CPO Privacy Policy

Privacy Policy

 

1 Introduction

CPO is a trading company of Yeomans Press Limited.

Yeomans Press Limited is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).

Yeomans Press Limited respects your privacy and are determined to protect your personal data. The purpose of this privacy notice is to inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from). We’ll also tell you about your privacy rights and how the data protection law protects you.

Yeomans Press Limited is a limited company and Our registration number is 5306145.

Our Site is owned and operated by Yeomans Press Limited whose registered address is:
Branbridges Industrial Estate
East Peckham
Kent
TN12 5HF

The Directors are the data controllers and are responsible for general data protection matters and complaints arising concerning day-to-day matters. We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this privacy notice. Queries related to Data Protection should be directed to the Data Protection Lead (see the section “How to Contact Us”)


1.1 Purpose Of This Privacy Notice

This privacy notice aims to give you information on how We collect and processes your personal data which either you have provided to Us or We obtain. This notice applies to the personal information We collect about you directly or that We collect from third parties. It sets out:

  • what personal data We collect;

  • how We use your data;

  • Lawful basis;

  • how long We keep your information;

  • how your information is protected;

  • who We share your information with;

  • international transfers;

  • your rights in relation to the information We hold about you;

This website is not intended for children, and we do not knowingly collect data relating to children.


1.2 Third-party links outside of our control

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.


2 The Personal Data We Collect

Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioner’s Office.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped follows:

  • Identity Data includes first name, surname, username, title, date of birth, gender.

  • Contact Data includes telephone number/s, email address, billing address, delivery address.

  • Transaction Data includes details about payments to and from you, details of products and services you have purchased from us.

  • Technical Data includes IP address, your login data, browser type and version, location, operating system, other technology on the devices you use to access this website.

  • Profile Data includes username and password, purchases or orders made by you.

  • Usage Data includes information about how you use our website, products and services.

  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, your communication preferences.

  • Enter any of Our competitions, promotions or surveys

  • Request a call back through Our websites

  • Otherwise interact with Us or provide information to a third party to be referred to Us

Where We request information from you, this will be explained in the relevant forms or pages, or over the telephone. You may choose to provide additional information when you interact with Us or to a third party who refers you to Us. We store customer feedback and information on our customer databases.

We will collect data you give us when applying for a job with Us, this may include:

  • your bank account details and tax and residency status

  • references from previous employers or educational institutions

  • contact details for you, and any next of kin

  • qualifications

  • information concerning your health and medical conditions

  • information about your race, ethnicity, and sexual orientation

  • details of unspent criminal convictions.


2.1 Special category data

Where data processing relates to Special Categories of Data the following processing conditions apply:

  • Explicit Consent has been given by the data subject.

  • Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.


2.2 Social Media Users

We use social media channels (including Facebook, WhatsApp, YouTube and Instagram, the “Social Media Companies”) to publish information about Us. If you follow or otherwise engage with our social media channels, we will collect Usage Data to analyse how users interact with those channels. If you use social media to send us messages or posts, we may use your Profile Data to communicate with you. When you interact with our channels, the Social Media Companies will also process your personal data for the purposes set out above. For more information, we would encourage you to review the privacy notices published by the Social Media Companies.


3 How Can You Control Your Data?

When you submit information via Our Site, you may be given the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails or by emailing us.

You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.

You may withdraw your consent for Us to use your personal data at any time by contacting Us and We will delete Your data from Our systems. However, you acknowledge this may limit Our ability to provide the best possible products and services to you (see the section on How to Contact Us).

If you have an account with Us then you can personally log-on to your account and update your contact and preference details.

Please tell us as soon as any of your contact details change so that we can keep our records up to date.

You can change the way we contact you, or the kind of material we send you, at any time by contacting us by post, or email using the contact details below.


4 How We Use Your Data

We use your data to provide the best possible products and services to you.

This includes:

  • Providing and managing your access to Our Site.

  • Personalising and tailoring your experience on Our Site.

  • Creating an account

  • Supplying Our products and services to you.

