PRIVACY & DATA POLICY
This website requests and collects personally identifiable information, such as name, address, email address and phone numbers. This is done through various means, including site registration, games, questions, surveys, comments and communications to the site, and postings to chat/bulletin areas (if
Your Internet Protocol (IP) address may be collected to help us diagnose problem with our server and to administer our site. An IP address is a number assigned to your computer when you use the internet. Such information does not contain personally identifiable information about you. Your IP address may also be used to help identify you during your browsing session, and to gather demographic data.
GENERAL DATA PROTECTION REGULATION (GDPR)
The Board of Le Braye has considered and adopted the following procedure. The responsibility of updating the Board on developments within GDPR rests solely with the risk committee and/or Data Protection Officer. (NB – this procedure replaces any previous versions).
Officers and staff of Le Braye will treat all information received from clients and third parties in accordance with the GDPR regulations.
DATA PROCESSING DEFINITION
Processing means any operation (or set of operations) performed with personal data (or sets thereof), whether or not by automated means (such as collection, organization, structuring, recording, storage, alteration or adaptation, retrieval, use, disclosure by transmission, consultation, dissemination or otherwise by making available, alignment or combination, restriction, erasure or destruction). “Data Controller” is the trading name for which the data is being collected (for example, by all Le Braye companies).
THE PURPOSE FOR COLLECTING DATA
The prime purpose for collection of data by Le Braye is its use exclusively in the application, provision and management of financial product and service lines. The company consider that the processing is necessary for the performance of a contract with you (the data subject), or to take steps to enter into such contract with you. Data is collected to ensure our understanding of your needs, and enable us to provide a quality service to you, particularly but not limited to the following reasons:
To establish internal records for the provision of our business services and operations
To maintain records so that both Legal and Regulatory responsibilities can be met without delay
To ensure that data is only disclosed to the appropriate parties
To ensure that appropriate information is processed and retained in accordance with practices, as defined by the Information Commissioner
To safeguard the rights of individuals with regards personal information which may be held, stored or processed about them
Periodically, we may send promotional emails regarding new services, special offers or other information which we believe you may find relevant, by using the email address provided by you.
Your consent must be given freely, specifically, informed, unambiguous and must be verifiable. This means that some form of record must be kept as to how and when your consent was given. All individuals have the right to withdraw their consent at any time. Le Braye will ensure that consent is provided by the following means:
Online Applications: The applicant will be directed to our “terms and conditions” information, which includes a copy of the company’s GDPR procedure. You will then be asked to confirm your permission to continue, based upon those conditions set out in the document, by your completion of a tick box. On acceptance of the terms and conditions, the data will then be forwarded from your internet browser, and processed in accordance with the type of application in question. Should you be unwilling to share your data at this point, the application will not be forwarded from your internet browser and you will be free to discard the application without further interaction with Le Braye.
CONTROLLING YOUR PERSONAL INFORMATION
You may wish to restrict the use or collection of your personal information. This can be done in the following ways:
Your information will only be collected on our website contact form when you have agreed to our terms and conditions of business.
Le Braye will occasionally use email and SMS marketing and credit control tools for the purpose of client communication. Where used, we will include information regarding unsubscribing your email address from any ongoing marketing communications.
If you should believe Le Braye hold personal information about you, you are welcome to send us a written “Subject Access Request” to request details of such data. We will require you to provide comprehensive proof of your identity before releasing such data.
Should you require this personal information to be anonymized, archived, deleted, updated or altered in any other way, you should include this in your written request to us. Le Braye will be happy to comply where our statutory, regulatory and commercial rights and responsibilities will not be compromised.
Le Braye are only able to respond to “Subject Access Requests” when received in writing, and sent to our postal address on our contact page. We will not distribute your personal information to any third parties unless we are explicitly required to do so under IT hosting arrangements, for accounting or regulatory purposes, or by law.
DATA TYPES HELD
Data collected and retained comes under the following categories:
Food and menu data
Booking and reservation data
Credit control notes
Conversations between clients and personnel
Each of these data categories are considered to be a requirement to fulfill the contractual obligations of both the company and the client.
IT Hosting Platforms
Payment Gateway Providers
Regulatory Authorities (including Police, Customs, FIS)
Suppliers of services
Debt Collecting, Tracing and Private Investigators
An organisation processing data on behalf of the company
DATA RETENTION PERIODS
Your personal information will be kept in a format which allows identification of data subjects for no longer than is necessary for the purposes for which the information is processed. It should be noted that records linked to financial transactions are subject to retention rules. These rules are published periodically by regulatory authorities and under accounting standards rules. Currently, the minimum retention period under these requirements is six years.
Application records are required to be retained in order to ensure AML/CFT (Anti-Money Laundering / Combatting the Funding of Terrorism) reporting can be maintained.
The retention period is measured from the date of the application (where there is no corresponding business written), or where business is written, from the date of the completion of the product:
Customer Information: ¬ 6 years after the completion of the last product provided
HR Data: 6 years after the leave date of the employee
Payroll Data: 6 years after the leave date of the employee.
Job application Data (unsuccessful candidate): 3 months following the fulfilment of the position
Employers Liability Insurance policy data must be retained for a minimum period of 10 years, consequently for these policy types, all data will be retained accordingly. At the completion of the retention period, all data will be purged.
SENSITIVE PERSONAL DATA
Personal information consisting of the following information is deemed to be of a sensitive nature, and Le Braye will not enquire nor retain information relating to these:
(a) the racial or ethnic origin of the data subject;
(b) his/her political opinions;
(c) his/her religious beliefs or other beliefs of a similar nature;
(d) whether he/she is a member of a trade union;
e) his/her sexual life;
Please note, it is necessary in some cases to record medical history in relation to travel and medical insurance plans. Where this is the case, records will be retained in accordance with the retention policies detailed above.
Le Braye are committed to ensuring the security of your personal data. All information transferred between your internet browser and our website or third party applications are encrypted using HTTPS protocol, using Digital Certificates with secure TLS Cyphers. This can be verified by the appearance of the secure padlock symbol in the browser address bar.
In order to prevent any unauthorised access/disclosure, we have put in place further electronic, physical and managerial procedures to secure and safeguard the information collected. These procedures and policies are company confidential. This is to avoid exposure of data security, and so can only be made available to relevant parties, legally bound by a non-disclosure agreement.
The Board of Directors of the company have the responsibility to ensure that registration is maintained with the Data Protection/Information Commissioner, and that purposes for which the information is held and/or processed is declared, and to whom it will be disclosed and the security to be applied. It is the responsibility of all Le Braye staff to ensure that any use of personal data during the course of their work is treated in accordance with the Data Protection Principles.
CONSENT TO PROCESSING
By providing your personal information to this site, you are fully understanding and unambiguously giving consent to the transfer of such personal data, and to the collection and processing of such personal data, in the United Kingdom and other countries or territories.
If you would like to review and/or up-date the information that you have provided to this site, please write to us at to firstname.lastname@example.org requesting the change.
At any time, you may choose to have your name removed from Le Braye’s e-mail marketing list by sending an email to email@example.com with the subject line “unsubscribe” or by following instructions provided in any e-mail message from Le Braye.
YOUR ACCEPTANCE OF THIS POLICY
By the use of this site, you signify your acceptance and agreement of our Privacy and Data Policy. If you do not agree to this policy, please do not use this site. Le Braye reserves the right, at our discretion, to change, modify, add or remove portions from this policy at any time. As such, visitors are encouraged to review this policy periodically. Your continued use of our site following the publication of such changes to these terms means that you accept these changes.