COLBOURNS PRIVACY NOTICE


Colbourns limited takes data privacy very seriously and this notice is designed to help you understand how we use your personal information.
We encourage you to read the whole notice. Alternatively, if you wish to read about specific privacy practices that interest you, please click on the relevant links below.

THE PURPOSE OF THIS PRIVACY POLICY

1. Identity
2. Our use of personal information
3. This privacy notice
4. Updating this privacy notice
5. What is personal information?
6. Our responsibility to you
7. Data protection officer

YOUR PERSONAL INFORMATION

8. Why are we collecting personal information about you?
9. What personal information do we collect about you?
10. Where do we collect your personal information from?

OUR USE OF YOUR PERSONAL INFORMATION

11. How do we use your personal information?
12. Consent
13. Do we share your information with anyone else?

OTHER IMPORTANT THINGS YOU SHOULD KNOW

14. Keeping your personal information safe
15. Profiling and automated decision making
16. How long do we keep your personal information?
17. Cross border transfers of your personal information
18. Local differences

YOUR RIGHTS
19. Contacting us and your rights
20. Your right to complain

THE PURPOSE OF THIS PRIVACY NOTICE

1. Identity
We are Colbourns Ltd

(registered office: 147a High Street, Waltham Cross, Hertfordshire, EN 8 7 AP).

2. Our use of personal information
We are a producer and retailer of rugs and carpets.

In common with most global businesses, we collect, use and share information, including personal information, in connection with providing our services and running our business.

3. This privacy notice

This is our main general privacy notice that applies across our business, although we may publish additional privacy statements that apply to:

  • our operations in specific countries in order to help ensure our compliance with local data protection requirements
  • specific services that we offer to our clients from time to time
    If an additional privacy statement is relevant to you because of the way in which you engage with us and there is a conflict between the information set out in this notice and the additional privacy statement, then the additional privacy statement will take precedence over the information set out in this notice.

We have a separate privacy notice that sets out how we process the personal information of our staff, which current and former members of staff should refer to.

4. Updating this privacy notice

This notice may be updated from time to time. This version is dated 20th December 2018.

5. What is personal information?

Personal information is information that relates to you or allows us to identify you. This includes obvious things like your name, address and telephone number but can also include less obvious things like your attendance at a board meeting or analysis of your use of our websites.
There are different types of personal information. The most important types for you to know about are:

  • Special categories of personal information: these categories of personal information often have additional protection under data protection laws around the world. These categories include information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership, your genetic data and biometric data, and information concerning your sex life or sexual orientation
  • Criminal convictions information: this is information relating to your criminal convictions and offences. Local data protection laws may restrict the way in which we can use this information when compared to, for example, your name and address.

6. Our responsibility to you

We process your personal information in our capacity as a controller. This means that we are responsible for ensuring that we comply with relevant data protection laws when processing your personal information.

7. Data protection officer

We have a data protection officer whose job is to oversee our data protection compliance. You can contact our data protection officer by sending:

  • an email to info@colbourns.com
  • a letter to: The Data Protection Officer, Colbourns Ltd, Studio 1, 140, Fairbank Studios, Lots Rd, Chelsea, London SW10 0NS

YOUR PERSONAL INFORMATION

8. Why are we collecting personal information about you?

We only collect personal information about you in connection with providing our services and running our business. We will hold information about you if:

  • you are a client, a representative of a client, or the beneficial owner of a client
  • your information is provided to us by a client or others, or we otherwise obtain your information, in connection with our role as a producer or retailer of goods.
  • you are an applicant for a job with us

9. What personal information do we collect about you?
The types of information we process about you may include:

Types of Personal Information

Individual details
Name, address (including proof of address), other contact details (e.g. email and telephone numbers), gender, marital status, date and place of birth, nationality, employer, job title and employment history, and family details, including their relationship to you

Identification details >
Identification numbers issued by government bodies or agencies, such as your national insurance number, passport number, tax identification number and driving licence number

Financial information >
Bank account or payment card details, income or other financial information

Credit, anti-fraud and sanctions data >
Credit history, credit score and information received from various anti-fraud and sanctions databases relating to you

Special categories of personal information >
Information about your health, racial or ethnic origin, political opinions, religious or philosophical beliefs and trade union membership; your genetic and biometric data; and information about your sex life or sexual orientation

Identifiers >
Information which can be traced back to you, such as an IP address, a website tracking code or electronic images of you

10. Where do we collect your personal information from?
We collect your personal information from various sources, including:

  • you
  • your employer
  • our clients and our service providers
  • other third parties.
  • credit reference agencies
  • anti-fraud databases, sanctions lists, court judgements and other databases
  • government agencies and publicly accessible registers or sources of information
    by actively obtaining your personal information ourselves, for example through the use of website tracking devices

Which of the sources apply to you will depend on why we are collecting your personal information. Where we obtain your information from a third party, in particular your employer or our client, we may ask them to provide you with a copy of this privacy notice (or a shortened version of it) to ensure you know we are processing your information and the reasons why.

