PRIVACY POLICY

PERSONAL INFORMATION

Poshlots Ltd & PoshLots Much Hadham does not disclose private data to third parties, unless specifically appointed by PoshLots to fulfil the requirements of the membership package or specific initiative the individual has signed up to. The only data held by the company on individuals, is that which was supplied to it when a rental has been purchased, renewed or updated or when an individual signed up to the Poshlots Registration Form. The accuracy of that data is dependent on the information supplied by the member and as such the company cannot be held responsible for any errors in this information.

All data is stored securely and used only to ensure the day to day operations of the company, it is not shared or sold to a third party. We may at times contact you directly concerning developments within the company or site, and we will offer you the opportunity to opt out of initiatives if you so wish.

DATA PROTECTION AND GDPR POLICY

To comply with The Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018 Poshlots’ data compliance policy adheres to the following principles:

1. Data must be processed fairly and lawfully;
2. Data must be obtained only for specific and lawful purposes;
3. Data must be adequate, relevant and not excessive;
4. Data must be accurate and kept up to date;
5. Data must not be held any longer than necessary;
6. Data must be processed in accordance with the rights of data subjects;
7. Data must be protected in appropriate ways;
8. Data must not be transferred outside of the European Economic Area (EEA), unless that territory or country also ensures an adequate level of protection.

Data now includes such things as health questionnaires, genetic, mental, cultural or social identity, photographs, bank accounts, an Individual’s names, postal addresses; e-mail addresses; telephone numbers, individual’s back and / or payment account details; other data further relating to individuals for identification verification reasons, such as driving licence details, health status, bank account details.

Your information that will be used include and not usually exceed the following examples unless further data will need to be collected in order to fulfil our obligations: to contact you, collect payments from you or your company. Any such information will not be shared with any other organisation unless the third party has requested such information in order for the performance of any contract we enter into with them or you and also includes requests by British government agencies in order to comply with our legal obligations. Your data will not be shared with any marketing business.

The information we collect is stored within the EEA. If any data is to be stored outside of the EEA the countries will provide equivalent legal protection as that provided by laws within the EEA.

Updates to this policy may occur so please check regularly if you want to check that you are happy with the changes.

ABOUT COOKIES

Cookies are pieces of information which are stored directly on the computer you are using. We may place cookies or similar files on your computer when you visit our website. These cookies are used to:

• monitor which operating system, browser and screen resolution you used to visit our website so we can plan future development accordingly

• monitor which areas of the site you use during your visit so that we can assess which areas of the site are of most interest and plan future improvements for our visitors

• provide online services which require information to be passed from page to page during the course of their execution. e.g. remember that you are logged in.

You can change the settings in your browser to accept all cookies, to notify you when a cookie is issued, or not to receive cookies at anytime. The last of these, of course, means that certain personalised services cannot then be provided to you.

UNSUBSCRIBING

If you have received an e-mail or other contact from us and you would like to ensure that you do not receive any further communications, please contact us with your name and the email address we have on file for you and we will remove you from our mailing lists.

POSHLOTS STAFF GUIDELINES

Ensures that only people with access to such data specified in this policy should use it for work purposes only.

Data should not be shared informally.

Employees are trained to understand their responsibilities relating to data handling and use.

Data should not be shared and made accessible to unauthorised person(s) within or outside of the company, especially those involved with marketing their own or others’ services and goods.

Passwords should be strong and, never shared and changed regularly.

Data is to be reviewed regularly and updated if still of use. If not it should be deleted and disposed.

If data is to be sent outside of the EEA, employees must receive guidance and approval from the IT service supplier and /or the data controller beforehand.

The ICO must be notified of any data breach within 72 hours of learning about the breach. The data controller must notify individuals whose data breach is likely to be a high risk of their rights and freedoms of individuals.

DATA SUBJECT ACCESS REQUESTS

All individuals who are the subject of personal information data stored by PoshLots ltd can:

• Ask what information the company holds about them and for what purpose;

• Ask for access to it;

• Ask for it to be told when it is updated;

• Demand for their right to be forgotten to be acted upon- all personal data of the subject must be erased and destroyed as soon as possible within 72 hours.

DATA CONTROLER

For the purpose of the Data Protection Act 1998 and the General Data Protection Regulation 95/46/EC the data controller is Poshlots, Walter House, Hodgson Way, Wickford, Essex, SS11 8YG.