Privacy notice

Last updated: 25 March 2021

www.the57triangles.co.uk (‘Website’) is provided by paul Crotty, trading as Fiftyseven Business Services (‘I’/’me’/’my’). In doing so, I may be in a position to receive and process personal information relating to you. As the controller of this information, I’m providing this Privacy Notice (‘Notice’) to explain my approach to personal information.

I intend only to process personal information fairly and transparently as required by data protection law including the General Data Protection Regulation (GDPR). In particular, before obtaining information from you (including through use of cookies) I intend to alert you to this Notice, let you know how I intend to process the information (including through use of cookies) and that I’ll only process the information as permitted by law. The GDPR also defines certain ‘special categories’ of personal information that’s considered more sensitive. These categories require a higher level of protection, as explained below.

Of course, you may browse parts of this Website without providing any information about yourself and without accepting cookies. In that case, it’s unlikely I’ll possess and process any information relating to you.

I’ll start this Notice by setting out the conditions I must satisfy before processing your data. However, you may wish to start with the table at clause 4, which summarises what I intend to collect, or the table at clause 8.5, which summarises my use of cookies. The Notice also explains some of the security measures I take to protect your personal information, and tells you certain things I will or won’t do.

Sometimes, when you take a new service or product from me, or discuss taking a new service or product but decide against it, I might wish to provide you with further information about similar services or products by email or other written electronic communication. In that situation, I will always give you the opportunity to refuse to receive that further information and if you change your mind please let me know. I’ll endeavour to remind you of your right to opt-out on each occasion that I provide such information.

  1. Identity and contact details

1.1            Place of business: 45 Eastfield Road, Duston, Northampton, Northamptonshire, NN5 6TG

1.2            paultcrotty@btinternet.com

  1. When I’m allowed to collect information from you

I will only collect personal information relating to you if one of the following conditions has been satisfied:

2.1            You have clearly told me that you are content for me to collect that information for the particular purpose or purposes that I will have specified.

2.2            The processing is necessary for the performance of a contract that I have with you.

2.3            The processing is necessary so that I can comply with the law.

2.4            The processing is necessary to protect someone’s life.

2.5            The processing is necessary for the performance of a task that’s in the public interest.

2.6            The processing is necessary for my or another’s legitimate interests – but in this case, I’ll balance those interests against your interests.

  1. How to consent

3.1            If I need your consent to collect and use certain information, I’ll provide you with the opportunity to tell me that you’re happy to provide that information at the point of collecting it.

3.2            If at any point in time you change your mind and decide that you want to withdraw your consent, please let me know and I’ll endeavour to stop processing your information in the specified manner, or I’ll delete your data if there is no continuing reason for possessing it.

3.3            If you don’t consent to a particular bit of processing, I’ll endeavour to ensure that the Website and my service continue to operate without the need for that information.

  1. Information I expect to collect from you

4.1            I envisage collecting the following types of information from you:

 

Information type

Purpose and related details

Justification

email address

·       I collect this to allow subscribers to receive email newsletters.

·       We’ll ask for your consent

 

4.2            I may collect personal information about you from a number of sources, including the following:

  1. From you when you agree to take a service or product from me, in which case this may include your contact details, date of birth, how you will pay for the product or service and your bank details.
  2. From you when you contact me with an enquiry or in response to a communication from me, in which case, this may tell me something about how you use my services.
  3. As you interact with this Website, I may automatically collect technical information about your equipment, browsing actions and patterns (such as your internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website). I may collect this personal information by using cookies and other similar technologies.
  4. From documents that are available to the public, such as the electoral register.
  5. From third parties to whom you have provided information with your consent to pass it on to other organisations or persons – when I receive such information I will let you know as soon as is reasonably practicable.

4.3            If you refuse to provide information requested, then if that information is necessary for a service I provide to you I may need to stop providing that service.

4.4            If at any point you think I’ve invited you to provide information without explaining why, feel free to object and ask for my reasons.

  1. Using your personal information

5.1            Data protection, privacy and security are important to me, and I shall only use your personal information for specified purposes and shall not keep such personal information longer than is necessary to fulfil these purposes. The following are examples of such purposes. I have also indicated below which GDPR justification applies, however it will depend on the circumstances of each case.

