Yarto Holdings Limited a company incorporated in England and Wales whose registered office is at (The Promenade (Rear), Edgwarebury Lane, Edgware, Middlesex, HA8 7JZ UK registered number 09427933) (“we/us/our”) holds personal data about our employees, clients, suppliers and other individuals for a variety of business purposes. We will always abide by applicable data protection and privacy laws and are committed to your privacy.
This privacy and cookie policy gives you the details of how we (including all our staff) collect and process your personal data and it applies to all products and services provided by us to you which includes any information that you may provide to us through our website when you purchase a product or service or sign up to our newsletter and sets out how we seek to protect personal data.
Please read this Policy together with our Terms & Conditions of Use.
You give us your information either through this website or by any other means. Any and all personal data passed to us by any third party will be treated in accordance with this policy. Our Data Compliance Officer has overall responsibility for the day-to-day implementation of this policy.
1.What We Do To Protect Your Data
1.1 How We Process Data
We will always seek to process personal data fairly and lawfully in accordance with your rights. So, this means that we will not process personal data unless the individual whose details we are processing has consented to this happening or it is a legitimate interest to do so. We ensure that the processing of all data will be(i) necessary to deliver our services and the services that we deliver on behalf of our clients; (ii) in our legitimate interests and not unduly prejudice the individual's privacy and (iii) in most cases this provision will apply to routine business data processing activities.
1.2 Sensitive personal data
Generally, we do not collect sensitive data but in the unusual situation where we collect and process sensitive personal data we will require the individual’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
1.3 Your personal data
You are responsible to ensure that your personal data is accurate and up to date. So, if your personal circumstances change, please inform the Data Compliance Officer so that we can update your records.
1.4 Keeping your Data secure
We keep personal data secure against loss or misuse. We are committed to protecting the confidentiality and security of your information and we have taken all reasonable measures to secure your information, including encryption, third party audits, access controls and security testing. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know the data.
We will always keep our security measures up to date and under constant review to protect personal data.
Data that is stored on a computer will be protected by strong passwords and our Data Compliance Officer will approve all data stored in the cloud.
Our servers containing personal data will be kept in a secure location, away from general office space and back-ups will be regularly made in line with company procedures. Servers containing sensitive data will be approved and protected by security software and strong firewalls.
Data will never be saved directly to mobile devices such as laptops, tablets or smartphones
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it and printed data will be shredded when no longer needed.
Where other organisations process personal data as a service on our behalf, our Data Compliance Officer will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third party organisations.
2. How we collect data and what we will do with it:
We will always be transparent and provide information to individuals about how we will use their personal data.
2.1 The information that we collect is:
2.2 We collect data:
2.3 Use of data:
We use the information we collect in order to fulfil our contractual obligations with you and understand your needs and provide you with a better service and in particular for the following purposes:
Performance of a Contract
If you register as a new customer or place an order with us, you are providing us with a lawful basis to process your data necessary for the performance of a contract, including processing and delivering to you and contacting you about the order.
Legitimate Interest
The personal data that we collect and process under the legitimate interest basis is done so in the commercial interest of the business and we will use this basis especially in connection with the business eg debt recovery, business management/ growth e.g. to improve our website, products/services and customer relationships and to send you our Surveys, Newsletters, Events and other marketing literature.We will process information in a targeted, proportionate way, which would be reasonably expected for that data and has a minimal privacy impact in accordance with our Legitimate Interest Assessment.As regards direct marketing, you have an absolute right to object to this processing and if you wish to exercise this right contact the Data Compliance Officer, at which time we will stop processing your data.
Consent
Where we rely on consent to process your personal data it will be subject to active consent properly obtained and given by you to us directly or by virtue of us fulfilling our role as a Fulfilment Partner of a third party. This consent can be revoked at any time by contacting our Data Compliance Officer.
2.4 Purpose for Use of Data:
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a reason that it was not originally collected for, we will notify you and explain the legal grounds of processing.
2.5 Who will your information be shared with?
Your personal data is an important part of our business. We do not sell your information to third parties. We will only share your information as set out below as necessary or with your express consent where appropriate. All information sharing is only done on the basis of being necessary and to fulfil legitimate business purposes. For example:
If further consent is required to pass your personal data to third parties, you may be contacted in order to give your positive consent for this purpose
We may disclose your personal information to third parties in limited circumstances as follows:
2.6 Use of Data Processors
We will usually be the Data Controller. Data Processors are third parties who may provide elements of our business service for us. We have contracts in place with our data processors and/or sub data processors so that we control your personal data and they cannot do anything unless we have instructed them to do it. They will not share your personal information with any organisation unless they have our explicit permission or where there is a legal obligation to do so. They will hold it securely and retain it for the period that we instruct.
