This Policy applies as between you, the User of this Web Site and Wheatley Associates Ltd the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and any Services or Systems therein.
1. Definitions and InterpretationIn this Policy the following terms shall have the following meanings:
- means collectively the personal information, Payment Information and credentials used by Users to access Material and / or any communications System on the Web Site;
- means any text, graphics, images, audio, video, software, data compilations and any other form of information capable of being stored in a computer that appears on or forms part of this Web Site;
- means a small text file placed on your computer by Wheatley Associates Ltd when you visit certain parts of this Web Site. This allows us to identify recurring visitors and to analyse their browsing habits within the Web Site.
- means collectively all information that you submit to the Web Site. This includes, but is not limited to, Account details and information submitted using any of our Services or Systems;
- “Wheatley Associates Ltd”
- means Wheatley Associates Ltd of Broad Road, Bacton, Suffolk. IP14 4HN, and may also be referred to as ‘Wheatley’;
- means collectively any online facilities, tools, services or information that Wheatley Associates Ltd makes available through the Web Site either now or in the future;
- means any online communications infrastructure that Wheatley Associates Ltd makes available through the Web Site either now or in the future. This includes, but is not limited to, web-based email, message boards, live chat facilities and email links;
- “User” / “Users”
- means any third party that accesses the Web Site and is not employed by Wheatley Associates Ltd and acting in the course of their employment; and
- “Web Site”
- means the website that you are currently using (www.wheatleysolutions.co.uk) and any sub-domains of this site unless expressly excluded by their own terms and conditions.
2. Data Protection Principles
Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:
a) processing is fair, lawful and transparent
b) data is collected for specific, explicit, and legitimate purposes
c) data collected is adequate, relevant and limited to what is necessary for the purposes of processing
d) data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
e) data is not kept for longer than is necessary for its given purpose
f) data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
g) we comply with the relevant GDPR procedures for international transferring of personal data.
3. Data CollectedWheatley keep several categories of personal data gathered by direct contact through our contact form on our ‘Contact Us’ page or the ‘Email Us’ button on our Web Site. Without limitation, any of the following Data may be collected:
- 3.1 name;
- 3.2 job title;
- 3.3 profession;
- 3.4 contact information such as email addresses and telephone numbers;
- 3.5 web browser type and version (automatically collected, see Clause 10);
- 3.6 operating system (automatically collected, see Clause 10);
- 3.7 a list of URLS starting with a referring site, your activity on this Web Site, and the site you exit to (automatically collected, see Clause 10); and
- 3.8 Cookie information (see Clause 10 below).
4. Our Use of Data
- 4.1 Wheatley conduct an annual check for consent and for the storage period of data held in our system and clear any data that is no longer required
- 4.2 Unless we are obliged or permitted by law to do so, your Data will not be disclosed to third parties.
- 4.3 All personal Data is stored securely on our Microsoft Dynamics CRM system in accordance with the principles of the General Data Protection Regulation. For more details on security, see Clause 9 below.
- 4.4 Where we intend to process your data further, for a purpose other than that for which your data was collected (to respond to your queries or subsequent queries), Wheatley shall provide you with information on that other purpose prior to further processing.
- 4.5 Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our Web Site. Specifically, Data may be used by us for the following reasons:
4.5.1 internal record keeping;
4.5.2 improvement of our products / services;
5. Lawful Basis for Processing
The law on data protection allows us to process your data for certain reasons only. In the main, we process your data in order to fulfil our obligation to respond to your queries and any subsequent correspondence that comes as a result.
6. Third Party Web Sites and Services
Wheatley Associates Ltd may, from time to time, employ the services of other parties for dealing with matters that may include, but are not limited to, payment handling, delivery of purchased items, search engine facilities, advertising and marketing.
The providers of such services do not have access to the personal Data provided by Users of this Web Site. The personal data collective via this Web Site is not shared with any third parties.
We do not share your data with bodies outside of the European Economic Area.
7. Changes of Business Ownership and Control
7.1 Wheatley Associates Ltd may, from time to time, expand or reduce its business and this may involve the sale of certain divisions or the transfer of control of certain divisions to other parties. Data provided by Users will, where it is relevant to any division so transferred, be transferred along with that division and the new owner or newly controlling party will, under the terms of this Policy, be permitted to use the Data for the purposes for which it was supplied by you.
