G Crook & Sons GDPR Privacy Policy (Updated as of 25th May 2018)

PRIVACY NOTICE

G Crook & Sons and its subsidiaries namely but not limited to: GCS Agricentre, The George Albert Hotel and Spa, The New Inn West Knighton, The Black Dog Broadmayne, G Crook & Sons Tyreworld, The Clay Pigeon Raceway, G Crook & Sons Angel Autos (hereinafter referred to as “We”, “Our” or “Us”).

OVERVIEW

Maintaining the security of your data is of paramount importance to us and we are committed to respecting your privacy rights.

This notice, which including without limitation applies when using any of our trading companies or information/trading websites such as but not limited to: www.gcrookandsons.co.uk , www.gcsagricentre.co.uk , www.gcsaa.co.uk , www.gahotel.co.uk , www.newinnwestknighton.co.uk , www.blackdogbroadmayne.co.uk , www.claypigeonraceway.com   provides you with information about:

 How we use your data
 What personal data we collect
 Who we share your data with
 How we ensure your privacy is maintained; and
 Your rights relating to your personal data
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.For the purpose of the General Data Protection Regulation (EU Regulation 2016/679, when applicable, the “GDPR”), and the EU Data Protection Directive (Directive 95/46/EC), the data controller is G Crook & Sons of Lower Glebe Farm, West Knighton, Dorchester, Dorset, DT28PE

 Information That We May Collect from You and Other Users:

Although the precise details of the personal information collected will vary according to the specific purpose for which we are collecting the information, we may collect and process the following data about you:

Information that you provide by filling in forms on our social media pages or on our websites, or via booking registration cards or new account forms. This includes information provided at the time of subscribing to any of our services, purchasing goods, posting material or requesting further services. We may also ask you for information when you report a problem with any of our websites.
If you contact us by phone, email or any other form of communication and your data is provided voluntarily, we may keep a record of those correspondence and details provided.
Please note that we may record and monitor telephone conversations that we have with you. The sole purpose of any recording is for training and quality control purposes. Under the GDPR any personal or confidential information disclosed shall not be made available to any third party (unless required by law to do so) or used for marketing purposes. Recorded conversations are deleted within three months after the recording was made.
Details of transactions you carry out through our website and of the fulfilment of your orders. 
USES MADE OF ANY INFORMATION COLLECTED:

We may use information held about you in the following ways:

To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
To carry out our obligations arising from any contracts entered into between you and us. For example, we pass your contact details to our courier company who may contact you via SMS to confirm delivery of your order. We may also notify you via SMS, telephone or email to advise you when your order is ready to be collected from any of our outlets. We may notify our suppliers of your details for any warranty purposes.
We may also notify you via SMS, telephone or email to confirm or communicate with you regarding hotel and restaurant bookings.
To notify you about changes to our service.
If you are an existing customer, we may contact you by electronic means or by phone with information about goods and services that we offer.
If you are a new customer, we will contact you by electronic means if you have consented to this.
We may use your personal information to contact you if there are any urgent safety or product recall notices to communicate to you where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any personal harm to you. It is in your vital interests for us to use your personal information in this way.
 

Third-party links:

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave any of our websites, we encourage you to read the privacy notice of every website you visit.

COOKIES:

For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our website and to deliver a better and more personalised service. They enable us:

To store information about your preferences, and so allow us to customise our websites according to your individual interests.
To speed up your searches.
To recognise you when you return to any of our websites.You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our website.Please note that our advertisers may also use cookies, over which we have no control.Cookies are small text files that are stored on your computer when you visit certain websites. We employ cookies to improve the performance and user experience of our website. It is notable that cookies do not harm your device and we do not store cookies which personally identify information.In order to shop from any of our trading websites, it is important that you allow all strictly necessary cookies.Your privacy is very important to us. We are committed to protect your privacy and safety when you visit or trade via any of the G Crook & Sons businesses or our websites.


DISCLOSURE OF YOUR INFORMATION:

In order to make certain that we provide the correct level of service and suitable products to you, we may need to share your personal data with third parties.

