Personal Data means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Caudwell appreciates that protection of your privacy is very important to you. This Privacy Notice sets out the data which Caudwell collects about you and how it is used and applies to our website at www.1mayfair.com (the Website) and to any other dealings which we may have with you.
Caudwell (Caudwell Ltd, Hanover Court, Hanover Street, Newcastle – Under – Lyme, Staffordshire, ST5 1HE) (we or us) is the data controller in respect of your personal data
(hereinafter “you” or “your“). Caudwell intends to process your personal data in a transparent and lawful way. Personal data is any information relating to an identified or identifiable natural person. Your name, address, phone number and email address are examples of personal data. In all circumstances the Company aims to process personal data according to the following principles:
- Transparency: Personal data is used fairly, lawfully, and transparently.
- Limited Use: Personal data is collected for a specific and legitimate business purpose and used in a manner that is compatible with for that purpose. We securely dispose of it when it is no longer needed.
- Data Minimisation: Only relevant data– not excessive amounts – is collected or used.
- Accuracy: We aim to keep personal data accurate and up to date.
- Security and Limited Access: Personal data is stored securely and is shared only with those individuals who need the data to accomplish a business objective.
This Privacy Notice is intended to provide you with some information regarding how your personal data will be collected, used, shared, and protected by the Company, which is described in greater detail in the sections below.
2. Who is the relevant “controller” of your personal data?
Our intention is to comply with applicable data protection laws, including the EU General Data Protection Regulation (“GDPR“) and applicable local laws. The Company is the data controller of your personal data processed by us, and can be contacted here: 38 Park Street, London, W1K 2JF; firstname.lastname@example.org
3. What data is being collected or gathered?
The Company processes your personal data in order to send you our newsletter and for you to be able to receive commercial communications from the Company, Caudwell and their affiliates, as described further in Section 4 below. We do not collect personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic data, biometric data in order to uniquely identify a person or data concerning health or sex life and sexual orientation.
To achieve these purposes, the Company will only collect and process the following personal data:
First name, last name, nationality, address, email address and telephone number.
4. How is the data being processed?
Processing of your personal data by the Company will always be based on legitimate grounds. The Company will be processing your personal data described above for the following purposes and under the following legal bases:
Your personal data will be collected and processed by the Company to manage our relationships with clients. In order to be able to send you our offers and our newsletters, we need to collect your personal data. We will not use your personal data for decisions based solely on automated processing if the decision produces legal effects concerning you or significantly affects you, unless you gave your explicit consent for this processing.
Your personal data may also be processed in connection with any legal proceedings or prospective legal proceedings, in order for the Company to establish, exercise or defend its legal rights, or in order to fulfill legal obligations, including but not limited to after a request from a competent administrative or judicial authority or in any circumstance where such processing is requested pursuant to applicable laws.
The Company will process your personal data identified above for our legitimate business interests around administering our relationships with clients and to maintain up to date our client database. The company will also process your personal data to comply with our legal obligation and, in particular, to comply with your rights as data subjects and your opt-out requests.
5. Who has access to your personal data?
The Company limits who has access to the personal data in our possession to only those who need it for a legitimate business purpose. Personal data is shared on a “need to know” basis. Only those individuals who need the data to accomplish a business objective should have access to personal data, and only for as long as they need it to accomplish the objective. Individual recipients are not authorised to share personal data with other employees or third parties unless that sharing is authorised and complies with all applicable Company policies. Specifically, we anticipate that the following categories of recipients will have access to your personal data, for the purposes listed below:
- Caudwell entities and, in particular, the Company and Caudwell affiliates to administer and manage the client relationships and intragroup organisation.
- Salesforce our CRM provider.
- Our potential technical service providers.
The Company may engage third party vendors to assist in processing personal data from time to time. The Company will pass on to any such vendor its obligations under the applicable data privacy law, require that the vendor secure the data, and provide additional notice as required by law. We will not sell, distribute or lease your personal data to third parties unless we have your permission or are required by law to do so.
