Privacy Policy

Privacy Policy

The James Hall Group of Companies are committed keeping your personal data safe, used properly and stored securely. This Privacy Policy explains how we collect and use your personal data.

Information about who we are

The James Hall Group of Companies includes James Hall and Company Ltd, James Hall and Company (Properties) Ltd, Fazila Foods Ltd, G&E Murgatroyd Ltd, North East Convenience Stores Ltd, GAP Convenience Distribution Ltd, Clayton Park Bakery Ltd, Graham Eyes High Class Butchers Ltd, Alston Diary Ltd (collectively referred to as “our Group”, “we” or “us” in this policy).

Our Group companies are registered with the ICO.

You can contact us at:

Postal address:

Data Protection Officer,

Spar Distribution Centre,

Bowland View,

Preston,

PR2 5QT 

Email: DPO@jameshall.co.uk 

General information

All personal data we collect or are provided with will only be held and stored in accordance with this policy and the UK General Data Protection Regulation (“UK GDPR”), the Data Protection Act 2018 and any other legislation relating to the protection of personal data (data protection laws). James Hall & Co. Ltd or the relevant Group company is the data controller for the personal data we process, unless otherwise stated.

This Privacy Policy sets out how your personal data will be processed, stored and used when you visit our website, visit our premises, shop with us online or otherwise engage with us as a consumer, a supplier, retailer or have an other commercial contract with us.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you. 

Changes to our Privacy Policy.

We use different methods to collect information from and about you.

We collect personal data when you visit or register on or contact us or you request information from the website, you may be asked to provide information about yourself.

We also collect information when you visit our premises, purchase products online, engage with us on social media, or sign up to a loyalty programme.

We also collect personal data when you are a supplier or retailer, or we have a commercial contract with you.

When you provide personal data to us, we will treat that information in accordance with this Privacy Policy.

Information you give us.

This is information about you that you give us by filling in forms on our sites (the Website or apps) or by visiting our premises or when corresponding with us by phone, e-mail, post, social media or otherwise.

It includes information you provide when you register to use our site, subscribe to our service, search for a product, place an order on our site, completing an enquiry form on our site, enter a competition, promotion or survey and when you report a problem with our site. The information you give us may include your name, address, e-mail address and phone number, financial and credit card information, personal description and photograph.

Information we collect about you.

Personal information or personal data, means any information about an individual from which that person can be identified and is generally referred to throughout this Privacy Policy as “personal data”. It does not include data where the identity has been removed (anonymous data).

Personal data we may collect, use, store and transfer about you, are as follows:

· Identity data, which includes your name, age/date of birth and gender;

· Contact data which includes postal address including billing and delivery addresses, your location, telephone numbers (including mobile numbers) and e-mail address;

· Transaction data which includes purchases and/or orders made by you and your payment card details;

· Technical data which includes your on-line browsing activities on our Website;

· Profile Data which includes your account login details for website and/or apps including your username and password(s), your interests, preferences, feedback and survey responses;

· Marketing and communications data which includes your marketing preferences from us and our third parties, your communication preferences and your correspondence to and communications with us;

· information captured by our CCTV, automatic number plate recognition (ANPR) and body worn recording devices if you visit any of our premises; and

· other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).

In some circumstances we may need to hold and/or use Special Category personal data. This includes information about your race, ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where this is used for identification purposes), health data, sex life or sexual orientation.

Our Website is not intended for children and our website does not knowingly collect data relating to children.

This list is not exhaustive, and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly,

for example when you set up an on-line account on our website, or send an email to our customer services team or via social media.

Other personal data is collected indirectly, for example your browsing or shopping activity.

We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. 

Information we receive from other sources.

This is information we receive about you if you use any of the other Websites we operate or the other services we provide.

In this case we will have informed you when we collected that data if we intend to share those data internally and combine it with data collected on this site. We will also have told you for what purpose we will share and combine your data. We are working closely with third parties (including, for example, business partners, sub-contractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies). We will notify you when we receive information about you from them and the purposes for which we intend to use that information.

We also may have partnered with third parties to make additional products and services available to you. Some of these products and services can be accessed online though the third party websites.

