CP Data Protection Privacy Notice
CP Data Protection (‘CPDP’) is a trading name of ‘Clare Paterson Ltd’, who is the ‘Controller’ of the information (‘personal data’) that we collect about you, our ‘data subjects’, which means we are responsible for how your data is processed. The word ‘process’ covers the things that can be done with personal data, including collection, storage, use and destruction of data.
This privacy notice explains why and how we process your personal data, and explains the rights you have, including amongst others, the right to access your data, and to object to the way it is processed. Please see the section on ‘Your rights as a data subject’ for more details on your rights and how to exercise them.
Our contact details are:
|41 Wolverhampton Road, Codsall, Wolverhampton, WV8 1PT
If you have any queries about this notice or anything related to data protection, you can contact our director, Clare Paterson, using the above contact details.
‘Personal data’ is any information that relates to a living, identifiable person. This will usually include your name, address, contact details, and other information we collect as part of our relationship with you, whether you are a customer or anyone else we come into contact with through our work.
That information can also include ‘special categories’ of data, which is the official term for information about a person’s race or ethnic origin, religious, political or other beliefs, physical or mental health, trade union membership, genetic or biometric data, sex life or sexual orientation.
The use of this type of data, and of information about criminal convictions and offences, is subject to strict legal controls, and we do not foresee collecting or using any of that type of data about you.
We only process data if we need to for a specific purpose, as explained below. Most often, we collect your personal data directly from you, through our contact with you.
Your data and how and why we process it
Our data processing is so we can manage and support our relationship with you, comply with legal obligations, improve our services and achieve our legitimate business aims. The information below gives more details about our purposes for processing data, and the legal basis for each type of processing.
When you get in touch to buy from us, or consider buying from us, we will use your contact details to be able to provide you with our products. This includes an email address for invoicing, payment details, and a delivery address for despatching the items. This processing is based on it being necessary for you to enter into a purchase contract with CPDP. If you choose not to provide an email address, payment details or delivery address, you will not be able to purchase any goods from CPDP in the usual way.
We use email addresses to send you our CPDP emails, based on your consent, which may include what is known in the legislation (Privacy Electronic Communications Regulations – PECR) as a soft opt-in, when you have provided your email address as part of entering into a purchase contract with us. You can unsubscribe at any time by letting us know or by clicking the unsubscribe link in an email.
If you contact us over email, phone, or social media with comments or queries, we will use your contact details to be able to communicate with you, based on the legitimate interests of both CPDP and yourself to answer your comments or queries.
We do not normally need to collect or process any of your ‘special category data’, which would be health, ethnicity, religion, sexual orientation, and other similarly sensitive information.
Who we share your data with
Sometimes we share the data we process with other organisations. This list explains who we share it with, and why.
Your invoicing, delivery and payment details are shared only on a need-to-know basis, with our service providers, who are our ‘Data Processors’ who need that information to help support our order fulfilment. These include Xero for invoicing, Stripe for payments, and usual business support including Microsoft Office products, and our web developers who host our website, all the data held in it, and our emails in a secure UK-based server.
How and where we store your data
Your personal data is held securely in both hard copy and electronic formats.
We store personal data in and transfer it only where it can be expected to be protected and where we can provide appropriate safeguards for your data and your rights.
Where any of our Data Processors process data in the USA, we have signed up to appropriate Standard Contract Clauses in order to provide appropriate safeguards for your data.
How long we keep your data
Some of our retention periods are based on legal requirements, and others are based on the practical reasons we need to keep the data for a certain period of time, but we only keep your data for as long as we need to keep it.
Once we reach the retention period, we will securely delete the relevant data, unless we are legally required to keep it longer, or there are legal reasons why we should keep it longer.
Your rights as a data subject
As a data subject, you have the following rights in relation to your personal data:
- To be informed about how and why your data is handled;
- To gain access to your personal data;
- To have errors or inaccuracies in your data changed;
- To have your personal data erased, in limited circumstances (sometimes known as the ‘right to be forgotten’);
- To object to the processing of your personal data for marketing purposes or when the processing is based on the public interest or other legitimate interests;
- To restrict the processing of your personal data, in limited circumstances;
- To obtain a copy of some of your data in a commonly used electronic form, in limited circumstances;
- Rights around how you are affected by any profiling or automated decisions.
If you wish to exercise any of these rights, please contact us.
For more information about these rights, please see the ICO’s website https://ico.org.uk/ or contact our director, Clare Paterson on firstname.lastname@example.org.
If we are relying on your consent to process your data, you may withdraw your consent at any time by contacting us.
Complaints to the Information Commissioner
You have a right to complain to the Information Commissioner’s Office (ICO) about the way in which we process your personal data. You can make a complaint on the ICO’s website https://ico.org.uk/.