PRIVACY POLICY

PURPOSE

This privacy policy tells you what will happen to any personal data you provide to Ellacott Morris when you use our website or contact our organisation. We fully understand that your privacy is important to you, and we are committed to protecting your personal data in line with the General Data Protection Regulation.

Our privacy policy explains how we will use and protect any information that we gather, whether it be through our website, on the telephone or personal conversations, or through our normal business contacts with you. Below we have provided contact information if you have any questions on how we use and protect your data. The acceptance of this privacy policy and our cookie policy (see “Cookies” below) is required to make full use of our website.

OUR DETAILS

Organisation name: Ellacott Morris Ltd

Address: Waterloo House, 2 Colchester Road, St Osyth, CO16 8HA

Telephone number: 01255 425059

Email address: info@ellacottmorris.co.uk

YOUR RIGHTS

Under the General Data Protection Regulation (GDPR), you have the right to be informed about:

• the collection and use of your personal data
• our purposes for processing that data
• the retention periods for storing your data (or a guarantee that it will be kept only for as long as necessary)
• who it will be shared with (both in this country and, if applicable, in others: in this case, we will inform you of the safeguards which are applied in that country)
• the legal basis under which we process your data
• the right to withdraw your consent (if consent is the legal basis for processing)
• our “legitimate interest” in processing your data (if that interest is the legal basis for processing)
• details of any data we collect about you from a third party (such as publicly available information)
• the right to lodge a complaint with the ICO
• details of the existence of automated decision-making, including profiling (if applicable).

You also have the right to information that is concise, transparent, intelligible, easily accessible and presented to you in clear and plain language rather than in “legalese”. We encourage you to get in touch with us if you have any questions about this policy or our procedures with regard to data processing. This will not in any way affect your rights to complain to the ICO.

INFORMATION WE COLLECT

We may collect your personal and sensitive personal data such as your name, address, date of birth, contact details, e-mail address and other sensitive personal information. We collect this information from client contacts and suppliers to allow us to undertake our business.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

• Identity Data may include [first name/last name/username/marital status/ title/date of birth/gender].
• Contact Data may include [billing address/delivery address/email address/ telephone numbers].

We may also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

HOW WE COLLECT YOUR PERSONAL DATA

You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

• Enquire about our products or services;
• Subscribe to any of our services;
• Submit a web form or enquiry email;
• Request marketing information to be sent to you.

HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of Contract this means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
• Legitimate Interest this means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting info@ellacottmorris.co.uk
• Comply with a legal or regulatory obligation this means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting info@ellacottmorris.co.uk

PURPOSES FOR WHICH WE MAY USE YOUR PERSONAL DATA

We have set out below, a description of all the ways we may to use your personal data, with the legal bases we rely on to do so.

Purpose / Activity
To register you as a new customer or retain contact
Type of data
Identity & Contact
Lawful basis for processing including basis of legitimate interest
Performance of a contract with you

WHY WE NEED THIS INFORMTION

We may need to keep your personal information for the following reasons:

• for internal record-keeping
• to manage our internal accounts
• to provide services to you as per our business contract
• to contact you via email, text message or phone if we have a business relationship or you have requested contact from us
• to maintain our business relationship, where you are a client
• if you have provided us with your consent, we may directly market our products and services, and let you know about any updates to our service. You will be able to unsubscribe at any time from receiving any further communications from us
• to third parties where we have retained them to provide services that we, you or our client have requested – we ensure that any third parties comply with rules regarding privacy and data protection
• to trusted third parties who perform functions on our behalf and who also provide services to us, such as professional advisors or IT consultants. We ensure that any third parties comply with rules regarding privacy and data protection
• we may also release your personal information to regulatory or law enforcement agencies, if they require us to do so by law

HOW LONG WE KEEP YOUR INFORMATION

We will only keep your data for as long as there is either a statutory requirement for us to do so or because we are providing a service to you. If our business relationship has ended with you, we will be required to keep records for accounts and records purposes.

