Privacy Policy + TS&CS

PRIVACY POLICY NOTICE


The policy: This privacy policy notice is for this website; www.apricotbrunchbar.co.uk, served by Apricot, Unit 8 Bartle Court Business Centre, Rosemary Lane, PR4 0HF and governs the privacy of those who use it. The purpose of this policy is to explain to you how we control, process, handle and protect your personal information while browsing or using this website, including your rights under current laws and regulations. If you do not agree to the following policy you may wish to cease viewing / using this website. Policy key definitions:


  • “I”, “our”, “us”, or “we” refer to the business, Apricot
  • “you”, “the user” refer to the person(s) using this website.
  • GDPR means General Data Protection Act.
  • PECR means Privacy & Electronic Communications Regulation.
  • ICO means Information Commissioner’s Office.
  • Cookies mean small files stored on a users computer or device.


Processing of your personal data

Under the GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically using the following lawful bases. We are registered with the ICO under the Data Protection Register, our registration numbers are: ZA339617, ZA339591, ZA339914, ZA349343.

Data retention period: We will continue to process your information under this basis until you withdraw consent or it is determined your consent no longer exists.
Sharing your information: We do not share your information with third parties.

 

If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.

Your individual rights

Under the GDPR your rights are as follows.

  • the right to be informed;
  • the right of access;
  • the right to rectification;
  • the right to erasure;
  • the right to restrict processing;
  • the right to data portability;
  • the right to object; and
  • the right not to be subject to automated decision-making including profiling.

You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.

We handle subject access requests in accordance with the GDPR.

Internet cookies

We use cookies on this website to provide you with a better user experience. We do this by placing a small text file on your device / computer hard drive to track how you use the website, to record or log whether you have seen particular messages that we display, to keep you logged into the website where applicable, to display relevant adverts or content, referred you to a third party website.

Some cookies are required to enjoy and use the full functionality of this website.

We use a cookie control system which allows you to accept the use of cookies, and control which cookies are saved to your device/ computer. Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.

Data security and protection

We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.

Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you, as detailed in the processing of your personal data above. Any email marketing messages we send are done so through an EMS, email marketing service provider. An EMS is a third party service provider of software/ applications that allows marketers to send out email marketing campaigns to a list of users.

Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.

Any email marketing messages we send are in accordance with the GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time. See any marketing messages for instructions on how to unsubscribe or manage your preferences.

 

Privacy Notice for Job Applicants

 

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as prospective employees of our Company, of the types of data we process about you. We also include within this notice the reasons for processing your data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

 

  1. DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

 

  1. processing is fair, lawful and transparent
  2. data is collected for specific, explicit, and legitimate purposes
  3. data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  4. data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. data is not kept for longer than is necessary for its given purpose
  6. data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. we comply with the relevant GDPR procedures for international transferring of personal data

 

  1. TYPES OF DATA HELD

We keep several categories of personal data on our prospective employees in order to carry out effective and efficient processes. We keep this data in recruitment files relating to each vacancy and we also hold the data within our computer systems, for example, recruitment logs.

 

Specifically, we hold the following types of data:

 

  1. personal details such as name, address, phone numbers;
  2. name and contact details of your next of kin;
  3. your photograph;
  4. your gender, marital status, information of any disability you have or other medical information;
  5. right to work documentation;
  6. information on your race and religion for equality monitoring purposes;
  7. information gathered via the recruitment process such as that entered into a CV or included in a CV cover letter;
  8. references from former employers;
  9. details on your education and employment history etc;
  10. driving licence;
  11. criminal convictions.

 

  1. COLLECTING YOUR DATA

You provide several pieces of data to us directly during the recruitment exercise.

 

In some cases, we will collect data about you from third parties, such as employment agencies, former employers when gathering references or credit reference agencies.

 

Should you be successful in your job application, we will gather further information from you, for example, your bank details and next of kin details, once your employment begins.

 

  1. LAWFUL BASIS FOR PROCESSING

The law on data protection allows us to process your data for certain reasons only.

