CPO Privacy Policy
Privacy Policy
1 Introduction
CPO is a trading company of Yeomans Press Limited.
Yeomans Press Limited is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).
Yeomans Press Limited respects your privacy and are determined to protect your personal data. The purpose of this privacy notice is to inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from). We’ll also tell you about your privacy rights and how the data protection law protects you.
Yeomans Press Limited is a limited company and Our registration number is 5306145.
Our Site is owned and operated by Yeomans Press Limited whose registered address is: Branbridges Industrial Estate East Peckham Kent TN12 5HF
The Directors are the data controllers and are responsible for general data protection matters and complaints arising concerning day-to-day matters. We have appointed a Data Protection Lead who is responsible for overseeing questions in relation to this privacy notice. Queries related to Data Protection should be directed to the Data Protection Lead (see the section “How to Contact Us”)
1.1 Purpose Of This Privacy Notice
This privacy notice aims to give you information on how We collect and processes your personal data which either you have provided to Us or We obtain. This notice applies to the personal information We collect about you directly or that We collect from third parties. It sets out:
what personal data We collect;
how We use your data;
Lawful basis;
how long We keep your information;
how your information is protected;
who We share your information with;
international transfers;
your rights in relation to the information We hold about you;
This website is not intended for children, and we do not knowingly collect data relating to children.
1.2 Third-party links outside of our control
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2 The Personal Data We Collect
Personal data, or personal information, means any information about an individual from which that person can be identified. You can find out more about personal data from the Information Commissioner’s Office.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped follows:
Identity Data includes first name, surname, username, title, date of birth, gender.
Contact Data includes telephone number/s, email address, billing address, delivery address.
Transaction Data includes details about payments to and from you, details of products and services you have purchased from us.
Technical Data includes IP address, your login data, browser type and version, location, operating system, other technology on the devices you use to access this website.
Profile Data includes username and password, purchases or orders made by you.
Usage Data includes information about how you use our website, products and services.
Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties, your communication preferences.
Enter any of Our competitions, promotions or surveys
Request a call back through Our websites
Otherwise interact with Us or provide information to a third party to be referred to Us
Where We request information from you, this will be explained in the relevant forms or pages, or over the telephone. You may choose to provide additional information when you interact with Us or to a third party who refers you to Us. We store customer feedback and information on our customer databases.
We will collect data you give us when applying for a job with Us, this may include:
your bank account details and tax and residency status
references from previous employers or educational institutions
contact details for you, and any next of kin
qualifications
information concerning your health and medical conditions
information about your race, ethnicity, and sexual orientation
details of unspent criminal convictions.
2.1 Special category data
Where data processing relates to Special Categories of Data the following processing conditions apply:
Explicit Consent has been given by the data subject.
Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement.
2.2 Social Media Users
We use social media channels (including Facebook, WhatsApp, YouTube and Instagram, the “Social Media Companies”) to publish information about Us. If you follow or otherwise engage with our social media channels, we will collect Usage Data to analyse how users interact with those channels. If you use social media to send us messages or posts, we may use your Profile Data to communicate with you. When you interact with our channels, the Social Media Companies will also process your personal data for the purposes set out above. For more information, we would encourage you to review the privacy notices published by the Social Media Companies.
3 How Can You Control Your Data?
When you submit information via Our Site, you may be given the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails or by emailing us.
You may access certain areas of Our Site without providing any data at all. However, to use all features and functions available on Our Site you may be required to submit or allow for the collection of certain data.
You may withdraw your consent for Us to use your personal data at any time by contacting Us and We will delete Your data from Our systems. However, you acknowledge this may limit Our ability to provide the best possible products and services to you (see the section on How to Contact Us).
If you have an account with Us then you can personally log-on to your account and update your contact and preference details.
Please tell us as soon as any of your contact details change so that we can keep our records up to date.
You can change the way we contact you, or the kind of material we send you, at any time by contacting us by post, or email using the contact details below.
4 How We Use Your Data
We use your data to provide the best possible products and services to you.
This includes:
Providing and managing your access to Our Site.
Personalising and tailoring your experience on Our Site.
Creating an account
Supplying Our products and services to you.
Responding to communications from you.
Analysing your use of Our Site and gathering feedback to enable Us to continually improve Our Site and your user experience.
In some cases, the collection of data may be a statutory or contractual requirement, and We will be limited in the products and services We can provide you without your consent for Us to be able to use such data.
4.1 Third parties or publicly available sources.
We may receive personal data about you from various third parties [and public sources] as set out below :
Analytics providers such as Google.
Search information providers such as Google or Edge.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as PayPal and Stripe
Identity and Contact Data from publicly available sources such as Experian.
Social Media sites such as Facebook, Twitter, and LinkedIn.
