Crown Securities (UK) LTD - Privacy Policy - May 2018

We care about your privacy and are committed to protecting your personal information in accordance with fair information practices and applicable data privacy laws.

• 1. Scope
• 2. Identity of Data Controller
• 3. Categories of personal information
• 4. Legal bases for processing
• 5. Purposes of processing
• 6. Recipients of personal information
• 7. Marketing
• 8. Retention
• 9. Protection of Personal Information
• 10. Data Protection Measures
• 11.IT Computer Security
• 12. Our websites
• 13. Your Rights
• 14. Consent and Withdrawal of consent
• 15. Data Breach Notifications
• 16. Modifications to our Privacy Notice

Scope:

This Privacy Notice explains how we collect and use personal information. Personal Information means any information relating to an identified or identifiable natural person; one who can be identified, directly or indirectly, by reference to an identifier such as name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

We collect personal information in a variety of ways through our normal business activities, both online and offline. This includes, for example, client surveys, emails and letters or when you place orders or purchase products or services, enter into agreements or communicate with us, or visit and use our website. We also receive personal information from our customers in order to perform services on their behalf.

Identity of Data Controller:

Crown Securities (UK) Ltd Company's Data Protection Officer is responsible for the processing of your personal information. If you have any questions about our privacy policy please write to us at Lake House, Grange Road, Ellesmere, Shropshire SY12 9DQ.

Categories of Personal Information:

Personal information that we may collect and process includes:

Contact Information that allows us to communicate with you, such as your name, job title, prefix, username, mailing address, telephone numbers, email address or other addresses that allow us to send you messages, company information and registration information you provide on our website.
Relationship Information that helps us do business with you, such as the types of products and services that may interest you, contact and product preferences, languages, creditworthiness, marketing preferences and demographic data.

Transactional information about how you interact with us, including purchases, enquiries, customer account information, order and contract information, delivery details, billing and financial data, details for taxes, transaction and correspondence history, and information about how you use and interact with our websites.
Credit/Debit card details are only sorted for the processing of payment and will be deleted once payment has been processed.

Security and Compliance Information that helps us to secure our interests, including information for conflict checks, fraud prevention and internal verification, as well as information necessary for the security of our premises, such as visual recordings.

Our products may collect system and event information relating to their setup, configuration and operation, as well as information collected by our products in their ordinary course of operation. This information may include sensor data, equipment data, data regarding faults and events. The nature and extent of the information collected by our products will vary based on the type and function of the product and the type of services for which they are used, subject to applicable laws.

Lawful bases for Processing:

The performance of a contract with our customers and suppliers.
The legitimate interests of Crown Securities (UK) Ltd, which are our usual business activities.

Purposes of Processing:

Fulfilling your orders for products or services and related activities, such as product and service delivery, customer service, account and billing management, support and training, product update and safety related notices, and to provide other services related to your purchase.

Managing our contractual obligations and your ongoing relationship with us, including interacting with you, analysing and improving the products and services we offer, informing you about our products or services, as well as special offers and promotions.

Ensuring the security of our website, networks and systems, and premises, as well as protecting us against fraud.
Managing our everyday business needs, such as payment processing and financial account management, contract management, website administration, audit, reporting and legal compliance.

Recipients of Personal Information:

Third Parties: We may use third parties to provide or perform services and functions on our behalf. We may make personal information available to these third parties, to perform these services and functions. Any processing of that personal information will be on our instructions and compatible with the original purposes.

As Required by Law: We may also make personal information concerning individuals available to public or judicial authorities, law enforcement personnel and agencies as required by law.

Mergers & Acquisitions: Personal information may be transferred to a party acquiring all or part of the equity or assets of Crown Securities (UK) Ltd or its business operations in the event of a sale, merger, liquidation, dissolution, or other.

Marketing:

We may use your personal information to tell you about relevant products and offers. This is what we mean when we talk about 'marketing'.

The personal information we have for you is made up of what you tell us, and data we collect when you use our services. We study this to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

We can only use your personal information to send you marketing messages if we have either your consent or a 'legitimate interest'. That is when we have a business or commercial reason to use your information. It must not unfairly go against what is right and best for you.

