Matthew Gaunt Associates

Menu

Privacy Policy

This privacy policy was last updated on: [December 2023]

  1. Introduction
    • Matthew Gaunt Associates (organisation number 12386148 and registered office address The Clock House. Station Approach, Marlow, SL7 1NT is committed to respecting and protecting our stakeholders’ privacy.
    • This policy applies where we act as a data controller with respect to your personal data, in other words, where we determine the purposes and means of processing such personal data. We may capture personal data entered across all channels: through our website, in person or via our email communications or social media accounts. This policy also provides certain legally required information and lists some of your rights concerning your personal data.
    • Please read this policy carefully to understand our views regarding your personal data and how we will treat it.
    • This policy relates to personal information that identifies “you”, meaning suppliers, individuals who browse our website and other individuals outside our organisation with whom we interact. If you are an employee, contractor or otherwise engaged in work for us or applying to work for us, a separate privacy notice applies to you instead.
    • This policy is not intended for children, and we do not knowingly collect personal data relating to children.
  2. Marketing preferences
    • By messaging us, you can specify whether you would like to receive direct marketing communications and limit the use of your information.
  3. How to contact us
  4. Categories of personal data
    • In this section, we outline the categories of personal data which we may collect, use, store, share and transfer. Usually, the personal data we process falls into one or more of the following categories:
      • Order, Account and Billing Data – this includes information relating to any transactions (including payment) with us and information which we need to fulfil orders, such as your name, date of birth, bank account or card details, information which we collect for the purposes of the prevention of fraud billing address, delivery address, phone number, email address and purchase history, some of which we may not receive directly as payment processors may collect it;
      • Internal Social Data – this includes information that you post for publication on our website, such as wall posts or reviews.
      • Usage Data – this includes information about your use of our website and reaction to our emails and services, such as your device ID, IP address, geographical location, browser type and version, operating system, length of visit, page views and website pages viewed, as well as information about the timing, frequency, and pattern of your use.
      • Communication Data – this includes information contained in any communication, enquiry or complaint you submit to us regarding goods and/or services and personal data we create about you in relation to the same as well as any information in any survey you complete for us.
      • Marketing Data – this includes your advertising preferences, such as your preferences in receiving marketing materials from us and/or our third parties (such as our media and marketing agencies), your name, email address, billing address, phone number, date of birth, gender, and the user ID of any social platforms you have connected with us on;
      • Aggregated Data – we also obtain and use aggregated data such as statistical or demographic data. Aggregated Data may be derived from your personal data but does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific feature on our website. However, if we re-combine or re-connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data that will be used per this policy.
  1. How we use your personal data
    • We collect personal data about you in order to:
      • perform our contractual obligations to you. This would include:
    • delivering orders or supplying our service to you;
    • making or receiving payments;
    • collecting and recovering money owed;
    • supplying the purchased services and keeping proper records of those transactions; and
    • updating you on the progress of your project;
      • comply with our own legal and industry obligations.
      • administer and run our business. This would include processing your Internal Social Data:
    • for the purposes of publishing on our website or app (or social media channels such as Facebook, Twitter, Instagram etc); and
    • in our marketing materials to help us tell other stakeholders about our products and services;
      • use data analytics (including Google Analytics and e-mail services providers) to identify usage trends, determine and measure the effectiveness of promotional campaigns and advertising and improve our website, products/services, marketing, user relationships and experiences. This would include processing your Usage Data for the purposes of analysing the use of the website, emails and services.
      • manage our relationship with you, including:
    • contacting you if you have asked us to contact you by completing a Contact Form via our website;
    • to send you important notices such as communications about changes to our terms and conditions and policies (including this policy);
    • to send you information you have requested;
    • to ask you to leave a review or feedback on us; and
    • to respond to, provide clarification on, resolve issues in relation to, or otherwise communicate with you in relation to, any enquiry you may have.
