We are committed to safeguarding the privacy of our website visitors and prospective customers and customers; in this policy we explain how we will handle your personal data.
Credit: This document was created using a template from SEQ Legal (http://www.seqlegal.com).
1 – Where did we obtain your personal data?
Visiting this website (automatically collected):
We log the IP address, geographical location, browser type / version and operating system as well as a timestamp on our server log.
Our security software (third party provider) automatically collects search queries and the date and time of the request and referral URL. Depending on the settings of the device, it also automatically collects: IP address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device.
Personal data that we may wish to collect from you;
Name, address including post-code, telephone number, email address.
Should you pay your account by card over the telephone, we require your card details to process payments.
Your personal data is stored on our database to enable deliveries to be made. Your Transaction Data, i.e. card details, are not stored and will be required each time a payment is made by telephone.
If you send us an email, the email will contain meta data (this may include name, email address along with a time stamp) and any other information you choose to share with us. It is your responsibility to make sure that your email and attachments are virus free and sent from a reputable provider otherwise we may not receive these due to our spam filters.
Your telephone number will get logged on our device if you call us (unless you withheld your number). You may also choose to leave a voicemail. All call logs and voicemails are routinely deleted.
2 – How we use your personal data
We will process your personal and transaction data for the performance of a contract between you and us and/or taking steps (e.g. providing a quote or contacting us via telephone, email ), at your request, to enter into such a contract to provide goods or services.
We process personal data in order to comply with our legal obligations for HMRC. This includes internal record keeping such as customer accounts, invoices and purchases.
We will process your personal data for certain legitimate business interests which include some or all of the following:
- IP addresses are logged when visiting the website for monitoring and security of our website
- General correspondence data including emails, text messages, social media posts / messages or any other communication method may include meta data and any information you choose to share with us for the purposes of general business communication and internal record keeping
- Contacting customers to recover outstanding payments and debts in the interest of our business
- We may process any of your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure for the protection and assertion of our legal rights
- Our security software (third party provider) uses personal data that is automatically collected when visiting this website for the purposes of keeping our website secure (see section 1 “Visiting this website” for details)
3 – Your personal data, your choice…
Providing us with your personal data for the purposes above is a contractual requirement and you are obliged to provide this information.
It is your choice on whether to provide personal data, but please be aware that without the required personal data, we may not be able to take steps to enter into a contract or provide further details.
4 – Providing your personal data to third parties
We do not authorise any third parties to access our emails without our permission.
Barclaycard provide the payment software for processing card payments. They may process your information for counter fraud and anti money laundering purposes.
Professional advisors or insurance:
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
We may disclose personal data including name, address, email address, telephone number and invoice data to our accountant who’s acting on our behalf, insofar as reasonably necessary for completing our accounts and tax reporting obligations to HMRC.
Security Software Provider (for our website):
We disclose to our security software provider data automatically collected when using our website for the purposes of security. It automatically collects search queries and the date and time of the request and referral URL. Depending on the settings of the device, it also automatically collects: IP address; MAC address; Device make, model and operating system version; mobile network information; internet service provider; browser type and language; country and time zone in which the Device is located; and metadata stored on the Device.
Suppliers or subcontractors:
We may disclose personal data including name, address, email address, and telephone number to our suppliers or subcontractors insofar as reasonably necessary for providing a service or product on our behalf. The supplier or subcontractor is only permitted to use your data to perform the required business function necessary in providing the service or product on our behalf.
In addition to the specific disclosures of personal data set out in Section 4, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
5 – International transfers of your personal data
In this Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
The hosting facilities for our website and emails are situated in United Kingdom. We have a data processing agreement in place with our third party service provider.
Our website security provider is situated in the USA. Transfers to this country will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
For suppliers or third party service providers that are situated in the United Kingdom or EU. The European Commission has made an “adequacy decision” with respect to the data protection laws of each of these countries. We have a data processing agreement in place with our suppliers or third party service providers.
6 – Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Contractual necessity: we will keep written contracts and certain personal data required to provide service(s) and / or good(s) for up to 7 years after termination. (and personal data relating to them) may be retained for up to 6 months.
Legal obligation: personal data will be kept for 7 years to comply with HMRC tax reporting and record keeping obligations.
Legitimate Interests: where the lawful basis of our processing is based on legitimate interests we will retain your personal data for:
- Server log data is kept for up to 24 hours from the time of last visiting our website (deleted automatically)
- Correspondence data will be kept for as long as necessary for responding to enquiries, internal records or defending ourselves against legal claims
- Personal data in relation to recovering debts and payments will be kept as long as necessary (and will be retained under legal obligation for 7 years)
- IP addresses and other metadata (specified in section 1 of “visiting this website”) used by our third party website security provider will be retained for as long as required
7 – Security
We use an SSL (secure socket layer) certificate on our website (you can see this by the “green padlock” in your browser). This encrypts the link between the website server and the end user.
Our emails are sent using SSL connection over SMTP. However emails cannot be 100% secure, this is due to the way the internet works. We cannot accept responsibility as it’s out of our control.
We ensure suitable physical and technical security measures are in place for business systems we use and the storage of personal data.
8 – Amendments to this policy
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
9 – Your rights
In this Section 9, we have summarised the rights that you have under data protection law.
The right to access your personal data:
You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.
The right to rectification:
You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
The right to erasure:
In some circumstances you have the right to the erasure of your personal data without undue delay. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
The right to restrict processing:
In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
The right to object to processing:
You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
The right to data portability:
To the extent that the legal basis for our processing of your personal data is consent or for the performance of a contract (or taking steps to enter into a contract), and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
The right to complain to a supervisory authority:
If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority. In the UK it is the Information Commissioners Office – https://ico.org.uk/ who are responsible for data protection enforcement.
You may exercise any of your rights in relation to your personal data by written notice to us – either by our mailing address or emailing firstname.lastname@example.org
10 – Cookies
11 – Our details
This website is owned and operated by Teme Dairy Ltd.
You can contact our data representative – David Loveys, using the following details;
Mail address: Unit 5 Tenbury Wells Business Park, Tenbury Wells, Worcestershire, WR15 8FA.
Phone number: 01584 811857
Email address: email@example.com