Privacy Policy

Regency Service and Solutions Privacy Policy

Last Update May 2018

Information on who we are

Regency Service and Solutions LTD is committed to protecting the privacy and security of your personal data.

We are a privately owned company and are responsible for any personal data collected when anyone avails of services from and purchasing the products of Regency Service and Solutions (including online).

Our “Regency Coffee” website is one of our channels of communication providing information on our programmes and services.

We are the data controller and also one of the processors of your information, this means that we are responsible for deciding how we hold and use personal data about you.

This Data Privacy Policy describes how we collect and use personal data about you in accordance with Data Protection Law ( GDPR).

We highly regard your personal details and do not share them with any 3^rd party that isn’t part of our trading process however, as of 25 May 2018 existing data protection law will be amended and it is important for us that you will continue to trust us with your data.

It is important that you read this Data Protection Policy so that you are aware of how and why we are using your information.

Data Protection point of contact

If you have any questions about this Data Protection Policy or how we handle your personal information, please contact us at sales@regencyserviceandsolutions.co.uk and submit a request so we can contact you with the relevant information.

The kind of information we keep and process about you

Personal data means any information about an individual from which that person can be identified. It does not include anonymous data i.e. data from which you cannot be identified.

There are special categories of more sensitive personal data which requires a higher level of protection.

When you avail of our services or purchase products from Regency Service and Solutions, we may collect, store, and use the following categories of personal data about you:

Identity Data – details such as first name, maiden name, last name, username or similar identifier, title and date of birth. Marital status and gender would be kept if we are required to do so by financial or other legal authority.
Contact Data – name, title, addresses, telephone numbers, and business and personal email addresses.
Profile Data – your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
Financial Data – where you make payments to Regency Service and Solutions, we will collect the IBAN, BIC and the name of your bank/building society or your credit card details where relevant ( Card details are not stored but are processed through sage pay or other chosen secure card payment collection methods).
Transaction Data – details about payments to and from you and other details of products and services you have purchased from us.
Marketing and Communications Data – data on your preferences in receiving marketing from us and our third parties and your communication preferences.
Interaction and Usage Data – when you interact with us we will record details of those interactions (for example, phone calls, e-mail correspondence and hard copy correspondence as well as information on how you use our website, products and services). If you make a complaint we will process details concerning that complaint.
Mandatory Data – data that is mandatory for us to collect to comply with certain legal and regulatory obligations that apply to our business such as our health and safety obligations, financial authorities and INLAND REVENUE.
Sensitive Data –in rare occasions we may store ,on your request only, information about your health, including any medical condition, where you disclose those details to us so that we can accommodate any special needs you may have when you avail of our services including to comply with our obligations under the equality legislation.
Technical Data – such data would include internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website or any other communication platforms.
CCTV Data – personal data on CCTV footage recorded for security and health and safety purposes – we do not currently collect but may do so in the future.

How is your personal information collected?

We collect personal data through our interactions with you, when you avail of our services or purchase our products and when you complete our administrative forms in hard copy or on-line for our services and products.

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity, Contact, Financial, Interaction and Usage Data by filling in forms, using our website or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

Apply for our products or services;
Create an account on our website;
Request marketing /information/pricing to be sent to you;
Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside or outside the EU.
subscribe to our service or publications;
Give us feedback.
enter a competition, promotion or survey; or
Identity and Contact Data from data brokers or aggregators based inside or outside the EU.
Identity and Contact Data from publicly availably sources such as the Companies Registration Office.

Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We may collect this personal data by using cookies, server logs and other similar technologies.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
1. Technical Data from the following parties:
  1. analytics providers such as Google based inside or outside the EU;
  2. advertising networks based inside or outside the EU; and
  3. search information providers based inside or outside the EU.

If you fail to provide personal information

If you fail to provide certain data when requested, we may not be able to enter into or perform our contract with you or provide you with our services.

Where we require your personal data to enter into a contract and to provide you with our services, we will make this clear.

How we use your personal information

We will only use your personal data according to the law and where the law allows us to.

We need to process your personal data primarily to allow us to perform our contract with you and to enable us to comply with our legal obligations. In some cases we may use your personal data to pursue legitimate interests of our own or those of third parties such as couriers, financial credit checks, public authorities, provided your interests and fundamental rights do not override those interests.

We may also use your personal information where we need to protect your interests (or someone else's interests) or where it is needed in the public interest.

The list below represents the main (but not all) data collection and Possible Lawful basis for processing including basis of legitimate interest

Action	Possible Lawful basis for processing including basis of legitimate interest
Register you as a new customer - Performance of a contract with you.	Performance of a contract with you
Process and deliver your order including: Manage payments, fees and charges Collect and recover money owed to us	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us)
Manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey	Performance of a contract with you Needed to comply with a legal obligation. Required to keep our records updated and to study how customers use our products/services as our legitimate interest.
Protect and administer our business and website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Needed for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise as our legitimate interest. Necessary to comply with a legal obligation
Deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	To study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
Market and Make suggestions and recommendations to you about goods or services that may be of interest to you	Used to develop our products/services to you and grow our business as our legitimate interest Where you have not expressed you wish to opt out of such communication.
Use of data analytics to improve our website, products/services, marketing, customer relationships and experiences	Needed to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to update our marketing strategies as our legitimate interest.
Enable you to participate in a prize draw, competition or complete a survey	Performance of a contract with you Needed to study how customers use our products/services, to develop them and grow our business as our legitimate interest.

