This
privacy notice provides you with details of how we collect and process your
personal data through our interactions with you.
By
providing us with your data, you warrant to us that you are over 13 years of
age.
Prolific
Payroll Limited is the data processor and we are responsible for your personal
data (referred to as “we”, “us” or “our” in this privacy notice).
Contact Details
Full
name of legal entity: Prolific Payroll Limited
Email
address:office@ajrandco.co.uk
Postal
address: 9 Nimrod Close, St Albans, Hertfordshire AL4 9XY
It
is very important that the information we hold about you is accurate and up to
date. Please let us know if at any time your personal information changes by
emailing us at office@ajrandco.co.uk
2. WHAT DATA DO WE COLLECT ABOUT YOU, FOR WHAT
PURPOSE AND ON WHAT GROUND WE PROCESS IT
Personal
data means any information capable of identifying an individual. It does not
include anonymised data.
We
may process certain types of personal data about you as follows:
- Identity Data may
include your first name, maiden name, last name, marital status, title, date of
birth and gender.
- Contact Data may
include your address, email address and telephone numbers.
- Financial Data may
include your bank account details.
- Transaction Data may
include details about payments between us and other details of purchases made
by you.
We
do not collect any Sensitive Data about you. Sensitive data refers to data that
includes details about your race or ethnicity, religious or philosophical
beliefs, sex life, sexual orientation, political opinions, trade union membership,
information about your health and genetic and biometric data. We do not collect
any information about criminal convictions and offences.
We
will only use your personal data when legally permitted. The most common uses
of your personal data are:
- Where we need to perform the contract between us.
- Where it is necessary for our legitimate interests
(or those of a third party) and your interests and fundamental rights do not
override those interests.
- Where we need to comply with a legal or regulatory
obligation.
Generally,
we do not rely on consent as a legal ground for processing your personal data.
We do not use any data for marketing communications.
Where
we are required to collect personal data by law, or under the terms of the
contract between us and you do not provide us with that data when requested, we
may not be able to perform the contract.
We
will only use your personal data for a purpose it was collected for or a
reasonably compatible purpose if necessary. For more information on this please
email us at office@ajrandco.co.uk.
In case we need to use your details for an unrelated new purpose we will let
you know and explain the legal grounds for processing.
We
may process your personal data without your knowledge or consent where this is
required or permitted by law.
3. HOW WE COLLECT YOUR PERSONAL DATA
We
collect data about you through a variety of direct interactions: You may provide data by filling in forms and
by communicating with us by post, phone, email or otherwise.
4. DISCLOSURES OF YOUR PERSONAL DATA
We
may have to share your personal data with the parties set out below for the
purposes set out in the table in paragraph 4 above:
- Service providers who provide IT and system
administration services.
- Professional advisers including lawyers, bankers,
auditors and insurers who provide consultancy, banking, legal, insurance, and
accounting services.
- HM Revenue & Customs, regulators and other
authorities based in the United Kingdom and other relevant jurisdictions who
require reporting of processing activities in certain circumstances.
We
require all third parties to whom we transfer your data to respect the security
of your personal data and to treat it in accordance with the law. We only allow
such third parties to process your personal data for specified purposes and in
accordance with our instructions.
5. DATA SECURITY
We
have put in place appropriate security measures to prevent your personal data
from being accidentally lost, used or accessed in an unauthorised way, altered
or disclosed. In addition, we limit access to your personal data to those employees,
agents, contractors and other third parties who have a business need to know
such data. They will only process your personal data on our instructions and
they are subject to a duty of confidentiality.
We
have put in place procedures to deal with any suspected personal data breach
and will notify you and any applicable regulator of a breach where we are
legally required to do so.
7. DATA RETENTION
We
will only retain your personal data for as long as necessary to fulfil the
purposes we collected it for, including for the purposes of satisfying any
legal, accounting, or reporting requirements.
To
determine the appropriate retention period for personal data, we consider the
amount, nature, and sensitivity of the personal data, the potential risk of
harm from unauthorised use or disclosure of your personal data, the purposes
for which we process your personal data and whether we can achieve those
purposes through other means, and the applicable legal requirements.
By
law, we have to keep basic information about our customers (including Contact,
Identity, Financial and Transaction Data) for six years after they cease being
customers for tax purposes.
In
some circumstances you can ask us to delete your data: see below for further
information.
8. YOUR LEGAL RIGHTS
Under
data protection laws you have rights in relation to your personal data that
include the right to request access, correction, erasure, restriction,
transfer, to object to processing, to portability of data and (where the lawful
ground of processing is consent) to withdraw consent.
You
can see more about these rights at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If
you wish to exercise any of the rights set out above, please email us at office@ajrandco.co.uk.
You
will not have to pay a fee to access your personal data (or to exercise any of
the other rights). However, we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive. Alternatively, we may refuse to
comply with your request in these circumstances.
We
may need to request specific information from you to help us confirm your
identity and ensure your right to access your personal data (or to exercise any
of your other rights). This is a security measure to ensure that personal data
is not disclosed to any person who has no right to receive it. We may also
contact you to ask you for further information in relation to your request to
speed up our response.
We
try to respond to all legitimate requests within one month. Occasionally it may
take us longer than a month if your request is particularly complex or you have
made a number of requests. In this case, we will notify you and keep you
updated.
If
you are not happy with any aspect of how we collect and use your data, you have
the right to complain to the Information Commissioner’s Office (ICO), the UK
supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint
so that we can try to resolve it for you.