Some of the recipients noted above might be located outside the European Economic Area (“EEA“). As described in Section 6 below, appropriate safeguards have been implemented to cover such transfers to recipients who will comply with all applicable laws and regulations.
6.Where is the data being transferred? On what legal grounds?
For EEA data subjects, your personal data may be transferred outside the EEA for the purposes listed above pursuant to EU Standard Contractual Clauses, Privacy Shield, or another legally binding and permissible arrangement. Such transfers will be compliant with all applicable laws and regulations.
7. Data Security.
We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical and organisational measures to safeguard and secure the personal data we process. We employ a suite of various IT security tools in order to safeguard personal data, restrict access to the data, and have physical and organisational security measures in place to prevent unauthorised or unlawful access to personal data and accidental loss, destruction, or damage to personal data. The Company also maintains an inventory of personal data and evaluates the protections that we have in place for that data to ensure that our security measures are tailored to the sensitivity of the data.
In addition, as described in Section 5 above, the Company has carefully limited access to your personal data only to those individuals who need access to it in order to fulfill their assigned roles, and only to the extent that they need such access. Only those individuals who need the data to accomplish a business objective should have access to personal data, and only for as long as they need it to accomplish the objective. Employees are not authorised to share personal data with other employees or third parties unless that sharing is authorised and complies with this Policy.
If, despite all our efforts, a data breach does occur, we shall do everything in our power to limit the damage. In case of a data breach which is likely to result in a high risk, and depending on the circumstances, we will inform you about remedial actions to prevent any further damage. We always inform the relevant supervisory authority or authorities without undue delay.
8. Data Retention information.
The Company strives to only store your personal for as long as necessary for the purpose for which we have processed it, and to dispose of it securely once that purpose has been fulfilled. Your personal contact data will only be retained 3 years from the last contact with you. In certain circumstances we may have to retain your personal data for a longer period to comply with a legal obligation or with a request from a public authority. In these events, we will delete or anonymise your personal data as soon as we have complied with our legal obligation or with the public authority request. The retention periods are established considering legitimate business purposes, according to the local regulations.
9. Data subject rights.
If you are located within the EEA, you may also have the right to:
- Request that your personal data be erased if you believe that one of the following applies: (i) the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (ii) the personal data has been unlawfully processed; (iii) the personal data has to be erased for compliance with a legal obligation under a law to which the controller is subject; (iv) you have objected to the processing and there is no other legal ground for the processing;
- Under certain circumstances and in relation to certain personal data only, receive your personal data in a structured, commonly used, and machine-readable format, as well as the right to transmit the data to another controller without hindrance;
- Restrict the processing where one of the following applies: (i) you have contested the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data; (ii) the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead; (iii) the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims; (iv) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject;
- to lodge a complaint with the supervisory authority, if you believe that your personal data have been processed unlawfully;
- to withdraw your consent, where the processing of your personal data is based on your consent;
- Define directives on the fate of your personal data after death.
The Company is committed to ensuring your data is protected from misuse. If you think your data and information have been used in violation of the laws, regulations, or the applicable data protection provisions, please alert the Company and it will assist you.
Example for instructions on how to remove cookies from your browser, please click here.
In particular, if you do not want to receive marketing communications from us, you can opt-out to these processing operations in contacting us at email@example.com
Any other requests, including those regarding the exercise of such rights, and questions can be directed to firstname.lastname@example.org
Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies are small pieces of data stored on a User’s device.
Data Controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of Caudwell.com, Caudwell is the Data Controller of your data.
Data Processor (or Service Providers)
Data Processor (or Service Provider) means any person (other than an employee of the Data Controller) who processes the data on behalf of the Data Controller.
We may use the services of various Service Providers in order to process your data more effectively.
Data Subject is any living individual who is the subject of Personal Data.
The User is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.