Privacy Statement & Cookie Policy

Website Privacy Policy

DOCUMENT REF GDPR-DOC-04-4
VERSION 1
DATED 13 November 2022
DOCUMENT AUTHOR Aneta Sheridan
DOCUMENT OWNER Aneta Sheridan

Revision history

VERSION DATE REVISION AUTHOR SUMMARY OF CHANGES
1.0 13/11/2022 Aneta Sheridan Initial document- first release
1.1 02/03/2022 Aneta Sheridan \Update regarding outsourcing 

Distribution

NAME TITLE

Approval

NAME POSITION SIGNATURE DATE

1           Introduction

This privacy policy tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a data controller and, by law, we are required to provide you with information about us, about why and how we use your data, and about the rights you have over your data.

1.1        Who are we?

We are Cottons Group. Our address is The Stables, church Walk, Daventry, NN11 4BL. You can contact us by post at the above address, by email at dataprotection@cottonsgroup.com  or by telephone on 01327 879090.

We are not required to have a data protection officer, so any enquiries about our use of your personal data should be addressed to the contact details above.

2.       How we use your information

2.1      When you use our website

When you use our website to browse our products and services and view the information we make available, a number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better. Some of the cookies we use are strictly necessary for our website to function, and we do not ask for your consent to place these on your computer. These cookies are shown here.  

2.2     When you submit an enquiry via our website

When you submit an enquiry via our website, we ask you for your name, contact telephone number and email address.

We use this information to respond to your query, including providing you with any requested information about our products and services. We may also email you several times after your enquiry in order to follow up on your interest and ensure that we have answered your it to your satisfaction. We will do this based on our legitimate interest in providing accurate information prior to a sale.

Your enquiry is stored and processed by third parties Fibre CRM & Campaign Monitor system. Their servers are in Australia and USA retrospectively. 

We do not use the information you provide to make any automated decisions that might affect you. 

We keep enquiry emails for two years, after which they are securely archived and kept for seven years, when we delete them. CRM records are kept for three years after the last contact with you.

2.3     When you apply for a job vacancy

When you apply for a job vacancy online, we ask you for your name, contact telephone number, email address and CV. We will not share this data with any third parties. Data and CVs of unsuccessful applicants are deleted immediately. However, in some circumstances we might retain your CV so we can invite you for a meeting if we have available position. 

Your information is stored on our website and on our server, both of which are based within the European Union. 

We do not use the information you provide to make any automated decisions that might affect you. 

2.4     When you sign up for a newsletter

When you sign up for a newsletter, we ask for your name, business name, contact telephone number and email address. We will not share your data with any third parties. 

We use this information to provide you with the latest news from our team and any important accounting or tax updates we feel might be relevant to you.  We will do this based on your consent.

Your details will be shared with third parties Fibre CRM & Campaign Monitor. Their servers are in Australia and USA retrospectively.

We do not use the information you provide to make any automated decisions that might affect you. 

Once you have withdrawn your consent, we will remove you from our list immediately. 

2.5     Data sharing

We will not sell or rent your information to third parties.

We will not share your information with third parties for marketing purposes.

We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings).

All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

Transferring your information outside the European Economic Area (EEA)

Third parties to whom we disclose such personal data may be located outside of the European Economic Area (EEA).   We will only disclose client personal data to a third party (including a third party outside of the EEA) provided that the transfer is undertaken in compliance with the Data Protection Legislation

2.6     Transferring your information outside the European Economic Area (EEA)

Third parties to whom we disclose such personal data may be located outside of the European Economic Area (EEA).   We will only disclose client personal data to a third party (including a third party outside of the EEA) provided that the transfer is undertaken in compliance with the Data Protection Legislation

2.7     Your rights as a data subject

By law, you can ask us what information we hold about you, and you can ask us to correct it if it is inaccurate. If we have asked for your consent to process your personal data, you may withdraw that consent at any time.

If we are processing your personal data for reasons of consent or to fulfil a contract, you can ask us to give you a copy of the information in a machine-readable format so that you can transfer it to another provider.

If we are processing your personal data for reasons of consent or legitimate interest, you can request that your data be erased.

You have the right to ask us to stop using your information for a period of time if you believe we are not doing so lawfully.

Finally, in some circumstances you can ask us not to reach decisions affecting you using automated processing or profiling.

To submit a request regarding your personal data by email, post or telephone, please use the contact information provided above in the Who Are We section of this policy.

2.8     Your right to complain

If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at ico.org.uk or write to them at:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

2.9    Updates to this privacy policy

We regularly review and, if appropriate, update this privacy policy from time to time, and as our services and use of personal data evolves. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, to ask for your consent.

We will update the version number and date of this document each time it is changed.

Our Privacy Statement

This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.

Topics

Information about us

We are Cottons Group,
The Stables, Church Walk,, Daventry, Northants, NN11 4BL,
Company number: OC355206,
Registration location: England & Wales

For more information, please see our “contact us” page and/or the footer of this website.