  • Responding to communications from you.

  • Analysing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience.

In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the products and services We can provide you without your consent for Us to be able to use such data.


4.1 Third parties or publicly available sources.

We may receive personal data about you from various third parties [and public sources] as set out below :

  • Analytics providers such as Google.

  • Search information providers such as Google or Edge.

  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as PayPal and Stripe

  • Identity and Contact Data from publicly available sources such as Experian.

  • Social Media sites such as Facebook, Twitter, and LinkedIn.


4.2 Direct Marketing

We may from time to time supply you with email newsletters, alerts etc. that you have subscribed to (you may unsubscribe or opt-out at any time by clicking the ‘unsubscribe’ link in the email or by contacting Us (see the section on How to Contact Us)

Once you have submitted your preference to Us, We may use these for marketing purposes which may include contacting you by email, telephone, or text message with information, news and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the DPA 2018, GDPR, and the Privacy and Electronic Communications Regulations 2003.


5 Lawful Basis

Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:

  • you have given consent to the processing of your personal data for one or more specific purposes.

  • processing is necessary for the performance of a contract to which you are a party or to take steps at your request of you prior to entering a contract.

  • processing is necessary for compliance with a legal obligation to which we are subject.

  • processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.

We rely on our legitimate interests for the following reasons:

  • keeping Our records up to date;

  • developing, marketing and charging for Our products and services;

  • running our websites and keeping them safe and secure;

  • presenting Our content and communications in the most effective and sustainable manner for you and your devices;

  • helping you use Our websites, including obtaining products or services;

  • measuring how you use our websites and improving their content and accessibility;

  • measuring and understanding how effective Our adverts are;

  • carrying out campaign work and developing Our policy;

  • complying with legal and or regulatory requirements;

  • identifying consumer trends;

  • understanding products, services and the consumer experience; and

  • to provide insight and analysis into how our social media channels are used and how they are performing.


6 How do we Store and How long do We keep your data

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

Our retention of your personal data is linked to your actions. Unless a longer retention period is required or permitted by law, we will only hold your Personal Information on our systems for the period necessary to fulfil the purposes outlined in this Notice, or until you request that the information be deleted (see the section “Summary of Your rights").

Please see our Retention Schedule for a detailed list of our retention periods.

Even if we delete your Personal Information, we reserve the right to retain your personal data where such retention is necessary for compliance with a Statutory obligation (for example to maintain a copy for legal, tax or regulatory purposes,) but in such event, we will do so only as long as necessary to fulfil those Statutory obligations.


6.0 Data Security

Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site.

All your data is stored electronically in a secure database or in a locked filing cabinet and can only be accessed by authorised people. All users of Our system are trained in GDPR. Where we engage third parties to process personal data on our behalf, they do so upon writing and are contracted to implement appropriate technical and organisational measures to ensure the security of data.


Please see our Retention Schedule for a detailed list of our retention periods.

Data Retention Schedule – Updated October 2024

A. Company Records

Type of Material Minimum Retention Period Reason
Register of members 10 years after the person stops being a member (for entries after 6 April 2008); 20 years for entries before this date. Companies Act 2006, Companies Act 1985
Register of directors’ residential addresses Life of the company Companies Act 2006, Companies Act 1985
Directors’ service contracts At least 1 year after expiry or termination, up to 6 years for tax purposes. Companies Act 2006, Companies Act 1985
Board minutes 10 years from meeting date (post 1 October 2007); permanently for meetings prior. Companies Act 2006, Companies Act 1985
Certificate of Incorporation and Memorandum of Association Life of the company Companies Act 2006, Companies Act 1985

B. Employee HR Records

Type of Material Minimum Retention Period Reason
Employee address Out-of-date data should not be retained Data Protection Principles
Rejected candidates’ recruitment materials 6-12 months after decision Employment Practices Code
Job applications (successful candidates) Length of employment plus 6 years Limitation Act 1980
DBS checks 6-12 months for unsuccessful candidates; align with employment records for successful candidates. Various
Identification documents for Right to Work checks 6 years after employment ends Limitation Act 1980

