Prospect Collection (referred to as ‘we’ / ‘us’ / ‘I’ / ‘me’ / ‘our’) are committed to protecting and respecting your privacy.
This policy (together with our T’c & C’c and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting prospectcollection.com you are accepting and consenting to the practices described in this policy.
For the purpose of the EU General Data Protection Regulation (GDPR) (the Act), the data controller is Thomas Pearson of 32 Hafod Road, Hereford, Herefordshire, HR1 1SG.
Information we may collect from you
We may collect and process the following data about you:
You may give us information about you by filling in forms on our site http://www.prospectcollection.com (our site) or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site or by telephone, participate in discussion boards or other social media functions on our site, enter a competition, promotion or survey, contact us with a view to sell us products and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, the sector you work in or are interested in, financial and credit card information, personal description and photographs.
Information we collect about you. With regard to each of your visits to our site we may automatically collect the following information:
technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number.
Information we receive from other sources. We may receive information about you if you use any of the other websites we operate or the other services we provide. In this case we will have informed you when we collected that data that it may be shared internally and combined with data collected on this site. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them.
Uses made of the information
We use information held about you in the following ways:
Information you give to us. We will use this information to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about;
to provide you, or permit selected third parties to provide you, with information about goods or services we feel may interest you. If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale or negotiations of a sale to you. If you are a new customer, and where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please tick the relevant box situated on the form on which we collect your data (the [order form OR registration form]);
to notify you about changes to our service;
to ensure that content from our site is presented in the most effective manner for you and for your computer.
Information we collect about you. We will use this information:
to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
to allow you to participate in interactive features of our service, when you choose to do so;
as part of our efforts to keep our site safe and secure;
to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them.
Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties including:
Business partners, suppliers and sub-contractors for the performance of any contract we enter into with [them or] you.
Advertisers and advertising networks that require the data to select and serve relevant adverts to you and others. We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.
Analytics and search engine providers that assist us in the improvement and optimisation of our site.
Credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
If all of the assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our T’s & C’s and other agreements; or to protect the rights, property, or safety of Prospect Collection, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Where we store your personal data
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted [using SSL technology]. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act.
Data Privacy Notice for Clients & Suppliers
We are committed to protecting and respecting your privacy.
This policy (together with our T’s & C’s and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller - A controller determines the purposes and means of processing personal data.
Data processor - A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data - The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data - The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing - means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party - means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Who are we?
Thomas Pearson is the data controller. This means he decides how your personal data is processed and for what purposes. Contact details are: Thomas Pearson, 32 Hafod Road, Hereford, Herefordshire, HR1 1SG.
The purpose(s) of processing your personal data
We use your personal data for the following purposes:
We process personal information to enable us to buy, sell, promote and advertise our products and services; maintain our own accounts and records; support and manage our employees; the trading and sharing of personal information; to inform individuals of news, events or activities; the use of CCTV systems for crime prevention.
Description of processing:
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
You may give us information about you by filling in forms on our site www.prospectcollection.com or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, participate in discussion boards or other social media functions on our site,[enter a competition, promotion or survey, and when you report a problem with our site.
The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we may process the following categories of your data:
lifestyle and social circumstances
education and employment details
goods and services
Special categories of data: visual images, personal appearance and behaviour (CCTV)
We have obtained your personal data from you contacting us either through our website, or by email or telephone when you have contacted us with a view to you buying from us, or selling to us. We may obtain your personal data when you engage with us on our social media sites. In the case of potential suppliers we may find your details online and contact you.
What is our legal basis for processing your personal data?
Personal data (article 6 of GDPR)
Our lawful basis for processing your general personal data may be one or more of the following:
Consent of the data subject;
You have actively consented with a positive opt-in. We maintain a record of your consent.
Processing necessary for the performance of a contract with the data subject or to take steps to enter into a contract
We have a contract with the individual and we need to process their personal data to comply with our obligations under the contract.
We haven’t yet got a contract with the individual, but they have asked us to do something as a first step (eg provide a quote or make an offer to purchase something) and we need to process their personal data to do what they ask.
When a data subject makes an online purchase, a controller processes the address of the individual in order to deliver the goods. This is necessary in order to perform the contract.
