Privacy Policy

Purpose

This Christmas Trees company and its subsidiaries collect, use, share and hold certain Personal Data about current, past and prospective consumers, customers, suppliers, business contacts, employees and other people in the course of its business activities. Personal Data must be processed in accordance with national Data Protection Regulations.

This Christmas Trees company recognises the need to treat Personal Data in an appropriate and lawful manner and is committed to complying with its obligations in this regard. This Privacy Policy explains how we use Personal Data.

A person whose personal data we hold hereafter referred to as “you” and “your” shall have a corresponding meaning.

This Privacy Policy applies to customers (internal and external) of all entities within the This Christmas Trees company group and all individuals who work for, with or on behalf of any This Christmas Trees company business.

We use the words Personal Data to describe information that is about you or others from which you or they are identifiable.

The purpose of this Privacy Policy is to:

a) ensure this Christmas Trees company protects the rights of customers, staff and partners;

b) describe what personal data this Christmas Trees company holds and how it processes it;

c) ensure this Christmas Trees company complies with the Data Protection Law; and

d) allow this Christmas Trees company to demonstrate compliance with the Data Protection Law of this nation.

This Privacy Policy may be supplemented by other privacy notices tailored to our specific relationships with you

If you have any questions in relation to this Privacy Policy, your rights in relation to your personal data or any other queries please contact us.

Personal Data we process

This Christmas Trees company holds personal data in relation to current, past and prospective:

  • customers;
  • employees;
  • suppliers;
  • business contacts.

We endeavour to keep the Personal Data we process accurate and up to date and held securely.

Furthermore, Personal Data is stored in as few places, with as few copies, as is reasonably possible.

Our staff are trained not to create any unnecessary additional copies of Personal Data.

How we use Personal Data

We use Personal Data to carry out our business activities. The purposes for which we use your Personal Data may differ based on our relationship, including the type of communications between us and the services we provide.

The main purposes include using Personal Data to:

  • provide our products and services;
  • manage the employment relationship including to process payroll for our employees, make corporate discounts available to our employees, distribute the company magazine to our employees;
  • process customer and supplier invoices;
  • communicate with you and other individuals;
  • improve the quality of our products and services, provide training and maintain information security (for example, for this purpose we may record or monitor phone calls to improve our quality of service to our customers.);
  • carry out research and analysis, including analysis of our customer base and other individuals whose Personal Data we collect;
  • provide marketing information in accordance with preferences you have told us about (marketing information may be about offers or discounts or our other products and services);
  • manage our business operations and IT infrastructure, in line with our internal policies and procedures;
  • manage complaints, feedback and queries, and handle requests for data access or correction, or the exercise of other rights relating to Personal Data;
  • comply with applicable laws and regulatory obligations, for example, laws and regulations and statutory responsibilities relating to employee working time regulations, tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring, anti-money laundering, sanctions and anti-terrorism; comply with legal process and court orders; and respond to requests from public and government authorities (including those outside your country of residence); and
  • establish and defend legal rights to protect our business operations and those of our business partners.

Automated decisions using Personal Data

We may use automated decision-making tools (i.e. where a person is not involved in the decision). We typically use these tools when making straightforward decisions about you. Where this is the case we may provide you with more information at the time to aid your understanding of what is involved.

Responsibility for Personal Data

This Christmas Trees company is responsible for looking after your Personal Data in accordance with this Privacy Policy, our internal standards and procedures, and the requirements of data protection law.

When employees or others that work on our behalf handle Personal Data we will always ask that they treat Personal Data in a confidential, secure manner and will require them to comply with the Confidentiality Code of Conduct.

Sharing of Personal Data

In connection with the purposes described above, we may need to share your Personal Data with third parties.

When we provide Personal Data to third parties, the third parties will be selected carefully and required to use appropriate measures to protect the confidentiality and security of the Personal Data. Those third parties will assume certain responsibilities under the Data Protection Law for looking after the Personal Data that they receive from us.

In certain circumstances, Data Protection Law allows Personal Data to be disclosed to law enforcement agencies without the consent of the Data Subject. In such circumstances, we will disclose requested Personal Data to the extent permitted by, and in accordance with, applicable Data Protection Law.

Where necessary, line managers can be given proxy access to a direct reports email account where this has been authorised. For example, when a user is off sick, on leave or has left the company, access may be necessary for the proper and uninterrupted functioning of the business. Proxy access will be enabled for a 2-week period to administer the account.

International Transfers of Personal Data

For the purposes set out in this Privacy Policy we may transfer Personal Data to parties located in other countries that have data protection regimes which are different to those in this country.

When making these transfers, we will take steps to ensure that your Personal Data is adequately protected and transferred in accordance with the requirements of the Data Protection Law.

This may involve the use of data transfer agreements in the form approved by national regulations or another mechanism recognised by data protection law as ensuring an adequate level of protection for Personal Data transferred outside this jurisdiction (for example, standard contractual clauses).

