We are Proprium Est
1974 LLP t/a Proprium with registered number
OC336278 and address
149 Sloane Street London SW1X 9BZ.
Our Data Protection Lead can be contacted at
enquiries@proprium.co.uk. We have
produced this privacy notice in order to keep you informed of how we handle
your personal data. All handling of your personal data is done in compliance
with the UK Data Protection Act 2018 and the General Data Protection Regulation
(EU) 2016/679 ("Data Protection Legislation"). The terms "Personal Data",
"Special Categories of Personal Data", "Personal Data Breach", "Data Protection
Officer", "Data Controller", "Data Processor", "Data Subject" and "process" (in
the context of usage of Personal Data) shall have the meanings given to them in
the Data Protection Legislation. "Data Protection Lead" is the title given to
the member of staff leading our data protection compliance programme in lieu of
a requirement for a Data Protection Officer.
What are your rights?
When reading this notice, it might be helpful to
understand that your rights arising under Data Protection Legislation
include:
- The right to be informed of how your Personal Data is
used (through this notice);
- The right to access any personal data held about
you;
- The right to withdraw consent at any time, by emailing
enquiries@proprium.co.uk;
- The right to rectify any inaccurate or incomplete
personal data held about you;
- The right to erasure where it cannot be justified that
the information held satisfies any of the criteria outlined in this policy, or
where you have withdrawn consent;
- The right to prevent processing for direct marketing
purposes, scientific/historical research or in any such way that is likely to
cause substantial damage to you or another, including through profile building;
and
- The right to object to processing that results in
decisions being made about you by automated processes and prevent those
decisions being enacted.
You can exercise your right to access personal data
held about you by contacting
enquiries@proprium.co.uk with the
subject line: "Subject Access Request". When you submit a 'subject access
request', you will need to provide confirmation of your identity by including a
photocopy of your driver's license or passport. This service is provided free
of charge and our response will be made within thirty (30) days, unless our
Data Protection Lead deems your request as being excessive or unfounded. If
this is the case, we will inform you of our reasonable administration costs in
advance and/or any associated delays, giving you the opportunity to choose
whether you would like to pursue your request. If you believe we have made a
mistake in evaluating your request, please see the section 'Who can you
complain to?'.
If you have questions about any of the rights mentioned
in this section, please contact our Data Protection Lead at
enquiries@proprium.co.uk.
Who is the Data
Controller?
- If we have collected your personal data directly from
you for our own purposes, we are the Data Controller.
- If we have purchased your personal data from a
third-party for our own purposes, we are the Data Controller. Where we have
purchased your personal data, we will contact you to let you know before we
first start to use it, or, at the latest, within one month of acquiring
it.
- If we have been passed your personal data from a
third-party for our own purposes, we are the Data Controller. We will contact
you to let you know before we first start to use it, or, at the latest, within
one month of acquiring it.
- If we have been passed your personal data from a
third-party for a joint purpose that we both influence, we are the joint Data
Controller. We will contact you to let you know before we first start to use
your data, or, at the latest, within one month of acquiring it.
- If your data has been passed to us by a third party for
processing under their instruction, that third party is the Data Controller.
They should have notified you that they would be passing your personal data to
us, Proprium Est 1974 LLP t/a
Proprium, at the time they collected your data and within their own
privacy notices/standards. For a list of Data Controllers that we process
personal data for, the section below 'Third Party Interests'.
- If we have received your personal data as part of a
business to business relationship, the Data Controller is your
employer.
What are the lawful bases for processing
personal data?
Under Data Protection Legislation, there must be a
'lawful basis' for the use of personal data. The lawful bases are :
- a) 'your consent';
- b) 'performance of a contract';
- c) 'compliance with a legal obligation';
- d) 'protection of your, or anothers' vital
interests';
- e) 'public interest/official authority';
and
- f) 'our legitimate interests'.
What are our 'legitimate
interests'?
Legitimate interests are a flexible basis upon which
the law permits the processing of an individual's personal data. To determine
whether we have a legitimate interest in processing your data, we balance the
needs and benefits to us against the risks and benefits for you of us
processing your data. This balancing is performed as objectively as possible by
our Data Protection Lead. You are able to object to our processing and we shall
consider the extent to which this affects whether we have a legitimate
interest.
About our processing of your
data
Personal data, or personal information, means any
information about an individual from which that person can be identified. It
does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds
of personal data about you which we have grouped together follows:
Identity Data includes first name, maiden name, last
name, username or similar identifier, marital status, title, date of birth and
gender.
Contact Data includes billing address, delivery
address, email address and telephone numbers.
Financial Data includes bank account and payment card
details.
Transaction Data includes details about payments to and
from you and other details of products and services you have purchased from
us.
Usage Data includes information about how you use our
products and services.
Marketing and Communications Data includes your
preferences in receiving marketing from us and our third parties and your
communication preferences.
We also collect, use and share Aggregated Data such as
statistical or demographic data for any purpose. Aggregated Data may be derived
from your personal data but is not considered personal data in law as this data
does not directly or indirectly reveal your identity. However, if we combine or
connect Aggregated Data with your personal data so that it can directly or
indirectly identify you, we treat the combined data as personal data which will
be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal
Data about you (this includes details about your race or ethnicity, religious
or philosophical beliefs, sex life, sexual orientation, political opinions,
trade union membership, information about your health and genetic and biometric
data). Nor do we collect any information about criminal convictions and
offences.
