1. Who we are
WILLIAM JACKSON FOOD GROUP LIMITED, (‘we’ or ‘us’ or ‘our’), is the parent company for a number of organisations.
William Jackson Food Group Limited is the data controller for all the organisations within the group that are covered by the scope of this notice. This means that William Jackson Food Group Ltd determines what data is collected by each organisation within the group, how this data is going to be used and how this data is protected in accordance with all data protection regulations and laws.
We are a company registered in England and Wales under company number 03974470. We are registered on the Information Commissioner’s Office Register; registration number Z4746826.
Our registered office address is:
William Jackson Food Group Limited
The Riverside Building
If you have questions about how we process personal data, or would like to exercise your data subject rights, please email our Data Protection Officer at firstname.lastname@example.org.
The full list of organisations that fall into the scope of this notice can be found below, along with their associated websites.
Abel & Cole www.abelandcole.co.uk
Belazu Ingredient Company www.belazu.com
Jacksons Bakery Ltd www.jacksonsbread.co.uk
Richard Wellock & Sons Limited www.wellocks.co.uk
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this document, we explain how we collect, use and protect your personal data. We also explain what rights you have with regard to your personal data and how you can exercise those rights.
This Privacy Notice is based on the terms used by the United Kingdom General Data Protection Regulation (UKGDPR) but for ease of understanding the following definitions apply.
Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by the Information Commissioners Office.
Personal data: any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject: any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
Third Party: a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Data Asset Information Inventory: also known as a ROPA, Record of Processing Activities is a register outlining where personal data is held, how long it is retained for and who it is shared with. This is a living document which is continually reviewed and updated.
Restriction of processing: the marking of stored personal data with the aim of limiting their processing in the future.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Profiling: any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. The information we collect and how we use it
We process your personal information to meet our legal, statutory and contractual obligations and to provide you with our products and services. You may give us information about you by corresponding with us by phone, email, social-media or otherwise by submitting an enquiry via our website, by opting in to receive a newsletter, or when you take part in a prize draw, competition or survey. We will never collect any unnecessary personal data from you and do not process your information in any way, other than as specified in this notice. Your personal data will not be shared across the Groups other businesses.
The personal data that we collect from is:
- Personal Email
- Business Email
- Business Telephone Number
- Mobile Telephone Number
The table in the section below provides more detail about the data we collect for each of the purposes, the lawful basis for doing so and whom if anyone your data is shared with. The organisation of our business architecture, accounting and systems infrastructure and compliance means that much of the personal data is processed on common platforms. We have processes in place to make sure that only those people in our organisation who need to access your data can do so. A number of data elements are collected for multiple purposes, as the table below.
In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we may collect the following:
- Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
- Your login information, browser type and version, browser plugin types and versions.
- Operating system and platform.
- Information about your visit, including the URL (Uniform Resource Locator) through and from our site.
From time to time, we may use technologies, such as tracking pixels (also called 1×1 pixels or pixel tags), to collect the above information from your interaction with emails we send you. This enables us to focus our marketing to your needs, leading to more relevant emails to our subscribers. It also helps us to identify subscribers that are not engaged with our marketing emails, enabling us to remove them from our send lists.
How long we retain your personal data for
We only retain your personal data for as long as we need it and for the purpose for which it was collected and whilst taking into consideration our legal obligations, we will on an ongoing basis review the length of time we retain your personal data. We will consider the purpose or purposes for which we hold your personal data. We will securely delete your personal data if it is no longer needed for such purpose or purposes and update or archive or securely delete your personal data if it goes out of date. For further information on how long we retain your personal data please refer to the table below.
4. Third Parties
Some data may be shared with third parties and this is also identified where this happens.
