Privacy Notice V2.0 – 17-Mar-22
Table of Contents
What information do we collect about you?
Special category data.
How do we collect your information?
Why do we process your personal information?
Our legitimate interest.
Do we disclose your personal information?
How do we store your data and keep it secure?
Questions and Complaints.
White Horse CAD Ltd is committed to safeguarding your privacy.
This Privacy Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. We may update this Notice from time to time, the date at the top of the notice indicates the last update.
This policy sets out the basis on which we, White Horse CAD Ltd, will process any personal data we collect from you, or which you provide to us, in the course of using our site www.whitehorsecad.com, when you contact us, or when you use our services.
White Horse CAD Ltd is the data controller and we are responsible for your personal data (referred to as “we”, “us”, or “our” in this privacy notice).
There are many ways in which you can contact us, including by phone, email, and post. Our full contact details are:
Full name of legal entity: White Horse CAD Ltd
Data Protection Manager: Tim Bird
Email address: firstname.lastname@example.org
Postal Address: White Horse CAD Ltd, Heywood House, Heywood, Westbury, Wiltshire, BA13 4NA
We collect the following categories of information about you:
- Identity Data – including your first name, surname, gender, title;
- Contact Details – including your email address, telephone number, billing address, delivery address;
- Customer Data – including information about any good and/or services you have purchased from us;
- Marketing Data – including your preferences in receiving marketing from us and our third parties and your communication preferences;
- User Data – including information about how you use our website and any online services; and
There is not a statutory obligation for you to provide us with this information, however, if you do not provide us with certain information, you may not be able to use our services, for example, we will be unable to respond to any queries that you have if we do not have your contact information and we cannot provide a contractual service without billing information.
We do not collect any special category data from users of our website, clients, or customers.
We collect personal information (as set out in Section 1) in the following ways:
4.1. Directly, when you:
- provide your information when interacting with us by phone, email, or post;
- subscribe to our newsletter or to receive marketing communications; or
- fill out the contact form on our website;
- when you give permission to other organisations to share it;
- where the information is publicly available; and
We use your personal information for:
- the performance of a contract – when you enter into a contract for goods and/or services with us, or where you wish to register an interest in doing so, we will use your personal information to enter into and fulfil our contractual relationship with you;
- the purposes of our legitimate interest – to enable you to use the services we offer, to keep you updated on any services we feel may be of interest to you, to ensure that content from our site is presented in the most effective manner for you and your computer/device, to audit/administer our accounts, and to deal with enquires and complaints made by or about you regarding our business; and
- to comply with our legal obligations.
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).
The main purpose of White Horse CAD Ltd is to provide mechanical design and contract CAD services. We will process your personal data in respect of:
- Internal and external audit for financial or regulatory compliance purposes; and
- Statutory reporting.
- Contacting you Business to Business/Business to Consumer about services we feel may interest you; and
- Contacting you about relevant industry news stories, articles or blogs.
Purely administrative purposes
- Responding to enquires;
- Delivery of requested products, services or information;
- Communications designed to administer existing services including administration of financial transactions;
- Acknowledgement, thank you communications and receipts; and
- Maintaining a database of clients and enquirers.
Financial Management and Control
- Processing financial transactions and maintaining financial controls;
- Prevention of fraud misuse of services, or money laundering;
- Enforcement of legal claims; and
- Reporting criminal acts and compliance with law enforcement agencies.
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
We conduct business to consumer (B2C) marketing in accordance with the Privacy and Electronic Communications Regulations (PECR) 2003. If you are an individual, sole trader or partnership, we will collect your consent before sending direct electronic marketing. We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing emails, for targeted advertising and profiling, and if you ever share sensitive personal information with us.
Note: Under the Privacy and Electronic Communications Regulation (PECR), if you have engaged with us previously (i.e., purchased services, or expressed interest in purchasing services) then we may send you relevant marketing information unless you opted out of receiving it. All communication will contain an opt-out option. This regulation is not superseded by GDPR but works in tandem with it. For more information, please see What are PECR? | ICO
You will have the ability to object and opt-out of further marketing at any time by emailing email@example.com.
