fbpx

Privacy Policy

Privacy Policy

User privacy and data protection

We take your privacy seriously. This document lets you know how we will process and protect any data you share with us.

Our data protection policy is based on the following principles:

  • We recognise the need for user privacy and data protection legislation compliance

  • We understand we have a duty of care to our clients

  • We only collect and process Data that is absolutely necessary and in the best interests of our clients and any data collected will be for the purpose of the services we provide

  • We will never pass any client Data to a third party unless we have your express permission and it is in your best interest

  • We endeavor to ensure that all our Data is correct and up to date

We aim to comply with

  • UK Data Protection Act 1988 (DPA)

  • EU Data Protection Directive 1995 (DPD)

  • EU General Data Protection Regulation 2018 (GDPR)

Source

What is the source of your personal data?

The source of the data we collect will be you, through communication in person, via email or over the telephone.

What lawful basis do we have for processing your personal data?

We process your personal data where:

  • processing is necessary for compliance with a legal obligation on us, for example to make sure we submit accurate company accounts and tax returns;

  • we have a legitimate interest in processing personal data, for example

    • to provide you with news or information on upcoming events which may be of interest to you; or

    • to make sure an event booking runs smoothly, and to make future event bookings easier by being able to refer to your previous menu choices.

If you make a purchase, subscribe to our mailing list, we will process your contact details including your name, email address and postal address. We will also process email communications with you.

We share this data internally with relevant staff only, and, in the event of a booking, with our bookkeeping company and accountancy firm.

External IT staff may also have access to your personal data for IT purposes only, e.g. to install technological safeguards to protect your data.

Data is stored in a range of different places, including our email system (we use Google’s gmail as our email provider, so your personal data will be shared with them) and Dropbox.

Processing

Personal data transfers to third countries or international organisations.

Because some of your personal data may be stored on Dropbox, it may be stored, processed and transmitted in the United States and locations around the world. When transferring data from the European Union, the European Economic Area and Switzerland, Dropbox relies on a variety of legal mechanisms, including contracts with their users. Dropbox complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information transferred from the European Union, the European Economic Area and Switzerland to the United States. You can find Dropbox’s Privacy Shield certification here. You can also find out more about Privacy Shield at https://www.privacyshield.gov.

Our email works through Google’s gmail which means that some personal data may be transferred outside the UK. Google, including Google LLC and its wholly-owned US subsidiaries, has certified that it also adheres to the Privacy Shield Principles. Google remains responsible for any of your personal information that is shared under the Onward Transfer Principle with third parties for external processing on our behalf, as described in the “Sharing your information” section of their privacy policy, which can be found here. To learn more about the Privacy Shield program, and to view Google’s certification, please visit the Privacy Shield website.

How long do we keep your personal data for?

We will keep your personal data for as long as is necessary to fulfil the purposes for which we collected it.

Finally, you have the right to object to the processing of your data where we are relying on legitimate interests as the legal ground for processing. However, we may be able to continue processing if we have a compelling reason for doing so.

Because the processing of your personal data is not carried out by automated means and consent/contract, the right to data portability does not apply.

Can we oblige you to provide personal data, and what happens if you don’t?

We generally need your contact information in order to get in touch with you regarding an enquiry, although you could of course enquire without providing contact information if you prefer.

We will however need your contact information in the event of a booking in order to be able to invoice you (unless you are able to pay in advance). If you are not able to pay in advance, and don’t provide us with this information, we will not be able to take a booking.

If you would like us to stop contacting you at any time regarding news or information on upcoming events which may be of interest to you, please contact our Data Protection Officer on page 1.

Automated decision-making

No decisions are based on automated decision-making.

Email newsletter

If you sign up for our email newsletter your email address will be sent to our chosen marketing services provider. Your email address will remain with the marketing services provider, and we will not store it anywhere on our own system. You can request removal of your email address from this service. You will be able to unsubscribe from email newsletters at any time. A link to do so will be at the foot of every newsletter. Alternatively, you can contact us directly to request to be removed from our email list.

Site visitor tracking

This site uses Analytics software to track user interaction. This information allows us to determine the number of people using our site, so we can understand how our site is being used, so we can improve our services. We do not have access to information which will identify you.

You can prevent the Analytics software from tracking your interaction with the site by disabling cookies on your internet browser.

Data Breaches

In line with data protection regulations, we are obliged to report any data breaches. We will adhere to the requirement to do so within 72 hours and will report to the appropriate authorities. This also applies to any data theft.

Data Protection Officer: Badruddin Pouget (Tel. 020 8087 2487, email info@cheeselibrary.co.uk)

Our privacy policy may change from time to time in line with legislation or industry developments. Any changes will be detailed on our website.

Questions and Comments

If you have any questions or comments at all, please don’t hesitate to email or talk to our Data Protection Officer on page 1.

Privacy Notice version 07/09/20.