Privacy Policy
ONLINE PRIVACY STATEMENT
This is the privacy statement for The Deck Enterprises Limited (The Deck or We). The Deck Enterprises Limited is a private company limited by shares registered in England and Wales under company number 11445267 whose registered address is Savile Row, London, England W1S 3PW. For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation 2016/679, the data controller is The Deck.
THE GENERAL DATA PROTECTION REGULATION 16/679
In this statement We have used certain terms which are set out in the EU’s General Data Protection Regulation (GDPR or the Regulation):
personal data means: any information relating to an identified or identifiable natural person (data subject)
an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
controller means: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
processing means: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
PRIVACY STATEMENT
What is the lawful reason We use to process personal data?
The four lawful reasons The Deck uses to process personal data are set out in Article 6 of the Regulation. Processing will only be lawful if and to the extent that at least one of the following applies:
· the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Consent).
· processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Contract Performance).
· processing is necessary for compliance with a legal obligation which We are subject to (Legal Obligations).
· processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Legitimate Interest).
Consent
Where We process personal data as a result of Consent, We ensure that consent is freely given, specific and informed, and established by a clear affirmative act. Where Consent is withdrawn, we have set out (below) how this may be undertaken by the data subject.
Contract Performance
Where We enter into a contract with third parties, processing of personal data may, as a matter of course, be necessary in order to execute such contract or take pre-contract preparation steps.
Legal Obligations
Where there are legal obligations which apply to The Deck, processing of personal data may be required by law.
Legitimate Interest
Where We process personal data as it is necessary for the purpose of our legitimate interests, We do so on the basis of a balanced evaluation of our interests and the rights and freedoms of the data subject which require protection.
We have concluded that the way We manage the processing of personal data results in a cumulation of data subject protections which show that the balance is in favour of The Deck being able to rely on Article 6.1(f) of the Regulation as a lawful reason to process personal data.
Your right to request that We stop processing personal data for our Legitimate Interests and withdrawal of your Consent
As required by the Regulation, Consent should be as easy to withdraw, as it is to give. Data subjects may request that The Deck does not process your personal data, at any time. You may contact us to withdraw your consent using the contact details at the end of this privacy statement, using the following statement:
WITHDRAWAL OF CONSENT
I [STATE YOUR NAME] hereby withdraw my consent for the Deck to process my personal data.
Signed by data subject:
[STATE YOUR NAME ]
Our Status; How We use personal data
· We act a processor of personal data for our clients pursuant to contract terms and conditions
· We act as a controller and any personal data We collect is treated and managed according to the approach We have set out above.
· We act as a controller and any personal data We collect is treated and managed according to the approach We have set out above.
Why does The Deck need to collect and store personal data?
We collect and store personal data to provide our clients, suppliers or third parties with the service they require as a party to a contract with us, or a third party with an interest in our company. We do not process personal data for any reason other than this purpose.
We only keep personal data for as long as is necessary in order to undertake this purpose. We are committed to ensuring that the information We collect and use is appropriate for this purpose and does not constitute an invasion of the data subject’s right to privacy.
Will The Deck share my personal data with anyone else?
With the exception of credit card details, The Deck may pass your personal data on to third-party service providers contracted to The Deck. In these circumstances, the third party may be another controller, processor or sub-processor.
Where the third party is a processor or a sub-processor, they are obliged amongst other things, to keep your details securely, and to use them only to fulfil their contractual obligations to The Deck under a processing agreement or terms which comply with Article 28 of the Regulation.
When they no longer need your personal data to fulfil this service, they will dispose of the details in line with The Deck’s data retention policy, or as otherwise set out in the processing agreement.
How will The Deck use the personal data it collects about me?
The Deck will process personal data in a manner compatible with the Regulation. We will keep information accurate, up to date, and not keep it for longer than is necessary.
The Deck is required to retain certain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances will The Deck contact me?
The personal data We process is subject to rigorous measures and procedures to minimize the risk of unauthorized access or disclosure. We will get in touch with you where this is required under the Regulation.
Can I find out the personal data that the organisation holds about me?
At your request and where this is technically possible, The Deck will confirm the information We hold about you and how it is processed. As set out in the Regulation you can request the following information:
· Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
· Contact details of the data protection officer, where applicable.
· The purpose of the processing as well as the legal basis for processing.
· The categories of personal data collected, stored and processed.
· If the processing is based on the Legitimate Interests of The Deck or a third party, information about those interests.
· The categories of personal data collected, stored and processed.
· Recipient(s) or categories of recipients that the data is/will be disclosed to.
· If We intend to transfer the personal data to a third country or international organisation, information about how We ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, We will ensure there are specific measures in place to secure your information.
· How long the data will be stored.
· Details of your rights to correct, erase, restrict or object to such processing.
· Information about your right to withdraw consent at any time.
· How to lodge a complaint with the supervisory authority.
· Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as Well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
· The source of personal data if it wasn’t collected directly from you.
· Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
The Deck accepts the following forms of ID when information on your personal data is requested: passport, driving licence, birth certificate, utility bill from the previous 3 months.