Date of publication: 28/03/2018
This is a public notice detailing how C S Ellis Group Limited uses your Personal Data. It documents:
- What Personal Data is (‘definitions’)
- Who we are
- How and why we use your Personal Data (‘purposes’)
- Your rights as a Data Subject
- How to interact with us
Your Personal Data is very important to us. We will endeavour to uphold your rights, treat your information with all due respect, and ever work to keep it held securely and in confidence.
We have sought to present this Privacy Notice in jargon-free plain-English. Some of the definitions below relate to legal concepts, so are provided for your reference. Should you have any queries, please do not hesitate to contact us and we will be happy to assist.
Information relating to living, identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, customers, suppliers and marketing contacts.
Personal Data we gather may include:
- Individuals' contact details,
- Educational background,
- Financial and pay details,
- Details of certificates and diplomas,
- Education and skills,
- Marital status,
- Job title, and job-related information
Special categories of Personal Data:
Sensitive Personal Data shall by definition include:
- Personal Data about an individual's racial or ethnic origin,
- Political opinions,
- Religious or similar beliefs,
- Trade union membership (or non-membership),
- Physical or mental health or condition,
- Criminal offences, or related proceedings
Any use of sensitive Personal Data should be strictly controlled in accordance with this policy.
The purposes for which Personal Data may be used by us: Personnel, administrative, operational, financial, regulatory, payroll and business development purposes.
Business purposes include the following:
- The legal and lawful delivery of our services
- Compliance with our legal, regulatory and corporate governance obligations and good practice
- Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
- Ensuring business policies are adhered to (such as policies covering email and internet use)
- Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
- Investigating complaints
- Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
- Monitoring staff conduct, disciplinary matters
- Marketing our business
- Improving our services
The electronic and physical locations where we store Personal Data.
Our business is the Data Controller for the Personal Data we directly capture from Data Subjects.
Our business acts as a Data Processor for other organisations for whom we deliver services. Similarly, our own subcontractors, and other service providers to whom we entrust Personal Data for the delivery of our services are legally considered our own Data Processors.
This is a legal consideration under data protection legislation. Data Subjects provide Consent for their Personal Data to be used for one or more explicit purposes relevant to the services provided by our business.
A Data Subject is a living, identifiable individual located within the European Union.
Personal Data Breach:
A Personal Data Breach is the unauthorised disclosure of Personal Data into an untrusted environment. One example may be accidentally emailing a spreadsheet containing Personal Data to an unintended recipient.
Who we are
Where you submit Personal Data to us directly, C S Ellis Group Limited is legally obligated as a ‘Data Controller’. In a capacity where we have been provided with your Personal Data by a partner organisation, we are legally obligated as a ‘Data Processor’.
Should you wish to interact with us regarding any query on Personal Data, our contact details are provided below.
Contact: Hayley Cook, HR Director
Telephone: +44 (0) 1780 720133
C S Ellis Group Limited
Registration Number: 00852320
Wireless Hill, South Luffenham, Oakham, Leicestershire, LE15 8NF
How and why we use your Personal Data
Data is collected to allow C S Ellis Group Limited to legally provide a service to its customers, to fulfil a service to its suppliers and lawfully employ individuals within the company.
C S Ellis Group Limited provides the following types of service:
- Transportation of goods
- Warehousing and Storage
- Re-work and Fulfilment
- Workshop and Recovery
- Export Packaging
- Pick and Pack
- Pallet network integration incl. Hazardous goods network
In order to be able to provide these services to you, we must be able to identify you in some manner, to be able to deliver your service to you specifically.
Where we are capturing your Personal Data to provide a service, we will always seek your Consent in order to do so.
Where we are provided with your Personal Data to legally fulfil a service to you that you have requested, we will endeavour to make you aware that we have processed and handled your Personal Data.
This Privacy Notice lays out how we will fulfil our obligations to you in the safe and legal treatment of your Personal Data. Should you have any queries, please contact us at any time using the contact details provided above.
We will never use your Personal Data for a business purpose without your explicit consent. If we require your Personal Data for any other Purpose we will seek you consent prior to undertaking any processing activity. For reference our business will only provide services to individuals aged over 18 years.
Your Personal Data
It is your responsibility to ensure the Personal Data we hold about you is accurate and up-to-date. Please contact us if you have any queries regarding your Personal Data.
Where you directly contract us to provide a service
We will only collect the necessary Personal Data to fulfil the service you have requested. Your Personal Data will be retained for no more than 12 months after the required purpose, except where we are bound by other legal obligations to do so.
Where we are provided with your Personal Data to fulfil a service on behalf of a partner
We will only accept the minimum Personal Data to be able to deliver the service. Your Personal Data will be retained for no longer than 12 months following the delivery of the service. The originating service provider may retain your Personal Data for longer, and you should speak with that party if you have any queries.
