PRIVACY POLICY
This Privacy Policy sets out how Waystone Limited and subsidiaries (“the Company”) uses and protects your personal data (these include Waystone Development Ltd, Waystone 32 Ltd and Waystone Unity LLP). The Company is the Controller for personal data given to the Company by business contacts, staff, and other individuals.
The full details of the Company are: –
Waystone Limited
Registered in England
Company number: – 02451184
Registered address:-
C P House,
Otterspool Way,
Watford,
WD25 8JJ
In the course of its business activities, the Company requests, obtains, and processes personal data from customers, prospective customers, business contacts, staff, and other individuals. The Company aims to process the minimum personal data the Company needs in order to provide a good service. The Company recognises and respects the legal rights and reasonable expectations of individuals over their personal data and privacy.
This Privacy Policy explains how the Company protects personal data and privacy. Many of the principles the Company follows are driven by the EU’s General Data Protection Regulation (GDPR).
However, the Company complies with all applicable legal requirements on personal data protection and privacy.
The Company has tried to make this Privacy Policy easy to use and to understand, within the constraints of the complexity of the information the Company has to communicate.
Table of Contents
1) Legal rights of individuals (“data subjects”) under GDPR
1.1 Right to receive transparent information
1.2 Right of access to your own data
1.3 Right to rectify inaccurate data
1.4 Right to erasure (“Right to be forgotten”)
1.5 Right to withdraw consent
1.6 Right to request restriction of processing
1.7 Right to object to processing
1.8 Right not be subject to automated decisions
1.9 Data portability
1.10 Right to complain to a “Supervisory Authority”
1.11 Contacting the Company regarding GDPR
2) How the Company uses your information
2.1 Initial enquiry about land
2.2 Land sites
2.3 Services provided to visitors of the land sites and the offices
3) Cookies
4) Job application
5) Terms and abbreviations used in this Disclosure
1) Legal rights of individuals (“data subjects”) under GDPR
The “data subjects” covered by GDPR are living individuals anywhere in the world who deal with a “controller” in the EU, or living individuals in the EU who deal with a controller outside the EU. A “controller” is the legal entity which defines how personal data is processed. “Personal data” is any
data which can be linked to a data subject.
As explained below, data subjects have the following specific rights under GDPR:
a) Right to receive transparent information
b) Right of access to your own data
c) Right to rectify inaccurate data
d) Right to erasure (“Right to be forgotten”) in specific circumstances
e) Right to withdraw consent
f) Right to request restriction of processing
g) Right to object to processing
h) Right not to be subject to automated decisions
i) Right to “ Data portability ”
j) Right to complain to a “Supervisory Authority”
This Policy addresses all of these rights. Upon your request on any of them, the Company will respond without undue delay and in any case within one month, and the Company will do its best to resolve even complex cases within three months. The Company will not charge a fee for an initial request, but the Company reserves the right to charge an administrative fee for handling repeated requests within a year, or in case of otherwise manifestly unfounded or excessive requests.
Note that the Company will need to verify your identity to be able to act on any request.
If the Company believes that it should not act on your request, the Company will write to inform you of the basis for the Company decision, and also of your options for legal remedy.
Separately from these rights, if you believe that the Company has mistreated you with regard to your personal data or your privacy, please contact the Company so that it can rectify the situation.
You can send a formal complaint to the Company by email or by post to the address given in section 1.11 “ Contacting the Company regarding GDPR ”.
The Company will aim to respond without undue delay and in any case within a month, although it may take the Company longer to investigate fully.
1.1 Right to receive transparent information
The Company will provide all information required by GDPR to you in a concise, transparent, intelligible and easily accessible form, using clear and plain language. The Company shall provide the information in writing or by electronic means. If you request, the Company will provide information orally.
The Company will facilitate your exercising your rights as described in the rest of section 1 below.
Section 1.11 “Contacting the Company regarding GDPR” below gives email and postal addresses for contacting the Company.
1.2 Right of access to your own data
You have the right to obtain from the Company confirmation as to whether personal data on you is being processed, and, if so, to access the data and the following information:
a) The purpose of the processing
b) The categories of personal data concerned
c) The recipients to whom the Company has disclosed or will disclose the personal data, in particular recipients in countries outside the EU
d) The period for which the personal data will be stored
e) The existence of your right to request the Company to rectify or erase personal data or to restrict processing of personal data or to object to such processing
f) Your right to lodge a complaint with a Supervisory Authority
g) Where the personal data is not collected directly from you, information as to its source
h) Whether there is any automated decision-making from the data, and, if so, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
i) Where the Company transfers your personal data to a country outside the EU, the appropriate safeguards the Company has in place to protect your rights.