2.7 We will hold your data for:
We will retain personal data for no longer than is necessary and in any event no longer than 10 years from the date of last usage. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but will be determined in a manner consistent with our data retention guidelines.
We will also need to take into consideration satisfying any legal, accounting or reporting requirements and any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes and may retain your information after your relationship with us has ended.
By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes and any other legal obligations.
2.8 Transferring data internationally
There are restrictions on international transfers of personal data. Your personal data will not be transferred anywhere outside the UK without first consulting the Data Compliance Officer. Where we do transfer your personal data outside the European Economic Area (EEA) we will do our best to ensure a similar degree of security of data by transferring to countries with a similar degree of protection for your personal data, or, we may use specific contracts or codes of conduct or certification which gives personal data the same protection as it has in Europe.
3. Training
New staff will receive training as part of the induction process. Further training will be provided whenever there is a substantial change in the law or our policy and procedure.
4. Marketing
We will abide by any request from an individual not to use their personal data for direct marketing purposes and notify the Data Compliance Officer about any such request.
We will not send direct marketing material to anyone electronically (e.g. via email) unless they have given us positive consent to receiving our marketing material and that consent will be recorded and stored, or if it is in our legitimate interest to do so.
Existing Customers
We would like to send you information, from time to time about our products and services but will only do so where you have requested information from us or purchased goods or services from us and where you have not opted-out of receiving that marketing. Where we use the legitimate interest basis to send you marketing communications, you can object to at any time by emailing the Data Compliance Officer.
Where you opt-out of receiving our marketing communications we will cease immediately from sending you any marketing communications as specified by you.
Prospects
Where we wish to promote our services, we may purchase databases of business contacts within our target sectors. These contacts will only be bought from credible sources, who we have checked for validity. Additionally, we may combine these records with publicly available information. Our primary market is business to business and therefore where we email or call prospects, we will only do so where there is evidenced consent or a legitimate interest to do so. If we are considering legitimate interest as grounds for processing, we will carry out our Legitimate Interest Assessment to ensure that the process is valid and that our interest does not outweigh the individual’s right to privacy.
5. Your Legal Rights
5.1 Access your data
You have the right to access information held about you. If you would like a copy of your personal data, please contact the Data Compliance Officer which we will supply free of charge.
You can ask us to correct any inaccurate data held about you.
5.2 Accuracy and relevance
We will seek to ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless you have agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you must inform the Data Compliance Officer.
5.3 Data portability
Upon request, you will have the right to receive a copy of your data in a structured format. These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. You may also request that your data is transferred directly to another system. This will be done for free.
5.4 Right to be forgotten
You may request that any information held on you is deleted or removed, and any third parties who process or use that data will also comply with the request. An erasure request can only be refused if an exemption applies. We will respond to any request within one month.
6. Privacy by design and default
We will always ensure that privacy and data protection is at the heart of everything that we do and so compliance is considered right from the outset of every project. Our Data Compliance Officer will conduct any Privacy Impact Assessments and ensure that all IT projects have a privacy plan in mind. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.
7. Cookies
Cookies help us to provide you with a good user experience when you browse our website.
If you have registered on our website we record the pages you visit. This allows us to see which products are most popular, and also to provide assistance in the event of problems. We do not share this data with anyone else. This data is retained for a maximum of 3 years, but usually deleted after 18 months.
We use website “cookies” to facilitate the smooth working of this website. Cookies are small files which are sent to your browser when you visit our website, and allow us to distinguish you from other visitors, although they do not personally identify you if you have not actually registered on our website. If you do not wish to accept these cookies you can delete them and/or block them in your browser. All the major browsers have options in their security settings to allow you to do this. However, parts of our website will then not work as expected and you will not be able to place an order.
We only use “first party” cookies, in other words, cookies set by us for direct operation of our website. We do not use “third party” cookies which could allow your details to be passed to third party marketing organisations. The names of the cookies we use are as follows:
Analytics are persistent cookies that allow us to recognise, count the number of visitors, and provide anonymous data about how our visitors use our websites.
