Date of publication: 28/03/2018
This is a public notice detailing how C S Ellis Group Limited uses your Personal Data. It documents:
- What Personal Data is (‘definitions’)
- Who we are
- How and why we use your Personal Data (‘purposes’)
- Your rights as a Data Subject
- How to interact with us
Your Personal Data is very important to us. We will endeavour to uphold your rights, treat your information with all due respect, and ever work to keep it held securely and in confidence.
We have sought to present this Privacy Notice in jargon-free plain-English. Some of the definitions below relate to legal concepts, so are provided for your reference. Should you have any queries, please do not hesitate to contact us and we will be happy to assist.
Information relating to living, identifiable individuals, such as job applicants, current and former employees, agency, contract and other staff, customers, suppliers and marketing contacts.
Personal Data we gather may include:
Individuals' contact details,
Financial and pay details,
Details of certificates and diplomas,
Education and skills,
Job title, and job-related information
Special categories of Personal Data:
Sensitive Personal Data shall by definition include:
Personal Data about an individual's racial or ethnic origin,
Religious or similar beliefs,
Trade union membership (or non-membership),
Physical or mental health or condition,
Criminal offences, or related proceedings
Any use of sensitive Personal Data should be strictly controlled in accordance with this policy.
The purposes for which Personal Data may be used by us: Personnel, administrative, operational, financial, regulatory, payroll and business development purposes.
Business purposes include the following:
The legal and lawful delivery of our services
Compliance with our legal, regulatory and corporate governance obligations and good practice
Gathering information as part of investigations by regulatory bodies or in connection with legal proceedings or requests
Ensuring business policies are adhered to (such as policies covering email and internet use)
Operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring and checking
Checking references, ensuring safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments
Monitoring staff conduct, disciplinary matters
Marketing our business
Improving our services
The electronic and physical locations where we store Personal Data.
Our business is the Data Controller for the Personal Data we directly capture from Data Subjects.
Our business acts as a Data Processor for other organisations for whom we deliver services. Similarly, our own subcontractors, and other service providers to whom we entrust Personal Data for the delivery of our services are legally considered our own Data Processors.
This is a legal consideration under data protection legislation. Data Subjects provide Consent for their Personal Data to be used for one or more explicit purposes relevant to the services provided by our business.
A Data Subject is a living, identifiable individual located within the European Union.
Personal Data Breach:
A Personal Data Breach is the unauthorised disclosure of Personal Data into an untrusted environment. One example may be accidentally emailing a spreadsheet containing Personal Data to an unintended recipient.
Who we are
Where you submit Personal Data to us directly, C S Ellis Group Limited is legally obligated as a ‘Data Controller’. In a capacity where we have been provided with your Personal Data by a partner organisation, we are legally obligated as a ‘Data Processor’.
Should you wish to interact with us regarding any query on Personal Data, our contact details are provided below.
Contact: Hayley Cook, HR Director
Telephone: +44 (0) 1780 720133
C S Ellis Group Limited
Registration Number: 00852320
Wireless Hill, South Luffenham, Oakham, Leicestershire, LE15 8NF
How and why we use your Personal Data
Data is collected to allow C S Ellis Group Limited to legally provide a service to its customers, to fulfil a service to its suppliers and lawfully employ individuals within the company.
C S Ellis Group Limited provides the following types of service:
Transportation of goods
Warehousing and Storage
Re-work and Fulfilment
Workshop and Recovery
Pick and Pack
Pallet network integration incl. Hazardous goods network
In order to be able to provide these services to you, we must be able to identify you in some manner, to be able to deliver your service to you specifically.
Where we are capturing your Personal Data to provide a service, we will always seek your Consent in order to do so.
Where we are provided with your Personal Data to legally fulfil a service to you that you have requested, we will endeavour to make you aware that we have processed and handled your Personal Data.
This Privacy Notice lays out how we will fulfil our obligations to you in the safe and legal treatment of your Personal Data. Should you have any queries, please contact us at any time using the contact details provided above.
