This privacy policy tells you

    • Who we are –Calabash. Calabash comprises Calabash Awnings Limited (07176428), Calabash Washroom and Hygiene Limited (07176387) and Calabash Management Limited (05120783).
    • The name and contact details of our Data Privacy Manager: David Richardson, email: davidr@calabash1.co.uk
    • What we do with your data – how and why we collect, store, use and share your personal data and who we share it with. Using data is called “processing”.
    • Your rights in relation to your data and how to raise an issue or complain.
    • We only collect and process data that is necessary for us to be able to provide services to you.

    What is personal data?

    Any information relating to you as an identified or identifiable individual.

    What is special category data?

    This is referred to in the Data Protection Act 1998 as sensitive personal information.

    What data do we collect about you?

    We collect the following personal data about you:

    • Your name, business address, telephone number(s) and email address(es).
    • Information relating to the matter on which you are seeking our services.
    • Your bank and/or building society details so that we can remit settlement or other funds to you if appropriate.

    This personal data is required from you to enable us to provide our service to you. If you do not provide personal data we ask for, it may delay or prevent us from providing services to you.

    How is your data collected?

    We collect this information from you direct.

    How and why do we use your data?

    Under data protection law, we can only use your personal data if we have a proper reason for doing so, for example:

    • to comply with our legal and regulatory obligations;
    • for the performance of our contract with you or the business you represent;
    • for our legitimate interests or those of a third party; or
    • if you have given consent. A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.

    The table below explains what we use your personal data for and our reasons for doing so:

    What we use your personal data for

    Our reasons

    To provide professional services to you.

    For the performance of our contract with you or the business you represent to take steps at your request before entering into a contract with another third party.

    Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.

    To comply with our accounting legal and regulatory obligations.

    Operational reasons, such as telephone reception services, issuing bills, resolving IT issues and improving efficiency, training and quality control.To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party.

    The above does not apply to special category personal data (sensitive personal information), which we will only process with your explicit consent and authorisation.

    Email bulletins and client survey

    We do not habitually use your personal data to send you any email bulletins or mailshots.

    We will always treat your data with the utmost respect and never share it with other organisations for marketing purposes.

    We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

    Who do we share your personal data with?

    We do not routinely in the course of providing services share your personal data with anyone but we may, on occasion and only where appropriate in the performances of our services share such information with:

    • third parties where necessary to carry out your instructions;
    • our insurer;
    • our external auditors, in relation to the audit of our accounts;
    • our bank.

    Where is your personal data held?

    Information may be held at our office, held securely by our Sales Team and we use cloud-based systems within the EU.

    How long will we keep your data?

    We will keep your personal data after we have finished utilising your services or providing you with ours. We will do so for one of these reasons:

    • to respond to any questions or complaints made by you or the business you represent;
    • to enable you to access that data if you should request;
    • to keep records required by law.

    We will not retain your data for longer than necessary for the purposes set out in this policy.

    What rights do I have around my data?

    You have the following rights, which you can exercise free of charge:

    • To access your data. We will provide you with a full copy on request;
    • To rectify your data to correct any mistakes you alert us to;
    • To be forgotten. Simply ask us to delete specific personal data. Please note that we may be unable to delete all data due to legal or regulatory requirements, but we may be able to suppress some elements of the data at your request;
    • To restrict our processing your data to certain activities specified by you;
    • To receive the personal data you provided to us in a structured, commonly used and machine-readableformat and/or to transmit that data to a third party on your instruction;
    • To object to the use of your data for direct marketing and certain other situations;
    • Not to be subjected to automated decision-making including profiling. We do not carry out this activity.

    For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General DataProtection Regulation.

    How can I exercise my rights?

    If you would like to exercise any of those rights, please email, call or write to our Data Protection Officer giving us enough information to identify you (name and business you represent) and let us know which right you would like to exercise and which data the request relates to.

    Security measures

    We use appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

    Data security breaches

    We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. You can get information on how to protect yourself online from www.getsafeonline.org which is supported by HM Government and leading businesses.

    Relevant law

    Our use of your personal data is subject to your instructions, the EU General Data Protection Regulation (GDPR), other relevant UK and EU legislation and our professional duty of confidentiality.

    Transferring your personal data out of the EEA

    To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area (EEA). These transfers are subject to special rules under European and UK data protection law.

    How can I complain?

    We hope that we can resolve any query or concern you may raise about our use of your information.

    The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.

    You can contact us at any time if you have any concerns

    Please contact our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you.

    We may change this privacy notice from time to time and will email you to inform you.