Privacy Policy

Privacy Notice

The Valley CIDS data protection notice refers to our commitment to treat your information in line with good practice, legislation requirements and to protect clients, staff and other individuals as well as the organisation.

This policy covers all data subjects (living individuals) whose personal data is collected in line with UK Data Protection Laws.

The Personal Information we collect

Where you submit your personal information to us it will only be used for;

  • the purposes for which it was provided by you and any reasonably incidental purposes including providing you with the information that you request from us
  • support and administration purposes

Valley CIDS collects the following information from our clients

  • Name.
  • Address.
  • Email.
  • Phone Number.

The personal information gathered on the website

We may collect technical information relating to your use of our website, including your browser type or the Internet Protocol (IP) address used to connect your computer to the internet. We also gather general information about the use of our website, such as which pages users visit most often and which services, events or facilities are of most interest. We may also track which pages users visit when they click on links in emails.

We may use this information to personalise the way our website is presented when users visit, to make improvements to our website and to ensure we provide the best service for users. Wherever possible, we use aggregated or anonymous information which does not identify individual visitors to our website.

We will never request personal information about your health or the health of your family members or friends, unless we inform you how that information will be used and receive your express consent to use it.

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them, see our Cookie Policy.

When someone visits Valley CIDS we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be upfront about this.  We will make it clear when we collect personal information and will explain what we intend to do with it.

Links to other websites 

The Valley CIDS privacy policy does not cover the links within site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

The lawful basis to collect this information

We collect this information on the lawful basis for entering into or performance of a contract as well as consent and legitimate interest.

In certain circumstances, we may have to abide by a legal obligation which we may be subject to, including, but not limited to, sharing data with the HMRC or law enforcement agencies.  Where we do this, and we are legally permitted to, we will clearly inform you.

People who email us 

Any email sent to us, including any attachments, may be monitored and used by us for reasons of legitimate business, security and for monitoring compliance with office policy. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.

The storage location of information

All data is stored within the UK only.

Data security

Valley CIDS ensures all the best security practices are followed to ensure privacy by design is integral to the processing of information.

Retention of information

We will retain client data for a maximum period of 6 years after the contract has ended to enable us:

  • To comply with our regulatory obligations, tax, Health and Safety etc.
  • To protect ourselves in case of any legal claims against (Business Name)

All data will be removed following security best practices to ensure the data is fully deleted and unrecoverable.

Marketing

Where we use your information for marketing we rely on consent or, in some cases, legitimate interest.

You can stop any further direct marketing from us by:

  • clicking the unsubscribe link in emails we send at any time
  • contacting the Data Controller via the details in this notice

Information we share

As part of the client contract we need to share information with:

  • Other parties who are providing services as part of the agreed contract
  • Our Accountants who are Baldwins, 10-11 St James Court, Friar Gate, Derby, DE1 1BT
  • In the unfortunate event of debt recovery or legal action, we reserve the right to pass on your information to our representatives

Your rights

Under the UK Data Protection laws individual have the following rights:

  • Right to access – you have the right to request a copy of all data we hold about you;
  • Right to rectification – where any data we hold is incorrect, you have the right to ensure it is correct;
  • Right to be forgotten – if you no longer wish for us to hold your data, we will delete it unless we have a lawful reason not to;
  • Right to portability – you can ask us to provide your data to a third party in machine-readable format;
  • Right to restrict processing – since we only use this to contact you, there is no processing to restrict, we would simply delete the information wherever possible and in keeping with our own obligations.

If at any point you believe the information we process on you is incorrect, you may request to see this information and even have it corrected or deleted.  If you wish to raise a complaint about how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter.

If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office https://ico.org.uk/concerns.

Contacting us

If you would like further information about this Policy, please contact the Data Protection Officer at the following address, telephone number and email address:

The Saltpot, 13-14 The Green, Swanwick, Alfreton, Derbyshire, DE55 1BL.

Tel: 01773 609603

info@valleycids.co.uk

Business Transfers

If Valley CIDS or substantially all of its assets, are acquired, or in the unlikely event that Valley CIDS goes out of business or enters bankruptcy, user information would be one of the assets that are transferred or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer of Valley CIDS may continue to use your personal information as set forth in this policy. If this occurs you will be informed prior to the transfer.

Handling a Personal Data Breach 

In the event of a data breach, we will use the ICO standard reporting form, ICO Data Breach reporting template, and in the event that the data breach has a significant impact on the people affected we will inform them directly either via email or our website.

Changes to the Privacy Policy 

We keep our Privacy Policy under regular review (annually as a minimum). This Privacy Notice was last updated on 11th June 2018.