You can ask us to stop sending you marketing messages by contacting us www.crownsecurities.co.uk. Whatever you choose, you will still receive statements and other important information such as charges to your existing products and services.

We may ask you to confirm or update your choices, if you take out any new products or services with us in the future. We will also ask you to do this if there are changes in the law, regulation, or the structure of our business.

Retention:

We will retain your personal information as long as necessary to achieve the purpose for which it was collected, usually for the duration of any contractual relationship and for any period thereafter as legally, regulatory or for technical reasons. Kept in a form which permits identification of data subject for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the Regulation in order to safeguard the rights and freedoms of the data subject.

Protection of Personal Information:

Security measures for protecting personal information:

We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-to-know basis.

Data Protection Measures:

The Company shall ensure that all its employees, agents, contractors, or other parties working on its behalf comply with the following when working with personal data:

All emails containing personal data must be encrypted and password protected.

Where any personal data is to be erased or otherwise disposed of for any reason (including where copies have been made and are no longer needed), it should be securely deleted and disposed of. Hardcopies should be incinerated or shredded, and electronic copies should be deleted.

Personal data may not be transmitted over a wireless network if there is a wired alternative that is reasonably practicable.

Personal data contained in the body of an email, whether sent or received, should be copied from the body of that email and stored securely. The email itself should be deleted. All temporary files associated therewith should also be deleted.

Where personal data is to be transferred in hardcopy form it should be passed directly to the recipient or sent using Royal Mail or a reputable tracker courier service.

No personal data may be shared informally and if an employee, agent, sub-contractor, or other party working on behalf of the Company requires access to any personal data that they do not already have access to, such access should be formally requested from a Company Director.

All hardcopies of personal data, along with any electronic copies stored on physical, removable media should be stored securely in a locked box, drawer, cabinet or similar.

No personal data may be transferred to any employees, agents, contractors, or other parties, whether such parties are working on behalf of the Company or not, without the authorisation of a Company Director.

Personal data must be handled with care at all times and should not be left unattended or on view to unauthorised employees, agents, sub-contractors or other parties at any time.

If personal data is being viewed on a computer screen and the computer in question is to be left unattended for any period of time, the user must lock the computer and screen before leaving it.

No personal data should be stored on any mobile device (including, but not limited to, laptops, tablets and smartphones), whether such device belongs to the Company or otherwise without the approval of a Company Director and, in the event of such approval, strictly in accordance with all instructions and limitations described a the time the approval is given, and for no longer than is absolutely necessary.

No personal data should be transferred to any device personally belonging to an employee and personal data may only be transferred to devices belonging to agents, contractors, or other parties working on behalf of the Company where the party in question has agreed to comply fully with the letter and spirit of this Policy and of the Regulation (which may include demonstrating to the Company that all suitable technical and organisational measures have been taken).

All personal data stored electronically should be backed up daily with backup's stored offsite. All backups should be encrypted.

All electronic copies of personal data should be stored securely using passwords and data encryption.

All passwords used to protect personal data should be changed regularly and should not use words or phrases that can be easily guessed or otherwise compromised. All software used by the Company is designed to require such passwords.

Under no circumstances should any passwords be written down or shared between any employees, agents, contractors or other parties working on behalf of the Company, irrespective of seniority or department. If a password is forgotten, it must be reset using the applicable method.

IT Computer Security:

a. Our computers have firewall and virus-checking installed.

b. We ensure our operating system is set up to receive automatic updates.

c. We endeavour to protect computer stored personal data by downloading the latest security updates which should cover any vulnerabilities.

d. Our staff have access to the information they need to do their job and do not share passwords.

e. Any personal information held electronically is encrypted.

f. We take regular back-ups of the information on our computer system and keep them in a separate place.

g. We securely remove all personal data before disposing of old computers by using technology or destroying the hard disk.

h. All our emails are encrypted and password protected.

Our website:

Types of information collected on our website:

The following kinds of information may be collected on our website in order to better understand your needs and to provide you with a better service:

Information about your computer, your visits and your use of this website. This may include your computer's IP address, its geographical location, your browser type and version, your computer operating system, the referral source, the length of visit, the number of page views and your navigation of the website.