Our website does not collect any personal information
and does not use cookies, trackers or analytics
Reference |
What categories of information about you
do we process? |
Why are we processing your
data? |
Where did we get your personal data
from? |
B2B Marketing |
- Identity Data
- Contact Data
|
Direct marketing to former, current and
prospective clients. This processing is conducted lawfully on the basis of 'our
legitimate interests'. |
Directly obtained or by referral from
existing clients/partners/suppliers. |
Fraud Prevention |
- Identity Data
- Transaction Data
|
To combat fraud, we share information
of clients who instruct the payment issuer to cancel payments to us without
first informing us of why and/or allowing us the opportunity to issue a refund
with credit reference agencies. This processing is conducted lawfully on the
basis of 'protection of your, or another's vital interests'. |
Directly obtained or indirectly
obtained through a client's website (notice given at the point of collection).
|
Phone Calls |
- Identity Data
- Contact Data
|
We might record calls for training
and/or auditing purposes. We also collect Calling Line Identification
information. This is used to help improve the efficiency and accountability of
our customer services. This processing is conducted lawfully on the basis of
'our legitimate interests'. |
Directly obtained. |
Email Contact |
- Identity Data
- Contact Data
|
If you contact us through our by email,
we will use the information you send in order to respond to your enquiry or
complaint. This information will be kept in order to improve our service to you
overall. This processing is conducted lawfully on the basis of 'our legitimate
interests'. |
Directly obtained (notice given at the
point of collection). |
Consumer Marketing |
- Identity Data
- Contact Data
- Transaction Data
- Marketing and Communications Data
|
If you make a purchase with us, we will
add your contact information to our marketing list and send you information we
think you might be interested in. This processing is conducted lawfully on the
basis of 'our legitimate interests'. |
Directly obtained. |
What happens if I refuse to give
Proprium Est 1974 LLP t/a Proprium my
personal data?
The information about you that we have collected for
the performance of our contracts is required in order for us to successfully
fulfil our obligations to you. If you choose not to provide the personal data
requested, we will not be able to enter into a contract with you to provide the
benefits we offer. If we are already processing your personal information under
a contract, you must end our contractual relationship (as/where permitted) in
order to exercise some of your rights.
We process some personal information as part of a
contractual relationship with a Data Controller. Any requests to restrict this
type of processing should be forwarded to the Data Controller; they will be
responsible for discussing your concerns and making any decisions.
What are
Proprium Est 1974 LLP t/a Proprium's
'legitimate interests'?
Legitimate interests are a flexible basis upon which
the law permits the processing of an individual's personal data. To determine
whether we have a legitimate interest in processing your data, we balance the
needs and benefits to us against the risks and benefits for you of us
processing your data. This balancing is performed as objectively as possible by
our Data Protection Lead. You are able to object to our processing and we shall
consider the extent to which this affects whether we have a legitimate
interest. If you would like to find out more about our legitimate interests,
please contact enquiries@proprium.co.uk.
What profiling or automated decision
making do we perform?
Proprium Est 1974
LLP t/a Proprium does not perform any profiling or automated decision
making based on your personal data.
How long will your personal data be
kept?
Proprium Est 1974
LLP t/a Proprium holds different categories of personal data for
different periods of time. Wherever possible, we will endeavour to minimise the
amount of personal data that we hold and the length of time for which it is
held.
- If 'consent' is the basis for our lawful processing of
your data, we will retain your data so long as both the purpose for which it
was collected, and your consent, are still valid. We review the status of your
consent every twelve (12) months and treat non-response to our requests for
renewal of consent as if they were your request to withdraw consent.
Occasionally, we might identify a legitimate interest in retaining some of your
personal data that has been obtained by consent. If we do, we will inform you
that we intend to retain it under these conditions and identify the interest
specifically.
- Identity, Contact and Transaction Data are held
indefinitely (subject to object by the individual, or individuals having left
our clients' business) in order to provide a superior service to returning
customers.
- If we process your data on the basis of 'legitimate
interests', we will retain your data for so long as the purpose for which it is
processed remains active. We review the status of our legitimate interests
every twelve (12) months and will update this notice whenever we determine that
either a legitimate interest no longer exists or that a new one has been
found.
- All categories of personal data that are held by us
because they are essential for the performance of a contract, will be held for
a period of six years, as determined by reference to the Limitations Act 1980,
for the purposes of exercising or defending legal claims.
Who else will receive your personal
data?
Proprium Est 1974
LLP t/a Proprium passes your data to the third parties listed in the
section 'Third Party Interests' below, for the purposes of providing our
services to you, and for no other purpose.
Does your data leave the EU or
UK?
Proprium Est 1974
LLP t/a Proprium uses overseas web and IT providers. Details of what
data is sent where, and the safeguards in place, are included in the section
'Third Party Processors' below.
Third Party Interests
Data Controllers
Name of Third Party Controller |
What processing are we performing for
them? |
If applicable - who is their representative within the
EU or UK? |
HMRC, regulatory authorities or other
authorities |
We are joint Controller with these authorities who
require reporting of processing in some situations |
N/A |
Postal/Courier Providers |
Where these providers act as Data Controller, we are
joint Controller with them for the purposes of sending you physical
documents. |
N/A |
Our Data Processors
Name of Third Party Processor |
Purposes for Carrying out
Processing |
Who can you complain to?
In addition to sending us your complaints directly to
enquiries@proprium.co.uk, you can
send complaints to our supervisory authority. As
Proprium Est 1974 LLP t/a Proprium
predominantly handles the personal data of UK nationals, our supervisory
authority is the Information Commissioner's Office. If you believe that we have
failed in our compliance with data protection legislation, complaints to this
authority can be made by visiting
ico.org.uk.