Using analytics cookies helps us improve the way our websites work and navigate, ensuring that users are able to find what they are looking for without difficulty. No personally identifiable data is collected about you.
We use Google Analytical Cookies ending with:
_utma
_utmb
_utmc
_utmz
For further information please click here https://support.google.com/analytics/answer/6004245.
Our website is hosted on an industry-standard Microsoft webserver, which issues a default cookie called asp.net_sessionid. This cookie is set as soon as you visit our site but expires automatically after you leave it.
Some of our pages include plug-ins from social networking sites such as Facebook and Twitter, and these sites may also set or retrieve cookies on your browser, if your browser is already signed-in to them. These social networking cookies are exchanged between your browser and the social networking sites you belong to, they are not accessible by us.
You can find out more about cookies and how to manage them on this Wikipedia article.
8. Monitoring
Although we take every reasonable step to protect the information that you provide, we cannot guarantee the security or accuracy of the information that we gather. Please be assured that all our staff must observe this policy. The Data Compliance Officer has overall responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.
If you have any questions or concerns about anything in this policy, do not hesitate to contact the Data Compliance Officer.
9. Complaints
If you have a complaint as to how your data is being collected or used, please contact our Data Compliance Officer in the first instance. If you are still not happy with the way your data is being collected and used, you have the right to complain to the UK Supervisory Authority, the ICO (www.ico.org.uk).
10. Links to other websites
Links on this website may take you to a third-party website. At the point you enter the third-party website, the privacy and cookie policy of the third party will apply to any and all information that you provide. It is important to read the third party’s privacy and cookie policy.
11. Notification of changes to this policy
Our privacy and cookie policy will be reviewed and enhanced from time to time. Please check our website or contact us for a copy of the current privacy and cookie policy. If you are not happy with the conditions of a revised privacy and cookie policy you may opt out by contacting us.
12. Contact Us
If you have any concerns about our privacy policy please contact us at: Post: Yarto Holdings Ltd, The Promenade (Rear), Edgwarebury Lane, Edgware, Middlesex, HA8 7JZ UK Email: info@yarto.com (Data Compliance Officer); Telephone: 020 8952 1222
Updated: May 2018
) (“we/us/our”) holds personal data about our employees, clients, suppliers and other individuals for a variety of business purposes. We will always abide by applicable data protection and privacy laws and are committed to your privacy.
This privacy and cookie policy gives you the details of how we (including all our staff) collect and process your personal data and it applies to all products and services provided by us to you which includes any information that you may provide to us through our website when you purchase a product or service or sign up to our newsletter and sets out how we seek to protect personal data.
Please read this Policy together with our Terms & Conditions of Use.
You give us your information either through this website or by any other means. Any and all personal data passed to us by any third party will be treated in accordance with this policy. Our Data Compliance Officer has overall responsibility for the day-to-day implementation of this policy.
1.What We Do To Protect Your Data
1.1 How We Process Data
We will always seek to process personal data fairly and lawfully in accordance with your rights. So, this means that we will not process personal data unless the individual whose details we are processing has consented to this happening or it is a legitimate interest to do so. We ensure that the processing of all data will be(i) necessary to deliver our services and the services that we deliver on behalf of our clients; (ii) in our legitimate interests and not unduly prejudice the individual's privacy and (iii) in most cases this provision will apply to routine business data processing activities.
1.2 Sensitive personal data
Generally, we do not collect sensitive data but in the unusual situation where we collect and process sensitive personal data we will require the individual’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
1.3 Your personal data
You are responsible to ensure that your personal data is accurate and up to date. So, if your personal circumstances change, please inform the Data Compliance Officer so that we can update your records.
1.4 Keeping your Data secure
We keep personal data secure against loss or misuse. We are committed to protecting the confidentiality and security of your information and we have taken all reasonable measures to secure your information, including encryption, third party audits, access controls and security testing. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know the data.
We will always keep our security measures up to date and under constant review to protect personal data.
Data that is stored on a computer will be protected by strong passwords and our Data Compliance Officer will approve all data stored in the cloud.
Our servers containing personal data will be kept in a secure location, away from general office space and back-ups will be regularly made in line with company procedures. Servers containing sensitive data will be approved and protected by security software and strong firewalls.
Data will never be saved directly to mobile devices such as laptops, tablets or smartphones
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it and printed data will be shredded when no longer needed.