4.2 Direct Marketing
We may from time to time supply you with email newsletters, alerts etc. that you have subscribed to (you may unsubscribe or opt-out at any time by clicking the ‘unsubscribe’ link in the email or by contacting Us (see the section on How to Contact Us)
Once you have submitted your preference to Us, We may use these for marketing purposes which may include contacting you by email, telephone, or text message with information, news and offers on Our products and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the DPA 2018, GDPR, and the Privacy and Electronic Communications Regulations 2003.
5 Lawful Basis
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following bases applies:
you have given consent to the processing of your personal data for one or more specific purposes.
processing is necessary for the performance of a contract to which you are a party or to take steps at your request of you prior to entering a contract.
processing is necessary for compliance with a legal obligation to which we are subject.
processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the fundamental rights and freedoms of the data subject which require protection of personal data.
We rely on our legitimate interests for the following reasons:
keeping Our records up to date;
developing, marketing and charging for Our products and services;
running our websites and keeping them safe and secure;
presenting Our content and communications in the most effective and sustainable manner for you and your devices;
helping you use Our websites, including obtaining products or services;
measuring how you use our websites and improving their content and accessibility;
measuring and understanding how effective Our adverts are;
carrying out campaign work and developing Our policy;
complying with legal and or regulatory requirements;
identifying consumer trends;
understanding products, services and the consumer experience; and
to provide insight and analysis into how our social media channels are used and how they are performing.
6 How do we Store and How long do We keep your data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Our retention of your personal data is linked to your actions. Unless a longer retention period is required or permitted by law, we will only hold your Personal Information on our systems for the period necessary to fulfil the purposes outlined in this Notice, or until you request that the information be deleted (see the section “Summary of Your rights").
Please see our Retention Schedule for a detailed list of our retention periods.
Even if we delete your Personal Information, we reserve the right to retain your personal data where such retention is necessary for compliance with a Statutory obligation (for example to maintain a copy for legal, tax or regulatory purposes,) but in such event, we will do so only as long as necessary to fulfil those Statutory obligations.
6.0 Data Security
Data security is of great importance to Us, and to protect your data We have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through Our Site.
All your data is stored electronically in a secure database or in a locked filing cabinet and can only be accessed by authorised people. All users of Our system are trained in GDPR. Where we engage third parties to process personal data on our behalf, they do so upon writing and are contracted to implement appropriate technical and organisational measures to ensure the security of data.
Please see our Retention Schedule for a detailed list of our retention periods.
Data Retention Schedule – Updated October 2024
A. Company Records
Type of Material
Minimum Retention Period
Reason
Register of members
10 years after the person stops being a member (for entries after 6 April 2008); 20 years for entries before this date.
Companies Act 2006, Companies Act 1985
Register of directors’ residential addresses
Life of the company
Companies Act 2006, Companies Act 1985
Directors’ service contracts
At least 1 year after expiry or termination, up to 6 years for tax purposes.
Companies Act 2006, Companies Act 1985
Board minutes
10 years from meeting date (post 1 October 2007); permanently for meetings prior.
Companies Act 2006, Companies Act 1985
Certificate of Incorporation and Memorandum of Association
Life of the company
Companies Act 2006, Companies Act 1985
B. Employee HR Records
Type of Material
Minimum Retention Period
Reason
Employee address
Out-of-date data should not be retained
Data Protection Principles
Rejected candidates’ recruitment materials
6-12 months after decision
Employment Practices Code
Job applications (successful candidates)
Length of employment plus 6 years
Limitation Act 1980
DBS checks
6-12 months for unsuccessful candidates; align with employment records for successful candidates.
Various
Identification documents for Right to Work checks
6 years after employment ends
Limitation Act 1980
C. Finance
Type of Material
Minimum Retention Period
Reason
Accounting records
3 years for private companies; 7 years for public limited companies.