Your rights as a Data Subject
- You have the right to know what Personal Data we hold about you.
- You have the right to request we cease processing your Personal Data.
- You have the right to revoke your consent to your Personal Data being processed (except where necessary to legally delivery a contracted service).
- You have the right to request we not make decisions about you automatically and can prefer human intervention (where possible).
- You have the right to request that we not profile you based on your Personal Data without human intervention (where possible).
- You have the right to request we delete all Personal Data we hold about you (where legally we are able to do so).
- You have the right to request a copy of any Personal Data we hold about you, which must be provided to you in a commonly used electronic format.
- You have the right for your Personal Data to be stored and processed securely and have confidence that it will not be disclosed to an unauthorised party.
- You have the right to make a complaint if you are dissatisfied with the how we have honoured your rights.
It must be noted that there is no charge to request information from us. We are only permitted to make a charge if:
- Your request is unfounded.
- Your request is excessive.
- Your requests are repetitive in nature.
Interacting with us regarding your rights
Making a Subject Access Request
You have the right to request a copy of the Personal Data we hold about you. This request must be made in writing, by email or post, to the contact details provided above.
We will acknowledge receipt of your request and will respond to the request at the latest within 20 working days from said receipt. When making your request, you must provide all necessary information to support your query, including:
- Your name and contact details
- The reason for your request
- How we can contact you
There are exemptions to Subject Access Requests that may prevent us from honouring your request. This may include the request being overly broad, or your request may infringe the rights of another individual. We will always attempt to honour your request and will fully explain, if we are unable to do so, why, and what can be done to progress the request further.
Your right to receive data in a commonly used electronic format
Due to the nature of the services we provide, it may be that we are unable to honour all requests. We will always seek to provide you with data that you or your service provide can easily reuse.
Your right to request we restrict processing
You have the right to request that we restrict processing any Personal Data we hold about you. This request should be made in writing to the contact identified above, stating the reason for your request, and the timeframe required for processing to be restricted. We will acknowledge your request and respond within 5 working days.
Your right to request the deletion of Personal Data
You have the right to request that we delete or destroy any Personal Data that we hold on you. This request should be made in writing, by post or email, to the contact identified above. We will acknowledge your request and respond within 5 working days. We may be unable to honour requests that infringe on our other legal obligations, or in relation to a dispute, or where the deletion affects the rights of another party.
Your rights in relation to automated decision making and profiling
We do not make use of Personal Data for automated decision making or profiling in the delivery of our services to you. If you believe this not to be the case, please contact us.
Making a complaint
You have the right to make a complaint if we fail to honour your rights. We hope you never have need to complain about our service, however if you do, our business operates a three-stage complaints process, as follows:
- In the first instance please send in writing, by post or email, your complaint to the contact named above. We will acknowledge receipt of your complaint. You will receive a response within two working days.
- 2. If we fail to resolve your issue with our response, you may escalate your complaint to our Chief Executive Officer. Please indicate in writing, again either by post or email, for your desire for the complain to be escalated. We will acknowledge receipt of your complaint and will respond to you within 5 working days.
- 3. If you remain dissatisfied with how we have handled your complaint, you have the right to seek redress through the data protection supervisory authority. Please assemble all necessary information and submit your complaint here: http://www.ico.org.uk
Securing your Personal Data
We undertake comprehensive technical measures to reduce the likelihood your Personal Data will be accessed by an unauthorised party. For security we cannot disclosure all measures undertaken, however we are able to comment that our organisation seeks at all times to comply with (at the very least) the requirements of the following specifications:
● Cyber Essentials
● GDPR Essentials
We will always endeavour to store and process your Personal Data within the geographic confines of the European Economic Area (‘EEA’). If we are unable to do so, we will always ensure that our Data Processors comply with the same or greater level of assurance over use of your Personal Data than ourselves.
In the event of a Personal Data Breach
As a responsible Data Controller and Data Processor, in the event that Personal Data is disclosed to unauthorised individuals, we will notify you in writing as soon as possible. We take a great number of precautions to prevent this from happening, however should an incident arise we will detail what Personal Data was affected and the steps we are taking to manage the issue going forwards.
Our use of Data Processors
It is possible that we may entrust your Personal Data to other businesses to help us deliver our service to you. Our business will only operate with partners that adhere to a similar or greater level of assurance than ourselves. When you request a service from us, to legal discharged the contract entered into, we must always assume your Consent for Personal Data to be shared with partners where strictly necessary to do so.
Your feedback is very important to us. Should you have any queries, or desire any clarification regarding this Privacy Notice, please contact us and we will be happy to discuss with you.