This Website is designed and hosted on behalf of Cottons Group by PracticeWEB a trading division of Sift Media Limited (company registration number 05923499) a subsidiary of Sift Limited (company registration number 03230061) who provide some of the information which is on this Website. This Website may have links to another website hosted by Sift Limited ("Sift Website") which enables you to access third party services.

In these terms and conditions: "Sift Limited" means Sift Limited (company registration number 03230061) whose registered office is is Charlotte Place, Queen Charlotte Street, Bristol, BS1 4EX and any company which is at the relevant time a subsidiary or holding company of Sift Limited and any subsidiary of any such holding company (and “subsidiary” and “holding company” shall have the meanings set out in sections 736 and 736A of the Companies Act 1985).

Your Data

What we collect

We do not collect any personal information about website users other than:

  • information provided by Users when completing forms on the website including but not limited to the contact and website registration form.
  • that facilitated by the use of "cookie" technology. "Cookies" are designed to enhance your online visit and permit you to access the full service within the website.

How we collect your data

Each time you visit our site or interact with the emails we send to you, we may automatically collect the following information:

  • technical information, including the Internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, operating system and platform.
  • information about your visit, including the URL clickstream to, through and from our site (including date and time); pages, resources and/or products you viewed or searched for; page response times, errors, length of visits to certain pages, page interaction, and methods used to browse away from the page.
  • information about your interaction with our emails, including whether you have opened the email, the number of times the email is accessed, and your interaction with email content including the links you have clicked.

We may also build a picture of your digital data profile, by taking information on you from public sources, such as your publicly available social media information and other third party sources such as Companies House. We do this to help us direct more targeted information and content to you.

Data from other sources

We may receive information about you if you use any of the other websites we or any of our group companies operate or the other services we provide. We are also working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them. We also receive information about you from third party telemarketing companies. We or our partners will only contact you where you have given the telemarketing companies your consent for us to do so.

Using your data

We may process your data because:

  • we are legally obliged to e.g. to confirm your identity.
  • the processing is necessary for the performance of the contract with you to provide our services; or
  • it is in ours or a third party’s legitimate interests to do so.

In some instances, we will rely on your consent to process personal data and when we do this, it will be flagged to you at the time.

If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

Data security & storage

This website takes every precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected both online and offline, with the data being stored on secure servers located within the European Economic Area (“EEA”). There are technological and operational security systems in place that provide protection for personally identifiable information from loss or misuse.

When our registration form asks users to enter information, that information is encrypted and is protected with the best encryption software in the industry – SSL.

Our primary hosting provider is certified to ISO 27001 . This family of standards helps us manage your information and keep it safe and secure.

While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet.

If you have any questions about the security at our website, you can send an email to dataprotection@cottonsgroup.com.

Retention

We keep your personal information for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements.

Marketing

Cottons Group would like to send you information about products and services of ours that we think you may like. If you have agreed to receiving marketing, you may always opt out at a later date.

You have the right at any time to stop Cottons Group from contacting you for marketing purposes.

If you no longer wish to be contacted for marketing purposes, please send an email to dataprotection@cottonsgroup.com.

Your data protection rights

Cottons Group would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Cottons Group for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that Cottons Group correct any information you believe is inaccurate. You also have the right to request Cottons Group to complete the information you believe is incomplete.

The right to erasure – You have the right to request that Cottons Group erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Cottons Group restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Cottons Group’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Cottons Group transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please email dataprotection@cottonsgroup.com.

Cookies

A cookie is a small text file written to your hard drive that contains information about you. Cookies do not contain any personal information about users.

The website provider Practiceweb uses cookies to personalise your experience of the website. Most web browsers allow you to control how cookies are accepted by adjusting your web browsers settings. If you set up your browser to reject the cookie, you may still use the website.

Services delivered via the website such as video or embedded content from external providers may also place cookies on your machine (computer).

By continuing to use this site you are deemed to be accepting the terms and conditions and consenting to the website placing cookies on your machine (computer) as set out in the Cookies information page.

Children

We do not knowingly collect personal data from anyone under the age of 13. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personal information to us, please contact us at dataprotection@cottonsgroup.com.

Where processing of personal data is based on consent, if we learn that this data belongs to someone under the age of 13, we will cease processing and will take reasonable measures to delete the applicable information from our records, unless the consent is provided by a parent or guardian.

Privacy policies on other websites

Where links are provided to other websites it should be noted that they are not and cannot be governed by our privacy statement. We cannot guarantee your privacy when you access other websites, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

If we decide to change our privacy policy, we will post those changes on this page so our users are always aware of the information we collect and how we use it.

This privacy policy was last updated on the 30th of September 2021.

How to contact us

If you have any questions about our company’s privacy policy, please do not hesitate to contact us:

Contacting appropriate authorities

Should you wish to report a complaint or if you feel that our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office. Details are available here https://ico.org.uk/global/contact-us.

Notices and disclaimers

These disclaimers also extend the above rights to our website provider www.practiceweb.co.uk – see service agreement, terms and conditions

w

Ready to connect?

If you’re curious about how we can help you, please reach out: our team is very keen to hear from you.

Xero Platinum partner logo
Sage logo
ICAEW logo
ACCA logo
Quickbooks logo