  1. To help me to identify you when you contact me. This will normally be necessary for the performance of my contract.
  2. To help me to identify accounts, services and/or products which you could have from me or selected partners from time to time. I may do this by automatic means using a scoring system, which uses the personal information you’ve provided and/or any information I hold about you and personal information from third party agencies (including credit reference agencies). I will only use your information for this purpose if you agree to it.
  3. To help me to administer and to contact you about improved administration of any accounts, services and products I have provided before, do provide now or will or may provide in the future. This will often be necessary, but sometimes the improvements will not be necessary in which case I will ask whether you agree.
  4. To allow me to carry out marketing analysis and customer profiling (including with transactional information), conduct research, including creating statistical and testing information. This will sometimes require that you consent, but will sometimes be exempt as market research.
  5. To help to prevent and detect fraud or loss. This will only be done in certain circumstances when I consider it necessary or the law requires it.
  6. To allow me to contact you by written electronic means (such as email, text or multimedia messages) about products and services offered by me where:
  7. these products are similar to those you have already purchased from me,
  8. you were given the opportunity to opt out of being contacted by me at the time your personal information was originally collected by me and at the time of my subsequent communications with you, and

iii.                                you have not opted out of me contacting you.

  1. To allow me to contact you in any way (including mail, email, telephone, visit, text or multimedia messages) about products and services offered by me and selected partners where you have expressly consented to me doing so.
  2. I may monitor and record communications with you (including phone conversations and emails) for quality assurance and compliance.
  3. Before doing that, I will always tell you of my intentions and of the specific purpose in making the recording. Sometimes such recordings will be necessary to comply with the law. Alternatively, sometimes the recording will be necessary for my legitimate interest, but in that case I’ll only record the call if my interest outweighs yours. This will depend on all the circumstances, in particular the importance of the information and whether I can obtain the information another way that’s less intrusive.
  4. If I think the recording would be useful for me but that it’s not necessary for my legitimate interest, I’ll ask whether you consent to the recording, and will provide an option for you to tell me that you consent. In those situations, if you don’t consent, the call will either automatically end or will not be recorded.
  5. When it’s required by law, I’ll check your details with fraud prevention agencies. If you provide false or inaccurate information and I suspect fraud, I intend to record this.

5.2            I will not disclose your personal information to any third party except in accordance with this Notice, and then only in one of the following circumstances:

  1. They will be processing the data on my behalf as a data processor (where I’ll be the data controller). In that situation, I’ll always have a contract with the data processor as set out in the GDPR. This contract provides significant restrictions as to how the data processor operates so that you can be confident your data is protected to the same degree as provided in this Notice.
  2. Sometimes it might be necessary to share data with another data controller. Before doing that I’ll always tell you. Note that if I receive information about you from a third party, then as soon as reasonably practicable afterwards I’ll let you know; that’s required by the GDPR.
  3. Alternatively, sometimes I might consider it to be in your interest to send your information to a third party. If that’s the case, I’ll always ask whether you agree before sending.

5.3            Where you give me personal information on behalf of someone else, you confirm that you have provided them with the information set out in this Notice and that they have not objected to such use of their personal information.

5.4            I may allow other people and organisations to use personal information I hold about you in the following circumstances:

  1. If I, or substantially all of my assets, are acquired or are in the process of being acquired by a third party, in which case personal information held by me, about my customers, will be one of the transferred assets.
  2. If I have been legitimately asked to provide information for legal or regulatory purposes or as part of legal proceedings or prospective legal proceedings.
  3. I may employ companies and individuals to perform functions on my behalf and I may disclose your personal information to these parties for the purposes set out above, for example, for fulfilling orders, delivering packages, sending postal mail and email, removing repetitive information from customer lists, analysing data, providing marketing assistance, providing search results and links (including paid listings and links) and providing customer service. From time to time, these other people and organisations to whom I may pass your personal information may be outside the European Economic Area. I will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Notice and the GDPR. I require all third-party service providers processing your personal information for me (as my data processor) to respect the security of your personal data and to treat it in accordance with the law. I do not allow them to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with my instructions.
  4. Protecting information

6.1            I have strict security measures to protect personal information.

6.2            I work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software to encrypt information you input.

6.3            I maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. My security procedures mean that I may occasionally request proof of identity before I disclose personal information to you.