OUR USE OF YOUR PERSONAL INFORMATION

11. How do we use your personal information?
In this section we set out in more detail:

  • the main purposes for which we use your personal information
  • the legal bases upon which we are using your personal information

Purpose:

Know Your Client and other legal obligations
We obtain information about our clients and their representatives and beneficial owners and others to help us comply with legislation on money laundering, terrorist financing, and sanctions.
We also collect and disclose personal information under applicable legislation. Our disclosures will be to those bodies and persons who are entitled to receive the required information.
In some cases, this information will include special categories of personal data and criminal convictions data.

Legal Basis:

For all information – compliance with a legal obligation.
For special category and criminal data – preventing or detecting unlawful acts, and suspicion of terrorist financing or financing or money laundering.

Purpose:

Service providers

We collect information about you in connection with your provision of services to us or your position as a representative of a provider of services to us. We do not generally look to collect special categories of personal data and criminal convictions data for this purpose, other than where we are required to do so to meet our legal obligations (see ‘Know Your Client and other legal obligations’ above).

Legal Basis:

Legitimate interests.
We have a legitimate interest in contacting and dealing with individuals involved in providing services to us.

Purpose:
Events
If you wish to attend our events , we ask you to provide us with a limited amount of information (normally your work contact details, your employer’s name, your job title, and the area of interest). We use this information in order to communicate with you about our events to ensure that you are an appropriate audience for them, and to conduct analysis for marketing purposes.
We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.
(Please also see ‘Marketing’ below.)

Legal Basis:
For communications with you – legitimate interests.
We have a legitimate interest in keeping you informed about events and developments in our business.
When we send you marketing communications, there are separate laws regarding market communications that we adhere to, in addition to data protection laws.
You may opt out of receiving marketing communications from us at any time, and each communication we send provides a straightforward means of doing so.

For all other purposes – legitimate interests.
Our events and updates are intended primarily for clients and potential clients. We have a legitimate interest in confirming that our seminars and updates are being made available to their intended audience. We also have a legitimate interest in understanding your use of our events and whether this presents any opportunity for us to improve the services we offer to you.

Purpose:
Marketing
We use relationship management software to understand the strength of our relationship with our clients and potential clients, which includes individual representatives of those clients – for example records of frequency of contact with those individuals.
Where we have an opportunity to pitch for work, we may obtain information about relevant decision makers in order to improve the prospects of our pitch being successful. This information may come from a variety of public databases.
As part of our marketing analysis, we track how you interact with our marketing activities – in particular whether you click on any of the links in our marketing materials. We are able to record this information against your email address by placing ‘cookies’ on your device. You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons. For more information on how we use cookies, please see our separate cookies notice.
We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.

Legal Basis:
Legitimate interests.

We have a legitimate interest in understanding our relationship with our clients and potential clients. Using the frequency of your contact with our firm and analysing how you interact with our marketing activities is a reasonable means of doing so.
We also have a legitimate interest in understanding relevant information about you where you are likely to be involved in deciding whether we are awarded work.

Purpose:
Visitors to our website

A number of facilities on our website invite you to provide us with your personal information. Where you provide us with information, we will only use it for the purpose for which it has been provided by you.
Our website uses a small number of non-intrusive cookies to help them work more efficiently and to provide us with information on how the website is being used. In particular, the site uses Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing ‘cookies’ on your device. Note that Google will also have its own control of this information, and will hold it on its servers in the United States in accordance with its own privacy policies.
You can control cookies through the settings or preferences of your browser, as well as through dedicated browser extensions or add-ons. We do not generally look to collect special categories of personal data and criminal convictions data on our website.

Legal Basis:
Legitimate interests.
We have a legitimate interest in providing to you the facilities on our website that you have requested and in understanding how our website is used and the relative popularity of the content on our website.

Purpose:
Visitors to our offices

We have security measures in place at our offices, which include building access controls and may include CCTV. Images captured by CCTV are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft).
We require visitors to our offices to sign in at reception and we keep a record of visitors for a short period of time. Our visitor records are securely stored and only accessible on a need to know basis (e.g. to look into an incident).
We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.

Legal Basis:
Legitimate interests.
We have a legitimate interest in making sure our offices, and the people that visit and work at our offices, are safe and secure.

Purpose:
Staff Recruitment

We ask you to provide personal information to us as part of your job application. We will also conduct checks in order to verify your identity and the information in your application, and obtain further information about your suitability for a role within our business. This may include obtaining information from regulators, the electoral role and the Disclosure and Barring Service. In some cases, this information will include special categories of personal data and criminal convictions data.

Legal Basis
For all information – legitimate interests
.
We have a legitimate interest in knowing the identity and background of the individuals we employ to ensure we have the appropriate staff to comply with our various legal and regulatory obligations and ethical duties.
For special category data and criminal data – employment protection.

Previous employees.

We use personal information of former staff members to keep in touch with them either where we have a legal or contractual obligation to do so, to assist us in answering queries about firm matters they may know about, or to keep them up to date with firm news and developments that may be of interest to them, where they have asked us to do so.
We do not generally look to collect special categories of personal data and criminal convictions data for this purpose.