Companies Act, GAAP
Financial (including audit) records
7 years from financial year end
Companies Act, GAAP
Tax records
10 years from tax year end
Tax legislation
VAT records
7 years from tax year end
Value Added Tax Act 1994
Banking records
6 years from issuance
Companies Act
D. Payroll
Type of Material
Minimum Retention Period
Reason
Pay records and relevant supporting documents
7 years from financial year end
Time limit for legal claims
Material related to income tax and National Insurance
3 years after end of tax year
Income Tax Regulations
Working time records
2 years from date of record
Working Time Regulations 1998
Records concerning pay during illness absence
3 years from end of tax year
Statutory Sick Pay Regulations
Parental leave / maternity pay records
3 years from end of tax year
Statutory Maternity Pay Regulations
E. Marketing and Customers
Type of Material
Minimum Retention Period
Reason
Personal data used to contact existing customers
12-24 months from last interaction
GDPR compliance
Personal data for prospective customers (consent-based)
3-6 months depending on interaction
GDPR compliance
Data for suppression requests
Until risk of contact is eliminated
GDPR compliance
Campaign performance data
13 months from campaign end
GDPR compliance
Images, photography, and related consent
2-3 years from consent expiry
Company policy
F. Health and Safety and Environmental Records
Type of Material
Minimum Retention Period
Reason
Health and safety policies
Life of Group entity
Health and Safety at Work Act 1974
Incident and accident records
3-7 years, or until age 21 for minors
Reporting of Injuries, Diseases and Dangerous Occurrences Regulations
Medical care and reintegration plans
6 years post-employment
Data Protection Act, GDPR
Environmental records and permits
Varies; retained while valid
Statutory compliance
Fire risk assessments
5 years from last assessment
Fire Safety Order 2005
G. Insurance Records
Type of Material
Minimum Retention Period
Reason
Insurance policies, renewal notices
Until claims are barred or all claims are settled
Company policy
Records of insurance-based investment product suitability
5 years or the duration of the relationship
FCA regulations
Insurance Premium Tax records
6 years
Insurance Premium Tax Regulations 1994
H. Miscellaneous
Type of Material
Minimum Retention Period
Reason
Confidentiality agreements
Length of contract + 6 years
Limitation Act 1980
Intellectual property records
Life of IP + 6 years
Limitation Act 1980
Complaints process records
6 years
Limitation Act 1980
Data Protection Impact Assessments
6 years
Company Policy
7 Who We Share Your Personal Data With
Data Retention Schedule – Updated October 2024
A. Company Records
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Register of members | 10 years after the person stops being a member (for entries after 6 April 2008); 20 years for entries before this date. | Companies Act 2006, Companies Act 1985 |
| Register of directors’ residential addresses | Life of the company | Companies Act 2006, Companies Act 1985 |
| Directors’ service contracts | At least 1 year after expiry or termination, up to 6 years for tax purposes. | Companies Act 2006, Companies Act 1985 |
| Board minutes | 10 years from meeting date (post 1 October 2007); permanently for meetings prior. | Companies Act 2006, Companies Act 1985 |
| Certificate of Incorporation and Memorandum of Association | Life of the company | Companies Act 2006, Companies Act 1985 |
B. Employee HR Records
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Employee address | Out-of-date data should not be retained | Data Protection Principles |
| Rejected candidates’ recruitment materials | 6-12 months after decision | Employment Practices Code |
| Job applications (successful candidates) | Length of employment plus 6 years | Limitation Act 1980 |
| DBS checks | 6-12 months for unsuccessful candidates; align with employment records for successful candidates. | Various |
| Identification documents for Right to Work checks | 6 years after employment ends | Limitation Act 1980 |
C. Finance
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Accounting records | 3 years for private companies; 7 years for public limited companies. | Companies Act, GAAP |
| Financial (including audit) records | 7 years from financial year end | Companies Act, GAAP |
| Tax records | 10 years from tax year end | Tax legislation |
| VAT records | 7 years from tax year end | Value Added Tax Act 1994 |
| Banking records | 6 years from issuance | Companies Act |
D. Payroll
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Pay records and relevant supporting documents | 7 years from financial year end | Time limit for legal claims |
| Material related to income tax and National Insurance | 3 years after end of tax year | Income Tax Regulations |
| Working time records | 2 years from date of record | Working Time Regulations 1998 |
| Records concerning pay during illness absence | 3 years from end of tax year | Statutory Sick Pay Regulations |
| Parental leave / maternity pay records | 3 years from end of tax year | Statutory Maternity Pay Regulations |
E. Marketing and Customers
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Personal data used to contact existing customers | 12-24 months from last interaction | GDPR compliance |
| Personal data for prospective customers (consent-based) | 3-6 months depending on interaction | GDPR compliance |
| Data for suppression requests | Until risk of contact is eliminated | GDPR compliance |
| Campaign performance data | 13 months from campaign end | GDPR compliance |
| Images, photography, and related consent | 2-3 years from consent expiry | Company policy |
F. Health and Safety and Environmental Records
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Health and safety policies | Life of Group entity | Health and Safety at Work Act 1974 |
| Incident and accident records | 3-7 years, or until age 21 for minors | Reporting of Injuries, Diseases and Dangerous Occurrences Regulations |
| Medical care and reintegration plans | 6 years post-employment | Data Protection Act, GDPR |
| Environmental records and permits | Varies; retained while valid | Statutory compliance |
| Fire risk assessments | 5 years from last assessment | Fire Safety Order 2005 |
G. Insurance Records
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Insurance policies, renewal notices | Until claims are barred or all claims are settled | Company policy |
| Records of insurance-based investment product suitability | 5 years or the duration of the relationship | FCA regulations |
| Insurance Premium Tax records | 6 years | Insurance Premium Tax Regulations 1994 |
H. Miscellaneous
| Type of Material | Minimum Retention Period | Reason |
|---|---|---|
| Confidentiality agreements | Length of contract + 6 years | Limitation Act 1980 |
| Intellectual property records | Life of IP + 6 years | Limitation Act 1980 |
| Complaints process records | 6 years | Limitation Act 1980 |
| Data Protection Impact Assessments | 6 years | Company Policy |
We are committed to not sharing your data and will only do this if it is in your legitimate interest to ensure we provide you with the support and information required to make an informed decision about a service(s) or product(s).
