Privacy Notice
Introduction
Baxendale respects your privacy and is committed to protecting your Personal Data and to complying with the Data Protection Act 2018. This privacy notice tells you about,
- who we are, and how to get in contact with us,
- the data we collect about you when you use this website, or any of our services,
- how we look after your Personal Data, including when you sign up to our mailing lists, and
- your privacy rights and how the law protects you.
Important information about us and contact details
Baxendale is the trading name of Baxi Partnership Limited, which is registered as a company in England, with company number 00367875.
We have appointed Ceri Jones as our Data Protection Officer. She is responsible for this notice and can deal with any questions you may have about it, or about your Personal Data. Please contact ceri.jones@baxendale.co.uk, or by post to Baxendale, 86-90 Paul Street, London, EC2A 4NE.
The data we collect about you
Some of the data we collect is known as Personal Data. This is because you can be identified from it. There are three types of Personal Data that we will collect from you from time to time.
The first is Identity Data. This is about who you are, and includes your name(s), title, gender and you date of birth.
The second is Contact Data. This is about how you can be contacted, and includes addresses, email addresses and telephone numbers.
The third is Marketing Data. This is about your preferences, including what you want us to contact you about and how.
Sometimes we will use your Personal Data to put together statistics and research. For example, we might want to work out how many users are accessing a particular website feature. We will not do this in a way that can identify you.
Special Data
There are certain types of Personal Data called Special Category Data which is particularly sensitive because it can be used to identify details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health .
We do not collect any Special Category Data about you. Nor do we collect any information about criminal convictions and offences.
Occasionally we will be given Special Category Data by organisations who we are working with as clients to deliver products and services. We will not be actively processing this data and will only keep it for as long as is necessary.
Changes to your personal information
We want to make sure that any personal information that we hold about you is accurate and current. Please let us know if your details change.
How is your Personal Data collected?
We use different methods to collect data about you.
You might give it to us directly. For example, when you:
- meet us,
- fill in forms, or when you correspond with us by post, phone, email or in some other format,
- contact us about our products or services,
- contract with us in relation to our products and services,
- subscribe to our service or publications,
- request marketing to be sent to you,
- enter a competition, promotion or survey, or
- give us some feedback.
We may use Third parties or publicly available sources. We may collect Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
We may be given your Personal Data to process by organisations that we work with as clients, in order to deliver our products and services. We make our clients aware if they have inadvertently shared data to which we should not have access.
Cookies
We use cookies on our website. Our cookie policy explains the cookies we use and why.
This website collects and uses personal information for the following reasons:
Site visit tracking
Like most websites, this site uses Google Analytics to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although Google Analytics records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Google Analytics also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third party data processor.
Google Analytics makes use of cookies, details of which can be found on Google’s developer guides.
How we use your Personal Data
Baxendale takes your privacy very seriously and will never disclose or share without your consent unless required to do so by law. Usually it will be in the following circumstances:
- Where you have given us your express consent.
- Where we need to perform a contract we are about to enter into or have entered into with you.
- Where the contract is not with you, but using the data is reasonable and necessary for us to run our business for our legitimate interests. This includes using your data as part of carrying out our usual business activities, but only if it has been provided for that purpose, and your interests and fundamental rights are not compromised.
- Where we need to comply with a legal or regulatory obligation. For example, where a Court or Government agency is allowed to request the data.
Consent
We will ask for your consent before sending you marketing communications that you would not reasonably expect to receive. If you contact us via our enquiries form on the website, please let us know if you consent to us contacting you for marketing purposes by ticking the ‘opt in’ box in our Contact Us page. You have the right to withdraw consent to marketing at any time by emailing hello@baxendale.co.uk with “unsubscribe”.
We have put together a table below which describes some of these uses, and the legal reasons we rely on. Some of these will overlap.
Purpose |
Type of Personal Data being used |
Lawful reason we use |
To deliver relevant marketing and website content to you and measure or understand the effectiveness of such content |
Marketing |
Legitimate Interests on the soft opt-in basis on what you would reasonably expect as an existing client or via the “opt-in” tick box on the Contact Us form (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) |
To contact you using electronic means where you are part of an existing client relationship about similar services and items of interest |
Identity Contact
|
Legitimate Interest (to develop our business and services, particularly where we regard these as genuinely useful to you) |
To register new client contact details |
Identity Contact |
Legitimate Interest (where we are delivering products and services and you are connected to one of our clients) |
To process and deliver services to clients
|
Identity Contact Marketing |
Performance of a contract with you Necessary for our legitimate interests (where you are not a party to the contract) |
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey |
Identity Contact Marketing |
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services) |
To enable you to complete a survey |
Identity Contact Marketing |
Performance of a contract with you Necessary for our legitimate interests (to study how clients use our products/services, to develop them and grow our business) |
To make suggestions and recommendations to you about goods or services that may be of interest to you where you are part of an existing client relationship |
Identity Contact
|
Necessary for our legitimate interests (to develop our products/services and grow our business) |
Change of purpose
We will only use your Personal Data for the reason it was collected, unless we reasonably consider that we need it for another reason which is almost the same, or compatible with the original reason.
