Carden Digital is a provider of digital marketing services.
For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR) and the Data Protection Act 2018, together the “Data Protection Laws”), the company responsible for your personal data is Carden Digital (“Carden”, “we” or “us”). We are located at Suite 2, Castle House, Sea View Way, Brighton, East Sussex BN2 6NT. Tel: 01273 552059 email: email@example.com
We have developed this policy because we want you to feel confident about the privacy and security of your personal information. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
What personal information do we collect about you, and when do we collect it?
We collect and process some or all of the following types of information from you in the course of your use of the website, providing our services, and/or dealing with you as a supplier to Carden:
The provision of certain information (e.g. name, address, contact details) is required from you to enable us to provide you with the services. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
What personal information do we collect about you from other companies and organisations?
We may receive personal information about you from other companies and organisations (for example, for marketing purposes) and we rely on these third parties to obtain your consent for us to use this information.
Please note that when you order goods and services from Carden we may make enquiries about you for credit reference purposes. These enquires include searching your records held by any credit reference agency. At all times where your information is disclosed to us we will protect it in accordance with this policy and keep it secure.
How do we use your personal information?
Lawful basis for processing
We rely on our legitimate interests in performing our contracts with our customers and suppliers, marketing and business development and the administration and improvement of our website and services, as the lawful basis on which we collect and use your personal data.
Where we have or are about to enter into a contract with you, we rely on performance of our contract with you as the lawful basis for processing.
Purpose of processing
We use information held about you in the following ways:
In addition to the above uses, we may use your information to notify you about goods or services which may be of interest to you. Where we do this, we will contact you by electronic means (email or SMS) only if you have consented to such communication. If you do not want us to use your data in this way, please either (i) tick the relevant box situated on the form on which we collect your data; (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform us at any time by contacting us at the contact details set out below.
Do we share your personal information with anyone else?
We sometimes use other companies to provide services to you or to provide services to us. To enable them to do this, we may need to share your personal information with them. When we do so, these companies are required to act in accordance with the instructions we give them and they must meet the requirements of the Data Protection Laws to keep the information secure.
We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable).
We may also disclose your personal data to third parties:
How do we keep your personal information secure?
We take appropriate measures to ensure that any personal information is kept secure, including security measures to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. We use a secure server to store the information you give us when you register or make an order. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to the website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
Where do we store your personal information?
All information we hold about you is stored on our secure servers [within the UK / EEA].
The information we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your orders, the processing of your payment details and the provision of support services.
Such countries do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission may not have given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the UK and EEA, any transfer of your personal data will be subject to a European Commission approved contract, or the EU-US Privacy Shield.
If you would like further information please contact us using the contact information provided below. We will not otherwise transfer your personal data outside of the UK or EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
For how long does Carden keep personal information?
The time period for which we keep information varies according to what the information is used for. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed. In particular:
What are your rights in relation to the personal information we hold?
Even if we already hold your personal data, you still have various rights in relation to it under the Data Protection Laws free of charge. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to rectification: You have the right to ask us to rectify any inaccurate personal information. You may also be able to have incomplete personal information completed (though this may depend on the purposes for processing).
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, or using your data for direct marketing purposes, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). In the event you request that we stop processing your data for direct marketing, we will do so as soon as reasonably possible. We may retain some personal data to ensure that you are not sent direct marketing in the future. In the event of data being processed for other purposes, we will generally only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities you may withdraw your consent at any time.
Right to erasure: Otherwise known as the “right to be forgotten”. In certain situations (for example, if we have processed your data unlawfully, or the data is not necessary for the purpose we originally collected or processed it for), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted.
That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
Right to restrict processing: As an alternative to requesting we erase your personal data, you have the right to limit the ways that we use your data. Similarly, this right applies only in certain circumstances, e.g. if you are contesting the accuracy of the personal data we hold, and we are in the process of verifying the accuracy. Restricting our processing may mean temporarily moving the data to another system, or making the data unavailable to users. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply.
Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation. You also have the right to lodge a complaint with the Information Commissioner’s Office who can be contacted on 0303 123 1113 or by the contact form on their website https://ico.org.uk.
How can I exercise my rights in relation to personal information Carden holds about me?
You can make a data subject request (sometimes known as a subject access request). The simplest way to do this is to put your request in writing and send it to Carden Digital, Suite 2, Castle House, Sea View Way, Brighton, East Sussex BN2 6NT, or by email to firstname.lastname@example.org.
Please let us have enough information to identify you (e.g. an account number, username, registration details), proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and let us know the information to which your request relates, including any account or reference numbers, if you have them.
If you want specific information, please tell us and give us any relevant details to enable us to locate the information about you; this may mean we can speed up our reply.
How can I change the personal information Carden holds about me?
If your personal details change, or the information we hold about you is otherwise inaccurate, please contact us to let us know and we will make the necessary amendments and confirm that these have been made.
We may collect information about [your mobile phone, computer or other device from which you access the website] including where available [your IP address, operating system and browser type], for systems administration [and to report aggregate information to third parties affiliates]. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data we have about you in order to track your usage of our services.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
The cookies We use include: