Privacy Notice

This Privacy Notice explains what information is collected about you, why it is needed, how it is used, how it is stored, how long it is kept and what measures are in place to keep personal information secure.

Morris, Corfield & Co. Ltd (referred to as Morris Corfield, ‘us’ or ‘we’) is aware of its obligations under the General Data Protection Regulation (GDPR) and UK data protection legislation and is committed to processing your personal data securely and transparently, in manual and electronic form.

Definitions

Personal information means any information relating to an identified or identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity. Personal information can be in manual and electronic form.

Processing Personal Information means any operation which is performed on personal data, whether manually or via electronic means, such as collecting, processing, recording, organising, storing, altering, consulting, using, deleting or destroying.

Data Controller refers to Morris Corfield’s role in determining the processes to be used when using your personal data.

Data Processors refers to the roles given to specific employees and specific organisations to process personal data as directed by Morris Corfield.

Data Protection Principles

Morris Corfield believes its collection, use and storage of personal data is consistent with its legal, contractual and business requirements, as well as meeting GDPR’s six data protection principles:

• Personal data must be processed lawfully, fairly and in a transparent manner in relation to an individual
• Personal data can only be collected for specified, explicit and legitimate purposes
• Personal data must be adequate, relevant and limited to what is necessary for processing
• Personal data must be accurate and, where necessary, kept up-to-date
• Personal data must be kept in a form such that the data subject can be identified only as long as is necessary for processing
• Personal data must be processed in a manner that ensures its appropriate security

In addition, personal data will be processed in recognition of an individual’s data protection rights ie their right to be informed, right of access, right for inaccuracies to be corrected, right to have information deleted, right to restrict the processing of data, right to portability, right to object to inclusion of any information and right to regulate any automated decision-making and profiling of personal data.

Responsibilities

Morris Corfield ensures:

• Personal information will be processed fairly and in accordance with applicable laws.
• Sub-contractors will be informed directly, via this Privacy Notice, about how it will use personal information.
• Personal information will only be collected and processed when it is required for a contractual reason, legitimate purpose or legal reason.
• Personal information will be relevant, adequate and not excessive for the purpose for which it is processed.
• Personal information will not be kept for longer than it is required.
• Personal information will be kept secure and access will be limited to only those that need it.
• Specific data protection responsibilities will be clearly explained to data processors and appropriate information and training will be given when required
• Sub-contractors will be told how they can access personal information and exercise their rights in relation to it

Types of Data Held

If you deal with Morris Corfield in the capacity of an officer, representative, employee or director of one of our clients or suppliers, we typically process the following types of personal data about you:

• Your name, work email address and other work contact details
• Your role, position and/or job title within your employment
• Your area of employment
• In some circumstances, identification documentation, such as a photocopy of your passport, driving licence, ID card or other documentation required by local law. Copies of these documents may include a photograph of your face and shoulders
• Transaction information, such as your VAT number and details of the goods and services transacted
• Payment details, such as those on any cheque or credit card which you present to us
• Details of your explicit consent or otherwise for types of marketing
• Details of your visits to our websites including, but not limited to, location data and other communication data, and the resources (e.g. pages) that you access
• Details of any mobile devices you use to access our websites and applications including, but not limited to, the type of device and operating system
• If you visit our sites then your image may appear on our CCTV systems

If you deal with Morris Corfield in your capacity as an employee, contractor, temporary worker or other personnel, we typically process the following types of personal data about you:

• Personal details, such as name, address, date of birth, marital status, gender, emergency contact details, country of residence, national insurance number, pay rate, bank details.
• Professional details, such as email address, postal address, telephone number, your CV, qualifications, relevant experience and skills.
• Identification documentation, such as a photocopy of your passport, driving licence, ID card or other documentation required by local law. Copies of these documents may include a photograph of your face and shoulders.
• HR related records, such as training, performance assessments, absence and time-keeping records, disciplinary, grievance or capability proceedings, and background checks.
• Details of your access to our premises and to systems, software, websites, and applications including access and location data and communications data.

These types of personal data may include sensitive personal data.

We may also store emails, application and internet logs in connection with your dealings with us. See section below ‘When we record communications with you’.

Morris Corfield makes every effort to maintain the accuracy and completeness of your personal data which it stores and to ensure all of your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you (see section below ‘Your rights in relation to the personal information data we collect’). Morris Corfield shall not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data or sensitive personal data that you provide to us.

