Privacy Policy & Data Processing Agreement

Effective 1st February 2020

 

Introduction:

This privacy notice provides you with details of how we collect and process your personal data. Mary Gregory Ltd. acts as both the Controller and Processor of your personal data and are responsible for that data as laid out in this policy.

 The aim of this Policy is to:

  1. Ensure that you understand what personal data we collect about you, the reasons why we collect and use it and who we share it with.

  2. Explain the way we use the personal data that you share with us. 

  3. Explain your rights and choices in relation to the personal data we collect and process about you 

  4. Explain how we will protect your privacy.

 The Definitions:

There are some specific roles regarding data management under GDPR, this is how we have applied those roles.

Controller

The Controller transfers Personal Data. 

The Data Controller is Mary Gregory Ltd.

Processor

The Processor receives data and manages. 

The Processor is: Mary Gregory Ltd

Sub Processors

Third party providers with whom we share your data to provide our service to you. Sub Processors are disclosed below. All third parties used by Mary Gregory Ltd are, to the best of our knowledge, GDPR compliant.

Data Subjects

The Personal Data transferred includes but is not limited to the following categories of Data Subjects: 

·      Individuals about whom data is stored

Contact Details:

Mary Gregory Ltd is a private limited company registered in England number 10411848.  

Registered Office: 5 Royal Quay, UB9 6FG.

Email: hello@marygregory.com        

Telephone:  07973431646

It is important that the information we hold is accurate and up to date. Please let us know if you change your personal information by emailing hello@marygregory.com at any time.

 

Data:

Personal data means any information capable of identifying an individual. We store data that enables us to communicate with you in reasonable pursuit of our business, this includes but is not limited to your name, email, telephone number and social profiles. We hold this for the purpose of communicating with you.

Communication Data we hold includes any communication that you send to us through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. 

Customer Data we hold includes data relating to any purchases of goods and/or services such as your name, title, billing address, delivery address email address, phone number, contact details, and purchase details. We do not store credit card or bank account details. We process this data to supply the goods and/or services you have purchased and to keep records of such transactions. 

User Data we may hold data about how you use our website and any data that you post for publication on our website or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back- ups of our website and/or databases and to enable publication and administration of our website, other online services and business. 

Technical Data we may hold data about your use of our website and online services such as, but not limited to, your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, and the devices you use to access our website. The source of this data is from our analytics tracking systems. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising.  

Marketing Data we hold includes data about your preferences in receiving marketing from us and your communication preferences. We process this data to enable us to send you relevant information and you to stay informed and partake in our promotions, whether free or paid for. 

‘Cookies’  We use cookies, pixels, and other technologies to recognise your browser or device, learn more about your interests, and provide you with essential features and services and for additional purposes, including, but not limited to, marketing information, offers and reporting.

Sensitive Data:  Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any Sensitive Data about you.

We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary. We may process your personal data without your knowledge or consent where this is required or permitted by law.

Marketing Communications:

Under the Privacy and Electronic Communications Regulations (PECR), we may send you marketing communications if (i) you made a purchase or asked for information from us about our goods or services or (ii) you agreed to receive marketing communications, and, in each case,  you have not subsequently opted out of receiving such communications. Under these regulations, if you are a limited company, we may send you marketing emails without your consent. However, you can still opt out of receiving marketing emails from us at any time.

We do not share your personal data with any third party for their own marketing purposes unless we have your express consent.

You can ask us to stop sending you marketing messages at any time by clicking on the ‘Unsubscribe’ links in any of the emails we send to you, or by emailing hello@marygregory.com.

If you opt out of receiving marketing communications this opt-out does not apply to personal data provided as a result of other transactions, such as purchases, warranty registrations etc. We may send you communications regarding your purchase.

Disclosure of Sub Processors:

The Data Controller – Mary Gregory Ltd, may share your data with the sub processors listed below to process data in pursuit of its legal business activity.

Current sub-processors include:  Cognadev Values Orientation, Strengthscope Leader, Team and 360Basecamp, OPP MBTI Type Preferences, Paypal, Stripe, GoCardless, Facebook, Google.

If we use a third party service providers are based outside the European Economic Area (EEA) their processing of your personal data will involve a transfer of data outside the EEA. Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of security of data.  We may request your explicit consent to that specific transfer. You will have the right to withdraw this consent at any time.

In addition, your data may be shared with professional advisers, including lawyers, bankers, auditors and insurers and Government bodies that require us to report processing activities.

We require all third parties to whom we transfer your data  for processing to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

Data Processor Obligations

We confirm we will process your personal data and take steps to ensure that any person acting under our authority who has access to your personal data does not process your personal data except on our instructions. 

We will inform you, if in the Processor’s opinion, any of the instructions regarding the processing of your personal data breach any applicable data protection laws.

We will ensure that all employees, agents, officers and contractors involved in the handling your personal data: (i) are aware of the confidential nature of your personal data and are contractually bound to keep your personal data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this agreement .

We implement appropriate technical and organisational procedures to protect your personal data, this includes security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed without authorisation. We also allow access to your personal data only to those employees and partners who have a business that needs to know such data. They must keep it confidential.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach without undue delay if we are legally required to.

We have procedures in place to deal with any suspected data breach without undue delay and within 72 hours of discovery. We will also inform any applicable regulator of a breach without undue delay if we are legally required to. This includes any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access to any of your personal data. 

We will take all commercially reasonable measures to secure your personal data, to limit the effects of any data breach and meet the Controller’s obligations under applicable law.

Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, this includes the purposes of meeting any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.

You have the right to request your personal data is erased, (also known as the right to be forgotten), in the following circumstances:

  1. Your personal data is no longer necessary for the purpose which you originally shared it.

  2. You wish to withdraw your consent for us to hold your data unless we are legally obligated to do so.

  3. We are solely processing your personal data for direct marketing purposes and you object to that processing.

For tax purposes, the law requires us to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they stop being customers.

In some circumstances we may anonymise your personal data for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your Rights:

Under data protection laws you have rights in relation to your personal data that include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.

Should you exercise these rights you will not be charged for access to your personal data. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We reserve the right to charge for or refuse excessive, repetitive or unfounded requests.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). 

If you are unhappy or have a complaint about the way we handle or store your personal data, we would be grateful if you could contact us first so that we can try to resolve it for you.

That’s All

If you have any questions or need information, please contact hello@marygregory.com

Thank you and we look forward to our continued relationship

This policy was agreed by Mary Gregory, MD, Mary Gregory Ltd and accepted across the business with effect from 1st February 2020.