Here at Clearcut Glasshouse Services Limited (company number 05419839) we take the protection of your Personal Data very seriously and are committed to maintaining the trust of our customers and visitors to our website in this respect.
We have put in place generally accepted standards of technology and operational security in order to protect your personal data from loss, misuse, or unauthorised alteration or destruction. However, no website can be completely secure and so we would urge you to notify us if you have any concerns. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
DATA PROTECTION PRINCIPLES
Anyone processing Personal Data must comply with the eight enforceable principles of good practice. These provide that Personal Data must be:
a) processed fairly, lawfully and in a transparent manner (Fairness, Lawfulness and Transparency),
b) processed for specified, explicit and legitimate purposes and in an appropriate way (Purpose Limitation),
c) adequate, relevant and limited to what is necessary for the stated purpose (Data Minimisation),
d) kept accurate and up to date (Accuracy),
e) not kept longer than necessary for the stated purpose (Storage Limitation),
f) processed in a manner that ensures appropriate security of Personal Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures (Security, Integrity and Confidentiality),
g) not transferred to another country without appropriate safeguards being in place.(Transfer Limitation), and
h) processed in line with Data Subjects’ rights (Data Subject’s Rights and Requests).
We are responsible for and need to demonstrate compliance with the data protection principles listed above (Accountability).
FAIRNESS AND LAWFULNESS
The purpose of UK GDPR and UK data protection laws is not to prevent the processing of Personal Data, but to ensure that it is done fairly and without adversely affecting the rights of the Data Subject.
UK GDPR allows processing of Personal Data for specific purposes, which are where it is needed:
a) for the performance of a contract,
b) to comply with a legal obligation,
c) in order to pursue our legitimate interests (or those of a third party) and where the interests and fundamental rights of the Data Subject do not override those interests,
d) to protect the Data Subject’s vital interests,
e) in the public interest, or
f) in situations where the Data Subject has given explicit consent.
We, as Data Controller, will only process Personal Data on the basis of one or more of the lawful bases set out above.
We comply with all relevant data protection laws in all our dealings with your personal data and ensure that our Data Processors do the same.
Special Categories of Data will only be processed with explicit consent of the Data Subject, unless the Data Controller can rely on one or more of the other lawful bases set out above.
We reserve the right to access and disclose personal data to comply with all applicable laws and lawful government requests or requests by the police investigating suspected illegal activities, to operate our systems properly or to protect the rights, safety or property of Clearcut, website users or others.
TRACKING COOKIES DATA
When you use our sites (including mobile sites or mobile apps), we and third party organisations may collect information by using ‘cookies’ and other technologies (for simplicity we refer to all such technologies as ‘cookies’).
When visiting our site you agree to us and third party organisations using cookies in line with your cookie settings.
What Are Cookies?
A cookie is a small text file—containing small amounts of information— that passes to your computer through your web browser so that the website can remember who you are.
The length of time a cookie will stay on your computer depends on whether it is a persistent or session cookie. Session cookies are temporary cookies that stay on your computer until you leave the website. Persistent cookies stay on your computer after you have finished browsing until they expire or are deleted.
A pixel tag or sometimes called a web beacon is an invisible image with a line of code which is placed within an email message or on a web page. Cookies can either be categorised into First or Third Party cookies. “First Party Cookies” are cookies that Boomtown places on your device whereas “Third Party Cookies” are cookies that another party controls but are placed on your device when you visit our site. For example, we use Google Analytics cookies to gather information about the user experience on our website.
What Are Cookies Used For?
Cookies can be put into one of the following categories: strictly necessary; analytics, functionality and advertising cookies. The table provides more information about each category.
These cookies are essential to make our website work. They enable you to move around the site and use its features.
These cookies collect information about how people use our site, such as which pages are most frequently visited, and how people are moving from one link to another. Overall, these cookies provide us with analytical information about how our site is performing and how we can improve it.
These cookies allow us to remember choices you make and tailor our site to provide enhanced features and content to you.
Advertising and Marketing Cookies
These cookies are used to deliver marketing and advertising messages that are tailored to you based on what you have browsed or shown interest in.
How To Manage Cookies From This Site
Most browsers will enable you to manage your cookies preferences e.g. have the browser notify you when you receive a new cookie or use it to disable cookies altogether. If you do decide to disable or delete these altogether some sites won’t work as well as they rely on cookies to provide you with the service that you have requested. (see Strictly Necessary Cookies, above)
Changing Browser Settings
You can change your browser settings to limit which cookies can be set. These settings are usually found in the ‘options’ or ‘preferences’ menu for your browser.
We only hold your personal data on our systems for as long as is necessary for the relevant purpose. If you want us to remove your details from your subscriptions (providing you do not have any contractual agreements or there is a legal basis for not doing so) then you can email us at email@example.com any time to request this. Please put ‘Personal Data’ in the subject heading.
The UK GDPR restricts Personal Data transfers to countries outside the UK to ensure that the level of data protection afforded to individuals by the UK GDPR is not undermined.
We may only transfer Personal Data outside the UK if one of the following conditions applies:
a) the UK has officially confirmed that the country to which the Personal Data is being transferred has an adequate level of protection for the Data Subject’s rights and freedoms,
b) appropriate safeguards are in place, such as binding corporate rules or standard contractual clauses approved for use in the UK, or an approved code of conduct or a certification mechanism exists,
c) the Data Subject has provided explicit consent to the proposed transfer after being informed of any potential risks, or
d) the transfer is necessary for one of the other reasons set out in the UK GDPR, such as the performance of a contract between us and the Data Subject; reasons of public interest; to establish, exercise or defend legal claims; to protect the vital interests of the Data Subject where the Data Subject is physically or legally incapable of giving consent; or, in some limited cases, for our legitimate interest.
DATA SUBJECT’S RIGHTS AND REQUESTS
Personal Data must be processed in line with Data Subjects’ rights.
Data Subjects have the following rights, which apply in certain circumstances:
a) The right to be informed about processing of Personal Data.
b) The right of access to their own Personal Data.
c) The right for any inaccuracies to be corrected (rectification).
d) The right to have information deleted (erasure).
e) The right to restrict the processing of Personal Data.
f) The right to portability.
g) The right to object to the processing of their Personal Data.
h) The right to regulate any automated decision-making and profiling of Personal Data.
i) The right to withdraw consent when the only legal basis for processing Personal Data is consent.
j) The right to be notified of a Data Breach that is likely to result in high risk to their rights and freedoms.
k) The right to make a complaint to the Information Commissioner’s Office or other supervisory authority.
If you have any questions or comments concerning personal information we hold about you, please contact firstname.lastname@example.org (please put ‘Personal Data’ in the subject heading’). In order to verify your request we will require 2 forms of identification (e.g driving licence, passport, birth certificate, council tax bill, vehicle registration document). These forms of ID will be reviewed and held on our systems in line with this privacy notice.
We welcome your comments on privacy issues so please do contact us with any queries or suggestions.
You have the right to lodge a complaint in relation to the processing of your personal data with the Information Commissioner’s Office, the public body responsible for information rights. More information can be found on their website at https://ico.org.uk, or you can write to them at:
Information Commissioner’s Office
Tel: 0303 123 1113
Changes to this Privacy Notice
We reserve the right to update this privacy notice from time to time so please do check it each time you submit any personal data to us.