries that you may have about your account. We therefore aim to provide you with the information you require without you having to make a formal request.
You have the right to have your personal data corrected if it’s inaccurate, or to have any incomplete personal data completed.
We’ll process your personal data:
You are free at any time to change your mind and withdraw your consent. The consequence might be that we can’t do certain things for you.
Subject to applicable data protection law we may share your personal data with:
We protect your personal data against unauthorised access, unlawful use, accidental loss, corruption or destruction.
We use technical measures such as encryption and password protection to protect your data and the systems they are held in. We also use operational measures to protect the data, for example by limiting the number of people who have access to the databases in which our booking information is held.
We keep these security measures under review and refer to industry security standards to keep up to date with current best practice.
We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law.
We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it.
We will only send data outside of the European Economic Area (‘EEA’) to work with our agents and advisers who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:
Transfer the data to a non-EEA country which has privacy laws at least as protective as those within the EEA
Put in place a contract with the recipient of the data which means the recipient must protect the data to the same standards as required within the EEA, or Transfer it to organisations which are part of the Privacy Shield. The Privacy Shield is a framework which sets out the standards for data to be sent between the United States and European countries. The Privacy Shield ensures that data is protected to the same standards as used within the EEA.