This Privacy Notice explains what information is collected about you, why it is needed, how it is used, how it is stored, how long it is kept and what measures are in place to keep personal information secure.
Morris, Corfield & Co. Ltd (referred to as Morris Corfield, ‘us’ or ‘we’) is aware of its obligations under the General Data Protection Regulation (GDPR) and UK data protection legislation and is committed to processing your personal data securely and transparently, in manual and electronic form.
Personal information means any information relating to an identified or identifiable person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to physical, physiological, mental, economic, cultural or social identity. Personal information can be in manual and electronic form.
Processing Personal Information means any operation which is performed on personal data, whether manually or via electronic means, such as collecting, processing, recording, organising, storing, altering, consulting, using, deleting or destroying.
Data Controller refers to Morris Corfield’s role in determining the processes to be used when using your personal data.
Data Processors refers to the roles given to specific employees and specific organisations to process personal data as directed by Morris Corfield.
Data Protection Principles
Morris Corfield believes its collection, use and storage of personal data is consistent with its legal, contractual and business requirements, as well as meeting GDPR’s six data protection principles:
In addition, personal data will be processed in recognition of an individual’s data protection rights ie their right to be informed, right of access, right for inaccuracies to be corrected, right to have information deleted, right to restrict the processing of data, right to portability, right to object to inclusion of any information and right to regulate any automated decision-making and profiling of personal data.
Morris Corfield ensures:
Types of Data Held
If you deal with Morris Corfield in the capacity of an officer, representative, employee or director of one of our clients or suppliers, we typically process the following types of personal data about you:
If you deal with Morris Corfield in your capacity as an employee, contractor, temporary worker or other personnel, we typically process the following types of personal data about you:
These types of personal data may include sensitive personal data.
We may also store emails, application and internet logs in connection with your dealings with us. See section below ‘When we record communications with you’.
Morris Corfield makes every effort to maintain the accuracy and completeness of your personal data which it stores and to ensure all of your personal data is up to date. However, you can assist us with this considerably by promptly contacting us if there are any changes to your personal data or if you become aware that we have inaccurate personal data relating to you (see section below ‘Your rights in relation to the personal information data we collect’). Morris Corfield shall not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data or sensitive personal data that you provide to us.
Reasons for Processing Personal Information
Morris Corfield and/or persons acting on our behalf may process your personal data for any of the following purposes, depending on the capacity in which you deal with Morris Corfield:
When We Record Communications with You
Morris Corfield and persons acting on our behalf may record and/or monitor communications (including emails, texts, instant messaging, fax and other electronic communications) between our employees, agents, consultants, contractors or other personnel and non-Morris Corfield personnel/ individuals (such as employees of our clients). Morris Corfield only does this to the extent permitted by applicable law for legitimate business purposes or other purposes permitted by law. Morris Corfield collects this type of personal data for several reasons including but not limited to:
The personal data you provide will be held securely in both manual and electronic form. Your personal data will be shared with employees within Morris Corfield where it is necessary for them to carry out their data processing duties. We will not share any of the information you provide with any third parties for marketing purposes.
When We May Disclose Your Personal Data
Security of Personal Information
Morris Corfield is committed to safeguarding and protecting your personal data and maintains appropriate security to protect any personal data you provide us with from improper or accidental disclosure, use, access, loss, modification or damage.
Occasionally, the personal data we collect from you may be processed in (including accessed in or stored in) a country or territory outside your home country, including outside the European Economic Area (“EEA”), which does not offer the same level of protection of personal data as may be enjoyed within your home country. By submitting your personal data to us, you agree to this processing. We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with applicable law and regulation and with our policies and standards.
Safe Deletion or Destruction of Personal Information
We will only retain your personal data for as long as necessary to fulfil the purpose for which it was collected or to comply with legal, regulatory or internal policy requirements. However, if you wish to have your personal data removed from our records, you can make such a request by writing to the address set out below. Subject to any legal or regulatory requirements, we will then delete this information.
Accessing Personal Information
You have a legal right to make a request to Morris Corfield for disclosure of copies of personal information on you which is being processed by Morris Corfield: this is called a Subject Access Request. Morris Corfield seeks to process any such requests as quickly as possible, but within one month of the date of receipt. In some cases, the data will be exempt from the disclosure requirement, but if this applies, you will be informed. If you wish to make a Subject Access Request, you are required, in the first instance, to contact us and we will provide you with further details.
Head of Data Protection, Morris Corfield, Benthall Works, Benthall Lane, Broseley TF12 5BB. Tel 01952 881000
Date of Issue: 18 May 2018
£59,500 (Ex VAT)