We will never use your Personal Data for a business purpose without your explicit consent. If we require your Personal Data for any other Purpose we will seek you consent prior to undertaking any processing activity. For reference our business will only provide services to individuals aged over 18 years.
Your Personal Data
It is your responsibility to ensure the Personal Data we hold about you is accurate and up-to-date. Please contact us if you have any queries regarding your Personal Data.
Where you directly contract us to provide a service
We will only collect the necessary Personal Data to fulfil the service you have requested. Your Personal Data will be retained for no more than 12 months after the required purpose, except where we are bound by other legal obligations to do so.
Where we are provided with your Personal Data to fulfil a service on behalf of a partner
We will only accept the minimum Personal Data to be able to deliver the service. Your Personal Data will be retained for no longer than 12 months following the delivery of the service. The originating service provider may retain your Personal Data for longer, and you should speak with that party if you have any queries.
Your rights as a Data Subject
You have the right to know what Personal Data we hold about you.
You have the right to request we cease processing your Personal Data.
You have the right to revoke your consent to your Personal Data being processed (except where necessary to legally delivery a contracted service).
You have the right to request we not make decisions about you automatically and can prefer human intervention (where possible).
You have the right to request that we not profile you based on your Personal Data without human intervention (where possible).
You have the right to request we delete all Personal Data we hold about you (where legally we are able to do so).
You have the right to request a copy of any Personal Data we hold about you, which must be provided to you in a commonly used electronic format.
You have the right for your Personal Data to be stored and processed securely and have confidence that it will not be disclosed to an unauthorised party.
You have the right to make a complaint if you are dissatisfied with the how we have honoured your rights.
It must be noted that there is no charge to request information from us. We are only permitted to make a charge if:
Your request is unfounded.
Your request is excessive.
Your requests are repetitive in nature.
Interacting with us regarding your rights
Making a Subject Access Request
You have the right to request a copy of the Personal Data we hold about you. This request must be made in writing, by email or post, to the contact details provided above.
We will acknowledge receipt of your request and will respond to the request at the latest within 20 working days from said receipt. When making your request, you must provide all necessary information to support your query, including:
Your name and contact details
The reason for your request
How we can contact you
There are exemptions to Subject Access Requests that may prevent us from honouring your request. This may include the request being overly broad, or your request may infringe the rights of another individual. We will always attempt to honour your request and will fully explain, if we are unable to do so, why, and what can be done to progress the request further.
Your right to receive data in a commonly used electronic format
Due to the nature of the services we provide, it may be that we are unable to honour all requests. We will always seek to provide you with data that you or your service provide can easily reuse.
Your right to request we restrict processing
You have the right to request that we restrict processing any Personal Data we hold about you. This request should be made in writing to the contact identified above, stating the reason for your request, and the timeframe required for processing to be restricted. We will acknowledge your request and respond within 5 working days.
Your right to request the deletion of Personal Data
You have the right to request that we delete or destroy any Personal Data that we hold on you. This request should be made in writing, by post or email, to the contact identified above. We will acknowledge your request and respond within 5 working days. We may be unable to honour requests that infringe on our other legal obligations, or in relation to a dispute, or where the deletion affects the rights of another party.
Your rights in relation to automated decision making and profiling
We do not make use of Personal Data for automated decision making or profiling in the delivery of our services to you. If you believe this not to be the case, please contact us.
Making a complaint
You have the right to make a complaint if we fail to honour your rights. We hope you never have need to complain about our service, however if you do, our business operates a three-stage complaints process, as follows:
In the first instance please send in writing, by post or email, your complaint to the contact named above. We will acknowledge receipt of your complaint. You will receive a response within two working days.
2. If we fail to resolve your issue with our response, you may escalate your complaint to our Chief Executive Officer. Please indicate in writing, again either by post or email, for your desire for the complain to be escalated. We will acknowledge receipt of your complaint and will respond to you within 5 working days.
