For the purpose of this Privacy Notice “Henry’s” refers to Henry’s Pine Furniture & Interiors.
Henry's (“we”, “us”, “our”) are committed to protecting your privacy and complying with data protection legislation. This notice sets out how we collect, use and disclose any personal data that you provide to us to enable us to provide you with our services.
Your personal information is an important part of our service. It lets us provide our products and services to you including managing your account with us and any other financial information. If you are happy for us to, it also lets us get in touch whenever we have offers or information that we think might be of interest to you and enables us to notify you about changes in legislations as well as changes to your service.
Who we are – Data Controller
Henry’s has control over the processing of the data we hold about you and carries the data protection responsibility for it. In legal terms this is referred to as being the ‘data controller’
An overview of how we collect and use your information
This is an overview of:
- The types of information we collect about you
- How we collect and use it
- Who we might share it with
- The steps we’ll take to make sure it stays private and secure
- Your rights to your information
What type of personal data do we collect?
We may collect the following information:
- Personal details in order to set you up as a client and adhere to money laundering regulations inc: your full name, date of birth, contact details inc address, email address and phone number
- Other information relevant to the types of client services we provide (eg tax, audit, accountancy, HR, IT).
- Company information such as your company name, address and/or post code, number and details of employees, shareholders, website address
- Financial Data, includes bank account and payment card details
- Special categories of personal data such as information about your health or criminal convictions and offences
- Your IP address and which pages you may have visited on our website
- Your images on CCTV
How do we collect your information?
We collect information about you from different places including:
- Directly from you by
- signing up to our services
- submitting an enquiry to us
- use of our car park and premises through CCTV systems
- From a third party acting on your behalf e.g. an intermediary or broker
- From publicly available sources
- When we generate it ourselves
How we’ll use your information
We’ll use it to fulfil our contractual obligations and to provide any of the products or services you’ve requested as well as other purposes for e.g.
- To confirm your identity and address (for anti-money laundering purposes)
- To understand how and which services to offer you
- To carry out your instructions
- To improve our products and services
- To offer you other services we believe may benefit you unless you ask us not to
- To ensure we meet our regulatory requirements
- To manage our financial transactions and prevent fraud
- To ensure the safety and security of colleagues and visitors on our premises
We’ll only use your information where we’re allowed to by law e.g. carrying out an agreement we have with you, fulfilling a legal obligation, because we have a legitimate business interest or where you agree to it.
We may use automated systems to help us carry out fraud and anti-money laundering checks.
Who we may share your information with
We will not sell, distribute or disclose your personal data to third parties unless we have your permission to do so. We may however share your personal data:
- with our employees, agents and/or professional advisors
- with other third party contractors who provide services to us, for example banks or contractors
We will only disclose information about you to third parties if we are legally obliged to do so, or at your request and with your prior consent.
How long we’ll keep your information
Whilst you are a client at Henry’s we’ll keep your information for as long as we deem necessary. After ceasing to be a client we’ll keep it where we may need it for our legal and legitimate purposes e.g. to help us respond to queries or complaints, or for other reasons e.g. fighting fraud and financial crime and responding to requests from professional bodies and regulators.
If you no longer wish to receive any information from us you must inform us in writing or, by email and unsubscribing via the link on the latest email you have received from us.
The security of your personal data is very important to us. We will ensure that we have in place appropriate technical and organisational measures to prevent unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data.
All of the personal data we process is processed within the UK, however for the purposes of IT hosting and maintenance this information is located on servers within the European Union. No 3rd parties have access to your personal data unless the law allows them to do so.
In some cases we may transfer your personal data to countries outside the European Economic Area. Where we do so we will ensure that such transfers are compliant with data protection legislation and that appropriate measures are put in place to keep your personal data secure.
We will notify you if a data security breach occurs which may affect you if the breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.
You have a number of rights relating to your information e.g. to see what we hold, to ask us to share it with another party, ask us to update incorrect or incomplete details, to object to or restrict processing of it, to make a complaint etc.
You can request a copy of the information that we hold about you at any time by contacting our GDPR task team at firstname.lastname@example.org. We will not normally charge for this and will in most cases aim to provide this within one month.
Please let us know if the personal data that we hold about you needs to be updated or amended, and we will commit to doing this promptly.
You may also request that we erase your personal data where (a) we were not entitled under the law to process it, or (b) it is no longer necessary to process it for the purpose it was collected, or (c) it was processed in breach of the GDPR. To request erasure of any data you should contact our GDPR task team. If you request that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do so you can contact our GDPR task team.
You have the right to receive personal data we hold about you in a structured, commonly used, machine readable format.