For further information about these transfers and to request details of the safeguards in place, please contact by email.

Security of Personal Data

This Christmas Trees company uses appropriate technical, physical, legal and organisational measures, which comply with data protection laws to keep Personal Data secure.

As most of the Personal Data we hold is stored electronically we have implemented appropriate IT security measures to ensure this Personal Data is kept secure. For example, we may use anti-virus protection systems, firewalls, and data encryption technologies. We have procedures in place at our premises to keep any hard copy records physically secure. We also train our staff regularly on data protection and information security. It is the responsibility of all employees to handle Personal Data securely and in line with such data security and storage guidelines set out by This Christmas Trees company from time to time.

When this Christmas Trees company provides Personal Data to a third party (including our service providers) or engages a third party to collect Personal Data on our behalf, the third party will be selected carefully and required to use appropriate security measures to protect the confidentiality and security of Personal Data. For example, Personal Data is encrypted / password protected where appropriate.

Unfortunately, no data transmission over the Internet or electronic data storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any Personal Data you might have sent to us has been compromised), please immediately notify us.

Data Breach

If there is ever a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, This Christmas Trees company will follow its Data Breach Procedure.

Legal justifications for our processing of Personal Data

To comply with Data Protection Law, we are obliged to advise you of the legal justification we rely on for using your Personal Data for our purposes.

While the law provides for several legal justifications, the main legal justifications that apply to our purposes for using Personal Data are:

Consent,

Contractual Necessity,

Legal Requirements, and

Legitimate Interest.

In order to enable us to fulfil the terms of our contract with you (or someone else) or in preparation of entering into a contract with you (or someone else), we may be required to obtain certain Personal Data from you. We will inform you of the legal justifications for which we are obtaining your personal data when we obtain your Personal Data. In some circumstances, we may be legally required to obtain certain personal data from you. In these instances, we may not be able to provide our products or services to you if you do not provide the relevant Personal Data to us. If you would like further information, please contact us.

Where we rely on our legitimate business interests or the legitimate interests of a third party to justify the purposes for using your Personal Data, our legitimate interests will usually be:

  • the pursuit of our commercial activities and objectives, or those of a third party (for example, by carrying out direct marketing);
  • compliance with applicable legal and regulatory obligations, and any guidelines, standards and codes of conduct (for example, by carrying out background checks or otherwise preventing, detecting or investigating fraud or money laundering);
  • improvement and development of our business operations and service offering, or those of a third party;
  • protection of our business, shareholders, employees and customers, or those of a third party (for example, ensuring IT network and information security, enforcing claims, including debt collection); and
  • analysing competition in the market for our services (for example, by carrying out research, including market research).

For Processing of more Sensitive Personal Data we will rely on either:

  • your consent;
  • that use of your Sensitive Personal Data is necessary for the purpose of the assessment of the working capacity of an employee and to enable This Christmas Trees company to provide suitable accommodations where necessary; or
  • that use of your Sensitive Personal Data is necessary for the establishment, exercise or defence of legal claims, or whenever courts are acting in their judicial capacity (for example, when a court issues a court order requiring the Processing of Personal Data).

Processing of Personal Data relating to criminal convictions and offences is subject to the requirements of applicable law.

Monitoring

We may record telephone calls with you so that we can:

  • improve the standard of service that we provide by providing our employees with feedback and training;
  • address queries, concerns or complaints;
  • prevent, detect and investigate crime, including fraud and money laundering, and analyse and manage other commercial risks; and
  • comply with our legal and regulatory obligations.

In addition, we monitor electronic communications between us (for example, emails) to protect you, our business and IT infrastructure, and third parties including by:

  • identifying and dealing with inappropriate communications; and
  • looking for and removing any viruses, or other malware, and resolving any other information security issues.

Retention of Personal Data

We will keep Personal Data for as long as is necessary for the purposes for which we collect it. Where we hold Personal Data to comply with a legal or regulatory obligation, we will keep the information for at least as long as is required to comply with that obligation. In some cases, a retention period will apply once the initial purpose has ceased e.g. financial information is kept for 7 years, payroll files are required to be kept for current year plus 6 years.

Where we hold Personal Data in order to provide a product or service, we will keep the information for at least as long as we provide the product or service, and for a number of years thereafter. The number of years varies depending on the nature of the product or service provided. If you have any queries on data retention please contact via the general contact form on this website..

This Christmas Trees company endeavours to ensure that Personal Data will only be kept for a period which is relevant and not excessive to achieve the purposes for which it is being held. Personal Data will be deleted once that purpose is achieved or it is no longer required.

Who to contact about your Personal Data

If you have any questions or concerns about the way your Personal Data is used by us, you can contact us by the general contact form on this website.

Review and Revision

We review this Privacy Policy regularly and reserve the right to make changes at any time to take account of changes in our business, legal requirements, and the manner in which we process Personal Data. This Privacy Policy was last updated on 30th of October 2019. We may review this policy and make changes from time to time.

 

Scroll to top