The Legal Stuff

Privacy Policy & Notice


1. Childerley LLP


This privacy policy and general privacy notice applies to Childerley LLP (hereby known as “Childerley”).
We at Childerley take your privacy seriously, and this policy and notice has been drafted in accordance
with the requirements of the General Data Protection Regulations (“GDPR”), with the support of the legal
team at www.legalo.co.uk.


This privacy notice explains how we look after your personal data (in all situations where we collect your
data), sets out your privacy rights and also explains how the law, and our approach to privacy and
personal data, protects you.


This privacy notice supplements any other privacy notices that we may provide to you at the point that
we collect data from you, and should be read in conjunction with those notices.


2. Our status and details


For the purpose of the GDPR, we are the data controller and any enquiry regarding the collection or
processing of your data should be addressed to our Data Protection Officer, Jocelyn Poulton,
events@childerley.org , 1a Mill Yard, Childerley Estates, Dry Drayton, Cambridge, CB23 8BA.


By using this Website, you consent to this policy. We are registered with the Information Commissioner’s
Office for this purpose (ZA388397).


3. Information we collect


We will collect, process and store personal data only if it is directly provided to us by you. You may do
this in your capacity as the user of this Website, or by enquiring in relation to our goods or services,
becoming a customer or supplier, or potential supplier.


Personal information covers any information which relates to you as an identifiable person. Below are
examples of the type of data that this may include:


a. Identity Data including forenames, last name, and username or similar identifier.
b. Contact Data may include invoicing; purchase order; home or work address, email address
and telephone numbers, personal or job title and position.
c. Financial Data may include bank account and payment card details.
d. Transaction Data may include payments made for products and services you have
purchased from us, or in relation to payments that we have made to you.
e. Profile and Usage Data may include enquiries submitted by you, purchases information,
feedback and survey responses, and how you use our website, products and services.
f. Marketing Data may include details of any preference that you have advised us of in
relation to marketing communications from us.


We may also collect non-personal data such as aggregated data, which is data that may be
obtained from your personal data, but which does not directly or indirectly identify you. This
may include usage data detailing how you use our Website and the features and areas that
you have interacted with.


4. How do we collect your personal data?

A range of different methods may be used to collect data, which may include the following
methods:


a. Direct interactions with us in person, by post, phone, email or otherwise.
b. Automated technologies or interactions with our website, by using the web enquiry form.
c. Third parties or publicly available sources (third parties may be used in processing Identity, Contact
and Financial categories of personal data).


5. Data accuracy


It is important that the data that we hold about you is accurate and up-to-date. In the event that your
data changes, please notify us, so that we can update our records.


6. Use of your information


We may hold and process personal data that you provide to us in accordance with the GDPR.
The information that we collect and store relating to you is primarily used to enable us to provide our
goods or services to you, to communicate with you and to meet our contractual commitments
to you. This may include Identity, Contact, Financial and Transactional data.


It may also be used:
a. To notify you about any changes to our business, such as improvements to our Website or
service/product changes, that may affect our service or relationship with you. This may include
Identity and Contact data.
b. Where you have consented to receive such information, to provide information on other parties’
products or services that we feel may be of interest to you. This may include Identity, Contact and
Marketing data.
c. Where you have consented to receive our e-newsletters to provide that to you. This may include
Identity and Contact data.
d. Where we need to comply with a legal obligation. This may include Identity, Contact and
Transactional data.
e. Where it is necessary for our legitimate interests (or those of a third party) and your interests and
fundamental rights do not override those interests. This may include all types of data.
Where we collect your data for marketing purposes, we will always request your consent at the point the
data is collected, to use your data for that purpose.


We will always obtain your consent prior to sharing your personal data with any third party for their
marketing purposes. This may be to enable relevant third parties to advise you of products or services
that may be of interest to you.
We will only use your personal data for a reason other than the purpose for which it was originally
obtained if we consider that we need to use it for that other purpose and have a legitimate interest in
doing so.
7. Disclosure of your information
There are a range of circumstances where we may disclose your data to third parties. These include:


a. Regulatory bodies. We may disclose your data to regulatory bodies to enable us to comply with the
law, to assist fraud protection and to minimise credit risk. This may include Identity, Contact and
Transactional data.
b. Our suppliers. We may disclose your data to third parties that are involved in the fulfilment of our
services to you. This may include Identity, Contact and Transactional data.

c. Third party marketing. Where you have consented for us to do so, we may provide your data to
selected third parties who may contact you about their goods or services that you may be interested
in. This may include Identity, Contact and Marketing data.
d. Business sale. We may disclose your personal data outside of our organisation: (a) in the event that
we sell or buy any business or assets, in which case we may disclose your personal data to the
prospective seller or buyer of such business or assets; and (b) if Childerley LLP’s business is bought by
a third party, in which case personal data held by it about its customers will be one of the assets to
transfer to the buyer. However, any such transfer will only be on terms that the confidentiality of
your personal data is protected and that the terms of this privacy policy will continue to be complied
with by the recipient.


Please be advised that we do not reveal information about identifiable individuals to our advertisers, but
we may, on occasion, provide them with aggregated data about our Website visitors and customers.
If you do not want us to share your data with third parties, you will have the opportunity to withhold
your consent to this when you provide your details to us on the form on which we collect your data, or
you can do so by writing to us at the address detailed above or sending us an email to
events@childerley.org at any time.


8. Controlling the use of your data


Where we rely on consent as the lawful basis for processing your data, you can revoke or vary that
consent at any time.


If you do not want us to use your data or want to vary the consent that you have provided, you can write
to us at the address detailed above or email us at [EMAIL ADDRESS] at any time.