We may disclose your personal information to:
- Accountants – We share information with our accountants for tax purposes. For example, we share invoices we issue and receive with our accountants for the purpose of completing tax returns and our end of year accounts;
- Insurers – we will share your information with our insurers where it is necessary to do so, for example in relation to a claim or potential claim we receive or make or under our general disclosure obligations under our insurance contract with them;
- Third-party service providers – we share information for our legitimate business purposes. For example, we share email addresses and marketing preferences with our email marketing provider, and we use a cloud-based CRM solution to manage customer records; and
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions – where they require reporting of processing activities in certain circumstances.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Please note that if you click on, or follow, any links from our site to external websites, our privacy notice will no longer apply. Please check the privacy policies of any such external site before submitting any personal data, as we cannot accept any responsibility or liability in relation to them.
Otherwise, then as set out in this privacy notice, we will only ever share your data with your informed consent.
We do not routinely transfer your data outside of the EU. However, with your consent, we do use;
We use Google Analytics on our website, only with your consent.
Google uses the information, including IP addresses and information from cookies, for a number of purposes, such as improving its Google Analytics service. Information is shared with Google on an aggregated and anonymised basis.
To find out more about what information Google collects, how it uses this information and how to control the information sent to Google, please see the following page: How Google uses information from sites or apps that use our services – Privacy & Terms – Google
We use MailChimp; an email marketing provider that stores data in the USA. When you sign up to receive our Newsletter, MailChimp will store and manage your email address and marketing preferences. You can find out more about how MailChimp protect and process personal data on the following page: Intuit®: Privacy | Policy Overview • Privacy Protection • Data Safety • Transparency
Most of the information that we hold about you will be stored electronically and is stored in the European Economic Area (EEA). Data collected by Google Analytics and MailChimp may be transferred outside of the EEA for processing.
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure of, or access to your personal information. Examples of our security include:
- securely storing electronic information with appropriate encryption or security controls where required, both at rest and in transit;
- carrying out processing in accordance with our policies and risk assessments;
- regular testing of our technologies and ways of working including keeping up to date on the latest security updates; and
- controlling access to systems and networks so that only those people who need to and are allowed to see your personal information are able to access it.
We do not knowingly process any data of any person under the age of 16. If we come to discover or have reason to believe that you are under 16, and we hold any of your personal data, we will delete that data within one month.
Where we rely on your consent to use your personal information, you have the right to object and withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time.
You also have the following rights:
- the right to be informed – you have the right to be told how your personal information will be used. This statement and other policy statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used;
- the right of access – you can ask for any of the information we have about you. This is also called a ‘Subject Access Request’. Provided we are satisfied that you are entitled see the information requested and we have successfully confirmed your identity, we have one calendar month to comply;
- the right of erasure – also known as the right to be forgotten. Under certain circumstances you can ask us for your personal information to be deleted from our records;
- the right of rectification – if you believe our records of your personal information are inaccurate you have the right to ask for those records to be updated;
- the right to restrict processing – you have the right to ask for processing of your data to be restricted if there is disagreement about its accuracy or legitimate usage; and
- the right to data portability – where we are processing your personal information with your consent, because such processing is necessary for the performance of a contract (or enable us to take steps, at your request, prior to entering into a contract) AND that processing is taking place by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format; and
To exercise these rights, please contact us using the contact details below. Where we consider that the information provided does not enable us to identify the personal information in question, we may ask for personal identification and/or further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult ICO guidance – Individual rights | ICO – or please contact us using the details below.
Personal data is held for only as long as is required for the purpose we collected it or for our legitimate interest purposes. Unless otherwise required by law, your personal data will be stored for 7 years following the end of any commercial agreement or for 3 years after our last contact with you. However, if before that date:
- your personal information is no longer required in connection with such purpose(s);
- we are no longer lawfully entitled to process it; or
- you validly exercise your right of erasure;
then we will remove it from our records as soon as is practicable.
Should you ask us to stop sending your direct marketing or other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
If you have any questions, you can contact our Data Protection Manager, Tim Bird:
White Horse CAD Ltd
If you feel that after contacting us, that we are not acting appropriately with respect to our data privacy, you have the right to contact the governing body. In the UK this is the ICO, the Information Commissioner’s Office, their web pages for handling issues are at: https://ico.org.uk/make-a-complaint/
Or you can contact them by post, telephone or email:
Information Commissioner’s Office
Telephone: 0303 123 1113