 

The information below categorises the types of data processing we undertake and the lawful basis we rely on.

 

  Activity requiring your data

 Lawful basis

   Carrying out checks in relation to your right to work in the UK

 Legal obligation

   Making reasonable adjustments for disabled employees

 Legal obligation

   Making recruitment decisions in relation to both initial and subsequent employment e.g. promotion

 Our legitimate interests

   Making decisions about salary and other benefits

 Our legitimate interests

   Making decisions about contractual benefits to provide to you

 Our legitimate interests

   Assessing training needs

 Our legitimate interests

   Dealing with legal claims made against us

 Our legitimate interests

   Preventing fraud

 Our legitimate interests

   

  1. SPECIAL CATEGORIES OF DATA

Special categories of data are data relating to your:

 

  1. health
  2. race
  3. ethnic origin
  4. political opinion

 

We carry out processing activities using special category data:

 

  1. for the purposes of equal opportunities monitoring
  2. to determine reasonable adjustments

 

Most commonly, we will process special categories of data when the following applies:

 

  1. you have given explicit consent to the processing
  2. we must process the data in order to carry out our legal obligations
  3. we must process data for reasons of substantial public interest
  4. you have already made the data public.

 

  1. FAILURE TO PROVIDE DATA

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to offer you employment, or administer contractual benefits.

 

  1. CRIMINAL CONVICTION DATA

We will only collect criminal conviction data where it is appropriate given the nature of your role and where the law permits us. This data will usually be collected at the recruitment stage, however, may also be collected during your employment. We use criminal conviction data to determine your suitability, or your continued suitability for the role. We rely on the lawful basis of (insert lawful basis – see above) to process this data.

 

  1. WHO WE SHARE YOUR DATA WITH

Employees within our company who have responsibility for recruitment will have access to your data which is relevant to their function. All employees with such responsibility have been trained in ensuring data is processing in line with GDPR.

 

Data is shared with third parties for the following reasons:

 

Legitimate Reasons

Legal Reasons/Contractual

Medical

 

We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

We do not share your data with bodies outside of the European Economic Area.

 

  1. PROTECTING YOUR DATA

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.

 

  1. RETENTION PERIODS

We only keep your data for as long as we need it for, which, in relation to unsuccessful candidates, is six months to a year.

 

If your application is not successful and we have not sought consent or you have not provided consent upon our request to keep your data for the purpose of future suitable job vacancies, we will keep your data for six months once the recruitment exercise ends.

If we have sought your consent to keep your data on file for future job vacancies, and you have provided consent, we will keep your data for nine months once the recruitment exercise ends. At the end of this period, we will delete or destroy your data, unless you have already withdrawn your consent to our processing of your data in which case it will be deleted or destroyed upon your withdrawal of consent.

 

Where you have provided consent to our use of your data, you also have the right to withdraw that consent at any time. This means that we will stop processing your data and there will be no consequences of withdrawing consent.

 

If your application is successful, your data will be kept and transferred to the systems we administer for employees. We have a separate privacy notice for employees, which will be provided to you.

 

  1. AUTOMATED DECISION MAKING

Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. We will make some decisions about you based on automated decision making (where a decision is taken about you using an electronic system without human involvement).

The decisions that are taken based on automated decision making, how the decisions are made, the significance of the decisions and the impact that it will have on the data subject.

 

  1. YOUR RIGHTS

You have the following rights in relation to the personal data we hold on you:

 

  1. the right to be informed about the data we hold on you and what we do with it;
  2. the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
  3. the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
  4. the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
  5. the right to restrict the processing of the data;
  6. the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
  7. the right to object to the inclusion of any information;
  8. the right to regulate any automated decision-making and profiling of personal data.

 

In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

 

If you wish to exercise any of the rights explained above, please contact 01772 319084 – Head Office

 

  1. MAKING A COMPLAINT

If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.