We will ask for your consent if we need it for a completely new reason, unless we need to use it to comply with a legal obligation.
Marketing from us
If you are part of an existing client relationship, we may use your Identity or Contact Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or purchased goods or services from us or if you provided us with your details when you entered a competition or registered for a promotion and, in each case, you have not opted out of receiving that marketing.
Third-party marketing
We do not share your Personal Data with anyone outside of the Baxendale Group for marketing purposes. If we want to do this, we will ask you for your express consent.
Opting out
You can ask us to stop sending you marketing messages at any time by emailing ‘unsubscribe’ to hello@baxendale.co.uk.
Where you opt out of receiving these marketing messages, this will not stop us using the Personal Data for other lawful reasons, or for contacting you as part of delivering our business services, where we have a legitimate reason or doing so, for example, when we are delivering a contract.
Sharing your Personal Data
We do not share your Personal Data with anyone for marketing purposes, but we will need to share it within the Baxendale Group and with certain organisations in order for us to carry run our usual business activities, especially the processes we set out in the table above. These organisations provide us with business support such as email software and data storage.
Organisation |
Location |
Reason for sharing |
Microsoft Corporation |
United States |
Necessary as part of our communication systems and for storing data |
Dropbox Inc |
United States Germany |
Necessary for storing data |
Mailchimp/ The Rocket Science Group |
United States |
Necessary as part of our communication systems and for storing data |
CMAP |
Netherlands Ireland |
Necessary as part of our client and project management processes |
HubSpot |
Germany/United States |
Necessary as part of our communications systems, for marketing purposes and storing data. |
We may also share your Personal Data with certain third parties if we are about to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your Personal Data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
International transfers
Many of the third parties who we use for the processing of your Personal Data are based outside the European Economic Area (EEA) so their processing of your Personal Data will involve a transfer of data outside the EEA.
Whenever we transfer your Personal Data out of the EEA, we make sure that it is protected in at lease one of three ways:
- The Personal Data is transferred to a country approved by the European Commission as providing sufficient protection,
- The Personal Data is transferred under contractual terms approved by the European Commission, or
- Where Personal Data is transferred to the United States, the recipient must be certified as part of the UK-US privacy shield approved by the European Commission.
Data security
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. As part of our commitment security, we are certified as part of the Government’s Cyber Essentials Scheme.
We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
How long will you use my Personal Data for?
We will only keep your Personal Data for as long as necessary to fulfil the purposes we collected it for.
We will consider the type of Personal Data before working out how long we should keep it for. Wherever possible we will anonymise it so that you cannot be identified.
In some cases, you will be able to ask us what Personal Data we hold about you and request that it be deleted. See your right to request erasure below.
Your legal rights
You have a number of important legal rights. Sometimes these rights will limited by our right to legitimately run our business, or because there is legal reason preventing us from letting you exercise your rights fully.
You are entitled to do the following:
Request access to your Personal Data (known as a "data subject access request"). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to keep using it, or we have not been using it lawfully.
Object to processing of your Personal Data. This enables you to object to us using your data as part of reasonably running our business (a legitimate interest) because you feel that that your fundamental rights or freedoms have been compromised.
Request a restriction on processing of your Personal Data. This enables you to ask us to stop using your data, without necessarily deleting it, or to just to put its use on hold while we establish why we need it.
Request the transfer of your automated Personal Data to you or to a third party. If you consented to providing data by an automatic process, for example where it has been collected by some sophisticated software, then you can ask for it to be provided to you or to a third party.
Withdraw consent at any time where you have given us this consent in the first place to use the data for a specific reason. This may mean we will not be able to provide certain products or services to you.
How to exercise your rights
If you wish to exercise any of your rights or if you have any concerns about our use of your personal data, please contact our DPO Ceri Jones by email at ceri.jones@baxendale.co.uk, or by post to Baxendale, 86-90 Paul Street, London, EC2A 4NE
No fee usually required
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. In these cases, we may be justified in refusing to comply with your request.
What we may need from you
We may need some information from you to help us confirm your identity and ensure to ensure you do have a valid right. This is a security measure to ensure that your data is not disclosed to anyone else who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within a month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Information Commissioner
If you have any concerns about our use of your Personal Data, as well as contacting our Data Privacy Manager, you can also contact the Information Commissioner at https://ico.org.uk/global/contact-us/.