Where other organisations process personal data as a service on our behalf, our Data Compliance Officer will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third party organisations.
2. How we collect data and what we will do with it:
We will always be transparent and provide information to individuals about how we will use their personal data.
2.1 The information that we collect is:
2.2 We collect data:
2.3 Use of data:
We use the information we collect in order to fulfil our contractual obligations with you and understand your needs and provide you with a better service and in particular for the following purposes:
Performance of a Contract
If you register as a new customer or place an order with us, you are providing us with a lawful basis to process your data necessary for the performance of a contract, including processing and delivering to you and contacting you about the order.
Legitimate Interest
The personal data that we collect and process under the legitimate interest basis is done so in the commercial interest of the business and we will use this basis especially in connection with the business eg debt recovery, business management/ growth e.g. to improve our website, products/services and customer relationships and to send you our Surveys, Newsletters, Events and other marketing literature.We will process information in a targeted, proportionate way, which would be reasonably expected for that data and has a minimal privacy impact in accordance with our Legitimate Interest Assessment.As regards direct marketing, you have an absolute right to object to this processing and if you wish to exercise this right contact the Data Compliance Officer, at which time we will stop processing your data.
Consent
Where we rely on consent to process your personal data it will be subject to active consent properly obtained and given by you to us directly or by virtue of us fulfilling our role as a Fulfilment Partner of a third party. This consent can be revoked at any time by contacting our Data Compliance Officer.
2.4 Purpose for Use of Data:
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a reason that it was not originally collected for, we will notify you and explain the legal grounds of processing.
2.5 Who will your information be shared with?
Your personal data is an important part of our business. We do not sell your information to third parties. We will only share your information as set out below as necessary or with your express consent where appropriate. All information sharing is only done on the basis of being necessary and to fulfil legitimate business purposes. For example:
If further consent is required to pass your personal data to third parties, you may be contacted in order to give your positive consent for this purpose
We may disclose your personal information to third parties in limited circumstances as follows:
2.6 Use of Data Processors
We will usually be the Data Controller. Data Processors are third parties who may provide elements of our business service for us. We have contracts in place with our data processors and/or sub data processors so that we control your personal data and they cannot do anything unless we have instructed them to do it. They will not share your personal information with any organisation unless they have our explicit permission or where there is a legal obligation to do so. They will hold it securely and retain it for the period that we instruct.
2.7 We will hold your data for:
We will retain personal data for no longer than is necessary and in any event no longer than 10 years from the date of last usage. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but will be determined in a manner consistent with our data retention guidelines.
We will also need to take into consideration satisfying any legal, accounting or reporting requirements and any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes and may retain your information after your relationship with us has ended.
By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes and any other legal obligations.
2.8 Transferring data internationally
There are restrictions on international transfers of personal data. Your personal data will not be transferred anywhere outside the UK without first consulting the Data Compliance Officer. Where we do transfer your personal data outside the European Economic Area (EEA) we will do our best to ensure a similar degree of security of data by transferring to countries with a similar degree of protection for your personal data, or, we may use specific contracts or codes of conduct or certification which gives personal data the same protection as it has in Europe.
3. Training
New staff will receive training as part of the induction process. Further training will be provided whenever there is a substantial change in the law or our policy and procedure.
4. Marketing
We will abide by any request from an individual not to use their personal data for direct marketing purposes and notify the Data Compliance Officer about any such request.
We will not send direct marketing material to anyone electronically (e.g. via email) unless they have given us positive consent to receiving our marketing material and that consent will be recorded and stored, or if it is in our legitimate interest to do so.
Existing Customers
We would like to send you information, from time to time about our products and services but will only do so where you have requested information from us or purchased goods or services from us and where you have not opted-out of receiving that marketing. Where we use the legitimate interest basis to send you marketing communications, you can object to at any time by emailing the Data Compliance Officer.
Where you opt-out of receiving our marketing communications we will cease immediately from sending you any marketing communications as specified by you.
Prospects
Where we wish to promote our services, we may purchase databases of business contacts within our target sectors. These contacts will only be bought from credible sources, who we have checked for validity. Additionally, we may combine these records with publicly available information. Our primary market is business to business and therefore where we email or call prospects, we will only do so where there is evidenced consent or a legitimate interest to do so. If we are considering legitimate interest as grounds for processing, we will carry out our Legitimate Interest Assessment to ensure that the process is valid and that our interest does not outweigh the individual’s right to privacy.