9. Data storage and the transfer your data


As part of the services offered to you, for example through our Website, the information you provide to
us may be transferred to and stored in countries outside of the European Economic Area (EEA), as we use
remote website server hosts to provide the website and some aspects of our service, which may be
based outside of the EEA, or use servers based outside of the EEA - this is generally the nature of data
stored in “the Cloud”. It may also be processed by staff operating outside the EEA who work for one of
our suppliers, e.g. our website server host, payment processing provider, or work for us when
temporarily outside of the EEA.


A transfer of your personal data may happen if any of our servers are located in a country outside of the
EEA or one of our service providers is located in a country outside of the EEA.


If you use our service while you are outside the EEA, your personal data may be transferred outside the
EEA in order to provide you with these services.


If we transfer or store your personal data outside the EEA in this way, we will take steps with the aim of
ensuring that your privacy rights continue to be protected, as outlined in this privacy policy. Where we
use suppliers based in the US, we may transfer data to them if they are part of the Privacy Shield, which
requires them to provide similar protection to personal data shared between the EEA and the US.


10. Security


The transmission of information via the Internet or email is not completely secure. Although we will do
our best to protect your personal data, we cannot guarantee the security of data while you are
transmitting it to our site: any such transmission is at your own risk.


We have put in place security measures to prevent your data from accidental, loss or disclosure. Once we
have received your personal data, we will use strict procedures and security features to try to prevent
unauthorised access.

Where we have given you (or where you have chosen) a password, so that you can access certain parts of
our site, you are responsible for keeping this password confidential. You should choose a password that
it is not easy for someone to guess.


In the event of a data breach, we will notify the ICO and you in the event that the breach results in any
likelihood of loss or damage to you.


11. Data retention


The length of time that we retain and store data depends on the purpose for which it was collected. We
will only store data for as long as is required to fulfil that purpose, or for the purpose of satisfying legal
requirements.


It is a legal requirement that we keep certain data about our customers and suppliers for at least six
years. The type of data includes Contact, Identity, Financial and Transaction data.


Where you have requested that we provide you with marketing materials, we will retain your data until
such time as consent is withdrawn by you.


12. Use of cookies & tracking pixels


We use cookies and tracking pixels to gather information about your computer for our services and to
provide statistical information regarding the use of our Website. Such information will not identify you
personally - it is statistical data about our visitors and their use of our Website. This statistical data does
not identify any personal details about you whatsoever.


We may also gather information about your general Internet use by using a cookie file and/or a tracking
pixel file. Where used, these cookies and tracking pixels are downloaded to your computer automatically.
This cookie file is stored on the hard drive of your computer, as cookies contain information that is
transferred to your computer's hard drive. A tracking pixel is not stored on your computer. They help us
to improve our Website and the service that we provide to you.


All computers have the ability to decline cookies. This can be done by activating the setting on your
browser which enables you to decline the cookies. Please note that should you choose to decline cookies,
you may be unable to access particular parts of our Website. Where we work with advertisers on our
Website, our advertisers may also use cookies and/or tracking pixels, over which we have no control.
Such cookies and/or tracking pixels (if used) would be downloaded or displayed respectively once you
click on advertisements on our Website.]


13. Your rights


The GDPR gives you a range of rights in relation to the personal data that we collect from. You have the
right to:


a. Access your personal data. This right is commonly known as the ‘data subject access request’ and
enables you to receive a copy of the personal data we hold about you. You will not need to pay a fee
to access your personal data unless we can justifiably demonstrate that the request is repetitive or
excessive. We will respond to all legitimate data access requests within one month, but we may need
to obtain further information from you in order to confirm your identity and the legitimacy of the
request.
b. Request update of the personal data. This enables you to have any incomplete or inaccurate data
corrected.
c. Erasure of your personal data. This enables you to ask us to delete personal data where there is no
justifiable reason for us continuing to retain and process it. We may not always be able to delete the
data, such as if there is an ongoing contractual relationship between us or if we are legally required to
retain the data.

d. Object to processing of your personal data where we are relying on consent or our legitimate
interests (or those of a third party) as the justification for processing the data.
e. Restrict the processing of your personal data. This enables you to ask us to change the processing of
your personal data. For example, you may wish to vary the basis on which we contact you.
f. Request the transfer of your personal data to you or to a third party. We will provide to you, or a
third party you have chosen, your personal data in a structured, machine-readable format.
g. Withdraw consent. Where we are relying on consent to process your personal data, you may
withdraw that consent. If you withdraw your consent, we may not be able to provide certain products
or services to you. We will advise you if this is the case at the time you withdraw your consent.
You can exercise these rights at any time by writing to us at the address detailed above, or by email to
events@childerley.org


14. Third party links


You might find links to third party websites on our website. If you click a link to a third-party website and
visit that site, you may be allowing that site to collect and share certain data about you. These websites
should have their own privacy policies, which you should check. We do not accept any responsibility or
liability for their policies whatsoever, as we have no control over them.


15. Complaints


If you wish to raise a complaint regarding our use of your personal data, then you can contact the
Information Commissioner’s Office (ICO), which is the UK supervisory authority for data protection issues
( www.ico.org.uk ).
If you do wish to raise a complaint, then we would welcome the opportunity to discuss your concerns
before you contact the ICO, to see if we can resolve the issue for you.


16. Changes to this policy


We may update these policies to reflect changes to the website and customer feedback. Please regularly
review these policies to be informed of how we are protecting your personal data.
We welcome any queries, comments or requests you may have regarding this Privacy Policy. Please do  
not hesitate to contact us.


Childerley LLP, 1a Mill Yard, Childerley Estates, Dry Drayton, Cambridge CB23 8BA.
events@childerley.org

Version: May 2020

1a Mill Yard

Childerley Estates

Dry Drayton

Cambridge, CB23 8BA

Tel: 01954 211433

events@childerley.org