Third-party links

Our Group company websites may include links to third-party websites, plug-ins and applications, including links to websites of our partner networks. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements or policies. When you leave our Group company websites, we encourage you to read the Privacy Policy of every website you visit.

Our Group is not responsible for the content, function or information collection policies of these external websites.

Payment card information

Our Group or our chosen third-party provider may process your personal data to process any payments made for the provision of services. The information may include information for identification and verification, such as your name, credit, debit or other card number, card expiration date, and CVV code.

Any payment transactions carried out by us, or our chosen third-party provider of payment processing services will be kept secure and encrypted where possible.

If you fail to provide personal data

Where we need to collect personal data by law, legitimate interest or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with good and/or services). In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.

Sharing of your personal information

The reasons we may share your data with third parties are:

  • if we are under a legal or regulatory duty to do so,
  • if it is necessary to do so to enforce terms and conditions of sale or other contractual rights,
  • it is necessary to provide you with the goods and/ or services requested
  • to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity,
  • where such disclosure is necessary to protect the safety or security of any persons or property, and/or
  • otherwise as permitted under applicable law.

We may share your personal data with any member of our Group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006. We will share your personal data within our Group so that we can provide you with the relevant services, which include where you act as a consumer or customer, or where you act in a business capacity as a supplier, retailer or commercial contact.

We will share your personal data when we are required to do so for legal or regulatory purposes or as part of legal proceedings. We may share your personal data with credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you, and to solicitors or debt collection agents in the event of a breach of contract or other such legal proceedings.

We may also disclose or share your personal data if we are under a duty in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of us, our customers, consumers, suppliers, retailers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

We may give information we hold about you to third parties as part of the process of selling one or more of our businesses. We may disclose your personal data to third parties in the event that (i) we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets, (ii) if we or substantially all of our assets (or that of any Group company) are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

We will only ever share your personal information with trusted third parties. We may share your information with selected third parties including (i) business partners, distributors, suppliers and sub-contractors for the performance of any contract we enter into with them or you, (ii) advertisers and advertising networks that require the data to select and serve relevant adverts to you and others (iii) analytics and search engine providers that assist us in the improvement and optimisation of our website.

We only provide third parties with the information they need to know to perform their specific services. Where personal data is shared with a managed service provider or other third-party supplier, we work closely with them to ensure that your personal data is secure and protected at all times.

Our contracts with third parties make it clear that they must hold personal data securely, abide by the principles and provisions of data protection rules, and only use information as we instruct them to. In all instances where we disclose your information to third parties, we will ensure that your information is appropriately protected. If we stop using their services, any of your personal data held by them will either be deleted or rendered anonymous.

Cookies

Our Group company websites use cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

A cookie is a piece of data stored locally on your computer containing information about your activities on the Internet. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

CCTV

We use CCTV across all our premises used by our Group for the protection of our colleagues, customers, consumers and business. This includes investigating accidents, incidents, criminal activities and breaches of our policies.

CCTV is also in operation in our petrol stations and car parks for these purposes. Some car parks are run by third parties, so please check the local notice. Data captured by an ANPR camera may be matched against the DVLA national database in order to identify car owners. 

Some of our colleagues also wear body worn devices to protect themselves, our customers and consumers. These devices record both audio and video.

Our CCTV captures images in real time. These cameras may capture footage of you whilst you are on the premises. Cameras have been situated both inside and outside the buildings. There are signs in place to inform you where cameras are in use.

Occasionally we share CCTV with public or regulatory authorities, a third-party or in response to requests from individuals seeking to protect their rights, the rights of others or helping to prevent crime and nuisance. We will only share CCTV if we consider a request to be appropriate.

How we use your information

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data.

We will only use your personal data when the law allows us to do so.

For more information about the lawful bases for processing personal data please see the ICO website: Link - https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/ 

Lawful Basis for processing personal data

We have set our lawful basis for processing of persona data, and we will use your personal data in the following circumstances:

- Where you have consented before the processing.

- Where we need to perform a contract, we are about to enter or have entered with you.

- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

- Where we need to comply with a legal or regulatory obligation; and

- Where there is a substantial public interest in processing information, for the purposes of detecting and preventing crime.

In certain circumstances, we need your personal data to comply with our contractual obligations or to pursue our legitimate interests in a way which might be reasonably expected as part of our running our business. For example, in order to deliver the services to you, we need to use the information you provide us to enable us to provide those services and / or goods ordered,

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.

Information we receive from other sources.

We sometimes combine information received from other sources with information you give to us and information we collect about you.

We will only use this information and the combined information where we have a lawful basis.

Marketing

We strive to provide you with choices regarding certain personal information uses, particularly around marketing and advertising.

If you have given your consent to receive marketing emails you can withdraw this at any time, or if we are relying on our legitimate interests to send you marketing you can object. In either case, just let us know. If you have received a direct marketing email from us and no longer wish to do so, the easiest way to let us know is to click on the unsubscribe link at the bottom of our marketing emails.

We may contact you in relation to any similar products or services we have previously supplied. Otherwise, we would rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message. You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

Data Storage and how we protect your information

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.

We work hard to keep your information and personal data safe. We use a combination of technical, administrative, and physical controls to maintain the security of your personal information and protect against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

All information you provide to us is stored on our secure servers or within secure filing systems. Some of the controls we have in place to protect your personal data include technological controls such as firewalls, user verification, strong data encryption. We utilise industry “good practice” standards to support the maintenance of a robust information security management system Any payment transactions will be encrypted.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website site or app you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Data retention

How long we will retain your personal data?

We will only retain your personal data for as long as is necessary for the purpose or purposes for which we have collected it.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for analytical or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Where your personal data may be processed.

Your personal data will be stored on systems with technical and organisational security measures and controls located within the UK.

Sometimes we will need to share your personal data with third parties and suppliers outside the UK such as Europe and / or the USA.

If we do this, we have procedures in place to ensure your personal data receives the same protection as if it were being processed inside the UK. For example, our contracts with third parties stipulate the standards they must follow at all times.

Any transfer of your personal data will follow applicable laws and we will follow the guiding principles of this Privacy Policy.

Your rights

You are also able to exercise your rights which include:

The right to be informed.

We aim to be transparent within our Privacy Policy and provide you with information about how we use your personal data.

Right of access.

You have the right to request a copy of any information that we hold about you. We try to be as open as possible as we can be in terms of giving people access to their personal data.

Individuals can find out if we hold any personal data by making a subject access request.

The right to rectification.

You have the right to request the correction of your personal data when it is incorrect, out of date or incomplete. You can contact us, and we can amend inaccurate personal data, however, please note that in some circumstances we may ask for the documentary proof that the amendment is necessary.

The right to erasure.

You can request the erasure of your personal data when it is no longer necessary, you withdraw consent, or you object to its processing. Some information held by us is required by law to be held for a period of time. You can contact us if you wish to make a request.

The right to restrict data.

You can request that we restrict the processing of your personal data. This can be done in circumstances where we need to verify the accuracy of personal data, if you do not wish to have personal data erased or you object to the processing and we are considering this request.

The right to data portability.

Under some circumstances you can request a copy of the personal data you provided to us in a machine-readable format or ask that this data be transferred another third party.

The right to object.

In some circumstances you can stop the processing of your personal data for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data. Where your details are used for marketing, you can opt out at any time.

Automated decision making and profiling.

You will be notified if we a solely automated decision which produces a legal effect or significantly affects you.

You have the right to ask what personal data that we hold about you at any time. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. .

If you wish to exercise any of the above rights, please contact us. Please address requests to the Data Protection Officer, James Hall & Co. Ltd., Bowland View, Preston, PR2 5QT or by email at dpo@jameshall.co.uk or telephone 01772 706666.

We will ask for confirmation of identity before we disclose any personal data. 

How can we help?

If you have any questions that haven’t been covered, or would like us to address any complaints, questions, comments or requests regarding this privacy policy please contact the Data Protection Officer.

For further information on data protection please visit the Information Commissioner Office (ICO) website.

The Information Commissioner Office regulates data protection. If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal information, you have the right to lodge a complaint with the

Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or visit the website.

Changes to our Privacy Policy

Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Privacy Policy.