5. Your Legal Rights
5.1 Access your data
You have the right to access information held about you. If you would like a copy of your personal data, please contact the Data Compliance Officer which we will supply free of charge.
You can ask us to correct any inaccurate data held about you.
5.2 Accuracy and relevance
We will seek to ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless you have agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you must inform the Data Compliance Officer.
5.3 Data portability
Upon request, you will have the right to receive a copy of your data in a structured format. These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. You may also request that your data is transferred directly to another system. This will be done for free.
5.4 Right to be forgotten
You may request that any information held on you is deleted or removed, and any third parties who process or use that data will also comply with the request. An erasure request can only be refused if an exemption applies. We will respond to any request within one month.
6. Privacy by design and default
We will always ensure that privacy and data protection is at the heart of everything that we do and so compliance is considered right from the outset of every project. Our Data Compliance Officer will conduct any Privacy Impact Assessments and ensure that all IT projects have a privacy plan in mind. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.
7. Cookies
Cookies help us to provide you with a good user experience when you browse our website.
If you have registered on our website we record the pages you visit. This allows us to see which products are most popular, and also to provide assistance in the event of problems. We do not share this data with anyone else. This data is retained for a maximum of 3 years, but usually deleted after 18 months.
We use website “cookies” to facilitate the smooth working of this website. Cookies are small files which are sent to your browser when you visit our website, and allow us to distinguish you from other visitors, although they do not personally identify you if you have not actually registered on our website. If you do not wish to accept these cookies you can delete them and/or block them in your browser. All the major browsers have options in their security settings to allow you to do this. However, parts of our website will then not work as expected and you will not be able to place an order.
We only use “first party” cookies, in other words, cookies set by us for direct operation of our website. We do not use “third party” cookies which could allow your details to be passed to third party marketing organisations. The names of the cookies we use are as follows:
Analytics are persistent cookies that allow us to recognise, count the number of visitors, and provide anonymous data about how our visitors use our websites.
Using analytics cookies helps us improve the way our websites work and navigate, ensuring that users are able to find what they are looking for without difficulty. No personally identifiable data is collected about you.
We use Google Analytical Cookies ending with:
_utma
_utmb
_utmc
_utmz
For further information please click here https://support.google.com/analytics/answer/6004245.
Our website is hosted on an industry-standard Microsoft webserver, which issues a default cookie called asp.net_sessionid. This cookie is set as soon as you visit our site but expires automatically after you leave it.
Some of our pages include plug-ins from social networking sites such as Facebook and Twitter, and these sites may also set or retrieve cookies on your browser, if your browser is already signed-in to them. These social networking cookies are exchanged between your browser and the social networking sites you belong to, they are not accessible by us.
You can find out more about cookies and how to manage them on this Wikipedia article.
8. Monitoring
Although we take every reasonable step to protect the information that you provide, we cannot guarantee the security or accuracy of the information that we gather. Please be assured that all our staff must observe this policy. The Data Compliance Officer has overall responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.
If you have any questions or concerns about anything in this policy, do not hesitate to contact the Data Compliance Officer.
9. Complaints
If you have a complaint as to how your data is being collected or used, please contact our Data Compliance Officer in the first instance. If you are still not happy with the way your data is being collected and used, you have the right to complain to the UK Supervisory Authority, the ICO (www.ico.org.uk).
10. Links to other websites
Links on this website may take you to a third-party website. At the point you enter the third-party website, the privacy and cookie policy of the third party will apply to any and all information that you provide. It is important to read the third party’s privacy and cookie policy.
11. Notification of changes to this policy
Our privacy and cookie policy will be reviewed and enhanced from time to time. Please check our website or contact us for a copy of the current privacy and cookie policy. If you are not happy with the conditions of a revised privacy and cookie policy you may opt out by contacting us.
12. Contact Us
If you have any concerns about our privacy policy please contact us at: Post: Yarto Holdings Ltd, The Promenade (Rear), Edgwarebury Lane, Edgware, Middlesex, HA8 8LW UK Email: info@yarto.com (Data Compliance Officer); Telephone: 020 8952 1222
Updated: May 2018
Copyright © 2018 Yarto House Edgware - All Rights Reserved.
A Yarto Group Company /division of Yarto Holdings