Staplepine Limited Privacy Policy

  1. General intro
    1. We are committed to ensuring that we manage your personal data professionally and in compliance with all applicable data protection laws. Part of this commitment is to ensure that there is transparency about how we process personal data.  This policy includes an explanation of:
      1. what data we are processing;
      2. why we are processing it and what we do with it;
      3. whether we will share it with anyone else;
      4. whether we will transfer it outside of the European Economic Area (‘EEA’);
      5. how we keep your data safe; and
      6. your rights.
    2. We hope that you find this Privacy Policy helpful. If you have any questions, please don’t hesitate to contact us.
  2. Who we are and our contact details
    1. Staplepine Limited is located at 161 Chertsey Road, Twickenham, Middlesex, TW1 1ER. In this policy we have referred to Staplepine Limited as: we, us, our or Staplepine.
    2. We also operate under the following trading name: Hampstead Antique and Craft Emporium.
    3. For any queries concerning your data please contact the Data Protection Department at the above address. Please identify your query as relating to data protection and this privacy policy.
  3. Your personal data
    1. We process your personal data if we understand that you may be interested in occupying one of our units. In this section 3 we provide more detailed information about how we will manage your personal data. 
    2. What data do we hold about you and how have we obtained this?
      1. We have obtained information about you when you have enquired about occupying a unit either directly with us, on our social media page or at a promotional event. Typically, the information that we obtain will be your name, postal address and contact details. If you choose to enter into a Licence Agreement with us we will also obtain your payment details.
      2. We will hold any information, including photographs, that you supply to us for use on the company website and/or social media pages.
      3. If you have visited our website we may automatically collect some personal information including details of your browser, operating system and device, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and the Internet protocol (IP) address assigned to you by your internet service provider. We collect some of this information using cookies – please see Cookies in section 4 - for further information. We may also collect any personal information which you upload to our website, allow to be shared or that is part of your public profile on a third party social network.
      4. Our telephone calls are recorded and may be monitored for training purposes.
      5. If you visit our facility, some personal data may be collected from monitoring devices and systems such as closed circuit TV (CCTV)
    3. How do we use your personal data and what is the applicable lawful basis?
      1. Where you have consented, we may use the information and photographs that you supply on our website and/or Social Media.
      2. We may process your information where it is required to perform our contract with you, for example:
        1. to enable us to follow up on enquiries made by you in relation to occupying a unit;
        2. to prepare a Licence Agreement with you;
        3. to manage any accounts you hold with us;
        4. to contact you to provide information you have requested;
        5. to deal with payment for our services;
        6. to resolve disputes or collect overdue payments;
        7. to manage and administrate any refunds due to you;
        8. to trace your whereabouts to contact you about your agreement and for recovering debt; and
        9. to notify you of any changes to our services that may affect you.
      3. Where it is in your vital interests, we may use your information to organise and notify you about safety notices.
      4. We may process your information to comply with legal or regulatory obligations including assisting HMRC, the Police and complying with anti-money laundering and counter-terrorist financing obligations
      5. We may process your information to allow us to pursue our legitimate interests including for:
        1. analysing our performance to further improve our customer services;
        2. market research, training and to administer our websites;
        3. the prevention of fraud or other criminal acts;
        4. complying with requests from you including if you exercise any of your rights noted in this Privacy Policy;
        5. the purpose of corporate restructure or reorganisation or sale of our business or assets;
        6. enforcing our legal rights or to defend legal proceedings and for general administration purposes; and
        7. preventing offensive, inappropriate or objectionable content being sent to or posted on our websites or social media or to stop any other form of disruptive behaviour.
      6. It is key that we operate CCTV. We collect and process CCTV images:
        1. so we can deliver a secure environment;
        2. to establish whether you are doing something that breaches your agreement with us; and
        3. to assist in the establishment or defence of any crime or other investigation.
    4. Will we share your personal data with any third parties?
      1. We may disclose your information to our third-party service providers for the purposes of providing services to us or directly to you on our behalf, for example, our main processing system to administer your account, CCTV provision and monitoring, fraud prevention, debt collection and technology services. When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and only when we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
      2. We may share your information with any person who you have named as a person we can contact to discuss your account.
      3. We may share your information with any person who is your agent or representative, such as the holder of a power of attorney, a legal guardian or person administering a will.
      4. If invoices are not paid we may share your information with debt collection agencies
      5. If we sell all or part of our business to a third party, we may transfer your information to that party to ensure that it can continue to provide information that you have requested or for any of the other purposes that we have noted above.
      6. We may transfer your data to government or other official bodies for the purposes of complying with legal obligations, for enforcing our rights, or for the prevention or detection of a crime.
      7. We will release data at any time if we consider in our sole discretion that this is appropriate, examples include: to comply with the law, to enforce our Agreement, for fraud protection and credit risk reduction, for crime prevention or detection purposes, to protect the safety of any person at the Facility, if we consider the security of any unit at the Facility or its contents may otherwise be put at risk.
