It is important for you (as an individual who provides us with personal data) to understand how we use (or process) personal data, including that which we collect about you during your visit to this website and our other websites, and which we process more generally in accordance with this policy.
Matthew Penn Ltd and Matthew Penn Associates are the data controllers of all such personal data and aim to always process personal data fairly, lawfully, and transparently. However, if you are unhappy with the information provided in this policy or have any broader questions or concerns please email firstname.lastname@example.org. If you remain dissatisfied you may raise any issue directly with the Information Commissioner’s Office (who can be contacted at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or via www.ico.org.uk).
Personal Data Collection
More generally, and subject to this policy, personal data may also be collected from publicly available records or from other sources and affiliates.
The types of personal data we collect and process may include:
(1) basic information (name, address, date of birth, nationality, gender, etc)
(2) contact information (address, telephone, and e-mail addresses)
(3) financial information (certain limited bank account or credit card details)
(4) website information (IP address, location information, weblogs etc)
Sensitive personal data is neither requested nor collected by us generally. Sensitive personal data includes, for example, information relating to race or ethnic origin, religious beliefs, and health. If you do provide us with sensitive personal data because we have agreed between us that such disclosure is necessary, you must also explicitly consent to us using it for the purposes for which it has been provided.
Section 2: Cookies and Google Analytics
Cookies are small pieces of information stored by your browser on your computer’s hard drive. If you want to know more about cookies and how they work, please refer to the following websites: http://www.allaboutcookies.org and http://www.youronlinechoices.com.
Please note that we will not use Google Analytics to collect any information from which you can be personally identified, and we will not associate the information provided to us by Google Analytics with your information. Google Analytics’ cookies will remain on your computer for between thirty minutes and two years from being set/updated, unless you delete them before they expire. For more information about Google Analytics, please visit http://www.google.com/intl/en/analytics/privacyoverview.html.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. Unless you do this, cookies will be issued when you visit our website, but you can delete them via your browser at any time. If you do not accept cookies, or decide to delete them, you will still be able to access and use the website but you won’t be able to save any items.
Section 3: Personal Data Use
(1) Facilitating client projects and responding to any related comments, questions, and other interactions through this website or those operated by Matthew Penn Ltd and Matthew Penn Associates.
(2) Matthew Penn Ltd and Matthew Penn Associates business purposes, such as engaging suppliers, generating statistics, measuring performance and website usage, service improvement, and marketing plans.
In accordance with the GDPR, we have identified below the relevant lawful basis for the processing of various types of personal data for different purposes:
(1) We are entitled to process personal data, including basic customer details, as required in order to fulfil our obligations under any order or purchase you make, or in advance of that contract.
(2) We may process personal data on the basis that it is in our legitimate interests and/or the legitimate interests of a third-party to do so. We have a legitimate business interest for example in offering services, projects and products to customers and clients, and in undertaking such work when agreed, and our customers and clients likewise have a legitimate interest in receiving the same. We may also process personal data on the basis that it is necessary for our legitimate interests in the effective management and running of the business, which may include, but is not limited to: engaging suppliers, ensuring that systems and premises are secure and running efficiently, for legislative compliance, auditing and reporting, for insurance purposes, and to protect our legal rights. We are satisfied that all such processing is not unwarranted because of any prejudicial effect on your rights and freedoms or your legitimate interests.
(3) In certain circumstances, we may process your personal data in order to comply with our legal obligations. This includes processing personal data for tax and accounting purposes and to fulfil our statutory obligations.
(4) Where you have provided your consent, we may also use your personal data to tell you about our products, promotions and special offers that may be of interest to you. This may include receiving such further information by telephone, email, SMS and other forms of electronic communication as approved by you at the time you gave us your consent. However, these decisions may be reversed at any time by opting-out of such communications or by emailing us, and we will process your request as soon as possible.
Section 4: Transfers of Personal Data to Third Parties
Such third parties may be located in countries both inside and outside the European Economic Area (“EEA”). Although countries outside the EEA may not require the same level of protection of personal data as those within the EEA, and as is the case in the UK, we always demand that our third party processors adhere to the same procedures that we follow ourselves with respect to your personal data and that adequate safeguards are in place in advance of any transfer outside the EEA.
We may disclose any information, including personal data, we deem necessary to comply with any applicable law, regulation or governmental request.
Section 5: Protecting Personal Data
We have security arrangements in place to guard against unauthorised access, improper use, alteration, destruction, or accidental loss of your personal data. In accordance with the GDPR, we take appropriate organisational and technical security measures, including specific information security standards for the protection of personal data.
Section 6: Your Rights and Responsibilities
The GDPR generally provides individuals with rights to access, to object to the processing of, to rectify, to erase, to restrict and to port their personal data. You can exercise any of these rights by contacting us at any time at email@example.com.
We have specific procedures in place to enable you to request that we provide you with details of your personal data which we process and a description of how we process it.
You have the right to unsubscribe from any marketing emails we send you. You can do this by clicking on the link at the bottom of every email we send to you or by contacting us by email. You can also request that your personal data is deleted from our systems at any time, though please note that we may be entitled to continue to store such personal data in accordance with the law and with this policy.
We will take reasonable steps to create an accurate record of any personal data submitted through this website or otherwise processed by us. However, we do not assume responsibility for confirming the ongoing accuracy of your personal data and so please let us know if corrections and updates are required.