The organisation [21CC Group Ltd, Hopetoun Sawmill, Hopetoun Estate, South Queensferry, EH30 9SL] collects and processes personal data relating its contacts to manage the business relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
The legal basis for collecting this information is that we require to hold records in the course of our business planning and operations to deliver contractual services.
What information does the organisation collect?
The organisation collects and processes a range of information about you. This includes:
your name, address and contact details, including email address and telephone number;
Bank sort code and account number for processing payments.
- Images on CCTV for prevention of crime if you visit company premises.
The organisation may collect this information in a variety of ways. For example: data will be stored in a range of different places, in the organisation’s sales management systems and in other IT systems (including the organisation’s email system). You may also be asked to complete a questionnaire depending on the service we are providing to you or to our client. Any information collection in this way will be stored on our server for reference.
Why does the organisation process personal, financial and commercial data?
The organisation needs to process data to enter into a service delivery contract with you and to meet its obligations in line with your order, or the order of others. For example, it needs to process your data to provide you with your goods / services, or provide the end client with goods and services.
Who has access to data?
Your information may be shared internally.
The organisation shares your data with third parties so that it can process your order. For example, Sage Pay for payment processing and courier providers to arrange delivery of your goods. Third parties or sub-contracted organisations may need your name and contact number on order to contact you regarding your event.
The organisation will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or
disclosed, and is not accessed except by its employees in the performance of their duties. There are system restrictions in place preventing unnecessary access to your payment details.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data for 5 years.
As a data subject, you have a number of rights. You can:
access and obtain a copy of your data on request;
require the organisation to change incorrect or incomplete data;
require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Data Controller on the details given above. If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
We will not be able to fulfil your order or deliver the services that you contracted us for.