We may disclose your personal information to:Any member of the G Crook and Sons Group of Companies.
Our trusted service providers acting on our behalf who provide services such as: web hosting, order fulfilment, infrastructure provision, auditing services and other services to enable them to provide services;
Our courier companies who deliver your orders on our behalf;
Third party suppliers who manage our secure payment platform and credit card processing.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of G Crook & Sons, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
 

International Transfers:

It is sometimes necessary for us to share your data outside of the European Economic Area (EEA). This generally occurs when our service providers are located outside of the EEA or you are based outside of the EEA.

If this happens, we will ensure that the transfer will be compliant with the relevant data protections laws including the GDPR.

Our standard practice is to use standard contractual clauses which have been approved by the European Commission for such transfers.

How Do We Protect Your Data:

We are committed to keeping your personal data safe and secure and employ a number of security measures such as:

Monitoring and auditing our service providers to ensure they have an adequate level of protection and are GDPR compliant.
All credit and debit card payment transactions are initiated on our websites, phone bookings and internet bookings via internationally recognised and approved payment processing companies such as www.PayPal.com, www.welcomeanywhere.net, www.cultuzz.com,  Barclaycard Financial services, all of which have been vetted for their GDPR compliance with regards to processing personal data, and or via your online reservation provider i.e. www.bookings.com, www.expedia.com etc.
All information you provide to us is stored on our secure servers, and via encrypted data held on the cloud or google drive data storage servers.We use all reasonable, organisational, technical and administrative measures to protect personal information under our control. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to maximise any potential unauthorised access. 
Legal Basis for Processing Your Personal Data:

The personal data that you provide to us in order to purchase goods or create bookings for other services and other personal data generated for transactional agreements is processed as it is necessary for the performance of a contract with you.

All other personal data is processed for our legitimate interests (as set out below) and to comply with our legal obligations.

In general, we only rely on consent:

To send direct marketing communications to customers via email, Postal services or text message.
To contact existing and new customers by electronic means.
You have the right to withdraw your consent at any time. 
Our legitimate Business Interests

The normal legal basis for processing customer data, is that it is necessary for our legitimate business interests including:-

Selling and supplying goods and services to our customers;
Protecting customers, employees and other individuals and maintaining their safety, health and welfare;
Promoting, marketing and advertising our products and services;
Sending promotional communications which are relevant and tailored to individual customers;
Complying with our legal and regulatory obligations;
Preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
Handling customer contacts, queries, complaints or disputes;
Managing insurance claims by customers;
Protecting us and our employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us;
Effectively handling any legal claims or regulatory enforcement actions taken against us. 
Your Rights:

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

Right of access – you have the right to request a copy of the information that we hold about you, not already in the public domain.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
Right to judicial review: in the event that we refuse your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below in the “Contact” section.All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.You can also exercise the right at any time by contacting us at G Crook and Sons or our subsidiaries by any of the means outlined below.Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.


How Long Do We Keep Your Data:

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

Our standard procedures to manage data retention is to retain customer data for 7 years to support some of our parts warranty and or for Legal and or Financial requirements, where data is not required for these reasons it may be deleted before this period.

The email marketing unsubscribe message request will remove your details from marketing lists and wherever possible confirmation of your removal will be sent to your email address.

Data back-ups can take up to 30 days to remove specific data from the system

We will take all reasonable steps under Article 17 of the GDPR to meet data subject requests.

Changes to Our Privacy Policy:

Any changes we may make to our privacy policy in the future will be posted via our online privacy policy document which can be found as a link from any of our websites as listed in this document, or supplied as a hard copy or electronic copy by personal request, and where appropriate notified to you by e-mail or other means of direct communication.

 Contact:

If you have any questions about how we use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:

Email us on: enquiries@gcrookandsons.co.uk Subject: GDPR Enquiries
By Post to: GDPR Enquiries, G Crook & Sons, Lower Glebe Farm, West Knighton, Dorchester, Dorset, DT28PEYou have the right to make a complaint at any time to the local data protection supervisory authority which, for the UK, is the Information Commissioner’s Office (ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance and we will do our utmost to deal with any enquiries or issues that you may have in a timely and professional manor.