Cornish EPOS & IT Services Ltd Organisation Privacy Notice (10/06/2022)
Our contact details
Name: Cornish EPOS & IT Services LTD
Address: Unit 8B, Duchy Business Centre, Wilson Way, Redruth, TR15 3RT
Phone Number: 0801120002
What type of information we have
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Financial Data includes bank account details
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased
- Technical Data includes internet protocol (IP) address, your login data, browser type and versions, operating system and platform and other technology on the devices you use to access this website
- Usage Data includes information about how you use our website, products, and services
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences
How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- request information about our services
- give us feedback
- contact us
We also receive personal information indirectly, from the following sources in the following scenarios:
- Automated technologies or interactions – As you interact with our website or receive our emails, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this information by using cookies and other similar technologies.
- Third parties or publicly available sources – We may receive Personal and Technical Data about you from various third parties and public sources:
- analytics providers, such as Google based outside the EU
- search information providers, such as Google based outside the EU
- Contact, financial and transaction data from providers of technical, payment and delivery services
- Identity and contact data from publicly available sources such as Companies House based inside the UK
- Identity and contact data where you have made information available in the public domain including posting on one of our social media pages such as Facebook, Twitter or LinkedIn depending on your settings or the privacy policies of these social media and messaging services
Other data which may relate to, or identify you, that is provided by a third-party and not explicitly requested.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation.
(c) We have a legal obligation.
(d) We have a vital interest.
(e) We need it to perform a public task.
(f) We have a legitimate interest.
What we do with the information we have
We use the information that you have given us in order to:
- The main purpose for which we process your Personal Data is so that we can provide you with products and services in accordance with the relationship you have with us
- Where it is necessary for your or our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
- Where we need to comply with a legal obligation
- Where we have received your information and specific consent to do so
We may share this information with carefully selected third parties to provide a service you have requested.
How we store your information
Your information is securely stored digitally, both ‘on-premise’ and in the ‘cloud’.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We are required for Accounting and Taxation purposes, to retain basic information (contact, identity, financial and transactional data) about you for up to seven years from the date the transaction took place.
Data will be permanently deleted once there is no legitimate interest or legal obligation to retain it.
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
We are however allowed to charge a reasonable fee if:
- your request is manifestly unfounded, where it appears you have no clear intention to access the information or your request is malicious in intent and the request to harass with no real purposes other than to cause that disruption.
- your request is repetitive, where we have already given you the information you request and you want a further copy, or your requests for date based, information are made for consecutive periods rather than as a single wider range.
- your request is excessive, where you have already made a request and submit a further request or repeats the substance of previous requests where a reasonable interval of time has not passed.
If we are to charge a fee to action your request, we will inform you why this is and detail the amount and how that amount is calculated. You may of course complain to the Information Commissioners Office if you feel this is unlawful, but we would ask you to discuss this with us first.
Please contact us at email@example.com, 08001120002 or Cornish EPOS & IT Services Ltd, Unit 8b, Wilson Way, Redruth, TR15 3RT if you wish to make a request.
How to complain
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113