      • make suggestions and recommendations to you about services that may be of interest to you, deliver relevant website content and advertisements to you and to measure or understand the effectiveness of our advertising. We may also use Marketing Data to exclude you from seeing advertisements from such third-party websites;
      • communicate with you about, and administer your participation in, special events, programs, promotions, any prize draws or competitions;
      • protect our business, including to deal with any misuse of our website and to comply with our security policies at our locations;
    • enforce or apply our terms of use, terms and conditions of supply and other agreements with third parties; to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law enforcement agencies in relation to the same);
    • We may process any of your personal data identified in this policy where necessary for establishing, investigating, exercising, or defending legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
    • We may process any of your personal data identified in this policy where necessary to obtain or maintain insurance coverage, manage risks, or obtain professional advice.
  2. Our lawful basis for processing your personal data
    • We are required by law to have a lawful basis to process your personal data for the purposes set out in this policy.
    • Where we are relying on a basis other than your consent, the lawful basis for processing personal data will be one of the following:
      • the processing is necessary in order for us to comply with our legal obligations;
      • the processing is necessary for the performance of a contract you are party to or in order to take steps at your request prior to you entering into a contract;
      • processing is necessary for the establishment, exercise or defence of legal claims; or
      • the processing is necessary for the pursuit of our legitimate business interests. In particular, our legitimate interests include:
    • the provision of goods and services;
    • the recovery of debt;
    • the provision of administration and / or IT services;
    • the security of our IT network;
    • the prevention of fraud;
    • marketing of goods and services and promotion of our business;
    • the reorganisation or sale or refinancing of the business or a group restructure;
    • the study in how to develop and the update of our products and services;
    • the development of our business strategy;
    • protecting our business and property.
      • the processing is necessary to protect the vital interests of an individual e.g. where there is a medical emergency at one of our premises; or
      • the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
    • For certain purposes, it may be appropriate for us to obtain your prior consent. The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
    • In the event that we rely on your consent, you may at any time withdraw the specific consent you give to our processing of your personal data. Please contact us using the contact details set out in paragraph 3 of this policy to do so. Please note even if you withdraw consent for us to use your personal data for a particular purpose, we may continue to rely on other lawful bases to process your personal data for other purposes.
  3. Personal data about other people which you provide to us
    • Please do not supply any other person’s personal data to us unless we prompt you to do so. If you do share personal data about someone else (such as the recipient of a gift, one of your directors or employees, or someone with whom you have business dealings) with us, you must ensure you have their authorisation, that you are entitled to disclose that personal data to us and that, without our taking any further steps, we may collect, use and disclose that personal data as described in this policy.
    • Where you do share personal data about someone else with us, you must ensure the individual concerned is aware of the various matters detailed in this policy, as those matters relate to that individual, including our identity, how to contact us, the way in which we collect and use personal data and our personal data disclosure practices, that individual’s right to obtain access to the personal data and make complaints about the handling of the personal data, and the consequences if the personal data is not provided.
  4. The sources from which we obtain your personal data
    • We obtain your personal data from the following sources:
      • Directly from you, either in person (at our project locations or otherwise), via e-mail, our website or by telephone;
      • Via automated technologies, such as recording systems, cookies, server logs and other similar technologies;
      • From someone else, such as analytics providers (e.g. Google Analytics), our provider of customer feedback, advertising networks, search information providers, providers of technical, payment and delivery services, providers of social media platforms (such as Facebook, Twitter and Instagram) (for example where you share our content through social media, for example by liking us on Facebook, following or tweeting about us on Twitter).
  1. Accuracy of personal data
    • It is important that the personal data we hold about you is accurate and current, and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us by contacting us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
  2. Providing your personal data to others
    • We do not, and will not, sell any of your personal data to any third party. We want to earn and maintain your trust, and we believe this is essential to do that.