C. Finance

Type of Material Minimum Retention Period Reason
Accounting records 3 years for private companies; 7 years for public limited companies. Companies Act, GAAP
Financial (including audit) records 7 years from financial year end Companies Act, GAAP
Tax records 10 years from tax year end Tax legislation
VAT records 7 years from tax year end Value Added Tax Act 1994
Banking records 6 years from issuance Companies Act

D. Payroll

Type of Material Minimum Retention Period Reason
Pay records and relevant supporting documents 7 years from financial year end Time limit for legal claims
Material related to income tax and National Insurance 3 years after end of tax year Income Tax Regulations
Working time records 2 years from date of record Working Time Regulations 1998
Records concerning pay during illness absence 3 years from end of tax year Statutory Sick Pay Regulations
Parental leave / maternity pay records 3 years from end of tax year Statutory Maternity Pay Regulations

E. Marketing and Customers

Type of Material Minimum Retention Period Reason
Personal data used to contact existing customers 12-24 months from last interaction GDPR compliance
Personal data for prospective customers (consent-based) 3-6 months depending on interaction GDPR compliance
Data for suppression requests Until risk of contact is eliminated GDPR compliance
Campaign performance data 13 months from campaign end GDPR compliance
Images, photography, and related consent 2-3 years from consent expiry Company policy

F. Health and Safety and Environmental Records

Type of Material Minimum Retention Period Reason
Health and safety policies Life of Group entity Health and Safety at Work Act 1974
Incident and accident records 3-7 years, or until age 21 for minors Reporting of Injuries, Diseases and Dangerous Occurrences Regulations
Medical care and reintegration plans 6 years post-employment Data Protection Act, GDPR
Environmental records and permits Varies; retained while valid Statutory compliance
Fire risk assessments 5 years from last assessment Fire Safety Order 2005

G. Insurance Records

Type of Material Minimum Retention Period Reason
Insurance policies, renewal notices Until claims are barred or all claims are settled Company policy
Records of insurance-based investment product suitability 5 years or the duration of the relationship FCA regulations
Insurance Premium Tax records 6 years Insurance Premium Tax Regulations 1994

H. Miscellaneous

Type of Material Minimum Retention Period Reason
Confidentiality agreements Length of contract + 6 years Limitation Act 1980
Intellectual property records Life of IP + 6 years Limitation Act 1980
Complaints process records 6 years Limitation Act 1980
Data Protection Impact Assessments 6 years Company Policy

7 Who We Share Your Personal Data With

We are committed to not sharing your data and will only do this if it is in your legitimate interest to ensure we provide you with the support and information required to make an informed decision about a service(s) or product(s).

We will not sell your data to any unconnected third parties.

We may contract with third parties to supply products and services to you on Our behalf. These may include payment processing and search engine facilities.

We might share your information across different parts of Our organisation for research, and analysis.

In some cases, third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.

We currently contract with:

Third party name Used to Privacy notice
Mailchimp Marketing E-mails https://www.intuit.com/privacy/statement/
Sage Accounts and Payroll https://www.sage.com/en-gb/legal/privacy/
Tharstern Management Information System https://www.tharstern.com/terms/website/latest
Adobe Magento Shop Platform https://www.adobe.com/uk/privacy.html
Zakeke Personalisation Module of CPO Shop https://www.zakeke.com/general-conditions-and-privacy/
MS365 Documentation creation and storage https://privacy.microsoft.com/en-gb/privacystatement
Technology Box IT Support https://www.technologybox.co.uk/privacy-policy
Access Mintsoft Warehouse Management Software https://www.mintsoft.com/privacy-policy
Barclaycard Process Payments https://www.barclaycard.co.uk/business/privacy-and-cookie-policy
XMPIE Campaign Management Software https://carear.com/privacy-policy/
Paypal Process Payments https://www.paypal.com/uk/legalhub/privacy-full
Stripe Process Payments https://stripe.com/gb/privacy
Royal Mail Mail Distribution https://www.royalmail.com/privacy-notice
PageProof Proofing Software https://pageproof.com/privacy
Judicium HR & Health and Safety https://www.judiciumeducation.co.uk/privacy-policy
Delivery Group Mail Distribution https://www.thedeliverygroup.co.uk/privacy-policy/
Firsty Shop Hosting https://firstygroup.com/privacy-policy.php

We may have to share your personal data with the parties set out below for the purposes set out in the table above.