3. If you remain dissatisfied with how we have handled your complaint, you have the right to seek redress through the data protection supervisory authority. Please assemble all necessary information and submit your complaint here: http://www.ico.org.uk
Securing your Personal Data
We undertake comprehensive technical measures to reduce the likelihood your Personal Data will be accessed by an unauthorised party. For security we cannot disclosure all measures undertaken, however we are able to comment that our organisation seeks at all times to comply with (at the very least) the requirements of the following specifications:
● Cyber Essentials
● GDPR Essentials
We will always endeavour to store and process your Personal Data within the geographic confines of the European Economic Area (‘EEA’). If we are unable to do so, we will always ensure that our Data Processors comply with the same or greater level of assurance over use of your Personal Data than ourselves.
In the event of a Personal Data Breach
As a responsible Data Controller and Data Processor, in the event that Personal Data is disclosed to unauthorised individuals, we will notify you in writing as soon as possible. We take a great number of precautions to prevent this from happening, however should an incident arise we will detail what Personal Data was affected and the steps we are taking to manage the issue going forwards.
Our use of Data Processors
It is possible that we may entrust your Personal Data to other businesses to help us deliver our service to you. Our business will only operate with partners that adhere to a similar or greater level of assurance than ourselves. When you request a service from us, to legal discharged the contract entered into, we must always assume your Consent for Personal Data to be shared with partners where strictly necessary to do so.
Cookies are small text files that can be used by websites to make a user's experience more efficient.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Your consent applies to the following domains: www.csellis.co.uk.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|CMSSESSID#||csellis.co.uk||Preserves users states across page requests.||Session||HTTP Cookie|
|CONSENT||Used to detect if the visitor has accepted the marketing category in the cookie banner. This cookie is necessary for GDPR-compliance of the website.||6110 days||HTTP Cookie|
|CookieConsent||Cookiebot||Stores the user's cookie consent state for the current domain||1 year||HTTP Cookie|
|JSESSIONID||New Relic||Preserves users states across page requests.||Session||HTTP Cookie|
Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
|__utm.gif||Google Analytics Tracking Code that logs details about the visitor's browser and computer.||Session||Pixel Tracker|
|__utma||Collects data on the number of times a user has visited the website as well as dates for the first and most recent visit. Used by Google Analytics.||2 years||HTTP Cookie|
|__utmb||Registers a timestamp with the exact time of when the user accessed the website. Used by Google Analytics to calculate the duration of a website visit.||1 day||HTTP Cookie|
|__utmc||Registers a timestamp with the exact time of when the user leaves the website. Used by Google Analytics to calculate the duration of a website visit.||Session||HTTP Cookie|
|__utmt||Used to throttle the speed of requests to the server.||1 day||HTTP Cookie|
|__utmz||Collects data on where the user came from, what search engine was used, what link was clicked and what search term was used. Used by Google Analytics.||6 months||HTTP Cookie|
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
|__atuvc||AddThis||Updates the counter of a website's social sharing features.||1 year||HTTP Cookie|
|__atuvs||AddThis||Ensures that the updated counter is displayed to the user if a page is shared with the social sharing service, AddThis.||1 day||HTTP Cookie|
|_at.cww||www.csellis.co.uk||Used by the social sharing platform AddThis||Persistent||HTML Local Storage|
|at-lojson-cache-#||www.csellis.co.uk||Used by the social sharing platform AddThis||Persistent||HTML Local Storage|
|at-rand||www.csellis.co.uk||Used by the social sharing platform AddThis||Persistent||HTML Local Storage|
|loc||Oracle||Geolocation, which is used to help providers determine how users who share information with each other are geographically located (state level).||1 year||HTTP Cookie|
|NID||Registers a unique ID that identifies a returning user's device. The ID is used for targeted ads.||6 months||HTTP Cookie|
|uvc||Oracle||Detects how often the social sharing service, AddThis, encounters the same user.||1 year||HTTP Cookie|
|xtc||Oracle||Registers the user's sharing of content via social media.||1 year||HTTP Cookie|