THE LEGAL BASIS UNDER WHICH WE COLLECT & STORE DATA

We can collect and store data under six possible legal grounds under GDPR, these are:

1. consent
2. fulfilment of a contract
3. legitimate interests
4. vital interests
5. public task
6. legal obligation

MARKETING

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

We have established the following personal data control mechanisms:

• Promotional offers from us
  You may receive marketing communications from us if you have requested information from us or purchased services from us and, in each case, you have opted in to receiving that marketing.
• Opting out
  You can ask us to stop sending you marketing messages at any time by contacting info@ellacottmorris.co.uk. Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a service experience or other transaction.

APPLYING THE DATA PROTECTION PRINCIPLES

We are committed to applying the principles set out in the GDPR, we strive to ensure that:

• personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
• our procedures are adequate, relevant and limited to what is necessary in relation to the purposes for which they are put in place
• the data we collect is accurate and, where necessary, kept up to date, every reasonable step will be taken to ensure that data that is inaccurate, having regard to the purposes for which it is processed, are erased or rectified without delay
• data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which they are processed
• data is processed in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

In applying these principles, we recognise that we have a general obligation to implement technical and organisational measures to show that we have considered and integrated data protection into all data processing activities.

ACCESS TO YOUR DATA

You can object or withdraw your consent to the use of your personal information at any time. This may affect the services we are able to supply you.

Where Ellacott Morris is the data controller you are entitled to the following (subject to some legal exemptions):

• request a copy of the personal information of which you are the data subject
• to have any inaccuracies corrected
• to have your personal data erased
• to place restrictions on us processing your data
• to object to processing
• to request your data to be ported (data portability)

You may request details of personal information which we hold about you under the EU General Data Protection Regulation (GDPR) 2018. To make a request to access the data that we hold about you, please request this in writing to the address detailed above.

CHANGE OF PURPOSE

Where we need to use your personal data for another reason, other than for the purpose for which we collected it, we will only use your personal data where that reason is compatible with the original purpose.

Should it be necessary to use your personal data for a new purpose, we will notify you and communicate the legal basis which allows us to do so before starting any new processing.

COOKIES

A cookie is a small text file placed on your computer or device by our site when you visit certain parts of it and/or use certain features. For example, we may monitor how many times you visit, which pages you go to, traffic data, location data, blogs and other communication data whether required for billing purposes or otherwise. We may also look at the originating domain name of a user’s internet service provider, IP address, operating system and browser type. This information helps us to build a profile of our users. Where appropriate, this data will be aggregated or statistical, which means that we will not be able to identify you individually.

Cookies are also used to remember your settings (language preference, for example) and for authentication (so that you do not have to repeatedly sign in). You can set your browser not to accept cookies and there are a number of websites which explain how to remove cookies from your browser. However, it is possible that some of our website features may not function as a result.

THIRD PARTY WEBSITES

Please note that there are some links on our website to other sites where you may find useful information. This does not indicate a general endorsement of those sites and, as we have no control over how data is collected, stored, or used by other websites, we would advise you to check their privacy policies before providing any data to them.

DATA SHARING

We will share your personal data with third parties where we are required by law, where it is necessary to administer the relationship between us or where we have another legitimate interest in doing so.

We will not sell or pass on your personal data to any commercial or charitable organisation.

THIRD PARTY SERVICE PROVIDERS & MY PERSONAL DATA

“Third parties” includes third-party service providers and other entities within our group or the members of our firm’s network. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, marketing services and banking services.

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

OTHER THIRD PARTIES & MY PERSONAL DATA

We may need to share your personal data with a regulator or to otherwise comply with the law. We will not share your personal data with other third parties without your consent.

TRANSFERRING PERSONAL DATA OUTSIDE THE UNITED KINGDOM (UK)

We will not transfer the personal data we collect about you outside of the United Kingdom without your express written consent.

INFORMATION COMMISSIONER’S OFFICE (ICO)

For more information on your rights regarding your personal data please visit the ICO

https://ico.org.uk

QUERIES, REQUESTS OR CONCERNS

To exercise all relevant rights, queries or complaints in relation to this policy or any other data protection matter between you and us, please in the first instance contact info@ellacottmorris.co.uk

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on

Telephone: 0303 1231113

Email: https://ico.org.uk/global/contact-us/email/

Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England, UK.