6.4            It is important for you to protect against unauthorised access to your password and to your computer. Be sure to sign off when you finish using a shared computer.

  1. The internet

7.1            If you communicate with me using the internet, I may occasionally email you about my services and products. When you first give me personal information through the Website, I will normally give you the opportunity to say whether you would prefer that I don’t contact you by email for that purpose. You can also always send me an email (at the address set out below) at any time if you change your mind.

7.2            Please remember that communications over the internet, such as emails and webmails (messages sent through a website), are not secure unless they have been encrypted. Your communications may go through a number of countries before they are delivered – this is the nature of the internet. I cannot accept responsibility for any unauthorised access or loss of personal information that is beyond my control.

  1. Cookies and other internet tracking technology

8.1            When I provide services, I want to make them easy, useful and reliable. This sometimes involves placing small amounts of information on your computer, which is sent back to me at a later time. These are called ‘cookies’. These cookies are listed in the table at clause 8.5. Some websites don’t use cookies but use related technology for gaining information about website users such as JavaScript, web beacons (also known as action tags or single-pixel gifs), and other technologies to measure the effectiveness of their ads and to personalise advertising content. Multiple cookies may be found in a single file depending on which browser you use.

8.2            Where applicable, this section of the Notice also relates to that technology but the term ‘cookie’ is used throughout.

8.3            Some of these cookies are essential to services you’ve requested from me, whereas others are used to improve services for you, for example through:

  1. Letting you navigate between pages efficiently
  2. Enabling a service to recognise your computer so you don’t have to give the same information during one task
  3. Recognising that you have already given a username and password so you don’t need to enter it for every web page requested
  4. Measuring how many people are using services, so they can be made easier to use and that there is enough capacity to ensure they are fast

8.4            To learn more about cookies, you may wish to visit: www.allaboutcookies.org, www.youronlinechoices.eu or www.google.com/policies/technologies/cookies/

8.5            This Website uses, or allows use of, the following cookies:

 

Cookie name

Cookie qualities

Consent needed

Google analytics

 

·       The _utma cookie is part of Google analytics and is primarily used to track visits to any site that uses Google analytics. _utma stores the number of visits made from your device, the time of the first visit, the previous visit, and the current visit.

·       Category 2 – performance

·       Third party: another website is placing the cookie

·       Session cookie

Yes

8.6            The distinctions referred to in the above table are as follows:

  1. First party versus third party cookies – I set first party cookies ourselves; third party cookies are set by other entities via my Website.
  2. Session versus persistent cookies – session cookies only persist for the duration of that visit; persistent cookies last for longer.
  3. Categories 1-4 found in the ICC UK Cookie guide, as explained below. Category 1 cookies don’t require your consent, though I must still tell you about those cookies. Categories 2-4 do require your specific and informed consent.

 

Category 1

Strictly necessary

These cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. Without these cookies services you have asked for, like shopping baskets or e-billing, cannot be provided.

I include in this category cookies that are used only for electronic communication. (The ICC doesn’t refer to these cookies, but the law is the same.)

Category 2

Performance

These cookies collect information about how visitors use a website, for instance which pages visitors go to most often, and if they get error messages from web pages. This information is only used to improve how a website works.

Category 3

Functionality

 

These cookies allow the website to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. For instance, a website may be able to provide you with local weather reports or traffic news by storing in a cookie the region in which you are currently located. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as a live chat session.

Category 4

Targeting and advertising

These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operator’s permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

8.7            As with any other information I may collect from you, I’ll work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software to encrypt information you input.

8.8            The Website may include third-party advertising and links to third-party websites. I do not provide any personally identifiable customer personal information to these third-party advertisers or third-party websites except where permitted in accordance with this privacy notice, however as to cookies please see above clause 8.

