We are
Stirling Management & Services Ltd with registered
number
04895883
and registered address
Suite A, 10th Floor, Maple House, Potters Bar, Hertfordshire EN6 5BS. Our
Data Protection Lead can be contacted at
info@stirlinghouseoffices.co.uk. We have
produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your
personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 ("Data Protection Legislation").
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
- The right to be informed of how your Personal Data is used (through this notice);
- The right to access any personal data held about you;
- The right to withdraw consent at any time, by emailing
info@stirlinghouseoffices.co.uk;
- The right to rectify any inaccurate or incomplete personal data held about you;
- The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in
this policy, or where you have withdrawn consent;
- The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that
is likely to cause substantial damage to you or another, including through profile building; and
- The right to object to processing that results in decisions being made about you by automated processes and prevent those
decisions being enacted.
- If we have collected your personal data directly from you for our own purposes, we are the Data Controller.
- If we have purchased your personal data from a third-party for our own purposes, we are the Data Controller. Where we
have purchased your personal data, we will contact you to let you know before we first start to use it, or, at the
latest, within one month of acquiring it.
- If we have been passed your personal data from a third-party for our own purposes, we are the Data Controller. We will
contact you to let you know before we first start to use it, or, at the latest, within one month of acquiring it.
- If we have been passed your personal data from a third-party for a joint purpose that we both influence, we are the joint
Data Controller. We will contact you to let you know before we first start to use your data, or, at the latest, within
one month of acquiring it.
- If your data has been passed to us by a third party for processing under their instruction, that third party is the Data
Controller. They should have notified you that they would be passing your personal data to us,
Stirling Management & Services Ltd, at the time they collected your data and within their own privacy notices/standards.
For a list of Data Controllers that we process personal data for, the section below 'Third Party Interests'.
- If we have received your personal data as part of a business to business relationship, the Data Controller is your employer.
Under Data Protection Legislation, there must be a 'lawful basis' for the use of personal data. The lawful bases are outlined
in Article 6, Section 1 of the GDPR. They are sub-sections:
-
a) 'your consent';
-
b) 'performance of a contract';
-
c) 'compliance with a legal obligation';
-
d) 'protection of your, or another's vital interests';
-
e) 'public interest/official authority'; and
-
f) 'our legitimate interests'.
Personal data, or personal information, means any information about an individual from which that person can be identified.
It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title,
date of birth and gender.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services
you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone
setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices
you use to access this website.
Profile Data includes your username and password, purchases or orders made by you, your interests, preferences,
feedback and survey responses.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties
and your communication preferences.
We also collect, use and share
Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from
your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your
identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website
feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly
identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any
Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious
or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about
your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Reference |
What catergories of information about you do we process? |
Why are we processing your data? |
Where did we get your personal data from? |
B2B Marketing
|
- Identity Data
- Contact Data
|
Direct marketing to former, current and prospective clients. This processing is conducted lawfully on the basis of 'our legitimate
interests'.
|
Directly obtained or by referral from existing clients/partners/suppliers.
|
Analytics
|
- Technical Data
- Usage Data
|
To understand how you use our website, how you reached us and how long you spend on our website, in order to analyse our
performance and improve our service. This processing is conducted lawfully on the basis of 'our legitimate
interests'.
|
Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
|
Fraud Prevention
|
- Identity Data
- Transaction Data
|
To combat fraud, we share information of clients who instruct the payment issuer to cancel payments to us without first informing
us of why and/or allowing us the opportunity to issue a refund with credit reference agencies. This processing
is conducted lawfully on the basis of 'protection of your, or another's vital interests'.
|
Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
|
Contact Submission
|
- Identity Data
- Contact Data
|
When you send us information about you by posting on a forum or blog, we will store this information in order to make it
available for viewing on the website. You consent is obtained at the time of posting and via reference
to this notice. This processing is conducted lawfully on the basis of 'your consent'.
|
Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
|
Online Payment Processing
|
- Identity Data
- Contact Data
- Transaction Data
|
We require certain information about you in order to instruct our payments processor to take payment from you and transfer
it to us. To ensure security, we do not ever process your payment information and will transfer you to
the payment service's website at the time of payment. None of our staff or contractors ever have access
to this information. This processing is conducted lawfully on the basis of 'performance of a contract'.
|
Directly obtained.
|
Direct Debits
|
- Identity Data
- Contact Data
- Financial Data
- Transactional Data
|
To setup a direct debit between your bank and ours, we pass your details to our bank and keep a copy for our records. This
activity is conducted under the Direct Debit Guarantee Scheme. This processing is conducted lawfully
on the basis of 'performance of a contract'.
|
Directly obtained.
