Privacy Policy – Protecting your data

PRIVACY POLICY – PROTECTING YOUR DATA

1) Who are The Santon Group?

The Santon Group includes all of the wholly owned companies within the Santon group of companies. For more details please visit The Santon Group website (www.thesantongroup.com).

2) What is this Privacy Policy?

At The Santon Group we collect personal information about you and are committed to protecting this information and your privacy. Set out below is an explanation of how we use, collect and safeguard your personal information. This Privacy Policy applies where The Santon Group receives personal data through its website (www.thesantongroup.com) or in connection with any services that we are engaged to provide to you (“Services”).

3) What personal information do we collect?

i) You may provide us with your personal information where you enter your personal information via our website, engage with us in respect of our Services, or correspond with us by phone, email or otherwise. It is provided entirely voluntarily.

ii) Depending on the Services or information you request from us, we may ask you to provide the following personal information:

(a) name, date of birth, address, email address, telephone number and other contact details;

(b) bank account details or other payment or financial information;

(c) information about your personal circumstances including employment, business interests, property or other assets, or other information about you which we require to provide you with particular aspects of our Services.

iii) We may keep a record of any correspondence you have with us, including certain telephone calls which we may be legally required to record (but we will inform you at the beginning of the telephone conversation if recording will be necessary).

iv) We may temporarily store CCTV footage on the CCTV storage device (for a period of up to 30 days) before being overwritten.

v) With regard to each of your visits to our website we may automatically collect technical information, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.

vi) We may receive information about you from a third party source in connection with our Services.

vii) We may also gather information from cookies, web beacons or similar technologies from the internet. You can find out more about how we do that in the relevant section of this policy below and in our Cookies Policy. We use publicly accessible information to verify information we are provided with and to manage and expand The Santon Group’s business. We may also collect IP addresses, mobile device identifier details, your location, navigation and click-stream data, the time of accessing the website, properties you viewed, what you searched for, the duration of your visit, and other details of your activity on the internet.

viii) We may, from time to time, receive information about you from other companies in The Santon Group, or from publically available sources. We may use this information in connection with our marketing activities (subject to section 11 below).

4) Why do we collect your information?

The data will be used, unless you tell us otherwise, for a valid lawful basis for processing together with a full range of business engagement activities by The Santon Group as well as ensuring compliance with legal regulations. Personal data requested by The Santon Group will be collected, used and retained only to the extent that it is reasonably required to do so to conduct our business effectively and relevant to the work undertaken.

5) How we use your personal information?

i) We will use the information we hold about you for the following purposes:

(a) We will use and process your personal information where we have supplied you (or continue to supply you) with Services, where we have arranged for the supply of another company’s Services to you, or where you are in discussions with us about any new service. We will use this information in connection with our contract with you for the supply of those Services, (or when it is needed to enter into the contract); and so that we can communicate with you in relation to those Services (including notifying you of any changes to our Services).

(b) We may use and process your personal information where you have consented for us to do so in connection with our marketing activities (see section 11 below).

(c) You may withdraw your consent for us to use your information in this way at any time. Please see section 9 for further details.

(d) We may use, store and share your information where we are under a legal obligation to do so. This may include use of your information:-

(1) to verify your identity;

(2) in connection with any legal obligation on us to report any fraud or other criminal activity.

ii) We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:

(a) analysis to inform our marketing strategy;

(b) for the detection and prevention of fraud and other criminal activities;

(c) to verify the accuracy of data that we hold about you;

(d) network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;

(e) to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);

(f) assess and improve our service and management of queries and complaints.

6) Who we share personal information with?

We will only disclose your personal information in accordance with applicable laws and regulations. We may disclose your information to the following third parties:-

i) any person with legal or regulatory power over us (such as HMRC, the police or the National Crime Agency or the Serious Fraud Office that may require disclosure on legal grounds);

ii) service providers engaged by us to help us run our business and perform the Services. Such service providers may include, for example, cloud or archive storage providers (engaged by us to provide electronic or physical storage facilities for our business data and your information), or providers of software or other IT resources;

iii) any member of The Santon Group which means our subsidiaries, our ultimate holding company and its subsidiaries (from time to time) as necessary to perform the Services;

iv) we may share your information with third parties who help deliver our products and services to you. Examples include third parties who are hosting our web servers, analysing data, providing marketing assistance and providing customer service. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose;

v) If any part of The Santon Group is sold, or some of its assets transferred to a third party, your personal information may also be transferred. Potential purchasers and their advisors may have access to data as part of the sale process. However, use of your personal information will remain subject to this Privacy Policy. Similarly, your personal information may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration. Our user database could be sold separately from the rest of the business, in whole or in a number of parts. It could be that the purchaser’s business is different from ours too;