7.2 In the event that any Data submitted by Users will be transferred in such a manner, Wheatley will contact you to inform you in advance.
8. Your Rights in Relation to Your Data
This section outlines the rights that data subjects have, under the General Data Protection Regulation (GDPR), in relation to the data about them that we hold. Data subjects, for the purposes of this policy, includes Web Site visitors that enter their data into the contact form on the ‘Contact Us’ page or send an email through the ‘Email Us’ button included in the footer on the site.
8.1 The Right to be Informed
a) the types of data we hold and the reason for processing the data;
b) our legitimate interest for processing it;
c) details of who your data is disclosed to and why, including transfers to other countries. Where data is transferred to other counties, the safeguards used to keep your data secure are explained;
d) how long we keep your data for, or how we determine how long to keep your data for;
e) where your data comes from;
f) your rights as a data subject;
g) your absolute right to withdraw consent for processing data where consent has been provided and no other lawful reason for processing your data applies;
h) your right to make a complaint to the Information Commissioner if you think your rights have been breached;
i) whether we use automated decision making and if so, how the decisions are made, what this means for you and what could happen as a result of the process;
j) the name and contact details of our data protection officer.
8.2 The Right of Access
You have the right to access your personal data which is held by us. You can find out more about how to request access to your data by reading section 9 of this policy.
8.3 The Right to ‘Correction’
If you discover that the data we hold about you is incorrect or incomplete, you have the right to have the data corrected. If you wish to have your data corrected, you should notify the Data Protection Officer in writing addressed to The Data Protection Officer, Wheatley, Broad Road, Bacton, Suffolk, IP14 4HN, or email@example.com for the attention of The Data Protection Officer.
Usually, we will comply with a request to rectify data within one month unless the request is particularly complex in which case we may write to you to inform you we require an extension to the normal timescale. The maximum extension period is two months.
You will be informed if we decide not to take any action as a result of the request. In these circumstances, you are able to complain to the Information Commissioner and have access to a judicial remedy.
8.4 The Right of ‘Erasure’
In certain circumstances, we are required to delete the data we hold on you. Those circumstances are:
a) where it is no longer necessary for us to keep the data;
b) where we relied on your consent to process the data and you subsequently withdraw that consent. Where this happens, we will consider whether another legal basis applies to our continued use of your data;
c) where you object to the processing (see below) and the Company has no overriding legitimate interest to continue the processing;
d) where we have unlawfully processed your data;
e) where we are required by law to erase the data.
If you wish to make a request for data deletion, you should notify the Data Protection Officer in writing addressed to The Data Protection Officer, Wheatley, Broad Road, Bacton, Suffolk, IP14 4HN, or firstname.lastname@example.org for the attention of The Data Protection Officer.
We will consider each request individually, however, you must be aware that processing may continue under one of the permissible reasons. Where this happens, you will be informed of the continued use of your data and the reason for this.
8.5 The Right of Restriction
You have the right to restrict the processing of your data in certain circumstances.
We will be required to restrict the processing of your personal data in the following circumstances:
a) where you tell us that the data we hold on you is not accurate. Where this is the case, we will stop processing the data until we have taken steps to ensure that the data is accurate;
b) where the data is processed for the performance of a public interest task or because of our legitimate interests and you have objected to the processing of data. In these circumstances, the processing may be restricted whilst we consider whether our legitimate interests mean it is appropriate to continue to process it;
c) when the data has been processed unlawfully;
d) where we no longer need to process the data but you need the data in relation to a legal claim.
If you wish to make a request for data restriction, you should notify the Data Protection Officer in writing addressed to The Data Protection Officer, Wheatley, Broad Road, Bacton, Suffolk, IP14 4HN, or email@example.com for the attention of The Data Protection Officer.
Where data processing is restricted, we will continue to hold the data but will not process it unless you consent to the processing or processing is required in relation to a legal claim.
8.6 The Right to Data ‘Portability’
You have the right to obtain the data that we process on you and transfer it to another party. Where our technology permits, we will transfer the data directly to the other party.
Data which may be transferred is data which:
a) you have provided to us; and
b) is processed because you have provided your consent.
