This notice tells you what to expect when Pritpal S Tamber Limited (PST Ltd) collects and uses your personal information. It covers:
The lawful bases on which we use your information
The information we collect when you use our websites
The terms and conditions of using our websites
The security and performance of our websites
Your information when you contact us via social media
Your information when you send us an email
Your information if you make a complaint to us
Your information when you’re a customer
Our use of CCTV
Your information as a job applicant or employee (current or former)
How to complain or ask questions about this policy
Getting access to the personal information we have on you
When we might disclose your personal information
Other information-related things you can ask about
The privacy practices of sites we link to
The policies this notice is based on
Our contact information
We use two lawful bases (from the General Data Protection Regulation [GDPR] of the European Union) for processing your personal information: contract basis and consent basis.
Contract basis for lawful processing is used for personal information gathered through the provision of services, and applies to our current customers and our former customers.
Whilst you are a customer we need to store and process certain personal information, such as your name, postal address, email address, telephone number and payment details. It may also be necessary for us to share your personal information with some third-party data processors (ie: other companies) as outlined below in the section below entitled, ‘Your Information When You’re A Customer’.
Under the contract basis of lawful processing you are entitled to the right to be forgotten (erased from our systems) and the right to ask us to transfer the personal information that you supplied to us to another company. However, we are required by law to hold accounting information for approximately seven years (six years from the end of the last financial year), but any other information can be erased from our systems upon your request.
Consent basis for lawful processing is used when you choose to opt in to receive our direct marketing, such as email newsletters, promotions and events.
This use of personal information applies to both customers and non-customers and is usually restricted to just your name, role title, institution, postal address, email address and telephone number. We will not sell or pass your details to third-parties for any purposes nor will we automatically opt you in to any marketing campaigns that we run.
Under the Consent basis of lawful processing you are entitled to the right to be forgotten (erased from our systems) and the right to ask us to transfer the personal information that you supplied us to another company. You may opt out of receiving our direct marketing at any time, whether a current customer or not. If you wish to opt out you will be able to do so via an unsubscribe link included in each marketing email or by contacting us.
When someone visits one of our websites we use third-party services, such as SquareSpace Analytics, to collect standard Internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow the third-party services to make, any attempt to find out the identities of those visiting our website for legitimate purposes. If we do want to collect personally identifiable information through our website, we will be up front about this — we will make it clear when we collect the information and explain what we intend to do with it.
The content of the pages of our websites is for your general information and use and is subject to change without notice. Your use of any information or materials on our websites is entirely at your own risk, for which we shall not be liable, and it shall be your own responsibility to ensure that any products, services or information available through our websites meet your specific requirements.
Our websites contain material which is owned by or licensed to us. This material includes the design, layout, look, appearance and graphics. Reproduction is prohibited other than in accordance with ‘fair use’ as set out by the Digital Millennium Copyright Act (DMCA) or if the material states otherwise. Unauthorised use of our websites may give rise to a claim for damages and/or be a criminal offence.
Our websites use an integrated application to help maintain their security and performance. To do this they process the IP addresses of visitors, and logs and blocks any IP addresses that make unauthorised attempts to log in or that try to examine the non-public content.
When you interact with us via social media you create information (such as direct messages, mentions, comments and likes) that is processed and retained by the social media networks themselves, as defined by their privacy policies.
We may from time to time choose to use a third-party providers, such as Buffer, to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by the third-party provider, as defined by that third party.
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law. We use SSL/TLS encrypted email between our email applications and email servers. Please ensure that your email application also uses SSL/TLS to ensure end-to-end privacy of any data being sent.
When we receive a complaint we create a file containing its details. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We may at times compile and publish statistics showing information like the number of complaints we receive but not in a form that identifies anyone.
We may have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
We offer various services to our customers. We have to hold the details of the people who have requested our services in order to provide it to them. However, we only use these details to provide the service requested and for other closely related purposes. — for example, we might use information about people who have requested a service to carry out a survey to find out if they are happy with the level of service they received.
We use software from third-party data processors to manage projects, accounts and to process payments. These data processing companies are, where appropriate, GDPR, PECR and or PCI-DSS compliant. They include online cloud storage such as Dropbox, email marketing systems such as Mailchimp, our billing and accounting system, and various payment processors. Further information on these companies can be found on their websites or supplied by us upon request.
Should payments fall past due we may pass your name, contact details, payment and account information to a third-party debt collection company.
Your personal data would be shared with an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business.
We are based in a managed office and the landlord operates CCTV cameras within the premises and in the areas adjacent to the premises to protect clients, employees, property and visitors. Video is recorded on a CCTV system and is stored for up to 30 days after which it is automatically overwritten. Should the need arise, copies of recordings may need to be given to authorities to aid in any investigation. This will be done within the guidelines issued by the Information Commissioners Office.
If you apply to work with us, we will only use the information you supply to process your application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau, we will not do so without informing you beforehand unless the disclosure is required by law.
Personal information about unsuccessful candidates will be held for up to 12 months after the recruitment exercise has been completed. It will then be destroyed or deleted. We may retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with us has ended, we will retain the file for two years and then delete it. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our collection and use of personal information. However, we are happy to provide any additional information or explanation, as needed.
Should you feel that we have handled your personal information incorrectly or that we haven’t been able to provide a suitable answer to your query about the data we hold for you, then you can make a complaint to the ICO at www.ico.org.uk.
We try to be as open as we can in terms of giving people access to the personal information we have on them. You can find out if we hold any personal information on you by making a GDPR ‘subject access request’ using the contact details at the bottom of this notice.
We are legally obliged to provide such information within 30 days of your request, free of charge. However, where a request is manifestly unfounded or excessive we may charge a reasonable fee for the administrative costs of complying with the request. We may also charge a reasonable fee if an individual requests further copies of their data following a prior request, based on the administrative costs of providing further copies.
If we do hold information about you we will:
Give you a description of it
Tell you why we are holding it
Tell you who it could be disclosed to
And let you have a copy of the information in an intelligible form
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone. If we do hold information about you, you can ask us to correct any mistakes by contacting us.
In most circumstances, we will not disclose personal information without your consent. However, when we investigate a complaint, for example, we will need to share personal information with the persons or organisation concerned and with other relevant bodies.
This privacy notice does not cover the links within our websites to other websites. We encourage you to read the privacy notices on the other websites you visit.
This notice is based on a set of policies adopted by PST Ltd that cover: how we check that the information we hold is accurate and up to date; how we train staff to collect, use and delete personal information; the circumstances in which we may have to pass on personal information without your consent, such as to prevent and detect crime; and the agreements we have with other organisations on how we share your data in order to operate, such as our domain provider, our cloud-based storage provider, and the provider of the platform on which our websites are built.
We keep our policies, and this notice, under regular review. This notice was last updated on 7th December 2018.
You can contact us with the following details:
Pritpal S Tamber Ltd, 18A Arlington Way, London EC1R 1UY, UK
Or email us at firstname.lastname@example.org.