Randalls Limited and Subsidiary Companies

PRIVACY NOTICE

This is our Privacy Notice and this sets out the basics.  In some cases you may have additional documents – contract, agreement, terms and conditions – with more details specific to you.

On the left is the ICO Guidance on what a Privacy Notice should contain, plus references to the legislation.  On the right is an explanation of what we do against each criterion.

What We Do

INTRODUCTION

Jersey Law Article 6 General Duties and accountability.

 

The Privacy Notice applies to Randalls Limited and subsidiary companies.

 

The Privacy Notice sets out we deal with your personal data.  We take privacy and security of your information seriously and will only use such personal information as set out in this privacy policy.

 

 

CONTROLLER

Identify and contact details Of the controller and where Applicable, the controllers Representative, and DPR:

 

Information which is collected will be the responsibility of the Randalls Limited who will act as data controller in relation to your personal data.

 

If you have any questions in relation to this policy or data protection within please contact me:

 

Data Protection Representative (DPR) is

Kerry.Murray@randalls.je or call 01534 836700

What Data We Collect

Categories of Personal Data:

When visiting our website we collect basic contact information about you for the purpose of telling you about Randalls Limited and our subsidiary companies and their related services, for example loyalty card applications, or requests for price lists and details of venues.

Jersey Law Article 10 Fair and Transparent processing:

For client/customers we hold confidential information necessary for us to be able to provide services.  This includes for example information for contact and delivery.

We provide a full description of that data and our safeguards in our contracts or Terms and Conditions.

For Customers:

We will keep contract information in relation to the contract or Terms and Conditions in order for us to process orders or provide goods, services, information and to review and invoice payments.

For Suppliers:

As above, but we would expect us to be receiving the services and invoices rather than providing them.

Bespoke Needs:

If you have special needs, like anonymity, we can arrange that on discussion.

Where necessary we can provide a full description of that data and our safeguards in the Client/customer contract.

 

WHAT PURPOSES WE USE YOUR PERSONAL DATA FOR:

 

Purpose of the processing and the legal basis for the processing:

We need to know information about you to be able to provide services and to operate the Randalls Loyalty Card Scheme and only use personal data where there is a legitimate interest in doing so.

 

Statutory Contractual :Requirements

Unless otherwise specified on contract or agreement, information is only for the purposes of provision of Randalls Limited services.

 

Where the provision of Personal data part of a Statutory or contractual Requirement or Obligation and possible Consequences of failing to Provide the personal data:

We are bound by the Freedom of Information Act and will act in accordance with these for any States of Jersey contracts.  However, we never share data unless there is legislation or regulation or express agreement to do so.

 

The existence of Automated decision making, Including profiling and  Information about how Decisions are made:

Automated Decisions:

We have no automated decision making or profiling of personal data.

 

Lawful Basis The legitimate interests Of the controller or third Party, where applicable:

Generally (unless otherwise specified on contract or agreement) this for the legitimate interests of Randalls Limited and subsidiary companies operation.

 

How Long we hold data:

Randalls Limited and subsidiary companies will retain your personal data for as long as necessary to fulfill the purpose for which it was collected.

 

Retention period or criteria Used to determine the  Retention period:

In relation to contracts we are required to hold data for 10 years in accordance with Jersey’s statute of limitations.  In relation to loyalty data, the retention term will be for 12 months following the last usage of the loyalty card.

 

Data Security:

Randalls Limited and subsidiary companies uses up-to-date data storage and security techniques to protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss.

 

Data Sharing and Disclosure:

Generally (unless otherwise specified on contract or agreement) no data is shared with any other organization, except with explicit agreement.  As above with relation to Freedom of Information relating to States of Jersey contracts.

 

Any recipient or categories of Recipients of the personal Data:

However, we never share data unless there is legislation or regulation or express agreement to do so.

 

Third Country Transfers and Safeguards:

Randalls Limited and subsidiary companies operate in Jersey.

However, we use technology which may transfer data to another jurisdiction, for example use of Microsoft and external back-up of data.

 

Details of transfers to third Country and safeguards:

Where such transfers to not offer the same level of protection of personal data as may be enjoyed within your home country (eg United States) we will ensure that your data is appropriately protected (for example by reference to IT security standards)

GDPR is a key consideration when selecting a service provider and we seek those that demonstrate that they will keep data private, safe and secure by reference to ISO27001, CyberEssentials or similar standards.

 

YOUR RIGHTS:

The existence of each of data Subject’s rights:

The GDPR provides the following rights for individuals:

The right to be informed:

The right of access:

The right to rectification:

The right to erasure:

The right to restrict processing:

The right to data portability:

The right to object:

Rights in relation to automated decision making and profiling

 

More details can be found:

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

The right to withdraw Consent at any time, where Relevant

We general hold data on the basis of legitimate interest (we need the data to run our business and provide our services and loyalty card scheme)

We do use contracts and Terms and Conditions to agree the exact terms of business.  If you want us to stop, just tell us:

Email to: optout@randalls.je

 

The right to lodge a complaint with a supervisory authority

If you think we have got something wrong, please tell us.

But you can also tell the regulator: https://oicjersey.org/guidance

 

Concerns or Queries

If you have any questions in relation to this policy or data protection within please contact us at contacts@randalls.je

Data Processing Representative:

Kerry.Murray@randalls.je