|
Phone Calls
|
- Identity Data
- Contact Data
|
We might record calls for training and/or auditing purposes. We also collect Calling Line Identification information. This
is used to help improve the efficiency and accountability of our customer services. This processing is
conducted lawfully on the basis of 'our legitimate interests'.
|
Directly obtained.
|
Email and Web Contact
|
- Identity Data
- Contact Data
|
If you contact us through our website or by email, we will use the information you send in order to respond to your enquiry
or complaint. This information will be kept in order to improve our service to you overall. This processing
is conducted lawfully on the basis of 'our legitimate interests'.
|
Directly obtained or indirectly obtained through a client's website (notice given at the point of collection).
|
Consumer Marketing
|
- Identity Data
- Contact Data
- Transactional Data
- Marketing and Communications Data
|
If you make a purchase with us, we will add your contact information to our marketing list and send you information we think
you might be interested in. This processing is conducted lawfully on the basis of 'our legitimate interests'.
|
Directly obtained.
|
Cookies are small text files that are placed on your computer's hard drive through your web browser when you visit any web
site. They are widely used to make web sites work, or work more efficiently, as well as to provide information to the
owners of the site.
Like all other users of cookies, we may request the return of information from your computer when your browser requests a
web page from our server. Cookies enable our web server to identify you to us, and to track your actions and the pages
you visit while you use our website. The cookies we use may last for a single visit to our site (they are deleted from
your computer when you close your browser), or may remain on your computer until you delete them or until a defined period
of time has passed.
Although your browser software enables you to disable cookies, we recommend that you allow the use of cookies in order to
take advantage of the features of our website that rely on their use. If you prevent their use, you will not be able
to use all the functionality of our website. Here are the ways we may use cookies:
- to record whether you have accepted the use of cookies on our web site. This is solely to comply with the law. If you
have chosen not to accept cookies, we will not use cookies for your visit, but unfortunately, our site will not work
well for you.
- to allow essential parts of our web site to operate for you.
- to operate our content management system.
- to operate the online notification form - the form that you use to contact us for any reason. This cookie is set on your
arrival at our web site and deleted when you close your browser.
- to enhance security on our contact form. It is set for use only through the contact form. This cookie is deleted when
you close your browser.
- to collect information about how visitors use our site. We use the information to improve your experience of our site
and enable us to increase sales. This cookie collects information in an anonymous form, including the number of visitors
to the site, where visitors have come to the site from, and the pages they visited.
- to record that a user has viewed a webcast. It collects information in an anonymous form. This cookie expires when you
close your browser.
- to record your activity during a web cast. For example, as to whether you have asked a question or provided an opinion
by ticking a box. This information is retained so that we can serve your information to you when you return to the
site. This cookie will record an anonymous ID for each user, but it will not use the information for any other purpose.
This cookie will last for a period of time after which it will delete automatically.
- to store your personal information so that you do not have to provide it afresh when you visit the site next time. This
cookie will last for a period of time after which it will delete automatically.
- to enable you to watch videos we have placed on YouTube. YouTube will not store personally identifiable cookie information
when you use YouTube's privacy-enhanced mode.
The information about you that we have collected for the performance of our contracts is required in order for us to successfully
fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter
into a contract with you to provide the benefits we offer. If we are already processing your personal information under
a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.
We process some personal information as part of a contractual relationship with a Data Controller. Any requests to restrict
this type of processing should be forwarded to the Data Controller; they will be responsible for discussing your concerns
and making any decisions.
Legitimate interests are a flexible basis upon which the law permits the processing of an individual's personal data. To
determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against
the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by
our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects
whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact
us via
info@stirlinghouseoffices.co.uk.
Stirling Management & Services Ltd holds different
categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount
of personal data that we hold.
- If
'consent' is the basis for our lawful processing of your data, we will retain your data so long as both the
purpose for which it was collected, and your consent, are still valid. We review the status of your consent every
twelve (12) months and treat non-response to our requests for renewal of consent as if they were your request to
withdraw consent. Occasionally, we might identify a legitimate interest in retaining some of your personal data that
has been obtained by consent. If we do, we will inform you that we intend to retain it under these conditions and
identify the interest specifically.
- If we process your data on the basis of
'legitimate interests', we will retain your data for so long as the purpose for which it is processed remains
active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever
we determine that either a legitimate interest no longer exists or that a new one has been found.
- All categories of personal data that are held by us because they are essential for the performance of a contract, will
be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising
or defending legal claims.
In addition to sending us your complaints directly to
info@stirlinghouseoffices.co.uk, you can
send complaints to our supervisory authority. As
Stirling Management & Services Ltd predominantly
handles the personal data of UK nationals, our supervisory authority is the Information Commissioner's Office. If you
believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made
by visiting
https://ico.org.uk/concerns/
.
|