7) How do we keep your information secure?

i) We store the information you provide about yourself in a secure database and take appropriate security measures to protect such information from unauthorised access. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security. Where we make available to you any online portal or webhosted platform to provide any Services to you, all exchanges of information between you and any such portal or platform go through encrypted channels in order to prevent interception of your information. Public access to the information via any portal or platform is accessed via a web link and password. You should ensure that these are kept secret and not divulged to other people.

ii) You recognise that your use of our website is entirely at your own risk. As The Santon Group website is grouped to the internet, which is inherently insecure, The Santon Group cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, The Santon Group has no responsibility or liability for the security of personal information transmitted via our website.

8) How long will we store your information for?

We generally hold your personal data on our systems for as long is necessary to provide the Services. This is ordinarily 6 years from the date you cease to use the Services in order to allow us to refer to your information in correspondence with you, or in connection with legal proceedings.

9) Your rights

You have the following rights in relation to how we use your information. If you’d like to exercise these rights please contact us using the contact details listed at section 14 “Who can you speak to at The Santon Group about this Privacy Policy?”

i) Right of access – you have the right to know if we are using your information and, if so, the right to access it and information about how we are using it.

ii) Right of rectification – you have the right to require us to rectify any errors in the information we hold about you.

iii) Right to erasure – you have the right to require us to delete your information if our continued use is not justified.

iv) Right to restrict processing – in some circumstances, although you may not be entitled to require us to erase your information but may be entitled to limit the purposes for which we can use your information.

v) Right of data portability – you have the right to require us to provide you with a copy of your information in a commonly used machine-readable format or to transfer your information directly to another controller (e.g. a third party offering services competing with ours).

vi) Where we rely on your consent as the legal basis for processing your personal information, as set out under section 5, you may withdraw your consent at any time. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

10) How does The Santon Group website use my Internet Protocol (IP) address and collect Cookies?

Like many other websites, we use Cookies to help us gather and store information about visitors to our website.

We may collect information about your computer, including your IP address, operating system and browser type, for system administration and our own internal purposes. This is statistical data about our website users’ browsing actions and patterns, and does not identify you as an individual.

A Cookie is a small text file that is downloaded on to your computer’s hard disk when you access certain websites. Cookies allow the website to recognise your computer. A Cookie can identify the pages that are being viewed and this can assist us to select the pages that the visitor sees.

“Session” Cookies only exist whilst visitors are online on a particular occasion. These are temporary Cookies that aid your journey around the Site and remember the preferences you have selected during your session.

“Persistent” Cookies, which are not session-based, remain on a visitor’s computer, so that you can be recognised as a previous visitor when you next visit our Site. This allows us to collect information about your browsing habits whilst on our website, and this can be useful in assisting us to monitor and improve our services.

We do not store sensitive information such as account numbers or passwords in persistent Cookies and Cookies in themselves do not contain enough information to identify you. You will only become personally identifiable in relation to your browsing habits after you have formally provided us with your personal data for the purposes outlined in section 3 “What personal information do we collect?” above.

In addition to using Cookies, we might also use GIFs and other web tools, such as Google Analytics, to collect information about your browsing activities whilst on our website. In this respect the information that is provided is similar to the information supplied by Cookies, and we use it for the same purposes. Any information that we acquire about you using Cookies, GIFs, or other web tools is subject to the same restrictions and conditions as any other information we collect about you, as outlined in this Policy.