If you wish to exercise this right, you should notify the Data Protection Officer in writing addressed to The Data Protection Officer, Wheatley, Broad Road, Bacton, Suffolk, IP14 4HN, or firstname.lastname@example.org for the attention of The Data Protection Officer.
We will respond to a portability request without undue delay, and within one month at the latest unless the request is complex or we receive a number of requests in which case we may write to you to inform you that we require an extension and reasons for this. The maximum extension period is two months.
We will not charge you for access to your data for this purpose.
You will be informed if we decide not to take any action as a result of the request, for example, because the data you wish to transfer does not meet the above criteria. In these circumstances, you are able to complain to the Information Commissioner and have access to a judicial remedy.
The right to data portability relates only to data defined as above. You should be aware that this differs from the data which is accessible via a Subject Access Request.
8.7 The Right to ‘Object’
You have a right to require us to stop processing your data; this is known as data objection.
You may object to processing where it is carried out:
a) in relation to the Company’s legitimate interests;
b) for the performance of a task in the public interest;
c) in the exercise of official authority; or
d) for profiling purposes.
If you wish to object, you should notify the Data Protection Officer in writing addressed to The Data Protection Officer, Wheatley, Broad Road, Bacton, Suffolk, IP14 4HN, or email@example.com for the attention of The Data Protection Officer.
In some circumstances we will continue to process the data you have objected to. This may occur when:
a) the processing is required in relation to legal claims made by, or against, us.
If the response to your request is that we will take no action, you will be informed of the reasons.
8.8 The Right not to have Automated Decisions Made About You
You have the right not to have decisions made about you solely on the basis of automated decision making processes where there is no human intervention, where such decisions will have a significant effect on you.
However, Wheatley does not make any decisions based on such processes.
8.9 The Right to Withhold Information
8.9.1 You may access certain areas of the Web Site without providing any Data at all.
8.10 The Right to Make a Complaint
You have the right to make a complaint with a supervisory authority over your data rights, if you think they have been breached. Please see section 11 for details on how to lodge a complaint.
9. Accessing Your Own Data
You have a right, under the General Data Protection Regulation, to access the personal data we hold on you. To do so, you should make a subject access request, and this policy sets out how you should make a request, and our actions upon receiving the request.
“Personal data” is any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, including your name.
Although subject access requests may be made verbally, we would advise that a request may be dealt with more efficiently and effectively if it is made in writing. If you wish to make a request, please put your request in writing to The Data Protection Officer, Wheatley, Broad Road, Bacton, Suffolk, IP14 4HN, or firstname.lastname@example.org for the attention of The Data Protection Officer.
Requests that are made directly by you should be accompanied by evidence of your identity. If this is not provided, we may contact you to ask that such evidence be forwarded before we comply with the request.
Requests made in relation to your data from a third party should be accompanied by evidence that the third party is able to act on your behalf. If this is not provided, we may contact the third party to ask that such evidence be forwarded before we comply with the request.
Usually, we will comply with your request without delay and at the latest within one month. Where requests are complex or numerous, we may contact you to inform you that an extension of time is required. The maximum extension period is two months.
10. SecurityData security is of great importance to Wheatley Associates Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected online.
11. Making a ComplaintIf you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
12.1 Wheatley Associates Ltd may set and access first-party Cookies on your computer. Cookies that may be placed on your computer are detailed in Schedule 1 to this Policy. These Cookies are either set by the Web Site in order to function correctly, or Google Analytics cookies to help Wheatley better understand the use of our Web Site. These cookies do not collect any Personal Identifiable Information, and gather no information on you, your life, your browsing habits or your interests.
12.2 You can choose to enable or disable Cookies in your web browser. By default, your browser will accept Cookies, however this can be altered. For further details please consult the help menu in your browser. Disabling Cookies may prevent you from using the full range of Services available on the Web Site.
12.3 You may delete Cookies, however you may lose any information that enables you to access the Web Site more quickly.
12.4 The Web Site does not use any third-party cookies.
13. Changes to this Policy
- Schedule 1: First-Party Cookies
Name of cookie Purpose _utma Google Analytics cookie _utmb Google Analytics cookie _utmc Google Analytics cookie _utmz Google Analytics cookie _ga Google Analytics cookie _jsuid Google Analytics cookie _first_pageview Google Analytics cookie