 

  1. DATA PROTECTION COMPLIANCE

 

Our Data Protection Officer is:

 

Apricot Head Office

01772 319084

 

Privacy Notice for Suppliers

 

In accordance with the General Data Protection Regulation (GDPR), we have implemented this privacy notice to inform you, as a supplier to our Company, of the types of data we process about you. We also include within this notice the reasons for processing such data, the lawful basis that permits us to process it, how long we keep your data for and your rights regarding your data.

 

  1. DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

 

  1. processing is fair, lawful and transparent
  2. data is collected for specific, explicit, and legitimate purposes
  3. data collected is adequate, relevant and limited to what is necessary for the purposes of processing
  4. data is kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay
  5. data is not kept for longer than is necessary for its given purpose
  6. data is processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures
  7. we comply with the relevant GDPR procedures for international transferring of personal data

 

  1. TYPES OF DATA HELD

We keep several categories of personal data on our company suppliers. We keep the relevant date in order for us to maintain a supply and demand relationships for our business.

 

Specifically, we hold the following types of data:

 

  1. Personal contact details such as name, address, phone numbers;
  2. Bank Details

 

  1. COLLECTING YOUR DATA

There are a number of pieces of data that is used during our professional relationship.

 

The main information is provided by yourself and/or through direction of one of your employees/team e.g. the accounts department

 

 

  1. LAWFUL BASIS FOR PROCESSING

The law on data protection allows us to process your data for certain reasons only.

 

The information below categorises the types of data processing we undertake and the lawful basis we rely on.

 

  Activity requiring your data

 Lawful basis

   Assessing business needs

 Our legitimate interests

   Dealing with legal claims made against us

 Our legitimate interests

   Preventing fraud

 Our legitimate interests

   

  1. FAILURE TO PROVIDE DATA

Your failure to provide us with data may mean that we are unable to fulfil our requirements for entering into a contract of employment with you. This could include being unable to administer contractual benefits and/or similar actions.

 

  1. WHO WE SHARE YOUR DATA WITH

Your data is kept internally within our company. This is only be relayed to the Accounts Department and if required, Company Director.

 

Data is only shared with third parties for the following reasons:

 

Legitimate Reasons

Legal Reasons/Contractual

 

We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us. We have a data processing agreement in place with such third parties to ensure data is not compromised. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

 

We do not share your data with bodies outside of the European Economic Area.

 

  1. PROTECTING YOUR DATA

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.

 

  1. RETENTION PERIODS

We only keep your data for as long as we need it for. Data will be correctly destroyed when it isn’t required.

 

  1. AUTOMATED DECISION MAKING

Automated decision making means making decision about you using no human involvement e.g. using computerised filtering equipment. We will make some decisions about you based on automated decision making (where a decision is taken about you using an electronic system without human involvement).

The decisions that are taken based on automated decision making, how the decisions are made, the significance of the decisions and the impact that it will have on the data subject.

 

  1. YOUR RIGHTS

You have the following rights in relation to the personal data we hold on you:


  1. the right to be informed about the data we hold on you and what we do with it;
  2. the right of access to the data we hold on you. We operate a separate Subject Access Request policy and all such requests will be dealt with accordingly;
  3. the right for any inaccuracies in the data we hold on you, however they come to light, to be corrected. This is also known as ‘rectification’;
  4. the right to have data deleted in certain circumstances. This is also known as ‘erasure’;
  5. the right to restrict the processing of the data;
  6. the right to transfer the data we hold on you to another party. This is also known as ‘portability’;
  7. the right to object to the inclusion of any information;
  8. the right to regulate any automated decision-making and profiling of personal data.

 

In addition to the above rights, you also have the unrestricted right to withdraw consent, that you have previously provided, to our processing of your data at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.

 

If you wish to exercise any of the rights explained above, please contact 01772 319084 – Head Office

 

  1. MAKING A COMPLAINT

If you think your data rights have been breached, you are able to raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.

 

  1. DATA PROTECTION COMPLIANCE

 

Our Data Protection Officer is: Apricot, 01772 319084


Share by: