PRIVACY STATEMENT
UPDATED MARCH 2022

The importance of data security and privacy can never be underestimated.

We will only ever request information from you which is relevant to our needs and will never sell, share or use your personal information other than as described within this document.

Who we are

This policy is designed to describe your relationship with Lavender Black Event Construction Ltd who are the operator of the website www.lavenderblack.co.uk

The business is registered in England (registration number 07881764) and the data controller contact is Mark Nelson, Director. We collect, use and are responsible for certain information about you. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

You can get in touch with us via: getintouch@lavenderblack.co.uk Telephone: (+44) 1904 781851

Or write to us at: Glaisdale Road, Northminster Business Park, Upper Poppleton, York YO26 6QT. We will endeavour to maintain your personal rights, allowing the data subject to change or withdraw their consent to use and hold data at any time. We will also provide assistance if you wish to complain to the Information Commissioners Office if you feel your information request has not been addressed in the correct manner.

The Information Commissioner who may be contacted at: https://ico.org.uk/concerns Telephone 0303 123 1113.

What this policy applies to

This section describes the lawful basis for processing your data and applies to the information about yourself that you choose to provide us with, or that you allow us to collect. This includes:

Scope of consent

Personal information provided by you

In the course of operating our self-storage business, we collect personal information when you provide it to us, such as your name, postal address, email address, phone numbers, date of birth, payment details. We also collect personal information from you if you apply for a job with us or work for us for any period of time. In this context, personal information we gather may include contact details, financial and payment details, details of education, qualifications and skills, marital status, nationality, NI number, job title, and CV.

Personal information provided by third parties

Occasionally we may receive information about you from other sources (such as credit reference agencies), which we will add to the information we already hold about you in order to help us provide services to you and to improve and personalise our service to you. If you apply for a job with us, we may receive information from the people who provide references.

Personal information about other individuals

If you give us information on behalf of someone else as an alternate contact, referee or next of kin, you confirm that the other person has agreed that you can:
give consent on his/her behalf to the processing of his/her personal data;
receive on his/her behalf any data protection notices; and
if relevant, give consent to the transfer of his/her personal data abroad.

Information classed as sensitive

We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.

Children

We do not knowingly collect personal data relating to children under the age of 16. If you are a parent or guardian of a child under the age of 16 and think that we may have information relating to that child, please contact us. We will ask you to prove your relationship to the child but if you do so you may (subject to applicable law) request access to and deletion of that child’s personal data.

Storing and processing data

We will retain any personal data for only as long as necessary to fulfil the initial purposes of collection.

In considering the time frame we will take account of the amount of data, nature and sensitivity, the purpose of processing and if it can be done via any other means.

In line with HMRC guidelines, we will retain any customer or supplier information for 7 years after ceasing to trade with us.

Data will be held securely in an encrypted and backed-up media. This data may include financial transactions, contact, identity and transaction listings.

Information is held on local servers and backed up on Dropbox, who are a recognised IT support services provider.

Should you request data to be erased, if there are open transactions then this cannot be completed and will be reviewed when all transactions are complete.

With Suppliers and Customers we only collect the basic information which is relevant to the matter we are dealing with.
We may collect:
Personal details (name, address, email and phone number)
Financial and bank details
Business activities.

The most common uses of personal data, which will be processed in a legally permitted way may include:
Securing a contract between both parties
Job applications
Where we need to comply with a legal or regulatory obligation
Where necessary for our legitimate interests.

If you visit our office/warehouse facility, some personal data may be collected from monitoring devices and systems such as closed-circuit TV (CCTV) and door entry systems at the site. We will comply with the Data Protection Act 1998 and the GDPR [2018] in the way we use and share your personal data.

Amongst other things, this means that we will only use your personal data:
Fairly and lawfully
As set out in the legislation and this policy
To the extent necessary for these purposes.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. We will report any breaches or potential breaches to the appropriate authorities within 24 hours and to anyone affected by a breach within 72 hours. While we will use all reasonable efforts to keep your personal data safe, you acknowledge that the use of the internet is not entirely secure and for this reason, we cannot guarantee the security or integrity of any personal data that is transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us.

Use of cookies

A cookie is a small text file which is placed onto your computer (or other electronic devices such as a mobile telephone or tablet) when you use our website. We use cookies and other similar tracking technologies such as e.g. web beacons, action tags, Local Shared Objects (‘Flash cookies’), single-pixel gifs on our website. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify you individually. We use analysis software to look at IP addresses and cookies to improve your experience as a user of our website. We do not use this information to develop a personal profile of you. If we do collect personally identifiable information, we will be upfront about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

You can set your browser not to accept cookies and the websites below tell you how to remove cookies from your browser. However, some of our website features may not function as a result.

How we use your data

We use your data to process and manage orders and enquiries, necessary for the performance of the contract between us.

With your permission, we will contact you via email or phone. Occasionally we may even send a good, old fashioned letter. We only email business email addresses and will only contact you if:
1) You have asked us to; or
2) We genuinely believe you have a legitimate need for our services and we deem this to represent a legitimate interest in line with the ICO’s guidance.

If at any point you decide you would prefer us not to contact you, let us know and we won’t. We may also use your personal data for:
Administering any accounts;
Processing your bank/credit card details in order to obtain payment;
Market research;
Our own internal marketing; and
Credit reference checks (where appropriate).

We will only use your data where we’re allowed to by law, e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.

We do not use your data for automated decision making or profiling.

Who data is shared with

We may have to share your data with certain third parties for example:
Other companies within our group;
Service providers who provide IT and system admin services;
Our insurers and insurance brokers;
Professional advisors including lawyers, auditors, accountants, insurers;
Any person or agency if we need to share that information to comply with the  law or to enforce any agreement we have with you or to protect the health and safety of any person;
HM Revenue and Customs and other authorities acting as processors or joint controllers;
Internal within our business to other employees, but constantly ensuring data required is used in line with GDPR purposes and significant security is maintained;
Applicable to Freelance personnel, we may request full names, dates of birth and passport information is supplied. This is to be used for the booking of flights and accommodation on your behalf. This information, may, at times, be shared with a third-party provider who books hotels and accommodation, but only third parties whom we have a trusted working relationship with.  

Where data is shared, we respect third parties to respect the security of your data and use it in accordance with the law. We do not allow any third-party service to use your personal data for their own purposes and only permit them to process data for specified purposes in accordance with our instructions.

Data is not shared outside the European Economic Area (EEA)

What rights do you have?

Under the General Data Protection Regulations, you have a number of important rights. These include the following rights:
request a copy of your information which we hold (subject access request);
require us to correct any mistakes in your information which we hold;
require the erasure of personal information concerning you in certain situations
require us to stop contacting you for direct marketing purposes;
object in certain other situations to our continued processing of your personal information;
restrict our processing of your personal information in certain circumstances;
object to decisions being taken by automated means which produce legal effects concerning you or which affect you significantly; and
receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations. You are allowed to opt out of consent for holding and using data at any time. Any information then held about you will be deleted promptly (within 14 days in most circumstances).

Further information on each of these rights is available from the Information Commissioner’s Office.

If you would like to exercise any of these rights, please:
email, call or write to us
let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
let us know the information to which your request relates, including any account or reference numbers, if you have them.

We will not charge any fee for any of these services in most cases.

Changes to the Privacy Policy

This Privacy Notice was published on 5th June 2018 and last updated on 15th March 2022. We may change this Privacy Notice from time to time. You should check this policy occasionally to ensure you are aware of the most recent version.

Do you need extra help?

If you would like this policy in another format (for example audio, large print, braille) please contact us (see contact details above).