Processing necessary for compliance with a legal obligation
- An employer needs to process personal data to comply with its legal obligation to disclose employee salary details to HMRC. The employer can point to the HMRC website where the requirements are set out to demonstrate this obligation. In this situation it is not necessary to cite each specific piece of legislation.
- A court order may require you to process personal data for a particular purpose and this also qualifies as a legal obligation.
- For instance the company has a legal requirement to record and notify HMRC of all sales under the EC Sales list.
Processing necessary to protect the vital interests of a data subject or another person
An individual is admitted to the A & E department of a hospital with life-threatening injuries following a serious accident at work. The disclosure to the hospital of the individual’s medical history is necessary in order to protect his/her vital interests.
Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject
- We have a legitimate interest in marketing our goods to existing customers to increase sales’.
The GDPR does not have an exhaustive list of what purposes are likely to constitute a legitimate interest. However, the recitals do say the following purposes constitute a legitimate interest:
ensuring network and information security; or
Indicating possible criminal acts or threats to public security.
Therefore, if you are processing for one of these purposes you may have less work to do to show that the legitimate interests basis applies.
The recitals also say that the following activities may indicate a legitimate interest:
processing employee or client data;
direct marketing; or
Administrative transfers within a group of companies.
Special categories of personal data (article 9 of GDPR)
Our lawful basis for processing your special categories of data:
Explicit consent of the data subject
Processing necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement
Processing necessary to protect the vital interests of a data subject or another individual where the data subject is physically or legally incapable of giving consent
Processing carried out by a not-for-profit body with a political, philosophical, religious or trade union aim provided that the processing relates only to members or former members (or those who have regular contact with it in connection with those purposes); and there is no disclosure to a third party without consent
Processing relates to personal data manifestly made public by the data subject
Processing necessary for the establishment, exercise or defence of legal claims or where courts are acting in their judicial capacity
Processing necessary for reasons of substantial public interest on the basis of EU or Member State law
Processing necessary for reasons of preventative or occupational medicine, for assessing the working capacity of an employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of EU or Member State law or a contract with a health professional
Processing necessary for the reasons of public interest in the area of public health
Processing necessary for archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only with appropriate recipients, required to fulfil our contract with you or our legal responsibilities, for example delivery companies; or HMRC for taxation purposes.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary, such as for a period of 7 years in order to fulfil any legal duties for financial or legal record keeping. Examples include: in case of any legal claims/complaints; for safeguarding purposes etc.
Providing us with your personal data
You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to do so may have the following consequences: we may be unable to fulfil our contract with you (for example, if you do not provide your address we may not be able to arrange a collection or a delivery to you.)
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of the personal data which we hold about you;
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary to retain such data;
The right to withdraw your consent to the processing at any time, WHERE CONSENT WAS YOUR LAWFUL BASIS FOR PROCESSING THE DATA;
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
Transfer of Data Abroad
We do not transfer personal data outside the eea.
Automated Decision Making
WE DO NOT USE ANY FORM OF AUTOMATED DECISION MAKING IN OUR BUSINESS.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
How to make a complaint
To exercise all relevant rights, queries or complaints please in the first instance contact Thomas Pearson, 32 Hafod Road, Hereford, HR1 1SG.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office on 03031231113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
We use closed circuit television (CCTV) images to provide a safe and secure environment for employees and for visitors to the Company’s business premises, such as clients, customers, contractors and suppliers, and to protect the Company’s property.
This policy sets out the use and management of the CCTV equipment and images in compliance with the EU General Data Protection Regulation (GDPR) and the CCTV Code of Practice.
The Company’s CCTV facility records images only. There is no audio recording i.e. conversations are not recorded on CCTV (but see the section on covert recording).
Purposes of CCTV
The purposes of the Company installing and using CCTV systems include:
To assist in the prevention or detection of crime or equivalent malpractice.
To assist in the identification and prosecution of offenders.
To monitor the security of the Company’s business premises.
To ensure that health and safety rules and Company procedures are being complied with.
To assist with the identification of unauthorised actions or unsafe working practices that might result in disciplinary proceedings being instituted against employees and to assist in providing relevant evidence.
To promote productivity and efficiency.
