Version 1.1 / Dated Friday 18th May 2018
This legislation replaces previous data privacy law, giving more rights to you as an individual and more obligations to organisations holding your personal data. It covers our data protection obligations under the General Data Protection Regulations (“GDPR”) and the Data Protection Act 2018. One of the rights is a right to be informed, which means we have to give you even more information than we do now about the way in which we use, share and store your personal information.
WHAT ARE THE LAWFUL BASES FOR PROCESSING?
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever we process personal data:
(a) Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
This policy applies to Devonvale Limited, it’s Directors, Management and Employees and all Existing Customers. As well as Potential Customers, Job Applicants and the General Public who either visit our websites www.devonvale.com www.devonvalebakery.com or who communicate with us verbally, via email or written correspondence or via third party social media applications.
It explains how we use any personal information we collect about you when you use this website and any wider services.
GLOSSARY OF TERMS
What is Business Data?
Business Data relates to any information about a business that makes you identifiable, which may include (but not limited to):
Names and contact information, eg. Address Details, Emails and Telephone Numbers
Business Bank Information
Other Accounting Data
Any other reasonable data to perform our duties as a responsible supplier/business.
What is Personal Data?
Personal Data relates to any information about a person that makes you identifiable, which may include (but not limited to):
Names and contact information, eg. Address Details, Emails and Telephone Numbers
National Insurance Numbers
Personal Bank Information
Payroll and Accounting Data
Any other reasonable data to perform our duties as a responsible business.
What do we mean by B2B?
Business to Business, involving PLC, Ltd, LLP, Incorporated Partnerships, trusts and foundations, local authorities and government institutions.
What do we mean by B2C?
Business to Consumer, involving Private Individuals, Sold Traders, unincorporated partnerships, trusts and foundations.
By Social media, we mean all major 3rd party applications or websites, including currently Facebook, Twitter, Instagram and Linked In, but may include further applications or websites in the future.
HOW WE USE YOUR INFORMATION?
We are bound by the requirements of the General Data Protection Regulations (GDPR). This privacy notice tells you what to expect when Devonvale Limited collects personal information. It applies to information we collect about:
Visitors to our Websites, Social Media and Email Enquiries.
Any B2B or B2C contact in relation to a request for information, complaint or enquiry
At Devonvale Limited we take your privacy seriously.
For B2B (Business to Business) Clients and Contacts our lawful reason for processing your personal information will be “legitimate interests”. Under “legitimate interests” we can process your personal information if: we have a genuine and legitimate reason (for example, to supply goods/services and/or provide information you require to fulfil our business obligations to you) and we are not harming any of your rights and interests.
For B2C (Business to Consumer) Clients and Contacts our lawful reason for processing your personal information will be “A contract with the individual” eg to supply goods, services and/or information you have requested, or to fulfil obligations under an employment contract.
We will not share your information for marketing purposes with other companies so that they may offer you their products and services.
VISITORS TO OUR WEBSITES
When someone visits www.devonvale.com or www.devonvalebakery.com we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. We collect information about you when you fill in any forms on our website eg. Sending us an enquiry or giving us feedback. We will only use this information in relation to the matter you have contacted us about and will delete this data after one year.
Analytics – eg how visitors use our website
We use Google Analytics to store information about how visitors use our website so that we may make improvements and give visitors a better user experience. Google Analytics is a third-party information storage system that records information about the pages you visit, the length of time you were on specific pages and the website in general, how you arrived at the site and what you clicked on when you were there. These cookies do not store any personal information about you eg name, address etc and we do not share the data.
An IP or Internet Protocol Address is a unique numerical address assigned to a computer as it logs on to the internet. Devonvale Limited does not have access to any personal identifiable information and we would never seek this information. Your IP address is logged when visiting our site, but our analytic software only uses this information to track how many visitors we have from particular regions.
Internet Based Advertising
We may use Linkedin, Facebook and Twitter and other Social Media advertising services and as such there are tracking codes installed on our website so that we can manage the effectiveness of these campaigns. We do not store any personal data within this type of tracking.
Cookies are text files put onto your computer to collect standard log information and visitor behaviour information. This information is then used to track visitor use of the website and to create statistical reports on website activity.
You can set your browser to not accept cookies.
Please however note, that in some cases our website features may not function if you do not accept cookies.
