Fishers Privacy Notice
We are committed to ensuring your privacy is protected and our collection and use of your personal information is governed by this privacy notice.
The notice explains:
- What to do if you want to opt out of receiving information from us
- Transfers of your information outwith EEA
- The legal basis for processing your personal information
- What our obligations are
- What constitutes personal information
- How we keep your information secure
- How we collect personal information
- Who we share your personal information with
- What to do in the event your personal information changes
- What your rights are in relation to your personal information
- What to do if you wish to withdraw your consent to processing
- Keep updated in terms of the content of this notice
- Who we are
- The type of personal information we process
- How long we retain your personal information
- What to do in the event you wish to exercise any of your rights
- How to make a complaint
Who are we?
Fishers is a leading laundry and textile and workwear rental business that services the hospitality and other sectors across Scotland and the North East of England.
Established in 1900 in Aberfeldy, Scotland, it has been progressively managed for more than 100 years by five generations of the Fisher family. Still proudly independent today, Fishers employs more than 800 people across seven sites in Scotland and the North East of England. The company has grown and prospered by sticking to our core family values: serving customers with hard work, honesty and value for money.
When collecting, storing or using your personal information, Fishers is, more often than not, what is defined as a “Data Controller”. This means that, by law, we are accountable for how we hold and process that information. We will treat your information as confidential, at all times, and will only share it with others in accordance with this privacy notice. On some occasions, if Fishers is processing information to provide services to a third party, Fishers will be the “Data Processor” and Fishers’ client will be the data controller. In this instance, Fishers will only use your information, strictly in accordance with the proper and reasonable instructions of the relevant data controller.
What is personal information?
Personal Information is any information that identifies you. This could be your name, address, email address, date of birth or even information about your needs or circumstances.
There is a “special” category of personal information, which may be described as particularly sensitive for instance, information about health; race, and sexual orientation. However, other than for employees, Fisher’s does not collect any sensitive data about you.
Our obligations
As a business, we must and we guarantee that we will comply with data protection legislation.
This means that your personal information must be:-
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
Relevant to the purposes we have told you about and limited only to those purposes;
Used lawfully, fairly and in a transparent way;
Accurate and kept up to date;
Kept only as long as necessary for the purposes we have told you about; and
Kept securely.
How we keep your personal information secure
The security of your information is very important to us and we have measures in place to prevent unauthorised access to it.
In order to protect your information, we have certain measures in place. These include the following:
· Depending on your circumstances (whether you are a client, or a supplier, for example), your data will be held on secure internal and external servers and cloud based systems
· We have a clear desk policy;
· Our staff are well trained in all aspects of data protection legislation;
· We use all appropriate encryption and password protection on our systems; and
· We operate a sophisticated, robust and very securely hosted CRM system. This system is cloud based with data centres located in the UK.
What personal information do we collect, store and use?
CLIENT INFORMATION: If you are a client, we will need to collect and use your personal information or the personal information of people at your organisation in order to allow us to provide you with our services compliantly.
In order to allow us to carry out our services, we will collect, use and store on our internal systems:
· Your full name and title;
· Your email address;
· Your telephone number;
· The full names, titles, and job titles of all members of your staff or contractors we may come into contact with in the provision of the services;
· The contact details for all members of your staff we may come into contact with in the provision of the services (e.g. email addresses or contact numbers);
· The full names, titles and job titles and contact details (e.g. email addresses or telephone numbers) of those senior members of staff, who are authorised to purchase products or services from us;
· The name(s) of the owner(s) of an establishment or the names of the senior directors if the owner is an organisation;
· The level and limit of authority of each such member of staff;
· Your bank details;
· Your unique log in details;
· Your unique password;
· Your invoice information;
· The purchasing habits of the establishment or your purchasing needs;
· Cross selling opportunities with you or the establishment; and
· Your marketing preferences; e.g. the marketing/industry information you wish to receive;
· Any other information, which might enhance your purchasing or client experience with us. This will be different for each client and if you require further information about this, please contact your account manager.
· Passport and utility bill if you are an individual; and
· Any other information to allow us to conduct a credit check in order that we may supply services and the results of that credit check.
SUPPLIER INFORMATION: We need a small amount of information from our Suppliers to ensure that things run smoothly. We also need contact details of relevant individuals at your organisation so that we can communicate with you.