1.3 Right to rectify inaccurate data
If the Company holds inaccurate or incomplete personal data on you, the Company will rectify this without undue delay on receiving your request.
1.4 Right to erasure (“Right to be forgotten”)
You have the right to request the Company to erase your personal data and for the Company to act on the request without undue delay, where one of the following grounds applies:
(a) Your data is no longer necessary in relation to the purposes for which it was originally processed
(b) You withdraw consent and the Company has no other legal basis for processing your data
(c) The basis of lawfulness for processing is the Company’s legitimate interest, and you can show that the Company has no legitimate grounds for the processing which overrides your interest, rights, and freedoms
(d) The processing is for direct marketing, and you object to this
(e) The Company has been unlawfully processing your data
(f) The Company has to erase your data for compliance with a legal obligation in EU or Member State law to which the Company is subject
1.5 Right to withdraw consent
Where you have given the Company consent for any processing, you have the right to withdraw consent at any time. Section 1.11 “Contacting the Company regarding GDPR” below gives email and postal addresses for contacting the Company.
Note that your withdrawal of consent will not affect processing which the Company has already performed.
1.6 Right to request restriction of processing
You can request that the Company restricts the processing of your personal data where one of the following applies:
You contest the accuracy of the personal data
The Company no longer has a basis of lawfulness for processing, but you oppose the Company erasing the data and you request that the Company restricts its use instead
The Company no longer needs the data for the original purpose, but you require it for the establishment, exercise, or defence of legal claims
You object to the Company processing on the grounds that the Company states its legal basis as “our legitimate interests” but you claim that your “interests, rights, and freedoms” override these.
Where processing is restricted under your objection, except for continuing to store the data the Company shall process it only with your consent or:
a) For the establishment, exercise or defence of legal claims,
b) For the protection of the rights of another person, or
c) For reasons of important public interest of the EU or of a Member State.
Where the Company restricts processing, it shall inform you before it lifts the restriction.
Operational practicalities may prevent the Company restricting processing precisely as envisaged by GDPR, but in such a case the Company will work with you to try to find a satisfactory resolution.
1.7 Right to object to processing
You have the right to object to the Company processing your personal data where:
The basis of lawfulness for processing is “the Company’s legitimate interests” but you show that your “interests, rights, and freedoms” override these
The Company processes your data for direct marketing purposes, including “profiling” to the extent that it is related to such direct marketing. (Profiling is automated decision making which analyses or predicts aspects such as your economic situation, personal preferences, behaviour, or location.) Where you make such an objection the Company shall no longer process your data
for such purposes.
1.8 Right not to be subject to automated decisions
You have the right not to be subject to a decision based solely on automated processing, if this produces legal effects on you or similarly significantly affects you.
However, this does not apply:
(a) If the decision is necessary for the Company to perform a contract with you or if the Company has your explicit consent, or
(b) If the automated process is authorised by an EU or Member State law which also defines measures the Company has to follow which safeguard your rights, freedoms, and legitimate interests.
In case (a), the Company has to implement suitable measures to safeguard your rights, freedoms, and legitimate interests. This includes at least your right to make the Company ensure human intervention, and your right to express your point of view and to contest the decision.
1.9 Data portability
GDPR gives a data subject the right in certain circumstances to receive the personal data concerning him or her “in a structured, commonly used and machine-readable format”. The right includes having the personal data transmitted directly from one controller to another, where technically
feasible.
Where you apply under 1.2 above for access to your own personal data, the Company will normally supply this in a commonly used electronic format, unless you specifically ask us to send you a written copy.
1.10 Right to complain to a “Supervisory Authority”
If you believe that the Company has treated you unfairly or unlawfully under GDPR, you can complain to a Supervisory Authority for data protection. As the Company has its establishment in Great Britain, you can complain to the United Kingdom Authority regardless of your residence, even if you are resident outside the EU:
The Information Commissioner’s Office
Water Lane, Wycliffe House
Wilmslow – Cheshire SK9 5AF
Tel. +44 1625 545 745
Website: https://ico.org.uk
If you are normally resident in an EU country other than the United Kingdom, you also have the right to raise a complaint with the Supervisory Authority of that country. This link will give you the name and contact details:
http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm
1.11 Contacting the Company regarding GDPR
To exercise one of the rights described above, or to make a complaint directly to the Company or to contact the Company with a general enquiry regarding GDPR or privacy, the email and postal addresses are:
Privacy Officer
C P House,
Otterspool Way,
Watford,
WD25 8HR