SECURITY AND PERFORMANCE
Devonvale Limited uses a third party cloud based provider to help maintain the security and performance of our website. To deliver this service it may process the IP addresses of visitors to the Devonvale Limited websites. These IP addresses are not disclosed to us.
MAKING CONTACT WITH US VIA THIRD PARTY SOCIAL MEDIA
If you send us a private or direct message via social media the message will be stored by us for three years if it is a B2B communication or 1 year if it is a B2C communication. It will not be shared with any other organisations.
People who Email us
We use encryption to protect email traffic. If your email service does not support encryption you should be aware that any emails we send or receive may not be protected in transit.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
PEOPLE WHO CONTACT US IN RELATION TO A REQUEST FOR INFORMATION, COMPLAINT OR ENQUIRY
When we receive communication from a person they have chosen to disclose their identity.
We will only use the personal information we collect to process their communication. We do compile information like the number of complaints we receive, but not in a form which identifies anyone.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for three years. Where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent communication.
We would like to send you information about our products and services, which may be of interest to you. If you have consented to receive marketing, you may opt out at any point as set out below.
You have a right at any time to stop us from contacting you for marketing purposes. To opt out please email: email@example.com with the title “Marketing Opt Out”.
How long will we hold your data for?
Marketing: We will hold your data for a period of 6 years with a review every 3 years. You will have the opportunity to opt out or update or delete data at any point should you need to do so and details are set out in this policy as to how to do that.
Contracted Services: We will hold your data for 7 years in line with our regulatory requirements.
If you are a Devonvale Limited customer we will hold business data on you that falls within our Glossary of Terms, above. We will never hold more than we need to, than to fufill our obligations to you and to any external legal entities. Should we cease supplying you we will hold no more than we need to, however we will hold financial information and records for seven years, to fulfil our legal duties. A copy of our terms and conditions of sale and our credit application form are available upon request.
If you are a Devonvale Limited customer we will hold personal data on you that falls within our Glossary of Terms, above. We will never hold more than we need to, than to fufill our obligations to you and to any external legal entities. Should we cease supplying you we will hold no more than we need to, however we will hold financial information and records for seven years, to fulfil our legal duties. A copy of our terms and conditions of sale is available upon request. As a B2C Customer you may use a third party application to purchase Devonvale products and we cannot be held responsible for data they hold. However should we have access to any data in this process we will only hold financial information and records for seven years to fulfil our legal duties.
B2B AND B2C CUSTOMERS WHO CEASE TRADING
Unless you advise us otherwise we will keep limited personal information on file eg. Name, Position, Telephone Number and Email (not a finite list) for future communication of offers or other marketing that is legitimate within our area of business.
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes or store any of your information outside of the European Economic Area. The information you provide will be held securely by us whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
What information do we ask for, and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it might affect your application if you don’t in terms of the effect it may have on our ability to adequately assess your suitability for employment.
We ask you for your personal details including name and contact details. We will also ask you about your previous experience, education, referees and for answers to questions relevant to the role you have applied for. Only Directors or Senior Management will have access to this information.
You may also be asked to provide equal opportunities information. This is not mandatory information – if you don’t provide it, it will not affect your application. This information will not be made available to any staff outside of Directors and Senior Management.
We might ask you to participate in tests or occupational personality profile questionnaires; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by Devonvale Limited.
If you are unsuccessful following assessment for the position you have applied for, we may ask if you would like your details to be retained in our talent pool for a period of up to 6 months . If you say yes, we would proactively contact you should any further suitable vacancies arise.
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You will therefore be required to provide:
Proof of your identity – you will be asked to attend our office with original documents, we will take copies. This is a requirement of the Asylum and Immigration Act.
Proof of your qualifications – you will be asked to attend our office with original documents, we will take copies.
You may be asked to complete a criminal records declaration to declare any unspent convictions.
We will contact your referees, using the details you provide in your application, directly to obtain references.
If we make a final offer, we will also ask you for the following:
Bank details – to process salary payments
Emergency contact details – so we know who to contact in case you have an emergency at work
Health information – we need to understand if you have any health / medical conditions that we should be aware of to ensure your well-being at work and to ensure we make any reasonable adjustments that may be necessary to support you.
The above is not a finite list and further details will be given and may be requested at the point of job offer or commencement of work.