8.9            I exclude all liability for loss that you may incur when interacting with this third-party advertising or using these third-party websites.

  1. Your legal rights

9.1            Under certain circumstances, you have rights under data protection laws in relation to your personal information.

9.2            You have the right to:

  1. Request access to your personal information (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal information I hold about you and to check that I are lawfully processing it.
  2. Request correction of the personal information that I hold about you. This enables you to have any incomplete or inaccurate information I hold about you corrected, though I may need to verify the accuracy of the new information you provide to me.
  3. Request erasure of your personal information. This enables you to ask me to delete or remove personal information where there is no good reason for me continuing to process it. You also have the right to ask me to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where I may have processed your information unlawfully or where I’m required to erase your personal information to comply with the law. Note, however, that I may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  4. Object to processing of your personal information where I’m relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where I’m processing your personal information for direct marketing purposes. In some cases, I may demonstrate that I have compelling legitimate grounds to process your information which override your rights and freedoms.
  5. Request restriction of processing of your personal information. This enables you to ask me to suspend the processing of your personal information in the following situations:
  6. if you want me to establish the information’s accuracy;
  7. where my use of the information is unlawful but you do not want me to erase it;

iii.                                where you need me to hold the information even if I no longer require it as you need it to establish, exercise or defend legal claims; or

  1. you have objected to my use of your information but I need to verify whether I have overriding legitimate grounds to use it.
  2. Request the transfer of your personal information to you or to a third party. I will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for me to use or where I used the information to perform a contract with you.
  3. Withdraw consent at any time where I’m relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, I may not be able to provide certain products or services to you. I will advise you if this is the case at the time you withdraw your consent.

9.3            You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, I may refuse to comply with your request in these circumstances.

9.4            I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. I may also contact you to ask you for further information in relation to your request to speed up my response.

9.5            I try to respond to all legitimate requests within one month. Occasionally it may take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

  1. Further information

10.1         If you would like any more information or you have any comments about this Notice, or if your wish to exercise any of your legal rights, please either write to me at Data Protection Manager, paul Crotty, trading as Fiftyseven Business Services, 45 Eastfield Road, Duston, Northampton, Northamptonshire, NN5 6TG, or email me at paultcrotty@btinternet.com.

10.2         Please note that I may have to amend this Notice on occasion, for example if I change the cookies that I use. If I do that, I will publish the amended version on the Website. In that situation I will endeavour to alert you to the change, but it’s also your responsibility to check regularly to determine whether this Notice has changed.

10.3         You can ask me for a copy of this Notice by writing to the above address or by emailing me at paultcrotty@btinternet.com. This Notice applies to personal information I hold about individuals. It does not apply to information I hold about companies and other organisations.

Example short-form notice and consent requests

Short form privacy notice

This is a summary of how I collect and deal with your personal information when you use this website. For more information about how I look after your personal information when you visit this website (wherever you visit it from), about your privacy rights and how the law protects you, it is important that you read my full privacy notice at www.the57triangles.co.uk/privacy.

I’m the controller and responsible for your personal information.

My full details are:

  • Place of business: 45 Eastfield Road, Duston, Northampton, Northamptonshire, NN5 6TG
  • paultcrotty@btinternet.com

If you have any questions about this summary or my full privacy notice, or about my data protection practices, please contact me using the details provided in my privacy notice.

I take your privacy seriously and will only use your personal information as described in my full privacy notice. Broadly speaking, this will be [to administer your account, to provide the products and services you have requested from me, for my legitimate administrative and business purposes and to comply with my legal obligations]*. I only collect personal information about you for these purposes and do not keep it for any longer than is necessary.

I use different methods to collect information about you, which are explained in my full privacy notice.

I only share your information as described in my full privacy notice.

I do not transfer it outside the European Economic Area.

We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal information.

You have a number of rights in relation to your personal information, which are detailed in my full privacy notice. In particular, under certain circumstances, you have rights under data protection laws in relation to your personal information including the right to receive a copy of the personal information I hold about you and the right to make a complaint at any time to the Information Commissioner’s Office, the UK supervisory authority for data protection issues (www.ico.org.uk).