Location of cameras
Cameras are located at strategic points throughout the Company’s business premises, principally at the entrance and exit points. The Company has positioned the cameras so that they only cover communal or public areas on the Company’s business premises and they have been sited so that they provide clear images. No camera focuses, or will focus, on toilets, shower facilities, changing rooms, staff kitchen areas, staff break rooms or private offices.
All cameras (with the exception of any that may be temporarily set up for covert recording) are also clearly visible.
Appropriate signs are prominently displayed so that employees, clients, customers and other visitors are aware they are entering an area covered by CCTV.
Recording and retention of images
Images produced by the CCTV equipment are intended to be as clear as possible so that they are effective for the purposes set out above. Maintenance checks of the equipment are undertaken on a regular basis to ensure it is working properly and that the media is producing high quality images.
Images may be recorded either in constant real-time (24 hours a day throughout the year), or only at certain times, as the needs of the business dictate.
As the recording system records digital images, any CCTV images that are held on the hard drive of a PC or server are deleted and overwritten on a recycling basis and, in any event, are not held for more than [one month) Once a hard drive has reached the end of its use, it will be erased prior to disposal.
Images that are stored on, or transferred on to, removable media such as CDs are erased or destroyed once the purpose of the recording is no longer relevant. In normal circumstances, this will be a period of (one month). However, where a law enforcement agency is investigating a crime, images may need to be retained for a longer period.
Access to and disclosure of images
Access to, and disclosure of, images recorded on CCTV is restricted. This ensures that the rights of individuals are retained. Images can only be disclosed in accordance with the purposes for which they were originally collected.
The images that are filmed are recorded centrally and held in a secure location. Access to recorded images is restricted to the operators of the CCTV system and to those line managers who are authorised to view them in accordance with the purposes of the system. Viewing of recorded images will take place in a restricted area to which other employees will not have access when viewing is occurring. If media on which images are recorded are removed for viewing purposes, this will be documented.
Disclosure of images to other third parties will only be made in accordance with the purposes for which the system is used and will be limited to:
The police and other law enforcement agencies, where the images recorded could assist in the prevention or detection of a crime or the identification and prosecution of an offender or the identification of a victim or witness.
Prosecution agencies, such as the Crown Prosecution Service.
Relevant legal representatives.
Line managers involved with Company disciplinary and performance management processes.
Individuals whose images have been recorded and retained (unless disclosure would prejudice the prevention or detection of crime or the apprehension or prosecution of offenders).
The Owner of the Company (or another senior director acting in their absence) is the only person who is permitted to authorise disclosure of images to external third parties such as law enforcement agencies.
All requests for disclosure and access to images will be documented, including the date of the disclosure, to whom the images have been provided and the reasons why they are required. If disclosure is denied, the reason will be recorded.
Individuals’ access rights
Under the EU General Data Protection Regulation (GDPR), individuals have the right on request to receive a copy of the personal data that the Company holds about them, including CCTV images if they are recognisable from the image.
If you wish to access any CCTV images relating to you, you must make a written request to the Company’s Data Protection Officer. Your request must include the date and approximate time when the images were recorded and the location of the particular CCTV camera, so that the images can be easily located and your identity can be established as the person in the images. The Company will respond promptly and in any case within 40 calendar days of receiving the request.
The Company will always check the identity of the employee making the request before processing it.
The Data Protection Officer will first determine whether disclosure of your images will reveal third party information as you have no right to access CCTV images relating to other people. In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy.
If the Company is unable to comply with your request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, you will be advised accordingly.
The Company will only undertake covert recording with the written authorisation of the Owner of the business (or another senior acting in their absence) where there is good cause to suspect that criminal activity or equivalent malpractice is taking, or is about to take, place and informing the individuals concerned that the recording is taking place would seriously prejudice its prevention or detection.
Covert monitoring may include both video and audio recording.
Covert monitoring will only take place for a limited and reasonable amount of time consistent with the objective of assisting in the prevention and detection of particular suspected criminal activity or equivalent malpractice. Once the specific investigation has been completed, covert monitoring will cease.
Information obtained through covert monitoring will only be used for the prevention or detection of criminal activity or equivalent malpractice. All other information collected in the course of covert monitoring will be deleted or destroyed unless it reveals information which the Company cannot reasonably be expected to ignore.