Purpose:
For all previous employee purposes (other than keeping up to date with firm news) – compliance with a legal obligation or legitimate interests.
We have a legitimate interest in properly dealing with firm matters.
For keeping previous employees up to date with firm news.

12. Consent

We do not generally process your personal information based on your consent (as we can usually rely on another legal basis). Where we do process your personal information based on your consent, you have the right to withdraw your consent at any time.
To withdraw your consent please email us at info@colbourns.com or, to stop receiving our marketing emails or firm news, please click on the unsubscribe link in the relevant email you receive from us.

13. Do we share your information with anyone else?

We do not sell your information nor make it generally available to others. But we do share your information in the following circumstances:

  • our business is made up of a number of different entities around the world. Where it is necessary or appropriate for the purposes for which we hold your information, we share your relevant information across our network of offices. All of our offices and entities manage your personal information in the manner and to the standards set out in this notice, subject to any local jurisdictional compliance requirements
  • if you are a client or you are a representative or beneficial owner of a client, then we might provide your relevant information to search companies so they can verify your identity
  • in the course of providing our services, we may require the assistance of various external providers of professional services .The use of these services might involve the service provider receiving your relevant information from us
  • where we have collected your personal information in respect of a transaction, we may provide your personal information to the client or to other parties involved in the matter – for example, another party’s legal advisers – where it is necessary for us to do so in relation to the matter
  • we use the services of various external companies to help us run our business efficiently, particularly in relation to our IT systems. Some of these services (such as email hosting and data backups) involve the service provider holding and using your personal information
  • where we use external companies to organise or host events for us, we may need to provide these service providers with your relevant information
  • if we sell our business, then your information will be transferred to the new owner to enable the continuation of the business
  • we share your personal information with other third parties, such as relevant regulators, where we are required to do so to comply with legal or regulatory requirements

In each case where we share your information with one of our service providers, the service provider is required to keep it safe and secure. They are also not permitted to use your information for their own purposes.

OTHER IMPORTANT THINGS YOU SHOULD KNOW

14. Keeping your personal information safe

We take security issues seriously. We implement appropriate steps to help maintain the security of our information systems and processes and prevent the accidental destruction, loss or unauthorised disclosure of the personal information we process.

15. Profiling and automated decision making

We do not use profiling (where an electronic system uses personal information to try and predict something about you) or automated decision making (where an electronic system uses personal information to make a decision about you without human intervention).

16. How long do we keep your personal information?

We do not keep your personal information forever.
We keep your personal information in accordance with our global data retention policy which categorises all of the information held by us and specifies the appropriate retention period for each category of information. Those periods are based on the requirements of relevant data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, limitation periods for taking legal action, good practice and our business purposes.

17. Cross border transfers of your personal information
We are a global business that provides cross-jurisdictional services to our clients.
The global nature of our business means that your personal information may well be transferred across national boundaries, including, potentially, to countries that do not require organisations by law to look after your personal information in the way in which you have come to expect in your own country.
Where we transfer your personal information across national boundaries, we will protect your personal information by ensuring that those transfers are made in compliance with all relevant data protection laws.
Generally, this means where we transfer your personal information to a third party that is located in a country which does not have adequate privacy protection, we will put in place a contract with the third party that includes the standard international data transfer contractual terms approved by the European Commission.
We also have in place a global data protection policy which we follow worldwide and which is based on EU data protection principles.
If you would like further details of how your personal information is protected when transferred from one country to another then please email us at info@colbourns.com

18. Local differences


Whilst this notice describes the data protection practices adopted by us generally across the world, local data protection laws vary and some countries may place restrictions on our processing activities. This means our actual data protection practices in certain countries may vary from those described here in order to help us ensure we comply with local requirements.

YOUR RIGHTS

19. Contacting us and your rights
If you have any questions in relation to our use of your personal information, please email us at info@colbourns.com

Under certain conditions, you may have the right to require us to:

  • provide you with further details on the use we make of your personal information
  • provide you with a copy of the personal information we hold about you
  • update any inaccuracies in the personal information we hold about you
  • delete any of your personal information that we no longer have a lawful ground to use
  • where processing is based on consent, stop that particular processing by withdrawing your consent
  • object to any processing based on our legitimate interests unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
  • restrict how we use your personal information whilst a complaint is being investigated
  • transfer your personal information to a third party in a standardised machine-readable format

In certain circumstances, we may need to restrict your rights in order to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege).

We are obliged to keep your personal information accurate and up to date. Please help us to do this by advising us of any changes to your personal information.

20. Your right to complain
If you are not satisfied with our use of your personal information or our response to any request by you to exercise your rights, or if you think that we have breached any relevant data protection laws, then you have the right to complain to the authority that supervises our processing of your personal information or, where you are based in the EU, the data protection authority in your country.
We view the UK data protection regulator, the Information Commissioner’s Office (ICO), as our lead data protection supervisory authority. Details of the ICO can be found at https://ico.org.uk.
If you are unsure of the authority that supervises our processing of your personal information then please email us at info@colbourns.com

COLBOURNS LTD.