Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by the Data Protection Act 2018, the General Data Protection Regulation 2016/679 (the “GDPR”) and other legislation relating to personal data and rights such as the Human Rights Act 1998.
Who are we?
This Privacy Notice is provided to you by Beeswax Dyson Farming Limited, Beeswax Dyson Farming Limited trading as Green Crop Information and with reference to the website www.potatoreviewgroup.org.uk (“Beeswax”, “we”, “us”), Beeswax Dyson Farming Limited being the data controller for your data.
Occasionally Beeswax’s processes, procedures and systems are shared across Weybourne group companies and with the Dyson group of companies, which means that we need to share your personal information between us when using it in the ways described.
We may share your personal information with other Weybourne group companies and within the Dyson group of companies:
- where it is in our legitimate interests to do so for internal administrative purposes (for example, for corporate strategy, compliance, auditing and monitoring, research and development and quality assurance); and
- where certain group companies provide services to others (such as IT systems, office services and data storage).
Each of the data controllers referred to above have their own tasks and a description of what data is processed and for what purpose is set out in this Privacy Notice. This Privacy Notice is provided to you by Beeswax on our own behalf and on behalf of each of these data controllers. In the rest of this Privacy Notice, we use the word “we” to refer to each data controller, as appropriate
What data do the data controllers listed above process?
They will process some or all of the following where necessary to perform their tasks:
- Names, titles, and aliases, photographs.
- Contact details such as telephone numbers, addresses, and email addresses.
- Where relevant, or where you provide them to us, we may process demographic information such as gender, age, date of birth, marital status, nationality, employment status, education/work histories, academic/professional qualifications, hobbies, family composition, and dependants.
- Where you pay for goods or services, financial identifiers such as bank account numbers, payment card numbers, payment/transaction identifiers, details about payments to and from you and other products you have purchased from us, policy numbers, and claim numbers.
- Where you are a tenant, proof of ID and financial status information such as credit status, criminal record, council tax and benefits details.
- CCTV images if you visit or are resident in our properties.
- Technical data collected by cookies which includes internet protocol (IP) address, any login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Where you provide this information, we may also process special categories of data or sensitive personal data, such as your racial or ethnic origin, health data or criminal record information. Processing this type of data will be rare but, for example, you may tell us details about a disability if it is relevant to your use of one of our products.
- Log in and account information e.g. your password and username.
Generally, the personal data we have about you is given to us directly by you. We may obtain some information from other sources, such as credit reference agencies or payment initiation service providers, and some data is created about you, for example if you are recorded by CCTV cameras, or when you use our website and cookies create data about you.
Where we are required to collect personal data by law, or need to process personal data in connection with the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract (or enter into a contract with you) (for example, to provide you with goods or services). In this case, we may have to cancel the contract and/or not deliver a product or not perform a service to you but we will notify you if this is the case.
How do we collect your personal data?
We use different methods to collect data which may vary depending on the service or product you use or purchase.
Generally, we will use the following methods to collect your personal data:
- Direct interactions such as filling in forms, discussing your use of our websites or products through various contact means, or you respond to a survey or enter a competition.
- Third parties or publicly available sources of information.
How do we process your personal data?
We will comply with all legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data.
We use your personal data for some or all of the following purposes:
- To enable us to meet all legal and statutory obligations;
- To serve you better as a customer;
- To assess your suitability as a potential tenant;
- To manage your tenancy including collecting rent, essential servicing, access for repairs or maintenance, to arrange a home visit or contact you in the event of an emergency, or to enforce the terms of your tenancy;
- To enable the purchase and delivery of products and services;
- To assist with personal security and prevention and detection of crime;
- To maintain our own accounts and records;
- To process your payments and any refunds;
- To seek your views or comments;
- To understand how we are performing and how we can improve our website;
- To notify you of changes to our services and events;
- To send you communications, including direct marketing, which you have requested and that may be of interest to you. These may include information about sales, special offers, competitions, etc.
- To resolve or investigate complaints or housing management issues;
- To provide, troubleshoot and improve online services; and
- Our processing also includes the use of CCTV systems for the prevention and prosecution of crime.
What is the legal basis for processing your personal data?
Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party (such as another data controller). We will always take into account your interests, rights and freedoms.
We also process data where it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with a tenancy agreement we have with you, or a purchase you have made.
Some of our processing is necessary for compliance with a legal obligation. For example, we are required maintain certain records by law such as VAT records.
Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
Sharing your personal data
Your personal data will be treated as confidential. It will only be shared with third parties where there is a legal basis for doing so (see above). It is likely that we will need to share your data with some or all of the following (but only where necessary):
- Third parties providing services on our behalf, such as a commercial provider to send out newsletters on our behalf, or to maintain our database software;
- Contractors to facilitate property repairs, maintenance and improvement works to our properties;
- Utility companies (and their representatives) and council tax departments to ensure billing details are correct.
We may also share information when required by law, for example where ordered by the Court.
We have put in place appropriate security measures to prevent your personal data from being lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties that we provide with prior approval. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Promotional offers from us
We have a legitimate business interest to send you direct marketing messages to keep you informed about our products and services. If you no longer wish to be informed of these updates, you can opt-out of our direct marketing at any time by emailing email@example.com.
How long do we keep your personal data?
We will keep some records permanently if we are legally required to do so. We may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of 7 years to support HMRC audits or 6 years for VAT records. In general, we will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.
Your rights and your personal data
You have the following rights with respect to your personal data:
(When exercising any of the rights listed below, in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.)
- The right to access information we hold on you -At any point you can contact us to request the information we hold on you as well as why we have that information, who has access to the information and where we obtained the information from. Once we have received your request we will respond within one month. There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee.
- The right to correct and update the information we hold on you – If the data we hold on you is out of date, incomplete or incorrect, you can inform us and your data will be updated.
- The right to have your information erased – If you feel that we should no longer be using your data or that we are illegally using your data, you can request that we erase the data we hold. When we receive your request we will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because we need it for our legitimate interests or regulatory purpose(s)).
- The right to object to processing of your data – You have the right to request that we stop processing your data. Upon receiving the request we will contact you and let you know if we are able to comply or if we have legitimate grounds to continue to process your data. Even after you exercise your right to object, we may continue to hold your data to comply with your other rights or to bring or defend legal claims.
- The right to data portability – You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
- The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought – You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).
- The right to lodge a complaint with the Information Commissioner’s Office.
Cookies are small text files sent by us to your computer, or from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them, or until they expire.
Transfer of Data Abroad
Any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter) may be accessed from overseas.
If we wish to use your personal data for a new purpose, not covered by this Notice, then we retain the right to vary this privacy notice from time to time explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Please contact us if you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights, queries or complaints at:
The Data Protection Manager, Beeswax Dyson Farming Limited, The Estate Office, Cyclone Way, Nocton, Lincoln, LN4 2GR
How to make a complaint
If you are unhappy with the way in which your personal data has been processed you may in the first instance contact the Data Protection Manager using the contact details above.
If you remain dissatisfied then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: –
The Information Commissioner, Wycliffe House, Water Lane, Wilmslow Cheshire SK9 5AF
Telephone: 01625 545 700
Data Protection Help Line: 01625 545 745
Notification Line: 01625 545 740
This Privacy Notice was last updated in January 2020.