Form of Application
The above covers whether the applicant has applied speculatively, directly, or via an advertisement, via a third party agency or a jobsite, such as Indeed.
We sometimes advertise through Indeed or other agencies and websites. They will collect application information and might ask you to complete a work related questionnaire, which is used to assess your suitability for the role you have applied for. We cannot be responsible for data held and kept by 3rd party agencies and websites. Information collected on Indeed will be retained for 6 months and then deleted.
Should you be successful in joining Devonvale you will be given information on your full GDPR rights and what information and data is held and for how long. An introduction to this is below.
GDPR PRIVACY NOTICE FOR STAFF
(Please note, the following is an extract from our ‘Privacy Notice for Staff’ and a full copy of the Privacy Notice will be provided on appointment. This only applies to employees of Devonvale Limited)
The Company collects and processes personal information, or personal data, relating to its employees, workers and contractors to manage the working relationship. This personal information may be held by the Company on paper or in electronic format.
The Company is committed to being transparent about how it handles your personal information, to protecting the privacy and security of your personal information and to meeting its data protection obligations under the General Data Protection Regulations (“GDPR”) and the Data Protection Act 2018. The purpose of this privacy notice is to make you aware of how and why we will collect and use your personal information both during and after your working relationship with the Company. We are required under the GDPR to notify you of the information contained in this privacy notice.
This privacy notice applies to all current and former employees, workers and contractors. It is non-contractual and does not form part of any employment contract, casual worker agreement, consultancy agreement or any other contract for services.
If you have any questions about this privacy notice or about how we handle your personal information, please contact Trudy Upham, Finance Director (firstname.lastname@example.org).
Data Protection Principles
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be;
Processed lawfully, fairly and in a transparent manner.
Collected only for legitimate purposes that have been clearly explained to you and not further processed in a way that is incompatible with those purposes.
Adequate, relevant and limited to what is necessary in relation to those purposes.
Accurate and, where necessary, kept up to date.
Kept in a form which permits your identification for no longer than is necessary for those purposes.
Processed in a way that ensures appropriate security of the data.
The Company is responsible for, and must be able to demonstrate compliance, with these principles.
What types of personal information do we collect about you?
Personal information is any information about an individual from which that person can be directly or indirectly identified. It doesn’t include anonymised data i.e where all identifying particulars have been removed.
The Company collects and processes a range of information about you. This includes (as applicable);
your name, address and contact details including email address, telephone number, date of birth and gender;
your CV/application form
the terms and conditions of your employment, including your job offer letter, contract of employment, casual workers agreement, statements of changes to employment or engagement terms and related correspondence;
details of your qualifications, skills, experience and employment history including start and end dates, with previous employers and with the Company;
information about your remuneration, including entitlement to benefits such as pensions;
details of your bank account and national insurance number;
information about your marital status, next of kin, dependents and emergency contacts;
information about your nationality and entitlement to work in the UK;
copy of your driving licence (if you are required to drive as part of your job);
details of your working pattern (days of work and working hours) and attendance at work (including clocking in/out records);
details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbaticals, and the reasons for the leave;
details of any disciplinary and grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
assessments of your performance, including probation reviews, performance reviews, training you have participated in, performance improvement plans and related correspondence;
information about medical and health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
any termination of employment or engagement documentation, including resignation letters, dismissal letters, redundancy letters, minutes of meetings, settlement agreements and related correspondence.
Details of how we collect your personal information, how and why we use it, who has access, how we protect your personal information, how long we keep it and your rights will be covered upon you joining us.
COMPLAINTS OR QUERIES
Devonvale Limited tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
This privacy notice was drafted with brevity and clarity in mind. We are happy to provide any additional information or explanation if needed. Any requests for this should be sent to the address below.
ESCALATING A COMPLAINT
If we do not deal with your request or complaint fairly and you feel that your personal data has been processed in such a way that does not meet the GDPR, you have the specific right to lodge a complaint with the relevant supervisory authority. The supervisory authority in the UK is the Information Commissioner’s Office. More information is available at: www.ico.org.uk
LINKS TO OTHER WEBSITES
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
CHANGES TO THIS PRIVACY NOTICE
We keep our privacy notice under regular review. This privacy notice is v1.1 and was last updated on 18th May 2018.
HOW TO CONTACT US
Devon EX14 1YD