We will not sell your data to any unconnected third parties.
We may contract with third parties to supply products and services to you on Our behalf. These may include payment processing and search engine facilities.
We might share your information across different parts of Our organisation for research, and analysis.
In some cases, third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
We currently contract with:
We may have to share your personal data with the parties set out below for the purposes set out in the table above.
External Third Parties Service
Providers based in the UK who provide IT and system administration services.
Professional advisers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
HM Revenue & Customs, regulators and other authorities based in the UK who require reporting of processing activities in certain circumstances.
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
7.1 International Transfers
We may need to transfer some personal data to the third parties described above who are located outside of the UK. In such cases, we will take appropriate measures to ensure your personal data remains protected. If the organisation is based outside of the UK and in a country that is not protected by an adequacy decision (providing an adequate level of data protection) we will take appropriate safeguards such as implementing the ICOs International Data Transfer Agreement (IDTA).
If you have any questions or need more information regarding international transfers of your personal data, please contacting Us (see the section on How to Contact Us)
7.2 Automatic Collection, Cookies and aggregate information collected from Our website.
We automatically collect some data from visitors to our websites. This includes what pages you have viewed, for how long and where you go on our website.
We use cookies to store information about how you use our sites. A cookie is a piece of data stored on a user’s computer to remember information about you and create a profile of your viewing preferences. Your profile is used to tailor your visit to our website, make navigation easier, and direct you to information that best corresponds to your interests. We require your consent to place non-essential cookies on your device. You can change your cookie preferences by selecting the button in the bottom left corner from any page on our website. View our Cookies Policy
Information is also collected about how you arrived at our websites in the first place. This includes what links or adverts of ours you have viewed or clicked on to reach Us, or any search terms you have used. Where you see an advert outside of Our website. We may place a cookie on your browser. This is so that, when you access Our website, We recognise that you have seen an advert of Ours elsewhere. If you have logged in, this includes your login details.
Aggregate information is collected from users using our own web tracker. This information includes users’ Anonymised Internet Protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages, and number of unique visits. This information is not linked to personal profiles or personally identifiable information provided by users. We use the information to analyse visitor trends and use of our website, administer the website, and gather broad demographic information of our website users.
We may use the information we receive and/or collect about you to:
Fulfil our obligations under any contract that we have entered into with you or with a Resident that you represent, and to provide you or the relevant Resident with information or services that you or the Resident has requested
Monitor website usage and provide statistics to third parties for the purposes of improving and developing the website and the services we provide via the website
8 Summary of your rights
As a data subject, you have several rights and control over how your data is used.
You can request access to, deletion of, or correction of, your personal data held by Us.
You can ask for a copy of the data you have given Us.
You can require Us to amend or change incorrect or incomplete data.
You can require Us to delete or stop processing your data, where the data is no longer necessary for the purposes of processing.
You can object to the processing of your data where We are relying on its legitimate interests as the legal ground for processing.
You can ask Us to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the company's legitimate grounds for processing data.
To enforce any of the foregoing rights or if you have any other questions about Our Site or this Privacy Notice, please contact Us using the details set out in the section “How to Contact Us”.
No fee is required – with some exceptions. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9 How to Contact Us
If you have any questions about Our Site or this Privacy Notice, please contact Us by email at dataprotection@weareyeomans.co.uk
or by telephone on 01892 839280 and ask for the Data Protection lead.
or by post to Data Protection, Branbridges Industrial Estate East Peckham Kent TN12 5HF
Please ensure that your query is clear, particularly if it is a request for information about the data, We hold about you.
10 How to complain
If you are unhappy with the way that we have processed or handled your data, please contact Us (see the section How to Contact Us).
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). The ICO is the supervisory body authorised by the Data Protection Act 2018 to regulate the handling of personal data within the United Kingdom. The contact details for the Information Commissioner’s Office are:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF Telephone: 0303 123 1113 Website: https://ico.org.uk/concerns/
11 Changes to Our Privacy Notice
We may change this Privacy Notice as we may deem necessary from time to time, or as may be required by English law. Any changes will be immediately posted on Our Site, and you will be deemed to have accepted the terms of the Privacy Notice on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up to date.
Last updated August 2024