The lawful basis for the processing of data is that you have given your consent for us to do so. The nature of the data processing is limited to collection, recording and storage. We update this Policy from time to time so please review this Policy regularly.
Shirlaws Group Ltd is the Data Controller of the personal data you supply to us via our website.
Registered number 11020393.
Information we Collect
In using our website, we may collect and process the following data about you:
Details of your visits to our website and the resources that you access, including, but not limited to, traffic data, location data, blogs and other communication data.
Information that you provide by filling in forms on our website, such as when you register for information or sign up to our newsletter, information provided to us when you communicate with us for any reason and responses and results of questionnaires you choose to take.
Use of Your Information
The information that we collect and store relating to you is primarily used to enable us to provide our services to you. In addition, we may use the information for the following purposes:
1. To provide you with information requested from us, relating to our products or services and information on other products which we feel may be of interest to you, where you have consented to receive such information.
2. To meet our contractual commitments to you.
3. To notify you about any changes to our website, such as improvements or service/product changes, that may affect you.
If you are an existing customer, we may contact you with information about goods and services similar to those which were the subject of a previous sale to you. If you are a new customer, we will only contact you when you have provided consent and only by those means you provided consent for.
If you decide you do not want us to use your data you will have the opportunity to withhold your consent by emailing us at firstname.lastname@example.org with the subject line ’Marketing Email’.
Storing Your Personal Data
The services provided by this website and data stored are hosted on servers located in the United Kingdom and/or the United States. Data may be processed by staff operating in or outside these areas who work for us or for one of our suppliers.
The transmission of information via the internet is not completely secure and therefore we cannot guarantee the security of data sent to us electronically and transmission of such data is therefore entirely at your own risk.
Disclosing Your Information
Where applicable, we may disclose your personal information to any member of Shirlaws Group. This includes, where applicable, our subsidiaries, our holding company and its other subsidiaries (if any).
We may also disclose your personal information to third parties:
– Where we sell any or all of our business and/or our assets to a third party.
– Where we are legally required to disclose your information.
– To assist fraud protection and minimise credit risk.
Third Party Links
You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever and have no control over them.
Access to Information
What rights do you have?
You have a number of rights under data protection law. These rights and how you can exercise them are set out in this section. We will normally need to ask you for proof of your identity before we can respond to a request to exercise any of the rights in this section and we may need to ask you for more information, for example to help us to locate the personal data that your request relates to.
We will respond to any requests to exercise your rights as soon as we can and, in any event, within one month of receiving your request and any necessary proof of identity or further information. If your request is particularly difficult or complex, or if you have made a large volume of requests, we may take up to three months to respond. If this is the case, we will let you know as soon as we can and explain why we need to take longer to respond.
A Right to Access Your Information
You have a right to ask us to send you a copy of all personal data that we hold about you (subject to some exceptions). A request to exercise this right is called a ‘Subject Access Request’ and must be made in writing to email@example.com or to Data Protection Officer, 1 Farnham Road, Guildford, GU2 4RG.
A Right to Object to us Processing Your Information
You can exercise this right by emailing firstname.lastname@example.org.
A Right to Ask Us Not to Market to You
You can ask us not to send you direct marketing, advertising or marketing emails and can opt out at any time.
More information about opting out of marketing and advertising can be obtained by emailing email@example.com.
A Right to Have Inaccurate Data Corrected
You have a right to ask us to correct inaccurate data that we hold about you. If we are satisfied that the new data you have provided is accurate, we will correct your personal data as soon as possible.
A Right to Have Your Data Erased
If you would like to make a request to exercise this right, please contact firstname.lastname@example.org. If we are required by law to comply with your request, we will fully anonymise your data, so that it is no longer personal data and cannot be used to identify you.
A Right to Have Processing of Your Data Restricted
You can ask us to restrict processing of your personal data in some circumstances, for example if you think the personal data is inaccurate and we need to verify its accuracy, or if we no longer need the data but you require us to keep it, so that you can exercise your own legal rights.
Restricting your personal data means that we only store your personal data and don’t carry out any further processing on it unless you consent, or we need to process the data to exercise a legal claim or to protect a third party or the public.