We may share personal data about you with third parties:
a) who are directly involved in dealing with any request or enquiry made by you
b) where such disclosure is required by law
c) with third parties who are providing us with professional advice
d) where the disclosure is in connection with any criminal investigation legal proceedings or respective legal proceedings were permitted by law
e) where the disclosure is in order to establish exercise or defend our legal rights including providing information to fraud prevention or reducing credit risk
h) we will not pass on your information to a third party for the purposes of marketing
i) we may also disclose your personal data to third-parties in the event that we sell or buy any businesses or assets (in which case we may disclose your personal data to the prospective seller or buyer of such businesses or assets)
j) or if all of our assets are acquired by third-party in which case personal data held by us about our clients and subscribers will be one of the transferred assets.
|Purpose / Activity
||Type of Data
||Lawful Basis for Processing
||Data Shared With
|To respond to an enquiry made by you by either phone, email, social media, website or other.
||a) Identity data
b) Contact Data
c) Information submitted pursuant to your enquiry
|Analytical and performance
||Anonymous visitor, session and campaign data for our analytic reports using cookies and other tracking activities.
||Analytical and performance interest; reporting on our website performance and what parts of the website our users use the most, how many users used our website and how they use it.
5. Your Rights
You have a legal right to see a copy of your personal data that we keep about you subject to certain exemptions request for such information should be made by email to email@example.com or by writing to Data Protection Officer at The Riverside Building, Livingstone Road, Hessle, East Yorkshire, HU13 0DZ, United Kingdom.
In some circumstances you may also have the right to:
Right to be Informed: you shall have the right to obtain clear and transparent information about the data controllers data processing activities. This is provided by this privacy notice.
Right to Rectification: you shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the data subject. The data subject shall have the right to have incomplete personal data completed.
Right to Erasure (Right to be forgotten): you shall have the right to obtain from the controller the erasure of personal data without undue delay, and the controller shall have an obligation to erase personal data without undue delay where one of the statutory grounds applies, as long as the processing is no longer necessary.
Right of Restriction of Processing: you shall have the right to obtain from the controller restriction of processing where a statutory reason applies.
Right to Data Portability: you shall have the right, to receive the personal data, which was provided to a controller or processor, in a structured, commonly used and machine-readable format.
Right to Object: you shall have the right to object, on grounds relating to a particular situation, at any time, to the processing of personal data.
Right to Withdraw Consent: If you have given your consent to receive marketing materials you may withdraw your consent at any time by either opting out of any emails or by contacting us at firstname.lastname@example.org
Automated individual decision-making, including profiling: we do not process personal data for automatic decision-making or profiling.
6. Security Measures
We take your privacy seriously and take every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –
- Latest and widely accepted TLS protocols.
- Restricted access to areas used to store data, via firewalls, encryption, and the latest widely accepted security protocols.
The internet is global, and no data transmitted via the Internet can be guaranteed by us to be completely secure during transmission. We cannot guarantee the security of any data that you disclose online, and we will not be responsible for any breach of security unless it’s due to our negligence or willful default.
Our website is hosted in the UK and all data provided to us is stored within our service located in the UK or the European economic area EEA.
7. Transfers outside the UK (if applicable) not applicable currently
Personal data in the United Kingdom is protected by the EU General Data Protection Regulation (EU GDPR) and UK GDPR but some other countries may not necessarily have the same high standard of protection for your personal data.
We utilise some products or services (or parts of them) that may be hosted/stored outside of the UK, which means that we may transfer any information which is submitted by you through the website outside the UK for analytical and performance data.
Therefore, when you use our website/send us an email/sign up to our newsletter etc, the personal information you submit may be stored on servers which are hosted outside of the UK. Where this is the case, we will take steps to ensure that those providers use the necessary level of protection for your information and abide by strict agreements and measures set out by us to protect your data and comply with the relevant data protection laws.
8. Consequences of not providing your data
You are not obligated to provide your personal information to us however, as this information is required for us to provide you with our services and or deliver your products, we will not be able to offer some/all our services without it.
9. Contact us and lodging a complaint
We only process your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unhappy with how we have handled your information, you have the right to lodge a complaint with the ICO, however in the first instance we would always prefer to help you directly and resolve any issues you may have.
Data Protection Officer
William Jackson Food Group Limited
The Riverside Building
The Information Commissioner’s Office
Telephone: 0303 123 1113