Fair Processing Notice
Date Published: 23rd May 2018
Carlton Professional understands that your information is important and in the wrong hands it poses a risk to your rights and freedoms. In order to help you protect your information this notice will explain what information we collect, why we collect it, what we do with it, how long we keep it for, who can access it and what your rights are.
What we need
We need to collect the following information;
- Email address
- Phone number
- VAT number
- Web address
- IP address through cookies on our website – these will track the user journey and the pages you view
We use analytical cookies to allow us to recognise and count the number of visitors and to see how visitors move around the site whilst they’re using it. This helps us to improve the way our website works, for example by making sure users are finding what they need easily. The following cookies will be added when you visit our site;
- _ga – Expires in 2 years – used to distinguish users
- _gid – Expires in 24 hours – used to distinguish users
- _gat – Expires in 1 minute – used to throttle request rate
- _cfduid – Expires in 5 years – to identify trusted web traffic. It does not correspond to any user id in the web application, nor does the cookie store any personally identifiable information
- _icl_current_language – Expires in 24 hours – Stores current language
- Wplc_chat_status – Expires in 24 hours – used to enable us to store information about your preferences for our live chat application
When you place an order we will need the following to process payments or issue refunds:
- Card details
- Bank details
When we are recruiting we need to collect:
- Contact information
- Work history
- Anything you choose to disclose on a CV
- Any information you choose to disclose in an interview
Why we need it
We need to collect this information to:
- To obtain who you are
- To check whether you are eligible to purchase our goods
- To notify you of our current offers, new products, etc.
- Handle qualifications.
- Handle warranties and repairs
- Deliver goods and services
- Process payments
- Recruit staff
What we do with it
- The information allows us to process orders
- We market our products and special offers to you through email relating to a previous enquiry and/or purchase with us
We store your data in our database and then access it to fulfil your order or answer your enquiry.
Recruiting information is passed to the management who will then use it to arrange interviews and review the suitability of candidates.
We will not transfer your data to another country.
We do not use automated decision making – all information is inputted by members of staff.
How long we keep it
We generally retain your information for 2 years unless you either notify us in writing to discard your information or you unsubscribe from our e-marketing list.
Records of purchases will be kept for 7 years, due to the requirements of HMRC.
Where we have processed a warranty we need to keep your information for 3 years after the item was repaired/replaced.
Where you have purchased a qualification certification we need to hold your information for the duration of the certification plus a period of 2 years.
How will it affect you
The results of the process may have the following effects on you:
- You may be contacted occasionally regarding offers, product launches and company news which we feel could be a benefit to you
If you fail to provide or provide incorrect information we may not be able to:
- Take payment or issue refunds
- Deliver goods
- Handle warranty claims
- Employ you
- Handle your enquiry
Who can see it
The parties that may be able to access this information are:
- Payment providers – to process payments and refunds.
- Couriers – to deliver goods.
- Our mass mailing provider – to send marketing emails.
- Maintenance companies – to carry out repairs under the warranty.
- Our web host – to facilitate enquires.
- Qualification Providers – to provide qualifications
- Recruitment firms – to help us fill staff vacancies
- Our analytics provider – to provide us information about visitors to the website
How we protect it
We protect your information by storing it on our password protected software system, as well as storing limited information on a password protected marketing database.
All hard copies of your information, included on your invoice, are stored in a secure area with the appropriate security measures and controls in place.
Our staff and any contractors that handle your information are committed to protecting your data and have been trained to handle data.
We have a number of policies and procedures in place to help ensure that your data is suitably protected.
What are your rights
- Request a copy of the data we hold on you. If you wish to do this then please email email@example.com and we will send you the relevant forms that will need to be completed and emailed back to us
- Request that we correct or update the data that we hold on you. If you wish to do this then please email firstname.lastname@example.org and we will send you the relevant forms that will need to be completed and emailed back to us
- Request that we delete the information we hold on you. If you wish to do this then please email email@example.com and we will send you the relevant forms that will need to be completed and emailed back to us
- Request that we keep your data but do not use it. If you wish to do this then please let us know at firstname.lastname@example.org or unsubscribe from our e-marketing
- Request that we send a copy of your data to another organization. If you wish to do this then please email email@example.com and let us know the details
- Object to how we are using data. If you wish to do this then please email firstname.lastname@example.org and let us know the details
- Raise a compliant with the Information Commissioner’s Office about us. If you wish to do this then visit ico.org.uk/concerns and follow the appropriate links
- Take us or the Information Commissioner’s Office to court. visit ico.org.uk/concerns and follow the appropriate links
- Withdraw consent to process your data at any time. If you wish to do this then please email email@example.com and we will send you the relevant forms that will need to be completed and emailed back to us
Additionally, we must inform you of the following:
- If we suffer a data breach and your data is affected in a way that it poses a risk to your rights and freedoms.
- If we carry out your request to correct/update, erase or not use your data
Contact Details for the controller of your data: