What Data We Collect
Categories of Personal Data:
When visiting our website we collect basic contact information about you for the purpose of telling you about Randalls Limited and our subsidiary companies and their related services, for example loyalty card applications, or requests for price lists and details of venues.
Jersey Law Article 10 Fair and Transparent processing:
For client/customers we hold confidential information necessary for us to be able to provide services. This includes for example information for contact and delivery.
We provide a full description of that data and our safeguards in our contracts or Terms and Conditions.
We will keep contract information in relation to the contract or Terms and Conditions in order for us to process orders or provide goods, services, information and to review and invoice payments.
As above, but we would expect us to be receiving the services and invoices rather than providing them.
If you have special needs, like anonymity, we can arrange that on discussion.
Where necessary we can provide a full description of that data and our safeguards in the Client/customer contract.
WHAT PURPOSES WE USE YOUR PERSONAL DATA FOR:
Purpose of the processing and the legal basis for the processing:
We need to know information about you to be able to provide services and to operate the Randalls Loyalty Card Scheme and only use personal data where there is a legitimate interest in doing so.
Statutory Contractual :Requirements
Unless otherwise specified on contract or agreement, information is only for the purposes of provision of Randalls Limited services.
Where the provision of Personal data part of a Statutory or contractual Requirement or Obligation and possible Consequences of failing to Provide the personal data:
We are bound by the Freedom of Information Act and will act in accordance with these for any States of Jersey contracts. However, we never share data unless there is legislation or regulation or express agreement to do so.
The existence of Automated decision making, Including profiling and Information about how Decisions are made:
We have no automated decision making or profiling of personal data.
Lawful Basis The legitimate interests Of the controller or third Party, where applicable:
Generally (unless otherwise specified on contract or agreement) this for the legitimate interests of Randalls Limited and subsidiary companies operation.
How Long we hold data:
Randalls Limited and subsidiary companies will retain your personal data for as long as necessary to fulfill the purpose for which it was collected.
Retention period or criteria Used to determine the Retention period:
In relation to contracts we are required to hold data for 10 years in accordance with Jersey’s statute of limitations. In relation to loyalty data, the retention term will be for 12 months following the last usage of the loyalty card.
Randalls Limited and subsidiary companies uses up-to-date data storage and security techniques to protect your personal information from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss.
Data Sharing and Disclosure:
Generally (unless otherwise specified on contract or agreement) no data is shared with any other organization, except with explicit agreement. As above with relation to Freedom of Information relating to States of Jersey contracts.
Any recipient or categories of Recipients of the personal Data:
However, we never share data unless there is legislation or regulation or express agreement to do so.
Third Country Transfers and Safeguards:
Randalls Limited and subsidiary companies operate in Jersey.
However, we use technology which may transfer data to another jurisdiction, for example use of Microsoft and external back-up of data.
Details of transfers to third Country and safeguards:
Where such transfers to not offer the same level of protection of personal data as may be enjoyed within your home country (eg United States) we will ensure that your data is appropriately protected (for example by reference to IT security standards)
GDPR is a key consideration when selecting a service provider and we seek those that demonstrate that they will keep data private, safe and secure by reference to ISO27001, CyberEssentials or similar standards.
The existence of each of data Subject’s rights:
The GDPR provides the following rights for individuals:
The right to be informed:
The right of access:
The right to rectification:
The right to erasure:
The right to restrict processing:
The right to data portability:
The right to object:
Rights in relation to automated decision making and profiling
More details can be found:
The right to withdraw Consent at any time, where Relevant
We general hold data on the basis of legitimate interest (we need the data to run our business and provide our services and loyalty card scheme)
We do use contracts and Terms and Conditions to agree the exact terms of business. If you want us to stop, just tell us:
Email to: firstname.lastname@example.org
The right to lodge a complaint with a supervisory authority
If you think we have got something wrong, please tell us.
But you can also tell the regulator: https://oicjersey.org/guidance
Concerns or Queries
If you have any questions in relation to this policy or data protection within please contact us at email@example.com
Data Processing Representative: