1.0 Policy Statement
Your privacy and security is important to us and Churchfield have a duty of care to all the people that we collect data from, we recognise that everyone has rights to how their data is handled and as such treat all data collected in an appropriate and lawful manner.
Our website may contain links to third parties websites. Churchfield assumes no responsibility for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those websites before agreeing to their terms or using those websites.
Personal information is processed and stored in our databases and we have taken reasonable steps to secure and protect this information. However, whilst we make every effort to ensure the security of your information, we are unable to guarantee the protection of the information from misuse, accidental disclosure or unauthorised acts by others. Information provided by you may be stored or processed outside the United Kingdom.
You have the right of access to any personal information processed by us. Churchfield is committed to providing you with reasonable and practical access to your information to give you the opportunity to identify any inaccuracies. Where possible, if Churchfield is informed of the inaccuracy of any personal information, we will make appropriate corrections. You can request the updating or amending of any information you have provided to Churchfield by contacting us.
- User privacy and data protection are human rights
- We have a duty of care to the people within our database
- Data is a liability, it should only be collected and processed when absolutely necessary
- We loathe spam as much as you do!
- We will never sell, rent or otherwise distribute or make public your personal information
2.0 Relevant Legislation
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
- Australian Privacy Act 1988 (APA)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer for clarification.
3.0 Personal information that this website collects and why we collect it
Churchfield will need to collect personal information to enable us to carry out various processes relevant to our industry. This information may be for past, present or future employees of the company, clients and associated trades and professional services. Any information collected will be accurate, necessary and relevant for its purpose. This website collects the following information:
3.1 Site visitation tracking
You always have the choice as to whether or not you want to accept these useful cookies. Cookies are, by default, accepted by 99% of web browsers but you can change this within your browser settings if you so wish. A word of warning though if you do, you’re likely to experience a dramatically reduced user experience and you won’t get full functionality for a lot of websites. For more information about cookies and for details on how to remove them see www.aboutcookies.org.
Like most websites, this site uses Google Analytics, a web analysis service provided by Google Inc. (Google Analytics uses ‘cookies’). The information generated by the cookie regarding your use of our Website is normally transferred to a Google server in the USA, and is stored there. As the IP anonymize function is activated on our Website, your IP address will, within Member States of the European Union or other contracting states of the Agreement on the European Economic Area, first be shortened by Google. Only in exceptional cases will Google transfer the full IP address to a Google server in the USA, and will shorten it there. On behalf of the operator of this Website, Google will use this information in order to analyse your usage of our Website, to compile reports on website activities, and to provide further services to the website provider relating to the usage of the Website and the internet. The IP address transferred by your browser within the framework of Google Analytics will not be combined by Google with other data.
Using the code provided by Google AdWords we are able to better track the successes (or failures) of our advertising through the AdWords platforms. It lets us, for example, see which advert from which campaign you clicked on before you submitted one of our contact forms.
The Facebook Pixel cookie allows us to track social media campaigns and identify the success or failure of each of them. All of the information is depersonalised and we don’t know who you actually are.
3.2 Contact forms and email links
By submitting your data to us via contact forms or email links you are giving us your permission to process your personal data for its intended purpose. Once its purpose is fulfilled we will dispose of your data unless otherwise agreed.
Information submitted to us through our website’s forms will be both stored in the website’s database (maintained by our third party processor Webflow) and collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by ESET File Security and an onsite Linux spam filter. For further information about our 3rd party processors please see section 6 of this document.
3.3 Offline data
Churchfield may collect data via telephone or by means of a client visiting the office in person. Any data collected will be necessary and relevant for its purpose, it will be stored securely until such time it is no longer needed and/or relevant at which point it will be disposed of securely.
4.0 How we store your personal information
Once collected, your data will be stored securely on a computer or/as well as in secure paper based filing systems. Personal information that is submitted through our webforms is also stored within the website’s database, for more information about where our website is hosted please section 6 of this document.
4.1 Data retention
Data will be retained until it is no longer needed and/or it is no longer relevant, or until our legal obligations have been fulfilled, at which time the data will be disposed of securely.
4.2 Internal systems and security
Our onsite server systems are protected by ESET File Security and our local machines use ESET Endpoint Protection. In addition we make use of an onsite Linux spam filter and all of our outbound email is sent out using TLS encryption. Our network is protected by a Draytek Router which has a built in firewall, this is locked down to only allow remote access from pre-approved IP addresses. All data is backed up both on and offsite. The onsite backup is stored on a network attached drive that is locked down and password protected. Offsite backups are stored in a data centre which is only accessible via thumbprint, ID card and a pre-approved appointment.
The office is equipped with a comprehensive alarm system and 24 hour CCTV, with all exits securely locked at the end of each day and for any period of time where the office is not manned.
4.3 Methods of disposal
Data in paper form will be securely disposed of by shredding. Emails will be deleted when no longer needed and/or are no longer relevant, once an email is deleted it will remain on our server for 30 days until it is then permanently deleted. Any data stored on a computer will be permanently deleted when no longer needed and or no longer relevant.
5.0 Controlling your personal information (who to contact)
Contact Gemma Hayward, DPO. See section 10.0
5.1 removing/changing your personal information
If you require for your personal information held by Churchfield to be removed or amended you will need to contact our Data Controller to make this request.
Data will be processed in line with data subjects’ rights. Data subjects have a right to:
- Request access to any data held about them by a data controller.
- Prevent the processing of their data for direct-marketing purposes.
- Ask to have inaccurate data amended.
- Prevent processing that is likely to cause unwarranted substantial damage or distress to themselves or anyone else.
- Object to any decision that significantly affects them being taken solely by a computer or other automated process.
5.2 Making a complaint
If you need to make a complaint please ensure this is done in writing and sent to the Data Protection Officer at Churchfield, 122 Charminster Road, Bournemouth, BH8 8UT or by email to firstname.lastname@example.org as soon as possible, detailing the nature of the complaint. Churchfield will respond to your letter of complaint within 10 working days and will do everything we can to ensure a speedy resolution.
6.0 About this websites server
This website is hosted by Webflow, one of our third party data processors. They in turn use both Amazon Cloudfront and the Fastly Content Delivery Network to distribute copies of the website around the world. The reason for the distributed nature is to ensure speed and reliability of the website globally.
Some of Webflow’s & Amazon’s Security benefits are:
- SSL Certificate for encryption between the visitor and the website
- Security guarded data centres
- Security fencing and feeds
- Intrusion detection technology
- Backup power systems
- Video surveillance systems
- Enterprise-grade website security
- ISO 27018 compliant
7.0 Third party data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them are compliant with the legislation set out in section 2.0. Third parties based in the USA are EU-US Privacy Shieldcompliant.
- On the Market
- Sendgrid - email relay service
8.0 Data breaches
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
9.0 Data Controller
The data controller is: Churchfield Sales & Lettings.
Company number: 675881285
Registered office: 122 Charminster Road, Bournemouth, BH8 8UT
10.0 Data protection officer
Name: Gemma Hayward
Position in Company: Associate Partner
Telephone: 01202 779911