To maintain data accuracy and ensure the correct use of information, we monitor and adjust our physical, electronic and managerial procedures to safeguard and secure your personal data while in our care, or in the care of any outside suppliers with whom we may contract to process your data on our behalf. Such Data Processors and Sub Processors will be contractually bound to process only in accordance with our instructions and to maintain technical and organisational controls in compliance with GDPR. Data is stored on servers within the EU, or on Amazon Web Servers certified under the EU-US Privacy Shield.
How do we notify you if there is a security breach?
In the event of a security breach that may affect you, we’ll notify you of the breach, provide a description of what happened and later report the action we took in response.
How is personal data collected and recorded by Avondale?
When you give your personal data to Avondale we will process that data in accordance with our responsibilities under the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003. GDPR Regulations (May 2018) and other relevant legislation.
Avondale collects and records data in the following ways:
Events: When we meet you face to face and we share contact details/exchange business cards and follow up with an email – which is explicit in requesting your consent to be added to our database.
Website: When visitors subscribe to our newsletter or download information we retain personal data that is input at the time of subscription.
Cookies: Used to help us understand your preferences based on previous or current site activity. Please see our cookie policy https://avondale.co.uk/cookie-policy for further details.
Telephone or Email Enquiries: We will ask you at the time of enquiry if you are happy for us to retain your details for our marketing purposes. We provide you with the opportunity to unsubscribe to email communication.
Client Contracts: We will record our clients details and they will also have the opportunity to opt out of marketing communications.
List Brokers: We will only purchase lists from suppliers who are GDPR compliant, and who can assure us that every contact has opted-in to receive information on relevant products and services.
Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties and public sources (like Companies House subscription directories as set out below:
- Technical Data from the following parties:
(a) analytics providers such as Google based outside the EU;
(b) third party acquirer networks such as Deal Nexus Intralinks based inside or outside the EU; and
(c) search information providers such as Google based inside or outside the EU.
- Identity and Contact Data from M&A and/or Company Data providers or aggregators such as Pitchbook or Dunn and Bradstreet based inside or outside the EU.
- Identity and Contact Data from publicly available sources such as Companies House based inside the EU.
- Identity and Contact Data from referral partners based inside the EU.
- Identity and Contact Data from Data Contractors using publicly available sources such as directories or websites based inside or outside the EU.
This is information we receive about you if you use any of the other websites we operate or the services we provide. In the case of services that we provide to you, we will inform you at the first point of contact with you, if we intend to share those data internally and combine it with data collected on this site. Similarly, we will also inform you at the first point of contact for what purpose we will share and combine your data.
Your preferences are updated on our CRM system – manually with verbal requests, and automatically with ‘unsubscribe’ requests via our email platforms, Mailing Manager and Pardot.
By interacting with Avondale as defined in this policy, the Subject provides their consent for the transfer and use of their data by our Data Processors and their Data Sub-Processors which Avondale believe will enhance service delivery and customer relationship management activities. No data transfer will be undertaken that is outside the strict scope of the purposes stated in this policy, or that will materially degrade the security of the Subject’s data or the Data Subject’s rights and in any event, the security provisions will be compliant with the applicable Data Protection Laws.
We may monitor, record, store and use telephone calls:
- for staff training purposes, helping us to improve the quality of our customer service and to ensure the information we provide is consistent and accurate;
- for reporting on the types and numbers of enquiries we receive;
- to check instructions given to us.
We understand your personal information is important and we are committed to protecting your privacy. Any information you disclose will be for Avondale use only and unless agreed otherwise with yourselves in advance will not be passed to any third party.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective buyer or seller of such business or assets.
- If Avondale Corporate Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or the terms and conditions of supply of services that will have been provided to you separately, and other agreements; or to protect the rights, property, or safety of Avondale Corporate Limited, our customers, employees and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Disclosures of your information
You agree that we have the right to share your personal information with:
- Any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
- Selected third parties, including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
- analytics and search engine providers that assist us in the improvement and optimisation of our site;
- credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We will disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective buyer or seller of such business or assets.
- If Avondale Corporate Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or the terms and conditions of supply of services that will have been provided to you separately, and other agreements; or to protect the rights, property, or safety of Avondale Corporate Limited, our customers, employees and others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How do we contact you?
Our marketing communication is via email, direct mail (post), telephone and at events. You have the right to opt out of any of these communication channels.
How do we record and hold your data preferences over time?
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law and to satisfy our professional indemnity requirements, we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for example for tax purposes, client’s request, other questions or queries regarding past service provision etc.
In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Every piece of communication will provide you with the option to opt out or to be removed from our database altogether.
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of service purchase, product/service experience or other transactions.
By providing this constant opportunity to update your preferences, we can be confident that we are only sending communications to those who are actively interested in our service offering. Please be assured that we would never want to be considered a nuisance to you, or for our contact to result in a complaint.
Updating, Accessing or Enquiring about your data
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data or by clicking the unsubscribe link provided on our marketing emails.
Under Data Protection Laws, Data Subjects can make certain choices in relation to how their personal data is processed. These include whether your personal data is disclosed to third parties, and preferences regarding the frequency, subject matter, and/or format of communications. Data Subjects or any other concerned parties wishing to discuss matters relating to data protection, such as: Subject Access Request; concern over accuracy of collected data; or enquiries regarding a possible data breach or security incident, please email dataprotection@avondale.co.uk or write to:
Data Protection Officer
Avondale Corporate Ltd
Chapter House
33 London Road
Reigate
Surrey
RH2 9HZ
The email address is monitored within working hours and you should receive a reply within 2 working days.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
No fee usually required
You have the right to access information held about you. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If we do not hear otherwise from you, we will assume that the information you provide to us is accurate and up-to-date and we will continue to use the information to send you any communications we think are of use to you.