European Website Privacy Notice
Version last revised: 7 October 2019
1. Important Contact Information
|Controller Name:||Cromwell European Management Services Limited|
|Controller Address:||Registered Office: 1st Floor, Unit 16, Manor Court Business Park, Scarborough, YO11 3TU|
|GDPR Central Representative:||EUprivacy@cromwellpropertygroup.co.uk|
2. Introduction and Purpose of this European Website Privacy Notice
We, the above-named Controller (“Cromwell”, "we", “us”) are committed to protecting your personal data and respecting your privacy.
This European Website Privacy Notice (the “Privacy Notice”) sets out the personal data we receive from you, how we process it, our legal obligations as Controller, and your rights in relation to your personal data.
Note that Cromwell’s Australian Website Privacy Notice is available on our website at: www.cromwellpropertygroup.com/
3. Your Personal Data
When you use our websites, we process certain personal data concerning you.
We are authorised by law to process your personal data in the pursuit of our legitimate business interests, for compliance with a legal or contractual obligation, and where you have given consent. A legitimate interest is when we have a business or commercial reason to use your information so long as this is not overridden by your own rights and interests.
Where it is necessary to process your personal data to fulfil legal or contractual obligations, if you fail to provide certain information when requested, we will not be able to fully perform our obligations under any contract we enter into with you, or we could be prevented from complying with our legal obligations.
If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time by emailing the GDPR Central Representative (EUprivacy@cromwellpropertygroup.co.uk).
4. Who Are We?
Under Regulation (EU) 2016/679 – The General Data Protection Regulation ("GDPR") and other applicable data protection laws, the ‘Controller’ of this personal data is the company whose name and address is given at the top of this Privacy Notice.
5. Information we collect about you
We may collect and process the following personal data concerning you:
- Reception logs and CCTV if you visit our offices.
- Information that you provide by filling in forms on any of our sites. This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services, including email addresses and other contact information.
- If you contact or correspond with us (i.e. make an inquiry, request information or otherwise correspond with us), we may keep a record of that correspondence and any personal information you provide
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, resources you access, traffic data, location data, weblogs, cookies and communication data, whether this is required for our own billing purposes or other legitimate business reason.
- We may collect information about your computer, including your IP address, operating system and browser type, for business reasons such as system administration.
6. Purposes for Processing your Personal Data
|What we use your personal information for||Our reasons|
|To provide services to you.||For the performance of any contract with you or to take steps at your request before entering into any contract|
|To allow you to participate in interactive features of our service, if you choose to do so.||For our legitimate interests, i.e. to provide you with an effective and efficient service.|
|To do anything which you authorise or consent to us doing.||For our legitimate interests, i.e. to provide you with an effective and efficient service.|
|To get in contact with you should we need to.||For our legitimate interests, i.e. to provide you with an effective and efficient service or for the performance of any contract with you or to comply with legal and regulatory obligations.|
|To take any action we are required or authorised by law to take.||To comply with legal and regulatory obligations.|
|To conduct internal research, in order to improve the way we interact and communicate with you.||For our legitimate interests, i.e. to provide you with an effective and efficient service.|
|To ensure that content from our site is presented in the most effective manner for you and for your computer.||For our legitimate interests, i.e. to enable you to use our services effectively.|
|To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.||To provide you with the information you have consented to receiving and for our legitimate interests i.e. to promote our business to existing and former clients.|
|To process any communication you send us (which includes answering any queries and dealing with any complaints or feedback you may have).||For our legitimate interests i.e. to provide you with effective and efficient service and assistance.|
|To notify you about changes to our service.||For our legitimate interests, i.e. to provide you with an effective and efficient service.|
7. Secure storage and retention of your Personal Data
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the risk presented by the processing we carry out to protect the confidentiality, integrity and availability of your personal data and to protect against unauthorised or unlawful processing and accidental loss, destruction or damage.
We will retain your personal data for as long as it is necessary to fulfil the purposes outlined in this notice unless a longer retention period is required or permitted by law.
8. International Data Transfers
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). Where such a transfer occurs, we have provided appropriate safeguards including the application of approved Standard Contractual Clauses to our legal relationship with any third-party processors, and have taken all steps reasonably necessary to ensure that your data is treated securely and your rights in relation to your personal data are protected. You may request a copy of these safeguards by emailing the GDPR Central Representative (EUprivacy@cromwellpropertygroup.co.uk).
9. Disclosure of Your Information
We may disclose your personal information to any member of our group, which means our direct and indirect subsidiaries, and our ultimate holding company and/or its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may disclose your personal information to third parties:
- If we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Cromwell European Holdings Limited or substantially all its assets are acquired by a third party, in which case personal data held by it about its clients will be one of the transferred assets.
10. Partner Websites
Our site may, from time to time, contain links to the websites of our partner networks and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies or notices. Please check these policies when you visit, and before you submit any personal data to, these websites.
11. Changes to our Privacy Notice
We may need to update this Privacy Notice to reflect changes to our data processing practices. If we do this and the changes are material, we will post a notice on this website for at least 7 days before the changes are made. You can see the date this Privacy Notice was last revised at the top of the page.
12. Your Rights
The GDPR, and other applicable data protection legislation give you certain specific rights relating to your personal data, as set out below.
Please note that not all of these rights are absolute, and they do not apply in all circumstances. However, you are always welcome to contact us with any request relating to processing of your personal data and, even if we are not obliged by law to comply with your request, we will try to accommodate your wishes.
(a) Access – you have the right to access your personal data and certain information about how and why we are processing it;
(b) Rectification – you have the right to have any inaccurate or incomplete personal data rectified without undue delay;
(c) Erasure – sometimes called the ‘right to be forgotten’, in certain circumstances, you have the right to have your personal data erased without undue delay;
(d) Restriction - in certain circumstances, you have the right to have our processing of your personal data restricted;
(e) Data portability - in certain limited circumstances, you have the right to receive the personal data concerning you that you have provided to us, in a structured, commonly-used and machine-readable format and the right to transmit those data to another controller without hindrance; and
(f) Objection - in certain circumstances, you have the right to object to the processing of your personal data carried out by us or on our behalf.
(g) Not to be subject to automated individual decision making – you have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
13. Contact Us
If you would like further information on anything in this Privacy Notice, for all questions or concerns you have about your personal data, or if you think you would like to exercise any of your rights as a data subject, please contact us using the contact details at the top of this Privacy Notice.
14. Making A Complaint
If you think we have not complied with the requirements of the GDPR or other data protection legislation as it applies to your personal data, you have a right to lodge a complaint with any data protection supervisory authority in the EU. The UK supervisory authority is The Information Commissioner’s Office (ICO): email@example.com or 0303 123 1113 / +44 1625 545 700; www.ico.org.uk. You can find contact details of other EU supervisory authorities here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
 Please note these details are subject to change outside our control, so please check online for up-to-date contact information.