Change of purpose

If we need to use your personal data for any different reason, we will contact you to notify you and we will explain the legal basis which allows us to do so unless this is otherwise required or permitted by law (in which your personal data may be processed by us without your knowledge or consent).

Automated decision-making

Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.

Particularly sensitive personal information and How we use it

Special categories of particularly sensitive personal data require higher levels of protection.

We may process special categories of personal data in rare occasions where we need to carry out our legal obligations or where it is in the public interest

Less commonly, we may process this type of data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.

We will use information about your physical or mental health, or disability status, to ensure your health and safety when you are availing of our services and to ensure that we comply with the equality legislation.

Marketing

We may contact you by mail, email and telephone and social media about our products and services and other events which might be of interest to you.

You may receive marketing communications from us if:

If you have never made a purchase from us or requested any of our services, you have requested to receive or consented to the receipt of information from us; or
purchased goods or services from us (and our marketing communications will only be in relation to similar goods or services); or
it is in our legitimate interest,

And in each case, you have not opted out of receiving the marketing communications.

You will only receive electronic marketing communications under (b) above where such products or services were purchased by you prior to the receipt of the communication.

You have the right to ask us to stop processing your personal data for direct marketing purposes. If you wish to exercise this right, please send us a written request by Emil/ mail or any other written request.

Data sharing

We will share your personal data with third parties where required by law, where it is necessary to perform our contract with you or where we have another legitimate interest in doing so.

We will share your data with trusted third-party service providers. We may also share your personal data with other third parties, for example, in the context of a transfer of our statutory functions or with a regulator or to otherwise comply with the law.

We require third parties to respect the security of your data and to treat it in accordance with the law.

All our third-party service providers are required to take appropriate security measures to protect your personal data. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have also put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Adequate, Relevant and Limited Data Processing

The Company will only collect and process personal data for and to the extent necessary for the specific purpose(s) informed to data subjects as described above.

Accuracy of Data and Keeping Data Up To Date

Regency Service and Solutions LTD shall ensure that all personal data collected and processed is kept accurate and up-to-date. The accuracy of data shall be checked when it is collected and at 18 months intervals thereafter if you have not informed us on any changes. Where any inaccurate or out-of-date data is found, all reasonable steps will be taken without delay to amend or erase that data, as appropriate.

Timely Processing

Regency Service and Solutions LTD shall not keep personal data for any longer than is necessary in light of the purposes for which that data was originally collected and processed. When the data is no longer required, all reasonable steps will be taken to erase it without delay.

Secure Processing

Regency Service and Solutions LTD shall ensure that all personal data collected and processed is kept secure and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage. We shall periodically perform an assessment of the risks posed to individual data subjects where necessary The company would put measures in place to minimise and handle risks including safeguards, data security, and other measures and mechanisms to ensure the protection of personal data, sufficient to demonstrate compliance with the Regulation

Transferring information outside the EU

We may transfer the personal data we collect about you outside the European Economic Area (EEA) where a trusted service provider is based outside of the EEA. We will always take steps to ensure that any transfer of your information outside of the EEA is carefully managed to protect your privacy rights.

Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements for example – all invoices would be kept for 7 years as required by the authorities. In some circumstances we may “anonymise” your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Rights of access, correction, erasure, and restriction

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.

Your rights in connection with personal information: under certain circumstances, by law you have the right to:

Request access to your personal information.
Request correction of the personal information that we hold about you.
Request erasure of your personal information.
Object to processing of your personal information.
Request the restriction of processing of your personal information.
Request the transfer of your personal information to another party.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact us in writing to our registered address or by Email. We will assess the validity of your request and will contact you with the outcome, this would be done to prevent fraud and assure we keep to all of our legal requirements. You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive where the law allows. Alternatively, we may refuse to comply with the request in some circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Right to withdraw consent

You may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose; you have the right to withdraw your consent for that specific processing at any time. Please contact us in writing to our registered address or by Email. We will assess the validity of your request and will contact you with the outcome, this would be done to prevent fraud and assure we keep to all of our legal requirements. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Complaints and further information

You have the right to make a complaint at any time to the ICO. For more information please visit: www.ico.org.uk

Changes to this Data Protection Policy

We reserve the right to update this Data Protection Policy at any time. We may also notify you in other ways from time to time about the processing of your personal information.

If you have any questions about this Data Protection Policy, please contact us sales@regencyserviceandsolutions.co.uk