11) Marketing

i) We respect your privacy and ensure we carry out our direct marketing activities in accordance with applicable laws and guidance.

ii) We may contact you with marketing information by post or by telephone or with targeted advertising delivered online through social media and platforms operated by other companies, unless and until you object.

iii) If you are a corporate entity and have engaged us for Services, we may also contact you with marketing information by email or other electronic means unless and until you object. If you are an individual or a member of an unincorporated entity (and except where the following paragraph applies) we will only contact you by email or electronic means with marketing information where you have given us your consent.

iv) Where we have obtained your email address in connection with our contract with you for any Services, or where you have made a positive enquiry about any of our services, we may also contact you with marketing information about similar services by email or other electronic means unless and until you object.

v) We will only share your data with our recommended third party partners for them to contact you with marketing information about their products and services where you have indicated that you would like us to do so. Please use the link on the page requesting your consent to find out more about these third parties. Once shared, the relevant third party’s privacy policy will apply to their processing of your personal information, not ours. If you’d like to opt-out of receiving marketing from a third party after providing your consent, you can do so at any time by contacting the relevant third party directly.

vi) From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.

vii) You have the right to opt-out of our use of your personal information to provide marketing to you by informing us (if we call you by telephone), or by clicking the “unsubscribe link” on any marketing email that we send to you, or by contacting us as set out in section 14 below.

12) Following links from our websites

Our website may contain links to other sites. Such other sites may also make use of their own cookies and will have their own privacy policies. You should carefully review the privacy policies and practices of other sites, as we cannot control or be responsible for their privacy practices. We do not accept any liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

13) Changes to this Privacy Policy

Please note that this policy will be reviewed and may be changed from time to time so please check the page on our website at www.thesantongroup.com occasionally to ensure that you are happy with any changes.

14) Who can you speak to at The Santon Group about this Privacy Policy?

Questions, comments and the exercise of your rights regarding this Privacy Policy and your information are welcomed and should be addressed to our Data Protection Officer by email at privacy@thesantongroup.com or by post at Santon House, 53-55 Uxbridge Road, Ealing, London W5 5SA.

15) Complaints Procedure

If you wish to make a complaint about The Santon Group, our services or any associated matter, you may contact our Data Protection Officer by email, letter or fax. We do require complaints to be made in writing. Wherever possible, complaints will be dealt with promptly, and you will receive a response within thirty (30) working days.

Our contact details are as follows:

The Santon Group
First Floor, Santon House
53-55 Uxbridge Road
Ealing
London W5 5Sa

Telephone : +44 (0)203 478 3900
Fax : +44 (0)203 478 3888

If you are not satisfied with our response or believe we are processing your personal information not in accordance with the law you can complain to the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You have the right to complain to the ICO about our collection and use of your information. You can contact the ICO via their website – https://ico.org.uk/concerns/ or by calling their helpline on 0303 123 1113.

THE SANTON GROUP OF COMPANIES (“THE SANTON GROUP”)
DATA PROTECTION STATEMENT

All data is held securely by The Santon Group.

Data will be treated confidentially and will not be disclosed to external organisations, other than those acting as agents for The Santon Group on related projects or for other legitimate reasons. The data will be used, unless you tell us otherwise, for a valid lawful basis for processing together with a full range of business engagement activities by The Santon Group as well as ensuring compliance with legal regulations. Personal data requested by The Santon Group will be relevant to the work undertaken.

Such data includes full name, postal address, email address, telephone numbers (landline and mobile), date of birth, gender, marital status, financial details (e.g. bank account details) plus, where necessary, relevant personal data of The Santon Group’s employees’ family, dependants and beneficiaries and also CCTV data (where applicable).

In practice this means you may be contacted via post, e-mail or telephone with any of the following:-

1. General communications giving relevant news and up-dates relating to any past, current and future projects; and

2. Any other use deemed to sit within our Data Protection Statement.
Emails will be tracked and stored to ensure that we are better able to tailor our communications. You have the right to object to the use of your data for any of the above purposes by contacting us at privacy@thesantongroup.com.

There are certain rights under the applicable data protection law, such as:-

1. the right to be informed about the processing of personal data,

2. the right to object to the processing of personal data,

3. the right to have your personal data erased,

4. the right to request access to personal data,

5. the right to move, copy or transfer personal data,

6. the right to complain to the Information Commissioner’s Office.

The Santon Group will regularly review and document compliance with this Statement.

As required under the Data Protection Act 2018, which incorporates the European Union General Data Protection Regulations (GDPR) and replaces the current legislation (the Data Protection Act 1998).

25th May 2018