- Introduction and General Terms
In order to provide you with a full range of services, we are sometimes required to collect information about you.
Occasionally our website and blogs contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies, including cookies, and we urge you to review them. They will govern the use of personal information you submit or are collected by cookies whilst visiting these other websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
- What information will Lucketts Dairy Ltd collect about me?
When you register for an online account with us we may ask for personal information about you. This can consist of information such as your name, e mail address, postal address, telephone or mobile number. Different web-pages may ask for different personal information.
By entering your details in the fields requested, you enable the Lucketts Dairy Ltd to provide you with the services and products you select. In fact some services cannot be provided without some of the details mentioned.
IP addresses are used to identify the location of users, the number of visits from different countries and also to block disruptive use; and to analyse and improve the services offered on our website. e.g. to provide you with the most user-friendly navigation experience.
- How will Lucketts Dairy Ltd use the information they collect about me?
We will use your personal information for a number of purposes including the following:
For providing services to you in the way of delivering goods to your address.
Replying to your enquiries and requests.
Sending emails to you regarding changes to our services, products, prices or delivery schedule.
Sending automated electronic communications relating to your account, such as your bill or payment reminder.
Including you in occasional prize draws or other reward based events run by ourselves.
Where we propose using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for your use other than as listed above.
- When will Lucketts Dairy Ltd contact me?
Lucketts Dairy Ltd may contact you:
In relation to the order you have placed on the website to ensure that we can deliver the services to you;
When we need to request payment for goods or services provided;
Where you have opted to receive further correspondence;
When we need to advise you of changes to prices or terms of service or delivery days.
- Will I be contacted for marketing purposes?
Lucketts Dairy Ltd won’t contact you for general marketing purposes, or promote new or a third party’s services to you unless you specifically agree to be contacted for these purposes.
We may occasionally contact you with news or information about products you already buy from us (dairy goods and groceries) if the price or product is changing. If you do not wish to be contacted about these please let us know by email.
- Will Lucketts Dairy Ltd share my personal information with anyone else?
We will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies).
- New GDPR Guidlines
Having read and studied the options and the required lawful basis for processing customer’s data here at Lucketts Dairy Ltd we have decided on: Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
What is the ‘legitimate interests’ basis?
Article 6(1)(f) gives you a lawful basis for processing where:
“processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”
This can be broken down into a three part test:
Purpose test: are you pursuing a legitimate interest?
Necessity test: is the processing necessary for that purpose?
Balancing test: do the individual’s interests override the legitimate interest?
A wide range of interests may be legitimate interests. They can be your own interests or the interests of third parties, and commercial interests as well as wider societal benefits. They may be compelling or trivial, but trivial interests may be more easily overridden in the balancing test.
The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra group transfers, or IT security as potential legitimate interests, but this is not an exhaustive list. It also says that you have a legitimate interest in disclosing information about possible criminal acts or security threats to the authorities. ‘Necessary’ means that the processing must be a targeted and proportionate way of achieving your purpose. You cannot rely on legitimate interests if there is another reasonable and less intrusive way to achieve the same result. You must balance your interests against the individual’s interests. In particular, if they would not reasonably expect you to use data in that way, or it would cause them unwarranted harm, their interests
are likely to override yours. However, your interests do not always have to align with the individual’s interests. If there is a conflict, your interests can still prevail as long as there is a clear justification for the impact on the individual
Customer data is only ever used in a way a customer can reasonably expect, it is never forwarded on for marketing purposes and may only be used to promote goods or services provided by Lucketts Dairy that the customer may have a genuine interest in purchasing or using or for the issuing of vital information including invoicing.
Written consent is always gained upon the setting up of a Direct Debit instruction and is provided in the form of a physical mandate with the customers signature. This is a positive opt in service and Lucketts Dairy will be unable to process your Direct Debit request without this consent.
Lucketts Dairy collect and hold a range of data including:Customer full name including title
Customer full address including postal code
Customer mobile telephone number
Customer home telephone number
Customer email address
Customer holiday information
Customer account numbers
Customer sort codes
Customer bank address
It is your right at any time to request the information that we hold on your account, make any alterations to the information we have on your account and also to have this information permenantly erased. Lucketts Dairy has the capability to ensure the safe and correct disposal of any sensitive information that we hold. Requests for information will be dealt with in a timely fashion and well within the new GDPR guidlines of 28 days. Information will be provided in a clear, understandable and transparent format that is widely accessable and may be provided in printed form upon request. Requests for access to the information we hold may be made either in writing or verbally. It is a legal requirement that access to data may only be provided upon proof of the identity of the persons requesting it.
The right to rectification or completion of data. Individuals have the right to have personal data rectified if it is inaccurate or completed if it is incomplete. An individual can make a request for rectification verbally or in writing. Lucketts Dairy will respond to any request within 28 days of receipt. Verification of a persons identity must be carried out before any alterations to an account may be made. Lucketts Dairy will continue to complete regular reviews of the information held to ensure it is up to date, correct and adequate for the purposes we are processing for.
