Quality linen to compliment your special event.
Version: – December 2024
What is the purpose of this document?
Eastern Counties Laundries Limited (Company) is committed to protecting the privacy and security of your personal information. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the Data Protection Act 2018 and the UK GDPR.
Eastern Counties Laundries Limited is a “data controller”. This means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. This notice does not form part of any contract to provide services that we have entered into with you. We may update this notice at any time. It is important that you read this notice so that you are aware of how and why we are using such information.
The kind of information we hold about you
Personal data, or personal information, means any information that relates to an identified or identifiable person. It does not include data where the identity has been removed (anonymous data).
We will collect, store, and use the following categories of personal information about you:
· Personal contact details such as name, telephone number, e-mail address, mobile telephone number, postal address, and similar contact data.
· The name and contact details of your employer. · Payment details such as bank or payment card details.
· Video images of you.
· Location tracking data.
· Technical data, including IP addresses, log-in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website. · Marketing data, such as your preferences to receive marketing communications from us.
The more sensitive “special categories” of data include information about race, ethnicity, religious belief, sexual orientation, political opinions, health, genetic or biometric information and information about criminal offences or convictions. Processing of this data is prohibited unless one of the additional grounds in Article 9 of the UK GDPR applies. We do NOT currently collect, store or use any of the “special categories” of more sensitive personal information.
How is your personal information collected?
We collect personal information about you when you make an enquiry with us regarding our services (whether through our website or otherwise) and we will continue to collect personal information via our website, by email or letter, on the telephone or in person throughout our working relationship.
In relation to video images and GPS data this will be collected via our CCTV system and/or by any GPS enabled devices used by our members of staff including those in company vehicles.
We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.
How we will use your personal information, and the legal basis for this
We need all the categories of information in the list above (see paragraph headed “The kind of information we hold about you”) primarily to allow us to perform our contracts with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.
The specific situations in which we will process your personal information are listed below:
· If you are a customer, we will use your contact details for the purpose of entering into and performing our contract with you and processing and fulfilling your order etc. The basis for this processing will be that it is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into such a contract.
· If you are a supplier, we will use your contact details for the purpose of entering into and performing and enforcing our contract with you and administering our working relationship. The basis for this processing will be that it is necessary for the performance of our contract with you or in order to take steps at your request prior to entering into such a contract.
· If you are an employee of a customer or a supplier, we will use your contact details for the purpose of our and your employer’s legitimate business interests, namely providing or receiving the relevant services and performing our obligations under and/or enforcing the contract with your employer. · We may use your contact details to provide you with marketing information in relation to goods and services supplied by us which we believe may be of interest to you. The basis for this processing will be that it is necessary for the purpose of our legitimate interest in ensuring that you are aware of the full range of products and services which we offer.
· We will use your personal data to maintain our own administrative and accounting records and to fulfil related legal obligations to which we may be subject. The basis for this processing will be that it is necessary for compliance with legal obligations to which we are subject.
· We will use video images and GPS data for the purpose of security and prevention of crime and for the efficient administration of our business and to ensure that health and safety standards are complied with. The basis for this processing will be that it is necessary for the purpose of our legitimate interest ensuring the security and efficient administration of our business.
· We may use technical data to administer our website , to apply online security processes and for internal operations, including troubleshooting, data analysis, remote email access, cyber-security, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our services, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
The basis for this processing will be that is is necessary for our legitimate business interests to ensure you receive the best experience possible and that appropriate cyber-security measures are applied when accessing and using our website or otherwise communicating with us electronically. We will comply with our cookie policy when processing this information.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
If you fail to provide personal information
It is a contractual requirement for you to provide us with certain information. If you fail to provide that information when requested, we may not be able to enter into a contract with your or perform a contract we have entered into with you, or we may be prevented from complying with our legal obligations.
Automated decision-making
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
At present we do NOT use automated decision-making to process personal data.
Data sharing
We may need to share your personal information with third parties where required by law, where it is necessary as part of our working relationship with you or where we have another legitimate interest in doing so.
Which third-party service providers process my personal information?
“Third parties” includes third-party service providers (including contractors and designated agents).
We may share your data with third party processors who we engage to process your data on our behalf in order to allow us to provide our services to you, including:
Cloud Service Providers: Companies that provide cloud storage, hosting, or computing services.
Payment Processors: Third parties that handle payment transactions and financial data.
Marketing and Advertising Partners: Services that assist with marketing campaigns, online advertising, or data analytics.
Customer Support Platforms: Tools and services that facilitate customer service and support.
Analytics Providers: Companies that analyse website or user data for insights and performance improvement.
Email and Communication Services: Providers that manage email distribution, newsletters, or other forms of communication.
Social Media Platforms: Services that facilitate social media interactions or integrations.
IT Support and Maintenance: Providers involved in the upkeep and security of IT systems.
Legal and Compliance Services: Consultants or firms that offer legal advice and compliance checks.
Human Resources Services: Companies that handle HR processes, such as payroll and employee benefits.
Security Services: Firms specializing in data protection, security audits, or fraud prevention.
Data Enrichment Services: Providers that enhance or append additional information to your existing data.
Logistics and Delivery Services: Companies that handle the shipping or delivery of products.
Research and Development Partners: Organizations involved in R&D activities that may require access to personal data.
We may also work with third party partners who collect and process your data themselves as data controllers and share it with us. To the extent that these partners are responsible as data controllers for the collection and processing of your data you should refer to their privacy policies and terms of use before providing personal data to them.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
Transferring information outside the UK
We may transfer the personal information we collect about you to countries outside the UK in order to perform our contract with you. When we do so, we will determine whether there is an adequacy decision by the UK Government in respect of those countries or another lawful basis for the transfer under the Data Protection Act 2017 or the UK GDPR.
If, for any reason, we intend to transfer the personal information we collect about you to countries outside the UK for which there is no basis for transfer as above, we will write to you to advise you of the potential risks and to seek your explicit consent to the proposed transfer before it takes place.
Data security
We have put in place appropriate security measures, including encryption technology, to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties that need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data retention
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. If, for any reason, you cease to be a customer of the company, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
Hard copy documents are retained in our secure archive room for 7 years and after that period will be securely shredded. The basis for this retention period is that are required to retain these for tax and accounting compliance purposes.
We may retain digital information indefinitely for statistical and reporting purposes only unless you object to this by exercising your “right to erasure” as set out below.
Rights of access, correction, erasure, and restriction
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
· Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
· Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
· Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
· Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
· Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
· Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us at the details below:
• Company Secretary
• gdpr@countylinen.co.uk
• 28 Robjohns Road, Widford Ind. Estate, Chelmsford, Essex, CM13AF / 01245 352 577
No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it. Any information you provide to us will be processed by us in accordance with the terms of this policy strictly for the purpose of verifying your identity and dealing with your request. The basis for processing the information is that it is necessary for compliance with legal obligations to which we are subject.
Right to withdraw consent
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using the details listed above (see paragraph headed “Your rights in connection with personal information”). Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Compliance Director
We have appointed our Company Secretary to oversee compliance with this privacy notice and to answer any questions about how we process your personal information. Their details are listed above (see paragraph headed “Your rights in connection with personal information”).
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.