    5. How long do we keep your data?
      1. If you have expressed an interest in occupying a unit, we will retain your contact details and related information concerning your enquiry until the next time a vacant unit arises, if you are not interested in occupying a unit at that time we will delete the information we hold. If a unit has not become available three years after you supplied your information to us we will delete the information we hold.
      2. If you rent a unit from us we will keep your Licence Agreement and any other correspondence and information relating to the Licence Agreement for six financial years from the date of vacation.
      3. We will keep details of your payment(s) for six financial years from the transaction date.
      4. If we issue a refund to you we will keep all information relating to the refund for six financial years from the refund date.
      5. Voice recordings of telephone calls and CCTV images shall be kept for a maximum of 12 months.
      6. Photographs and information you supply to be posted on our website and/or our social media pages will be retained indefinitely unless you ask us to remove them.
      7. All of the periods stated in this section 5 may be extended if there is a legal requirement to do so.
    6. Transferring your data outside of the European Economic Area (‘EEA’)
      1. We do not currently transfer any personal data outside of the EEA. If this changes in the future, any such transfer will comply with all applicable data protection laws and with our obligation to adequately protect and secure your personal information. We will take measures to ensure that personal information handled in other countries will receive at least the same level of protection as it is given in the EEA and will update this privacy policy with details on such measures.
  4. Cookies
    1. We use Cookies on our website. A cookie is a small text file which is placed onto your computer (or other electronic device) when you visit our website.  This enables us to monitor how many times you visit the website, which pages you go to, traffic data, location data and the originating domain name of your internet service provider.
    2. You can find out more about the Cookies we use in our Cookies Policy available on the home page of our website.
    3. You can set your browser not to accept cookies, however some of our website features may not function as a result.
    4. For more information about cookies generally and how to disable them you can visit:
  5. Data security
    1. We have adopted the technical and organisational measures necessary to ensure the security of the personal data we collect, use and maintain, and prevent their alteration, loss, unauthorised processing or access, having regard to the state of the art, the nature of the data stored and the risks to which they are exposed by human action or physical or natural environment.  However, as effective as our security measures are, no security system is impenetrable. We cannot guarantee the security of our database.
    2. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.  Once we have received your information, we will use procedures and security features to try to prevent unauthorised access
    3. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone
  6. Links to other websites
    1. Our website may contain links to and from other websites e.g. social media sites such as Facebook, YouTube, Twitter. Unless we own such websites, we accept no responsibility for the way in which they process your personal data. You are recommended to check the privacy policy of each website before you submit any data to it.
  7. Social Plugins
    1. We use so-called social plugins (buttons) of social networks such as Facebook, Google and Twitter.
    2. When you visit our websites, these buttons are deactivated by default, i.e. without your intervention they will not send any data to the respective social networks. Before you can use these buttons, you must activate them by clicking on them. They then remain active until you deactivate them again or delete your cookies. Please see section 4 for further details regarding our use of cookies.
    3. After their activation, a direct link to the server of the respective social network is established. The contents of the button are then transmitted from the social network directly to your browser and incorporated in the website.
    4. After activation of a button, the social network can retrieve data, independently of whether you interact with the button or not. If you are logged on to a social network, the network can assign your visit to the website to your user account.
    5. If you are a member of a social network and do not wish it to combine data retrieved from your visit to our websites with your membership data, you must log out from the social network concerned before activating the buttons.
    6. We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
  8. Your rights
    1. Your right to access data
      1. We always aim to be as transparent as we can and allow people access to their personal information. Where we hold your personal data, you can make a ‘subject access request’ to us and we will provide you with:
        1. a description of it;
        2. an explanation of why we are holding it;
        3. information about who it could be disclosed to; and
        4. a copy of the information in an intelligible form – unless an exception to the disclosure requirements is applicable.
      2. If you would like to make a ‘subject access request’ please make it in writing to our contact email address noted in section 2 and mark it clearly as ‘Subject Access Request’.
      3. If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
      4. Unless you agree a different time, we will complete your subject access request within one month.
    2. Right to stop marketing messages
      1. You always have the right to stop marketing messages. We will usually include an unsubscribe button in any marketing email and an unsubscribe number in any marketing texts. If you do wish to unsubscribe, please just click the unsubscribe button or reply to the number as directed and we will promptly action that request. Alternatively, you can update your marketing preferences by contacting us at any-time. Our contact details are shown in section 2.
    3. Right to be forgotten
      1. If we hold personal data about you, but it is no longer necessary for the purposes that it was collected and cannot otherwise be justified – you have the right to request that we delete the data.
    4. Right to restrict data
      1. If we hold personal data about you and you believe it is inaccurate you have the right to request us to restrict the data until it is verified. You also have the right to request that the data is restricted where you have a right to it being deleted but would prefer that it is restricted.
    5. Right to complain
      1. You always have the right to complain to the personal data regulator, the ICO. You may also be entitled to seek compensation if there has been a breach of data protection laws.
  9. Policy updates
    1. This policy was last updated on the 4th May 2018.