If you provide services to us or are a supplier, we will collect, use and store the following information:
· Your name and title;
· Your home address;
· Your telephone numbers;
· Your email address;
· Name, job title and contact details of those within your organisation we might have contact with;
· Details of any relevant industry qualifications or accreditations you will require in order to fulfil your work with us;
· Details of your private bank account, if required; and
· Any reports or invoices you issue.
WEBSITE USERS: For those who use our website: we collect a limited amount of personal information.
If you would like to find out more information about what information we collect about you when you visit our website, please see our cookies policy
CANDIDATE INFORMATION: If you apply to work with us, in order to provide the best possible employment opportunities that are tailored to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you. Here is a list of the information we will store.
· Your name and title;
· Your home address;
· Your personal telephone numbers;
· Your personal email address;
· Your image, if you attend our premises;
· Details of your education and qualifications;
· Details of your emergency contacts;
· Information proving your right to work in the UK;
· Social Security Number;
· References; and
Any other information you share with us.
REFEREES and EMERGENCY CONTACTS
In order to provide Candidates with suitable employment opportunities safely and securely and to provide for every eventuality for them, we need some basic background information. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you have been listed as an emergency contact.
· Your name and title;
· Your personal telephone numbers; and
· Your personal email address
How do we collect the above information?
CLIENT INFORMATION: There are a few main ways in which we collect your personal information
1. Directly from you;
2. From third party referrals;
3. From cold calls and walk-ins;
4. From relevant business publications where your details have been listed;
5. From relevant business directories.
SUPPLIER INFORMATION: There are two main ways in which we collect your personal information
1. Directly from you; and
2. From third party referrals;
3. From relevant business directories.
WEBSITE USERS: We collect your information automatically via cookies when you visit our website, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please see our cookies policy.
CANDIDATE INFORMATION: There are three main ways in which we collect your personal information:
1. Directly from you;
2. From CCTV footage, if you attend our premises; and
3. From a third party (e.g. recruitment agency) following an application you may have made for an employment opportunity.
REFEREES AND EMERGENCY CONTACTS: We collect your personal contact details only from Candidates, who nominate you to be an emergency contact or a referee.
Legal Basis for the collection, use and storage of your personal Information
Save in very limited circumstances set out elsewhere in this notice, we will not share your personal information and we will only collect, use and store it where there are lawful reasons to do so. Most commonly, we will process your personal information in the following circumstances:
· Where there is a legitimate interest to do so
· Where it is necessary to implement the contractual arrangements between us
· Where we are legally required to do so; or
· Where you have given us express consent.
Legitimate Interest
In order to establish that our collection, storage or use of your personal information is in either our, your or both of our legitimate interests, we will have established the following:
· There is, in fact, a legitimate interest; whether it be commercial or individual;
· Our use of your information is necessary to achieve that legitimate interest; and
· Our use is balanced against your rights, interests and freedoms.
Contractual Arrangements
This is a lawful basis for collecting, using and storing your personal information if
· It is required to implement or fulfil a contract between us; or
· You have asked us to do something before entering into a contract (e.g. provide a quote)]
CLIENT INFORMATION: The main reason for using information about Clients is so that the relationship between us can run smoothly. After all, the more information we have, the more bespoke we can make our service.
Here are details on how we use your personal information
· To maintain files and records of transactions (legal basis);
· To send you marketing information you may like to know or to invite you to events (legitimate interests or consent) – you may opt out of receiving this information at any time
· To improve our knowledge of our specialist sector, which will include marketing analysis and research (legitimate interests);
· To allow us to operate the administrative and technical aspects of our business – this might include verifying the accuracy of information we hold about you and create a better understanding of you as customer (legitimate interests);
· To keep our CRM system up to date and relevant (legitimate interests);
· Business reporting and communication (legitimate interests);
· To provide the services you have requested (contract and legitimate interests);
· To promote our business, brands and products and measure the effectiveness of any campaign (legitimate interests); and
· Generally, to administer your account (contract and legitimate interests).
SUPPLIER INFORMATION: The main reasons for using your personal information are to ensure that the relationship between us can run smoothly.