    • We may disclose your personal data with the following categories of companies as an essential part of being able to provide our goods and services to you, as set out in this policy:
      • to any member of our group of companies who may process data on our behalf to enable us to carry out our usual business practices for the purposes and on the legal bases set out in this policy;
      • to our insurers and professional advisers (such as accountants, bankers, insurers, auditors and lawyers) insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks or obtaining professional advice;
      • to companies such as Facebook, Twitter, Instagram and other companies which you choose to interact with, including where those companies operate plugins or content on our website;
      • to companies that do things to get product or people to you, such as warehouses, order packers and delivery companies;
      • to our PR and marketing research agencies;
      • to third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
      • to HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
      • to third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation);
      • to law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
      • If applicable, to postal printing and mailing companies to deliver news and offers to you, as well as email service & marketing tool providers that help us to enable our marketing; and
      • to our card payment service providers to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
  1. Transfers outside the European Economic Area (EEA)
    • It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United Kingdom, including the European Economic Area and the United States of America. In connection with such storage, processing and transfers, we will seek to ensure that:
      • the transfer is to a country that the United Kingdom has decided provides an adequate level of protection such as to a country approved by the United Kingdom or to certain organisations with the US pursuant to the Privacy Shield (where valid);
      • there are appropriate safeguards in place such as putting in place standard data protection contractual clauses between us and the recipient (often called the model contractual clauses); or
      • one of the derogations for specific situations under the law applies; examples could include where you have explicitly consented to the transfer or the transfer is necessary for the performance of a contract or exercise or defence of legal claims.
    • We will take all reasonable steps to ensure your information is treated securely and in line with this policy. You acknowledge that personal data that you submit for publication through our website, for example, reviews, may be available via the internet around the world. We cannot prevent the use (or misuse) of such personal data by others.
  2. How long we retain your data
    • Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
    • As a general rule, we will not keep your personal data for longer than ten years.
    • We will, however, retain your personal data whilst you are an active stakeholder for as long as is needed to give you the best possible service.
    • In all instances outlined above, the process of anonymising your data may take up to one calendar month.
    • In certain circumstances, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
    • Any anonymised Internal Social Data which is stored in an unstructured format (such as free text reviews and wall posts) will not be deleted under these data retention rules unless requested by you.
  3. Your rights
    • You have a number of rights with respect to your personal data, some of which we have summarised in this section. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities to explain these rights fully. You may exercise any of your rights in relation to your personal data by either emailing us at matthew@matthewgauntassociates.co.uk
    • Right of access – you may have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information.
    • Right to rectification – you may have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
    • Right to erasure – in certain circumstances, you may have the right to request the erasure of your personal data on legitimate grounds as specified in law.
    • Right to restriction on processing – in some circumstances, you may have the right to request the restriction of the processing of your personal data on legitimate grounds as specified in law.
    • Right to objection to processing – you may have the right to object, on legitimate grounds as specified in law, to our processing of your personal data on grounds relating to your situation.
    • Right to data portability – in certain circumstances, you may have the right to receive your personal information in a structured, commonly used, and machine-readable format and to transmit that information to another controller to enable it to use the data, to the extent applicable in law.
    • Right to stop marketing messages – at any time you can amend your marketing preferences to reduce, remove or increase the amount we contact you. You can do this by emailing us at matthew@matthewgauntassociates.co.uk
    • Right to withdraw consent – to the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time.
    • Right to complain – if you wish to make a complaint to us about how we process your personal data, please contact us at matthew@matthewgauntassociates.co.uk and we will endeavour to deal with your request as soon as possible. You may have a legal right to lodge a complaint with the Information Commissioner’s Authority or other supervisory authority responsible for data protection. Please see https://ico.org.uk/concerns/ for how to do this.
  1. Automated decision making
    • We use automated decision-making tools in our processing of your personal data. This includes (but is not limited to) the application of profiling techniques to your personal data.
    • The logic we employ in relation to such automated decision-making is designed to analyse your personal data to establish characteristics about you
  2. Cookies
    • We use cookies on our website. For more information on cookies, please see our Cookies policy on our website
  3. Amendments
    • We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy.
  4. Data Protection Team
  5. Links to other websites
    • This policy only applies to us. If you link to another website from our website, you should also remember to read and understand that website’s privacy policy. We do not control unconnected third-party websites and are not responsible for any use of your personal data that is made by unconnected third-party websites.
  6. Technical and security measures
    • All information you provide to us is stored on secure servers. We use strict procedures and security features to prevent your personal data from being accidentally lost, used or accessed unauthorised.
    • We ensure that any third parties with whom your personal information is shared in accordance with this policy are also subject to agreements which impose on them equally stringent procedures and security features to help keep your personal data secure.
    • Procedures are in place to deal with any suspected personal data breach and notify you and any applicable regulator when legally required.
WordPress Cookie Notice by Real Cookie Banner