  • External Third Parties Service

  • Providers based in the UK who provide IT and system administration services.

  • Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.

  • HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.

  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

  • We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.


7.1 International Transfers

We may need to transfer some personal data to the third parties described above who are located outside of the UK. In such cases, we will take appropriate measures to ensure your personal data remains protected. If the organisation is based outside of the UK and in a country that is not protected by an adequacy decision (providing an adequate level of data protection) we will take appropriate safeguards such as implementing the ICOs International Data Transfer Agreement (IDTA).

If you have any questions or need more information regarding international transfers of your personal data, please contacting Us (see the section on How to Contact Us)


7.2 Automatic Collection, Cookies and aggregate information collected from Our website.

We automatically collect some data from visitors to our websites. This includes what pages you have viewed, for how long and where you go on our website.

We use cookies to store information about how you use our sites. A cookie is a piece of data stored on a user’s computer to remember information about you and create a profile of your viewing preferences. Your profile is used to tailor your visit to our website, make navigation easier, and direct you to information that best corresponds to your interests. We require your consent to place non-essential cookies on your device. You can change your cookie preferences by selecting the button in the bottom left corner from any page on our website. View our Cookies Policy

Information is also collected about how you arrived at our websites in the first place. This includes what links or adverts of ours you have viewed or clicked on to reach Us, or any search terms you have used. Where you see an advert outside of Our website. We may place a cookie on your browser. This is so that, when you access Our website, We recognise that you have seen an advert of Ours elsewhere. If you have logged in, this includes your login details.

Aggregate information is collected from users using our own web tracker. This information includes users’ Anonymised Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages, and number of unique visits. This information is not linked to personal profiles or personally identifiable information provided by users. We use the information to analyse visitor trends and use of our website, administer the website, and gather broad demographic information of our website users.

We may use the information we receive and/or collect about you to:

  • Fulfil our obligations under any contract that we have entered into with you or with a Resident that you represent, and to provide you or the relevant Resident with information or services that you or the Resident has requested

  • Monitor website usage and provide statistics to third parties for the purposes of improving and developing the website and the services we provide via the website


8 Summary of your rights

As a data subject, you have several rights and control over how your data is used.

  • You can request access to, deletion of, or correction of, your personal data held by Us.

  • You can ask for a copy of the data you have given Us.

  • You can require Us to amend or change incorrect or incomplete data.

  • You can require Us to delete or stop processing your data, where the data is no longer necessary for the purposes of processing.

  • You can object to the processing of your data where We are relying on its legitimate interests as the legal ground for processing.

  • You can ask Us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the company's legitimate grounds for processing data.

To enforce any of the foregoing rights or if you have any other questions about Our Site or this Privacy Notice, please contact Us using the details set out in the section “How to Contact Us”.

No fee is required – with some exceptions. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.


9 How to Contact Us

If you have any questions about Our Site or this Privacy Notice, please contact Us by email at dataprotection@weareyeomans.co.uk

or by telephone on 01892 839280 and ask for the Data Protection lead.

or by post to Data Protection,
Branbridges Industrial Estate
East Peckham
Kent
TN12 5HF

Please ensure that your query is clear, particularly if it is a request for information about the data, We hold about you.


10 How to complain

If you are unhappy with the way that we have processed or handled your data, please contact Us (see the section How to Contact Us).

If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the Information Commissioner’s Office are:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113 Website: https://ico.org.uk/concerns/


11 Changes to Our Privacy Notice

We may change this Privacy Notice as we may deem necessary from time to time, or as may be required by English law. Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the Privacy Notice on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.


Last updated August 2024