Here are details on how we use your personal information
· To receive and enable you to provide the services we have requested from you (contract and legitimate interests);
· To administer your account and pay your invoices (contract and legitimate interests); and
· To maintain a Preferred Suppliers List (legitimate interests).]
WEBSITE USERS: We use your information to help us to improve your experience of using our website. If you are also a candidate or client, we may use information from your use of our websites to enhance other aspects of our communications with, or service to, you. We consider this to be in our legitimate interests as well as your own.
Please note that the website may contain links to third party websites and we are not responsible for the privacy practices or the content of such websites.
CANDIDATE INFORMATION: The main reason for using your personal information is to help you find employment with us. This information will be anonymised and, where appropriate, we will seek your consent to undertake some of these activities. By using CCTV, we maintain security of our premises. We consider all of this this to be in our legitimate interests as well as your own.
REFEREES AND EMERGENCY CONTACTS: We use referees’ personal information to help Candidates to find employment with us. If we are able to verify their details and qualifications, we can make sure that they are well matched with Fishers. We also use the personal details of a Candidate’s emergency contacts in the case of an accident or emergency affecting that Candidate. We consider this to be in our legitimate interests as well as those of the Candidate.
Who do you share my information with?
Personal Information as described in this privacy notice will never be sold or shared to any third party outwith our business, save in the following circumstances:
· If required by law, we will share your information with third parties;
· We will share client information with Credit First to allow them to perform credit checks;
· We will share your information when absolutely necessary for the conduct of our business (e.g. if we sell any part of our business or integrate it with another organisation, your information may be disclosed to our advisers and prospective purchaser or joint venture partners and their advisers; each will be bound by the same terms of this privacy notice); and
We may share your information with certain Third Party Service Providers. These include contractors and designated agents and other entities within our group. The following activities are carried out by Third Party Service Providers: IT Services, legal services, CRM system hosting, ERP systems.
All our Third Party Service Providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our Third Party Service Providers to use your personal information for their own purposes. We only permit them to process your personal information for specified purposes and in accordance with our instructions.
How long do we retain this information?
This will depend upon the services you have requested us to provide. Generally, we keep personal information in accordance with our internal retention schedule, which are determined in accordance with our statutory obligations and good practice.
Do you transfer my information outside of the EEA?
We do not transfer data outside of the EEA
Changes in personal information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us. If your personal information does change, please contact our Data Protection Officer and our records will be updated.
What are my rights?
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
· Request access to your personal information (commonly known as a “information subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
· Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
· Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
· Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
· Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you; for example if you want us to establish its accuracy or the reason for processing it.
· Request the transfer of your personal information. This enables you to move, copy or transfer your personal information to another party.
For the avoidance of doubt, we do not utilise or carry out automated decisions, which might have a legal effect on you or which might affect you significantly.
Who do I contact to exercise my rights or request a transfer of information?
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer an electronic copy of your personal information to another party, please contact our Data Protection Officer whose details are below.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access requires extreme or unique measures. Alternatively, we may refuse to comply with the request in exceptional circumstances.
What if I wish to withdraw my consent?
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact our Data Protection Officer whose details are at the end of this notice. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
How do I opt out of marketing?
If you have subscribed to receive information or updates with Fishers, and thereby given your consent, you will be contacted with relevant information that you have expressed an interest in or that might be of interest to you. Alternatively, we may have deemed it to be in both our legitimate interests to contact you. With Fishers, you are always in control of your personal information, if at any time you wish us to stop contacting you, you are always able to unsubscribe – mail our Data Protection Officer to revoke your subscription.]
Changes to or queries about the Privacy Notice
This notice maybe subject to change and material changes were made most recently on 18th May 2018. Your continued use of our Website indicates your consent to any changes we make to this Notice but please continue to visit this page to view any updates.
If you have any queries regarding this notice, please contact Data Protection Officer whose details are at the end of this notice.
How do I make a complaint?
You have the right to make a complaint about anything regarding the processing, storage, retention of your information. We would hope to resolve any complaint internally and if you would like to lodge a complaint with us, in the first instance, please contact Data Protection Officer whose details are at the end of this notice.
However, you also have the right to lodge a complaint at any time to the Information Commissioner (ICO) in respect of our processing of your personal information. Further information can be found at www.ico.org.uk.
Fishers Services Data Protection Officer can be contacted on dpo@fisherservices.co.uk