1. Privacy Commitment
We are committed to protecting the personal information that you provide to us and being transparent about the information we hold. We abide by the General Data Protection Regulation (GDPR) and other applicable laws, and best practice guidance.
- How and why your personal information is collected
- How we will use that information
- How we secure your information
- Your choices regarding the information you provide to us
If you have any questions please address these to firstname.lastname@example.org
2. What Personal Information do we collect?
We collect only the personal information which you opt to give us through interaction with our business. This could include your name, email address, telephone number and details of your employer.
Where applying for a job with us and following employment, we may also hold information such as home address, date of birth, National Insurance number, emergency contact information, bank details and Curriculum Vitae (i.e. work history, qualifications and skills).
3. How is this Information Gathered?
Your information may be recorded following interaction with our business in one of the below ways:
- Enquiring about our activities and services
- Contacting us directly by email, telephone, post or in person
- Buying a product or service
- Submitting a CV or an application to a job vacancy
- Attending an interview or assessment
We may also gather and retain data about you when you:
- Visit our website
- Engage with us on platforms including Facebook, LinkedIn, Twitter or YouTube social media
- Interact with an email which we have sent to you
4. How do we use your Personal Information?
We may use your information for the following purposes:
- To process and facilitate transactions with us
- To manage our relationship with you
- To interact with users on social media platforms (Facebook, LinkedIn, Twitter or YouTube)
- To provide customer service and support or deal with enquiries
- To process any job applications you submit to us, whether directly or via an agent or recruiter
- To enable us to comply with laws, our policies and procedures, to enforce protect or defend, legal rights, or to protect the rights, property or safety of our employees and to share information with our legal advisors
- To protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud
We may utilise personal information when sending out enquiries, quotes, invoices, remittances or statements.
We will never use any of your contact details or other personal information collected for purposes of any general mailing lists, whether these are by post or electronic.
Where you are being recompensed in exchange for products or services, only those staff fully authorised and trained to process payments will have visibility of your bank details.
5. Protecting your Data
The security of your data is very important to us. We will securely store and manage your personal data. We have defined retention periods for your data based on the nature of the relationship we have with you.
Digitally held records are stored on a secured network. Where external companies are used to support and deliver IT services, Westerton ensures these companies have secure and GDPR compliant processes in place. Where paper records are held, these are locked on premises and accessible only by those with the appropriate authority.
Only relevant and trained staff will be able to see your information.
We will monitor our procedures and policies where required to make sure we aren’t holding onto your data longer than we should and that we only retain it for the purpose you gave it to us.
Where an interaction with Westerton involves the exchange of bank details, we will manage any transactions securely and in accordance with the Payment Industry Data Security Standard.
6. Third Party Sharing
We will never sell your data. We will not disclose information received from you to any unconnected third parties and we will not use it for purposes of any general mailing list of our own, be this by post or electronic.
We may need to share data with the police, legal or other advisors, courts, law enforcement agencies, regulators, government agencies where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law. This includes CCTV footage.
7. International Transfers of Your Personal Information
This section specifies the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
We and our other group companies have offices and facilities in the USA. We may pass our group companies your data to facilitate the services we provide you. Any data shared will be kept internal to our group, and governed by an intra company data sharing agreement obliging our group companies to provide appropriate safeguards and an adequate level of security for your personal data in order to protect you rights and freedoms. In this way, we have formed the view that your information, if passed to them, will have adequate protection.
The legal basis for processing your personal data outside of the EEA is the performance of a contract between you and us and, in certain circumstances, the transfer may be made on the basis that it is necessary for the purposes of our legitimate interests, namely our interest in managing and maintaining the goods and services you receive from us.
8. Retention Periods
Images and film taken of public and participants may be used for up to five years for marketing and publicity purposes by Westerton. After this point it will either be deleted or added to our archive accordingly.
If you submit correspondence to Westerton, we will retain your comments and details for up to 12 months from the original enquiry date.
If you apply for a job with Westerton, we will retain personal information throughout employment plus 6 years.
For unsuccessful applications, we retain personal information for 6 months from the closing date.
CCTV records will be kept for a maximum of 28 days before being deleted.
9. Your Options
We want to make it as easy as possible for you to update your preferences.
To update your contact preferences:
Where you believe we hold inaccurate information about you, please send an email to email@example.com specifying a request to change these details and we will amend them accordingly.
To request information held on you:
You can request this information by contacting firstname.lastname@example.org and specifying a request for the information held on you. We will respond in as timely a manner as able following receipt of your request.
Removal of your personal data:
If you wish for us to remove your details from our database, please send an email to email@example.com and we will take appropriate action to ensure your details are removed from our records.
We may also send an email to you to let you know of any updates if we think it’s important that you know of the changes.
If you need any further guidance on General Data Protection Laws, please look at the following links: