At Barton & Co, we are committed to protecting your privacy. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure. It applies to information we collect about:
- visitors to our websites;
- complainants and other individuals in relation to an enquiry;
- people who use our services; and
- job applicants and our current and former employees.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent to the contact information provided at the end of this Policy.
Please be aware that, in all circumstance, we will never collect sensitive information about you without your explicit consent. The personal information which we hold will be held securely in accordance with our internal security policy and the law. If we intend to transfer your information outside the EEA (European Economic Area) we will always obtain your consent first.
Visitors to our websites
When someone visits www.bartonand.co.uk we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.
People who email us
Any email sent to us, including any attachments, may be monitored and used by us for reasons of security and for monitoring compliance with office policy. Email monitoring or blocking software may also be used. Please be aware that you have a responsibility to ensure that any email you send to us is within the bounds of the law.
People who make a complaint or enquire with us
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We will keep personal information contained in complaint files in line with our retention policy. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
People who use Barton & Co’ services
Barton & Co offers various services to the public.
We have to hold the details of the people who have requested the service in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes. For example, we might use information about people who have subscribed to any of our services to carry out a survey to find out if they are happy with the level of service they received.
When people do subscribe to our services, they can cancel their subscription at any time and are given an easy way of doing this.
Job applicants, current, and former employees
When individuals apply to work at Barton & Co, we will only use the information they supply to us to process their application. Where we want to disclose information to a third party, for example where we want to take up a reference or obtain a ‘disclosure’ from the Criminal Records Bureau we will not do so without informing them beforehand unless the disclosure is required by law.
Once a person has taken up employment with us, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with Barton & Co has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
There are also circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics.
How you can access and update your information
Barton & Co tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the General Data Protection Regulation. If we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to Barton & Co for any personal information we may hold, you need to put the request in writing and address it to us at the address provided below, or email us.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct, update, amend, or remove it by, once again, contacting us.
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
In many circumstances we will not disclose personal data without consent. However when we investigate a complaint, for example, we will need to share personal information with the organisation or individual concerned and with other relevant bodies. However, there are circumstances where we can pass on personal data without consent for example, to prevent and detect crime and to produce anonymised statistics.
Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you mailings). However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes.
Please be reassured that we will not release your information to third parties for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime and to produce anonymised statistics.
You may opt out of receiving promotional communications from Barton & Co by using the unsubscribe link within each email, or emailing us to have your contact information removed from our promotional email list or registration database.
Although opt-out requests are usually processed immediately, please allow ten (10) business days for a removal request to be processed. Even after you opt out from receiving promotional messages from us, you may continue to receive transactional messages from us regarding Barton & Co’s services
Rights for individuals
1. THE RIGHT TO BE INFORMED
For data obtained directly from the data subject, we shall make this information available at the time the data are obtained.
For data not obtained directly from data subject, we shall inform them within a reasonable period of having obtained the data (within one month). If the data are used to communicate with the individual, then we shall inform them when the first communication takes place, at the latest. But if disclosure to another recipient is envisaged, then at the latest, we shall inform them before the data are disclosed.
2. THE RIGHT OF ACCESS
Individuals have the right to obtain confirmation that their data is being processed and access to their personal data free of charge.
Where requests are manifestly unfounded or excessive, in particular because they are repetitive, we may:
- Charge a reasonable fee taking into account the administrative costs of providing the information; or
- Refuse to respond.
3. THE RIGHT TO RECTIFICATION
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
If we have disclosed the personal data in question to third parties, we shall inform them of the rectification where possible. We shall also inform the individuals about the third parties to whom the data has been disclosed where appropriate.
4. THE RIGHT TO ERASURE
We shall process an individual’s request to delete or remove their personal data:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed.
- When the individual withdraws consent.
- When the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The personal data was unlawfully processed (i.e. otherwise in breach of the GDPR).
- The personal data has to be erased in order to comply with a legal obligation.
- The personal data is processed in relation to the offer of information society services to a child.
If we have disclosed the personal data in question to third parties, we shall inform them about the erasure of the personal data, unless it is impossible or involves disproportionate effort to do so.
We can refuse to comply with a request for erasure where the personal data is processed for the following reasons:
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation or for the performance of a public interest task or exercise of official authority;
- For public health purposes in the public interest;
- Archiving purposes in the public interest, scientific research historical research or statistical purposes; or
- The exercise or defence of legal claims.
5. THE RIGHT TO RESTRICT PROCESSING
Individuals have a right to 'block' or suppress processing of personal data.
We shall restrict the processing of personal data in the following circumstances:
- Where an individual contests the accuracy of the personal data, we shall restrict the processing until we have verified the accuracy of the personal data.
- When processing is unlawful and the individual opposes erasure and requests restriction instead.
- If we no longer need the personal data but the individual requires the data to establish, exercise or defend a legal claim.
If we have disclosed the personal data in question to third parties, we shall inform them about the restriction on the processing of the personal data, unless it is impossible or involves disproportionate effort to do so.
We shall inform individuals when we decide to lift a restriction on processing.
6. THE RIGHT TO DATA PORTABILITY
Individuals have a right to obtain and reuse their personal data for their own purposes across different services. We shall fulfil this right:
- On personal data an individual has provided to us;
- Where the processing is based on the individual’s consent or for the performance of a contract; and
- When processing is carried out by automated means.
We shall provide the personal data as a CSV file or MS Word document.
If the individual requests it, we may transmit the data directly to another organisation if this is technically feasible.
7. THE RIGHT TO OBJECT
Individuals have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling); and
On personal data processed for the performance of a legal task or our legitimate interests
We shall stop processing the personal data unless:
- We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
- The processing is for the establishment, exercise or defence of legal claims.
On personal data we process for direct marketing purposes
We shall stop processing personal data for direct marketing purposes as soon as we receive an objection.
We shall deal with an objection to processing for direct marketing at any time and free of charge.
8. RIGHTS IN RELATION TO AUTOMATED DECISION MAKING AND PROFILING
When processing personal data for automated decision making purposes
Individuals have the right not to be subject to a decision when:
- It is based on automated processing; and
- It produces a legal effect or a similarly significant effect on the individual.
We shall ensure that individuals are able to:
- Obtain human intervention;
- Express their point of view; and
- Obtain an explanation of the decision and challenge it.
This right does not apply if the decision:
- Is necessary for entering into or performance of a contract between you and the individual;
- Is authorised by law (e.g. for the purposes of fraud or tax evasion prevention); or
- Based on explicit consent.
When processing personal data for profiling purposes
The GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual, in particular to analyse or predict their performance at work, economic situation, health, personal preferences, reliability, behaviour, location, or movements.
- Ensure processing is fair and transparent by providing meaningful information about the logic involved, as well as the significance and the envisaged consequences.
- Use appropriate mathematical or statistical procedures for the profiling.
- Implement appropriate technical and organisational measures to enable inaccuracies to be corrected and minimise the risk of errors.
- Secure personal data in a way that is proportionate to the risk to the interests and rights of the individual and prevents discriminatory effects.
Our policy towards children
Barton & Co services are not directed to individuals under 13. We do not knowingly collect Personal Information from children under 13. If we become aware that a child under 13 has provided us with Personal Information, we will take steps to delete such information. If you become aware that a child has provided us with Personal Information, please contact us.
Data storage, transfer and security
Barton & Co takes security seriously. We take various steps to protect information you provide to us from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the information we collect, process and store, and the current state of technology.
Any sensitive information (such as credit or debit card details) is encrypted and protected using industry standard SSL (HTTPS). Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure.
Barton & Co, hosts data with hosting service providers within the EEA. The servers on which Personal Information is stored are kept in a controlled environment. While we take reasonable efforts to guard your Personal Information, no security system is impenetrable and due to the inherent nature of the Internet as an open global communications vehicle, we cannot guarantee that information, during transmission through the Internet or while stored on our systems or otherwise in our care, will be absolutely safe from intrusion by others, such as hackers. In addition, we cannot guarantee that any incidentally-collected Personal Information you choose to store on our Websites are maintained at levels of protection to meet specific needs or obligations you may have relating to that information.
Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Links to other websites
Complaints or queries
Barton & Co tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of Barton & Co collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
How to contact us
Barton & Co, 193c Reepham Road, Hellesdon, Norwich, Norfolk, NR6 5NZ