Your privacy is important to us. To protect your privacy we provide this notice explaining our Data Protection Policy.
1. Lenleys holds personal data about customers, suppliers, employees, job applicants and other individuals for a variety of business purposes.
2. This policy sets out how Lenleys seeks to protect personal data and ensure the business understands the rules governing its use of personal data to which it has access in the course of its work.
3. This policy requires the Lenleys Data Controller to be consulted before any significant new data processing activity is initiated to ensure that relevant compliance steps are addressed.
4. The Data Controller is responsible for the monitoring and implementation of this policy. The Data Controllers are the partners of Lenleys: Jonathan Watts & Lavinia Watts
Lenleys policy is to process personal data in accordance with the applicable data protection laws and rights of individuals as set out below.
1. Lawfulness, fairness and transparency.
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
2. Accurate, Adequate, Relevant & Proportionate.
The data processed must be accurate, adequate, relevant and proportionate for the purpose for which it was obtained. Personal data obtained for one purpose shall generally not be used for unconnected purposes unless the individual has agreed to this or would otherwise reasonably expect the data to be used in this way.
Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
Individuals may ask Lenleys to correct personal data relating to them which they consider to be inaccurate. If a member of Lenleys staff receives such a request and does not agree that the personal data held is inaccurate, they will nevertheless record the fact that it is disputed and inform the Data Controller who will investigate the situation accordance with this policy.
Personal data will not be retained for any longer than necessary. The length of time over which data shall be retained will depend upon the circumstances including the reasons why the personal data were obtained. Lenleys has a data retention policy for deciding the length of time for data retention.
4. Integrity & Confidentiality.
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Where Lenleys uses external organisations to process personal data on its behalf, it must be ascertained that these organisations are compliant with GDPR.
5. Rights of Access, Rectification, Restriction & Erasure.
All individuals shall have the right to obtain from Lenleys confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information regarding it.
All individuals shall have the right to obtain from Lenleys without undue delay the rectification of inaccurate personal data concerning him or her.
All individuals shall have the right to obtain from Lenleys restriction of processing in certain circumstances.
All individuals shall have the right to obtain from Lenleys the erasure of personal data (right to be forgotten) concerning him or her without undue delay
6. Notification regarding rectification, restriction or erasure.
Lenleys shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.
Persons have the right to object to Lenleys processing their personal data for direct marketing purposes. Where a person does object, the Data Controller will be notified. The person’s contact data will be moved to a suppression list so that they will not receive any further marketing material via that media.
7. Legal basis for processing.
Lenleys uses the following legal basis for the processing of personal data:
consent – the person has consented to the processing of his or her personal data for one or more specific purposes;
contract – the processing is necessary for the performance of a contract to which the person is party or in order to take steps at the request of the person prior to entering into a contract;
legal obligation – the processing is necessary in order for Lenleys to comply with a legal obligation;
vital interests – the processing is necessary in order to protect the vital interests of the person;
legitimate interests – the processing is necessary for the purposes of the legitimate interests pursued by Lenleys or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of a person.
8. Data protection impact assessment
Where a type of processing in particular using new technologies, and taking into account the nature, scope, context and purposes of the processing, is likely to result in a high risk to the rights and freedoms of natural persons, Lenleys shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data. A single assessment may address a set of similar processing operations that present similar high risks.
9. Personal Data shall not be transferred outside of United Kingdom.
10. Reporting breaches
In the event of Lenleys being informed of an actual or potential data protection failure, Lenleys will investigate the breach and take appropriate steps, following the breach notification policy.