Information relating to transactions carried out on this website including information relating to the purchase of goods or services.

Information that you provide for the purpose of registering to use services on this
Website and/or in order to subscribe to our website services such as email notifications and newsletters.

Any other information that you specifically choose to send to Crown Securities (UK) Ltd.

Certain areas of this website may use 'cookies'. These cookies are small text files that are stored on your computer when you visit this website. Most major websites use cookies. Cookies help Crown Securities (UK) Ltd to track your use of the site, help you to resume where you left off, remember your registered logins, preferences, and other customization functions and can be used to help show content that better matches your interests.

Cookies cannot be used to reveal your identity or any personal identifying information.

By using our website you are agreeing to this policy and you consent to our use of cookies in accordance with the terms of this policy. If you wish to use our site but do not wish to accept cookies used by Crown Securities (UK) Ltd you can do so by adjusting your browser settings. Independent advice on managing cookies in your browser can be found at www.allaboutcookies.org/. Please note that if you try to use our website without accepting cookies that some parts of this website may not function correctly. If you accept Crown Securities (UK) Ltd cookies, your experience of our website will be much improved and your choices and preferences can be saved for when you visit our site again.

This website may use 'session' cookies, 'persistent' cookies and 'third-party' cookies including 'Google cookies'.

Session cookies
Session cookies help Crown Securities (UK) Ltd to track your use of this website as you navigate the pages. Session cookies are automatically deleted from your computer when you close your browser.

Persistent cookies
Persistent cookies enable Crown Securities (UK) Ltd to recognise you when you make a return visit and may be used to register any preferences set on previous visits. Persistent cookies will remain stored on your computer until they are deleted or until they reach a specified expiry date.

Third-party cookies
Merchant suppliers and affiliate companies that feature on our website may add their own cookies when you click on their links to visit their websites. We will alert you when this is about to happen. Please note that the Crown Securities (UK) Ltd privacy policy will not apply when you leave our website. Other companies will have their own privacy policies on the use of cookies and, if you have any concerns, you should check the privacy policy of the relevant website.

Google cookies
Crown Securities (UK) Ltd may use Google Analytics to analyse the use of this website. Google Analytics generates statistical and other information through cookies stored on your computer when you use this website. The information generated is used to create reports on website use and is stored by Google. Google's privacy policy is available at www.google.com/privacypolicy.html.

We may also publish Google Adsense interest-based advertisement links on our website. When you click on a Google Adsense link Google will track your behaviour across the web using cookies and may use this information to tailor future advertising to reflect your interests.

You can view, delete or add interest categories associated with your browser using Google's Ads Preference Manager, available here at www.google.com/ads/preferences/. You can also opt-out of the Adsense partner network cookie at www.google.com/privacy_ads.html. Please note this opt-out mechanism itself uses a cookie so, if you clear the cookies from your browser, your opt-out will not be maintained and you will have to reset your Google opt-out cookie. To ensure your opt-out is maintained you can use the Google browser plug-in available here at www.google.com/ads/preferences/plugin.

Links to other websites:

Our website may contain links to other websites. Please note that Crown Securities (UK) Ltd has no control over other websites and Crown Securities (UK) Ltd cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such sites. Third-party websites will not be governed by this privacy policy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your Rights:

You may request to access, rectify, or update your inaccurate or out-of-date personal information by contacting our Office. You may have the right to request erasure of your personal information, restriction of processing as it applies to you, object to processing and the right to data portability. You may also have the right to lodge a complaint with the ICO (Information Commissioners Office).

Consent and Withdrawal of Consent:

By providing personal information to us, you understand and agree to the collection, processing and use of such information as set forth in this Privacy Notice. Where required by applicable law we will ask your explicit consent. You may always object to the use of your personal information for direct marketing purposes or withdraw any consent previously granted for a specific purpose.

Data Breach Notifications:

All personal data breaches must be reported immediately to the Company's Data Protection Officer. If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedom of the data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the data protection officer must ensure that the information Commissioner's Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.

Modifications to our Privacy Notice:

We reserve the right to change, modify, and update this Privacy Notice at any time. Please check periodically to ensure that you have reviewed the most current notice.

Issue date: 1st May 2018