Reasons for Processing Personal Information

Morris Corfield and/or persons acting on our behalf may process your personal data for any of the following purposes, depending on the capacity in which you deal with Morris Corfield:

• to ensure the content on our websites and applications is presented in the most effective manner for you
• for general HR administration, including payroll and benefits, training and development, performance management, sickness and absence management, grievance and disciplinary procedures, equal opportunities monitoring, business continuity planning
• for internal finance management, including personnel expense reimbursement, travel and time-keeping
• for monitoring and assessing compliance with Morris Corfield’s policies and standards
• for promotional and marketing materials and activities, including photos and videos
• to carry out money laundering, financial and credit checks and for fraud and crime prevention and detection purposes
• to provide you with requested products or services
• to identify persons authorised to trade on behalf of our clients
• for administrative purposes in relation to the security and access of our systems, premises, platforms and secured websites and applications;
• to contact you about the services and products we offer
• to consider your suitability for any of our current or future employment opportunities and to confirm your references and educational background
• to comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory, enforcement or exchange bodies
• to comply with court orders and exercise and/or defend our legal rights
• for any other legitimate business purpose and as otherwise permitted by any applicable law or regulation

When We Record Communications with You

Morris Corfield and persons acting on our behalf may record and/or monitor communications (including emails, texts, instant messaging, fax and other electronic communications) between our employees, agents, consultants, contractors or other personnel and non-Morris Corfield personnel/ individuals (such as employees of our clients). Morris Corfield only does this to the extent permitted by applicable law for legitimate business purposes or other purposes permitted by law. Morris Corfield collects this type of personal data for several reasons including but not limited to:

• recording facts;
• complying with applicable law and regulation;
• complying with internal procedures and policies;
• facilitating administration and support;
• assisting with security, crime prevention and fraud purposes; and
• investigating or detecting unauthorised use, wrongful use or abuse of our services, systems or other materials.

The personal data you provide will be held securely in both manual and electronic form. Your personal data will be shared with employees within Morris Corfield where it is necessary for them to carry out their data processing duties. We will not share any of the information you provide with any third parties for marketing purposes.

How We Use Cookies and other Similar Technology on our Websites

We may collect information about your computer or mobile device, as applicable, including where available your IP address, device type, operating system and browser type, for system administration purposes. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may also collect information about your general internet and application usage, and about your access to and use of any Morris Corfield services made available to you/ your employer. This may be done through the use of cookies or any other similar technology, including technology that tracks and monitors your activities on some of our sites and systems.

When We May Disclose Your Personal Data

Morris Corfield does not and will not sell, rent or trade your personal data. We will only disclose your personal data in the ways set out in this Privacy Policy and in the following circumstances:

• To third parties who process your personal data on our behalf (such as our IT systems providers, or employee payroll provider).
• To third parties who process your personal data on their own behalf but through providing us or you with a service on behalf of us, such as:
  • our training providers, e.g. CLAAS
  • our parts and machinery suppliers, e.g. CLAAS, Lemken or Schaffer
  • our delivery providers, e.g. Royal Mail or TNT
  • insurance or finance provider, e.g. your chosen insurer or financier such as Claas Finance
  • providers of services packaged with our product, e.g. SOYL or DATATAG
• To third parties in the course of offering or providing services or products to you, for example settlement agents, clearing houses (e.g. HSBC) or software providers.
• To other financial institutions or regulatory bodies with whom information is shared for money laundering checks, credit risk reduction and other fraud and crime prevention purposes.
• To any third party to whom we assign or novate any of our rights or obligations.
• To any prospective buyer in the event we sell any part of our business or its assets or if substantially all of our assets are acquired by a third party, in which case your personal data could form part of one of the assets we sell.
• To any national and/or international regulatory, enforcement or exchange body or court where we are required to do so by applicable law or regulation or at their request.
• To any central or local government department and other statutory or public bodies (such as HMRC, DWP, Office for National Statistics)

Security of Personal Information

Morris Corfield is committed to safeguarding and protecting your personal data and maintains appropriate security to protect any personal data you provide us with from improper or accidental disclosure, use, access, loss, modification or damage.

Occasionally, the personal data we collect from you may be processed in (including accessed in or stored in) a country or territory outside your home country, including outside the European Economic Area (“EEA”), which does not offer the same level of protection of personal data as may be enjoyed within your home country. By submitting your personal data to us, you agree to this processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with applicable law and regulation and with our policies and standards.

Safe Deletion or Destruction of Personal Information

We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. However, if you wish to have your personal data removed from our records, you can make such a request by writing to the address set out below. Subject to any legal or regulatory requirements, we will then delete this information.

Accessing Personal Information

You have a legal right to make a request to Morris Corfield for disclosure of copies of personal information on you which is being processed by Morris Corfield: this is called a Subject Access Request. Morris Corfield seeks to process any such requests as quickly as possible, but within one month of the date of receipt. In some cases, the data will be exempt from the disclosure requirement, but if this applies, you will be informed. If you wish to make a Subject Access Request, you are required, in the first instance, to contact us and we will provide you with further details.

Head of Data Protection, Morris Corfield, Benthall Works, Benthall Lane, Broseley TF12 5BB. Tel 01952 881000

Date of Issue: 18 May 2018