Right to erasure including retention and disposal. Individuals have the right to be forgotten and request erasure when deliveries have ceased and are no longer required as long as the account has been settled and there are no outstanding balances. Individuals also have the right to be forgotten and request erasure if data has been collected unlawfully or unlawfully processed. Individuals may request to be forgotten either verbally or in writing. Lucketts Dairy will carry out ID verification before any request to be forgotten is processed. Lucketts Dairy will respond to any request to be forgotten within the 28 days GDPR timescale. Lucketts Dairy may refuse a request to be forgotten if there is a need to exercise or defend a legal claim or if the information is required for statistical purposes
The right to limit the processing of your data. Individuals have a right to block or restrict the processing of their personal data. When processing is restricted, we are permitted to store the personal data, but not further process it. We can retain just enough information about the individual to ensure that the restriction is respected in the future. A restriction may be placed on your account either in writing or verbally however checks will be made to ensure proof of identity.
Right to Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. They can receive personal data or easily move, copy or transfer that data from one business to another in a safe and secure way. Lucketts Dairy has systems enabling the secure transfer, copy or movement of personal data via CSV file. Lucketts Dairy is able to provide CSV file data free of charge and can transfer the data directly to another business if required. Requests for data porting may be made verbally or in writing however reasonable measures will be taken to ensure customer identity. Requests will be dealt with within the recommended GDPR timescale of one month from receipt of the request.
The Right to Object – Individuals have a right to object to the processing of their personal data in certain circumstances. Lucketts Dairy does not and does not intend to share or distribute data with any third party. Data will only be used by Lucketts Dairy for the purposes of providing a service and as such the right to object is overall not needed. However, if the individual feels their data has been processed outside of their legitimate interest, Lucketts Dairy will cease processing that data immediately and investigate further. Requests for objection may be made verbally or in writing however reasonable measures will be taken to ensure the personal identity of the individual. Requests will be dealt with within the recommended GDPR timescale of one month from receipt of the request.
Rights related to automated decision making including profiling – Lucketts Dairy has identified that none of its processing operations constitute automated decision making and have therefore included no addition procedures. The GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual, in particular to analyse or predict their: * performance at work; * economic situation; * health; * personal preferences; * reliability; * behaviour; * location; or * movements. If an individual disagrees with Lucketts Dairy’s decision on this matter contact must be made immediately either verbally or in writing, reasonable measures will be taken to ensure personal idenitity. Requests will be dealt with within the recommended GDPR timescale of one month from receipt of the request.
Lucketts Dairy does not use any outside of third party processor and therefore it is not applicable at this time to ensure a contract is in place for these purposes. If however in future a third party processor was required, Lucketts Dairy would only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.
Lucketts Dairy management has carefully considered and assessed the type and sensitivity of the data that it holds and has concluded that internal technical measures are sufficient to protect the data that the company holds on its client base. For instance all basic information is encrypted with passwords only accessible by senior members of staff or those with GDPR training. Complex data such as account details and signatures are filed under pseudonyms in physical form away from normal day to day paperwork, these documents are again only accessible by required senior members of staff and those that are GDPR trained.
Lucketts Dairy recognises the importance of Data Protection Impact Assessments (DPIA’s) and should the business begin a large scale project involving personal data, it has the means and knowledge to perform a DPIA beforehand to identify and reduce any risk to that data. DPIA’s would be carried out locally and independently, it has been decided who within the company would carry out the DPIA and who else needs to be involved. This process has been linked to the existing risk management strategy.
Lucketts Dairy has concluded that a specified Data Protection Officer (DPO) is not required for the purposes of the GDPR however for the purposes of the following:
inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws; * monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, awareness raising and training of staff and conducting internal audits; * advise on and monitor data protection impact assessments; * act as the contact point for, and to cooperate with the ICO, and to consult on any data protection matter; and * be the contact point for individuals whose data is processed (employees, customers etc).
Mr William Luckett, Managing Director shall be responsible.
All parties involved in the compliance of Lucketts Dairy promote a positive attitude towards the GDPR and encourage all members of staff to exercise good data protection practices. It is stressed to all staff members the importance of the GDPR and the response has been excellent.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. Lucketts Dairy systems are manned 24hrs by security software both by Lucketts Dairy itself and by a partner. Lucketts Dairy recognises the requirement to notify the ICO within 72 hours of becoming aware of a data breach unless it is non-notifiable due to it being unlikely to result in a risk to the rights and freedoms of individuals. Upon recognising a data breach, Lucketts Dairy would immediately launch a full investigation and should provide information to the ICO as soon as it becomes available. Lucketts Dairy has offered training to all staff members required to handle personal data and all fully understand what constitutes a personal data breach, and that this is more than a loss of personal data.
Lucketts Dairy does not engage in ANY International transfers of any kind and this section is not applicable.
Lucketts Dairy Ltd
415 Beake Avenue
Tel : 024 7649 1823