This version dated: 01 October 2022
At Lansons, we (“we” or “us“) promise to safely process and store any personal data you share with us or that we receive indirectly as described below.
‘Personal data’ means information relating to you from which you can be identified such as name and contact details, biographical or professional information, areas of interest or anything revealing something about you personally that we may hold on file or on computer.
We strive to ensure that we are clear about how we will use the personal data we collect. We collect and process your personal data in accordance with applicable laws that regulate data protection and privacy.
We may directly collect personal data from you through one or more of the following:
We may indirectly collect personal data about you in one or more of the following ways:
We may also collect information about your computer and your visits to our website, including, where available, your computer’s IP address, geographical location, operating system, referral source, browser type, length of visit and number of page views. We do this using “cookies”. Cookies are small pieces of information sent by our Website to the browser on the computer or device you use to access this Website (e.g. Internet Explorer, Safari, Google Chrome or Firefox). We may use this information to:
You may refuse to accept cookies by closing the web browser or by activating the settings on your browser, which allows you to refuse the setting of cookies. However, if you select this you option may be unable to access certain parts of our Website or use all of its functionality.
The type and quantity of information we collect and how we use it depends on why you are providing it.
We will mainly collect:
We may use your data:
We ensure that there are appropriate technical controls in place to protect your personal details from being accessed or used on an unauthorised basis or to protect them from accidental loss, destruction or damage. For example, our online forms are always encrypted, and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff.
We may store or transfer your personal data outside of the European Union (EU)/European Economic Area (EEA) to our third party CRM database provider, Infusionsoft CRM, who hosts that data on computer servers based in the United States. The United States is one of the countries outside the EU/EEA whose laws are currently not considered to meet the same legal standards of protection for personal data as those set out under United Kingdom and EU data protection law.
However, in order to safeguard your personal data, we only conduct such a transfer under a contract or another appropriate mechanism which is authorised under applicable data protection law. This is to make sure that your personal data is safeguarded in accordance with the same legal standards that apply to us in the United Kingdom.
We may disclose your personal information to third parties in the following situations:
We will only ever share your personal data with third parties to use for their own purposes in other circumstances with your prior knowledge and, if in connection with marketing, where we have your specific, informed, freely given and unambiguous consent. Any third party data controllers external to us with whom we deal, as described above, will handle your personal data in accordance with their own chosen procedures and you should check the relevant privacy policies of these companies or organisations to understand how they may use your personal data. Since these controller organisations are acting outside of our control, we have no responsibility for their data processing practices.
If we get in touch with you for any of the reasons above, we will give you the opportunity to correct and update your information. You can also contact us on email@example.com at any time to let us know when your information needs correcting or updating.
Where a public source makes it clear that personal details we hold about you are out of date (e.g. a public announcement, press release or LinkedIn notification tells us that you have moved job), then we may use this information to update our records.
The period for which we keep your personal data usually depends on the purpose(s) for which your information was collected.
We will not keep your personal data for longer than necessary for that/those purpose(s) or unless we need to keep data for a longer period to comply with any legal requirements.
Lansons has a data retention policy that sets out the different periods we retain personal data for in accordance with our duties under applicable data protection law. The criteria we use for determining our data retention periods are based on:
Personal data that we no longer need to hold is securely disposed of and/or anonymised so you can no longer be identified from it.
We process your personal data for the above purposes relying on one or more of the following lawful grounds:
If we process sensitive personal data (or “special category data”) about you such as data relating to health, ethnic origin, religious/philosophical or political beliefs, trade union membership or sex life, we will only do this with your explicit consent; or, to protect your vital interests or those of someone else; and/or, where you have clearly publicised such data; and/or, where we need to use such data in connection with a legal claim.
Under data protection law, you have a legal right to request information about the personal data that we hold about you, what we use that personal data for and who it may be disclosed to, as well as certain other information (called a “subject access request“). Usually we will have one month to respond to such a subject access request, although in the case of complex requests, we may require a further two months to respond. We may also charge for administrative time in dealing with any manifestly unreasonable or excessive requests for access. We may also ask for further information to locate the specific information you seek before we can respond in full and may apply certain legal exemptions to some of the information we disclose when responding to a subject access request.
You also have the following rights, which are exercisable by making a request to us in writing:
All of these requests may be forwarded on to a third party data processor who is involved in the processing of your personal data on our behalf.
If you would like to exercise any of the above rights or if you have any concerns about how we use your personal data, please contact us via telephone on 020 7490 8828 or by e-mail at: firstname.lastname@example.org. You can also contact us by post at: Lansons, 24a St John Street, London EC1M 4AY.
When you make any request, you may be required to provide us with appropriate evidence so that we can verify your identity before we can respond.
If you make a request and are not satisfied with our response, or believe that we are illegally processing your personal data, you have the right to complain to the UK Information Commissioner’s Office (ICO) – see: https://ico.org.uk/concerns/.