This document refers to personal data, which is defined as any information relating to an identified or unidentified natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
The General Data Protection Regulation replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the ‘rights and freedom’ of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
Who we are:
ART OF THE LOOM located at 16 Deanfield Drive, Link 59 Business Park, Clitheroe, Lancashire, BB7 1QJ. Telephone 01200 427744 is pleased to provide the following information:
The Partners and management of Art of the Loom, located as above, are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the ‘rights and freedoms’ of individuals whose information Art of the Loom collects and processed in accordance with the General Data Protection Regulation (GDPR).
The GDPR and this policy apply to all of Art of the Loom’s personal data processing functions, including those performed on customers’, clients’, employees’, suppliers’, and partners’ personal data, and any other personal data the organisation processed from any source.
This policy applies to all Employees/Staff and interested parties of Art of the Loom such as outsourced suppliers. Any breach of the GDPR will be dealt with under Art of the Loom’s disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities.
Partners and any third parties working with or for Art of the Loom and who have or may have access to personal data, will be expected to have read, understood and to comply with the supplier and data processor data protection agreement. No third party may access personal data held by Art of the Loom without having first entered into a data confidentiality agreement, which imposes on the third party obligations no less onerous than those to which Art of the Loom is committed, and which gives Art of the Loom the right to audit compliance with the agreement.
a) Some basic personal data may be collected about you from the marketing forms and surveys you complete, from records of our correspondence and phone calls and details of your visits to our website, including but not limited to, personally identifying information like Internet Protocol (IP) addresses.
c) Art of the Loom will only collect the information needed so that we can provide you with the services you require, the business does not sell or broker your data.
Legal basis for processing any personal data:
To meet our contractual obligations and to respond to enquiries concerning the services provided.
Through agreeing to this privacy notice you are consenting to Art of the Loom processing your personal data for the purposes outlined. You can withdraw consent at any time by using the postal, email address or telephone number provided at the end of this Privacy Notice.
Art of the Loom understands ‘consent’ to mean that it has been explicitly and freely given, and a specific, informed and unambiguous indication of the data subject’s wishes that, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. The data subject can withdraw their consent at any time by using the postal, email address or telephone number provided at the end of this Privacy Notice.
There must be some active communication between the parties to demonstrate active consent. Consent cannot be inferred from non-response to a communication. The Controller must be able to demonstrate that consent was obtained for the processing operation.
Disclosure/Security of Data:
Art of the Loom will keep your personal information safe and secure, our administration team will have access to your contact details so that they can manage your account. We will not disclose your personal information unless compelled to, in order to meet legal obligations, regulations or valid governmental requests. We may also enforce our terms and conditions, including investigating potential violations of its terms and conditions to detect, prevent or mitigate fraud or security or technical issues; or to protect against imminent harm to the rights, property or safety of its staff.
Art of the Loom must ensure that personal data is not disclosed to unauthorised third parties which includes family members, friends, government bodies, and in certain circumstances, the Police. All Employees/Staff should exercise caution when asked to disclose personal data held on another individual to a third party It is important to bear in mind whether or not disclosure of the information is relevant to, and necessary for, the conduct of Art of the Loom’s business.
All requests to provide data for one of these reasons must be supported by appropriate paperwork and all such disclosures must be specifically authorised by the GDPR Owner.
All Employees/Staff are responsible for ensuring that any personal data that Art of the Loom holds and for which they are responsible, is kept securely and is not under any conditions disclosed to any third party unless that third party has been specifically authorised by Art of the Loom to receive that information and has entered into a confidentiality agreement.
All personal data should be accessible only to those who need to use it. All personal data should be treated with the highest security and must be kept:
In a lockable room with controlled access; and/or
In a locked drawer or filing cabinet; and/or
If computerised, password protected in line with corporate requirements in the Access Control Policy; and/or
Stored on (removable) computer media which are encrypted.
Care must be taken to ensure that PC screens and terminals are not visable except to authorised Employees/Staff. All Employees/Staff are required to enter into an Individual User Agreement before they are given access to organisational information of any sort, which details rules on screen timeouts.
Manual records may not be left where they can be accessed by unauthorised personnel and may not be removed from business premises without explicit authorisation. As soon as manual records are no longer required for day to day client support, they must be removed from secure archiving.
Personal Data may only be deleted or disposed of in line with the Retention of Records Procedure. Manual records that have reached their retention date are to be shredded and disposed of as ‘confidential waste’. Hard drives of redundant PCs are to be removed and immediately destroyed before disposal.
Retention and disposal of data
Art of the Loom shall not keep personal data in a form that permits identification of data subjects for longer a period than is necessary, in relation to the purpose(s) for which the data was originally collected.
Art of the Loom may store data for longer periods if the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, subject to the implementation of appropriate technical and organisational measures to safeguard the rights and freedoms of the data subject.
All Data is held in the United Kingdom. All personal data Art of the Loom have is stored on our database in the UK.
Your rights as a data subject:
At any point whilst Art of the Loom are in possession of, or processing your personal data, all data subjects have the following rights:
- Right of access- you have the right to request a copy of the information that we hold about you.
- Right of rectification- you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten- in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing- where certain conditions apply you have a right to restrict the processing.
- Right of portability- you have the right to have the data we hold about you transferred to another organisation.
- Right to object- you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling- you also have the right not to be subject to the legal effects of automated processing or profiling.
In the event that Art of the Loom refuses your request under rights of access, we will provide you with a reason as to why, which you have the right to legally challenge. At your request Art of the Loom can confirm what information it holds about you and how it is processed.
You can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- Contact details of the data protection officer, where applicable
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of Art of the Loom and information about these interests.
- The categories of personal data collected, stored and processed.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- How long the data will be stored,
- Details of your rights to correct, erasure, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority (ICO).
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
To access what personal data is held, identification will be required:
Art of the Loom will accept the following forms of identification (ID) when information on your personal data is requested: a copy of your driving licence, passport, birth certificate and a utility bill but not older than three months. A minimum of one piece of photographic ID listed above and a supporting document is required. If Art of the Loom is dissatisfied with the quality, further information may be sought before personal data can be released. All requests should be made by post, email or telephone using the details given at the end of this privacy notice.
In the event that you wish to make a complaint about how your personal data is being processed by Art of the Loom, you have the right to complain to us. If you do not get a response within 30 days, you can complain to the ICO.
The details for each of these contacts are:
Art of the Loom
Telephone: 01200 427744 or Email: Andrewslipper@wovenart.co.uk
Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113 or Email: https://ico.org.uk/global/contact-us/email/