Please read the following information carefully. This Privacy Notice ("the Notice") contains information about what data we collect, process and store and the reasons for obtaining and processing the data and is to be read in conjunction with our terms of business.
The Notice also sets out who we share information with, the steps we take to ensure information is kept secure, the rights of data subjects in respect of personal data and how to contact us in the event of a complaint.
Sheldon Inns Ltd, ("the Company") provides pub management services ("the Services").
Through the provision of the Services by the Company and its employees, officers, consultants, it acts as a data processor and data controller for the purpose of the General Data Protection Regulations ("GDPR").
If you have any questions about this Notice or about personal data you can contact the Data Protection Contact via email at firstname.lastname@example.org or write to us at:
Data Protection Contact
Sheldon Inns Ltd
82 Cato Street North
What Personal Information do we collect?
In order to allow us to provide the Services we may collect the following information from Customers or Suppliers, to include:
- Organisation or Business Name
- Contact information (e.g. address, email address, telephone number)
- Fee and/or billing details;
- Bank details/Card details
The Customer or Supplier will usually be the source of any personal information that we hold, unless such information is provided to us by any third party.
How do we use the Personal Information?
All personal information that we collect in relation to the provision of the Services will be recorded, used and protected by the Company in accordance with applicable data protection legislation and this Notice.
We will process and store the personal data and sensitive personal data provided by you to us in order to provide and improve the Services. In the case of personal data, the legal bases that we rely upon are that:
- The processing is necessary for the performance of the contract to provide the Services to you;
- The processing is necessary in order to comply with legal obligations to which the Company is subject, the Information Commissioner's Office, HMRC or any other statutory regulator; and/or
- The processing is necessary for the purposes of legitimate interests pursued by the Company, such as, for the purpose of conflict-checking, for use in the defence of potential complaints, legal proceedings or fee disputes or fee recovery, for keeping anti-money laundering records, for training staff, or for otherwise complying with our professional obligations.In the case of sensitive personal data, the legal bases that we rely upon are:
- In some cases, the personal data may have been manifestly made public by the Customeror Supplier;
- The processing is necessary for the establishment, exercise or defence of legal claims.
- The processing is necessary for reasons of substantial public interest.
Information collected from other sources
In the provision of the Services it is likely that information will be provided solely by you; however from time to time and depending on the nature of the instructions, information may be collected via another party. Such information will only be processed in order to provide the Services or for use in the defence of potential complaints, legal proceedings or fee disputes, keeping anti-money laundering records, for training staff in confidence, or for otherwise complying with our professional obligations, for or complying with court/tribunal directions, or for co-operating with investigations by the Information Commissioner's Office, or any other statutory regulator.
Personal data provided to third parties
We will not use personal data for purposes that are not clear at the time they were provided and personal data will not be disclosed outside of the Company except where necessary for the provision of the Services, with your consent and in accordance with the our professional obligations. Personal data may be shared with the following:
- Representatives of other parties, in accordance with our instructions from you;
- Third Parties in accordance with our instructions from you
- Ombudsmen and other regulatory authorities;
- the Customer and or Supplier; and
- Staff in confidence.
We may share some personal data with third parties in limited circumstances, which may include (a) if we are under a legal or regulatory duty to do so; (b) if it is necessary to do so to enforce our contractual rights; (c) to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity; (d) where such disclosure is necessary to protect the safety or security of any persons and/or (e) otherwise as permitted under applicable law. We will only share any personal data in these circumstances in accordance with our professional obligations. Personal information will not be used for any other purpose than has been set out in this Notice.
Transfer of data outside the EEA
Please note that the Company does not transfer data outside of the EEA in general. There may however be a requirement from time to time to transfer some or all of your personal data outside of the EEA if so required in order to progress your case or to provide the Services. Where this happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is afforded the same or similar safeguards and processes that we undertake within the EEA.
The Company may carry out marketing activities and communications via email, social media and other digital platforms. In the provision of marketing activities we may collect your name, address, email address, name of your organisation (if applicable), telephone number and details of your enquiry. Any personal data that you provide to use will only be used to administer and provide products and services you request or have expressed an interest in and to tailor marketing communications from us. We will not use your data for purposes that are not clear when you provide your details and will not disclose them outside of the Company except in limited
circumstances. Further information and a full copy of our Marketing Privacy Notice can be found on our website www.sheldoninns.co.uk
The Company will retain personal information for no longer than is reasonably necessary for the provision of the Services and personal information will not be retained indefinitely or for reasons incompatible with the relevant data protection legislation, including the GDPR and the requirements of other regulatory bodies.
We take the security of personal information seriously and the Company has appropriate measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed by those individuals authorised to do so and where there is a legitimate need to access the data. Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to personal data held by the Company (either through accidental disclosure or deliberate act) and in line with the Companies obligations under applicable data protection legislation, including the GDPR.
Under the GDPR, data subjects have a number of important rights regarding their personal information. In summary these rights are as follows and include the right to:
- Request access to personal information;
- Request that inaccurate information is corrected;
- Request that processing of personal information is restricted;
- Request that personal information that we hold is erased in certain circumstances;
- Request a copy of the personal information that has been provided to us;
- Object to the processing of personal information or the continued processing of personal information;
- Request not to be subject to automated decision making which produces legal effects that concern or affect data subjects in a significantly similar way.
Further information regarding rights under the GDPR can be found by visiting www.ico.org.uk. These rights are subject to the conditions and restrictions set out in the
General Data Protection
Regulation and the Data Protection Act 2018.
Should you wish to make a request to exercise any of the above rights you should contact us via
email at via email at email@example.com or write to us at:
Data Protection Contact
Sheldon Inns Ltd
82 Cato Street North
When contacting us please ensure that you provide relevant information to allow us to identify you (this can include confirmation of any of the unique or personal identifiers we hold about you such as proof of identity or address) and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identity. We will respond to you within one month from when we receive a valid request.
Where to make a complaint
We hope that you are happy with our service and that we can resolve any issues or complaints that may arise. If you have a complaint regarding any aspect of your personal data or this Notice please write to us at firstname.lastname@example.org. In the event you are not satisfied with the outcome of your complaint, you may write to the Information Commissioner's Office via:
Information Commissioner's Office
You can also contact the Information Commissioner's Office using their online form by visiting www.ico.org.uk
Changes to this Privacy Notice
We aim to meet high standards and so our policies and procedures are subject to regular review. From time to time we may change this Notice and will inform you, usually via writing or by publishing updated content to our website, as appropriate.