We treat privacy and confidentiality very seriously at Golley Slater (referred to in this notice as “we”, “us” or “our”). We comply with all aspects of the UK’s data protection legislative framework, which includes the European General Data Protection Regulation (GDPR) and the UK’s own legislation.
We respect the right of individuals to privacy. Our Privacy Notice explains:
Our company is Golley Slater Group Limited. Our registered office is Wharton Place, Wharton Street, Cardiff, CF10 1GS and company registered number 0584047.
In the course of providing marketing services to our clients and running our businesses, we gather and use personal information about a number of different categories of people. We have developed this privacy notice in order to be as transparent as possible about the personal information we collect and use.
Individuals wishing to contact us about data protection issues may do so by writing to us at Group Operations Director, Golley Slater Group Limited, Wharton Place, Wharton Street, Cardiff, CF10 1GS or by emailing us at firstname.lastname@example.org
This privacy notice has been written for the benefit of the following categories of people (referred to in this notice as “you”):
This privacy notice does not apply to:
If you believe that we are processing your personal information, but you are not included in the above list please contact us to discuss this.
The personal information that we collect includes:
We may use this personal data for the following purposes:
Processing of your personal data is necessary for us to administer the pre-contract and contractual relationship between ourselves and our clients/suppliers in connection with the performance of a contract.
This applies where we need to collect and use your personal information to comply with applicable laws and regulatory requirements.
We may (but usually do not) need your consent to use your personal information. You can withdraw your consent by contacting us (see below).
Golley Slater uses and shares personal data based on its legitimate commercial interests.
The data protection legislative framework recognises that it is in our legitimate business interests to collect and use personal information for marketing reasons. We do not need your consent to do this lawfully, but we are obliged to inform you that you have a right to object to this. The law also allows us to send marketing communications by electronic means to our existing clients and business contacts without needing consent. Again, you have the right to object to this activity if you wish.
The personal data we have comes from various sources.
A number of third parties may have access to your personal information or we may share or send it to them. This includes:
Personal information used in Golley Slater’s data products and services may also be passed to and used by members of the Golley Slater group of companies. We may also pass data to other companies that process personal data on our behalf to help us conduct our business. When we do so, we ensure that appropriate contractual safeguards are put in place.
Our policy is to not hold personal information for longer than is necessary. We have established data retention timelines for all of the personal information that we hold based on why we need the information. The timelines take into account any statutory or regulatory obligations we have to keep the information, our legitimate business interests, best practice and our current technical capabilities. We have developed a Data Retention Policy that captures this information. We delete or destroy personal information securely in accordance with our Data Retention Policy.
Golley Slater takes security seriously and we take reasonable and appropriate steps to protect your personal information from unauthorised access, loss, misuse, alteration or corruption. We have put in place physical, electronic, and managerial procedures to safeguard and secure the information you provide to us including the use of encryption and pseudonymisation. We have Cyber Essentials Plus certification. If you wish to discuss the security of your information please contact us.
We do not send personal data outside the European Economic Area (EEA) as a matter of course.
Transfers of personal data outside the EEA can arise where we are acting for business clients with interests outside the EEA that:
have operations or employees / contractors that based outside the EEA
buy goods or services from businesses or organisations that are based outside the EEA
are entering into transactions with business, organisations or individuals based outside the EEA
If we are required to transfer personal data outside of the EEA, we will ensure that we do so in a legally compliant manner and take steps to ensure the information is protected in the same way as if it was being used in the EEA.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by not opting in to be contacted for marketing purposes. You can also exercise the right at any time by contacting us at Golley Slater Group Ltd., Wharton Place, 13 Wharton Street, Cardiff, CF10 1GS
If you have a complaint about our use of your information, we would prefer you to contact us directly in the first instance so that we can address your complaint. However, you can also contact the Information Commissioner’s Office via their website at www.ico.org.uk/concerns or write to them at:
Information Commissioner’s Office
Golley Slater reserves the right to update and revise this Privacy Notice from time to time to take into account legislative and other developments. Any changes we may make to our Privacy Notice will be posted on this page and contain an “effective date” reflecting when the last changes occurred.
Effective Date: 31 August 2018.