Privacy & cookies
Wellocks takes data protection seriously. The use of the various web sites belonging to Wellocks is not possible without the provision of some personal data; However, if a data subject wishes to use certain services on our website, provision of further personal data could become necessary. If the processing of personal data is necessary, and there is no statutory basis for that processing, we will obtain consent from the data subject for that processing.
Personal data processing will always be in line with the General Data Protection Regulations and relevant UK law applicable to Wellocks. By means of this privacy notice, we would like to inform users of the Wellocks websites why we collect and process personal data and data subject’s rights relating to that collection and processing of their personal data.
The data protection notice of Wellocks is based on the terms used by the European legislator for the adoption of the General Data Protection Regulations, but for ease of understanding the following definitions apply
Controller: The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided by Union or Member State law.
Personal Data: Any information relating to an identified or identifiable natural person (“Data Subject”) is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location date, on online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data Subject: Any identified or identifiable natural person, whose personal data is processed by the controller responsible for processing.
Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of personal data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third Party: A natural or legal person, public authority, agency or other body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.
Processing: Any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Name and Address of the Controller
The Controller is:
Richard Wellock & Sons Ltd, 4 Pendleside, Lomeshaye Business Village, Nelson, Lancashire, BB9 6SH, United Kingdom
Phone: 08444 993 444 Website: https://wellocks.co.uk
Name and Address of the Lead Supervisory Authority
The lead supervisory authority overseeing the Controller is:
Information Commissioner’s Office, Wycliffe House, Water House, Wilmslow, Cheshire SK9 5AF, United Kingdom
Phone +44 (0) 303 123 1113 Email: [email protected] Website: https://ico.org.uk
Reasons / purposes for processing information
The following is a broad description of the way this organisation processes personal information. To understand how your information is processed you may also need to refer to any personal communications you have received. We process personal information to enable us to provide our core business of wholesale of food & drink to customers, to promote our services, to maintain our own accounts and records and manage our employees.
We collect information relating to the above reasons / purposes from the following sources:
• The data subject directly (e.g. from information entered onto forms)
• The data subject indirectly (e.g. information collected when you browse our websites, such as IP address and operating system)
• Publicly available registers (e.g. Electoral Roll)
• Social Media (e.g. Facebook, Twitter)
• Research provided by Third Party Providers including search engines
We process information relating to the above reasons / purposes. This information may include:
• Personal Details
• Business activities of the person whose personal information we are processing
• Goods and services provided
• Financial details
• Education details
• Employment details
We also process sensitive classes of information that may include:
• Criminal offences
• Health Information
We process personal information about our:
• Complainants and Enquirers
• Advisors and other professional experts
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA), Privacy and Electronic Communications Regulation (PECR) and the EU General Data Protection Regualtions (GDPR) as it applies. What follows is a description of the type of organisations we may need to share some or all of the personal information we process with, for one or more reasons.
Where necessary or required, we share information with:
• Business associates or other professional advisers
• Financial Organisations
• Current, past or prospective employers
• Educators and examining bodies
• Suppliers and service providers
Rights of the data subject
GDPR affords EU data subjects with rights. These rights are summarised below. In order to assert any of these rights, the data subject may contact Wellocks at any time
The right of confirmation: Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data about him or her or being processed.
The right of access: Each data subject shall have the right to obtain from the controller, free information about his or her personal data stored at any time and a copy of that information. Furthermore, the data subject shall have a right to obtain information as to whether personal information are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
Right to rectification: Each data subject shall have the right granted by the European legislator to obtain from the controller without undue delay the rectification of inaccurate personal data regarding him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure: Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay, and the controller shall have an obligation to erase personal data without undue delay where one of the statutory grounds applies, so long as the processing is not necessary.
Right to restriction of processing: Each data subject shall have the right granted by the European legislator to obtain from the controller restriction of processing where a statutory reason applies.
Right to data portability: Each data subject shall have the right granted by the European legislator, to receive the personal data concerning him or her, which was provided to the controller in a structured commonly used and machine readable format.
Right to object: Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to the processing of personal data about him or her.
Automated individual decision making, including profiling: Each data subject shall have the right not to be subject to a decision solely based on automated processing, including profiling.
Right to withdraw consent: When consent forms the basis for processing, data subjects shall have the right to withdraw his or her consent to the processing of his or her personal data at any time.
Right to complain to the supervisory authority: The details of the supervisory authority are shown above
Legal basis for the processing
The legal basis for the processing shall be where:
• The data subject has given consent to the processing of his or her personal information for one or more specific purposes.
• Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Processing is necessary for compliance with a legal obligation to whish the data subject is subject.
• Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
The legitimate interests pursued by the controller or by a third party
Where the processing of personal information is based on our legitimate interest, it is to carry out our business in favour of the well-being of all our employees.
Security of processing
As the controller, Wellocks has implemented technical and organisational measures to ensure the personal data processed remains secure, however absolute security can never be absolutely guaranteed. Should a data subject have particular concerns about a particular method of transmission, we will take reasonable steps to provide an alternative method.
It may sometimes be necessary to transfer personal information overseas. When transfers are needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the GDPR and in accordance with country-specific legislation applicable to Wellocks.
Personal Data Retention Periods
The criteria used to determine the retention period of personal data is the respective statutory retention period with the member state. After the expiration of that period, personal information shall be securely deleted, as long as it is no longer needed for the fulfilment of the contract, the initiation of a contract, and in relation to other legal proceedings.
Contractual obligation of the data subject to provide the personal data and the possible consequences of failure to provide such data
For clarity, the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must be subsequently processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal date would have the consequence that the contract with the data subject could not be concluded.
Automated decision-making and profiling
We may process personal data for automatic decision-making or profiling. This will only be carried out with the data subject’s explicit consent for that processing to occur.
Data protection for employment & recruitment procedures
The data processor shall collect and process the personal data of applicants for the purpose of processing the application procedure. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits corresponding application documents by email or by means of a web form on a website to the controller.
If the data controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant buy the controller, the application documents shall be erased 2 months after notification of the refusal decision, or the appointment of another person to the role, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interests could be complying with country-specific legislation e.g. the UK Equality Act 2010.
You may not transfer any of your rights under this privacy notice to any other person. We may transfer our rights under this privacy notice where we reasonably believe your rights will not be affected.
If any court of competent authority finds that any provision of this privacy notice (or part of provision) is invalid or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
This notice will be governed by and interpreted according to the law of England and Wales. All disputes arising under this notice will be subject to the exclusive jurisdiction of the English and Welsh courts.
Changes to this notice
This notice was last updated on 23rd April 2018. We may change this policy by updating this page to reflect changes in the law or our privacy practices. However, we will not use your personal data in any new ways without your explicit consent.