At Ashworth Group, we respect your privacy rights and take the security of your Personal Data very seriously.
Data protection laws are changing and from 25th May 2018 when the General Data Protection Regulations (GDPR) comes into effect, you will have greater rights on the Personal Data or Personally Identifiable Information (PII) that we hold about you.
Personal Data is any information capable of identifying an individual (‘data subject’). This information may include but is not limited to: Name, address, email, telephone number, IP address.
How do we collect your Personal Data
Ashworth Group collects Personal Data requested on our website https://www.ashworth-group.co.uk/ for the purpose of responding to an enquiry or for the purpose of direct marketing where we have obtained an explicit consent to do so.
Ashworth Group collects Personal Data for the purpose of fulfilling a contract or service for our clients. If you choose to withhold any Personal Data required, it may not be possible to provide a response or to provide the required service.
Ashworth Group may collect financial information for payment processing through a third party payment processor but retains no financial or personally identifiable information on its own systems.
It is very important that the Personal Data that we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at email@example.com and we will update it accordingly.
How do we use your Personal Data - Lawful Basis of Processing
Ashworth Group will only process Personal Data where we have a legal basis to do so.
Ashworth Group uses Personal Data from our website for the purpose of fulfilling an enquiry, asking for consent as appropriate.
Ashworth Group uses Personal Data from our clients for the purpose of fulfilling a contractual obligation. ie. Providing a service.
Ashworth Group uses Personal Data from our website for the purpose of direct marketing, where we have obtained your explicit consent as appropriate.
Ashworth Group may use Personal Data where it is necessary for our legitimate interests and the interests and fundamental rights of the data subject do not override those interests. These legitimate interests include:
Evaluating how clients use our services.
- Developing our services and growing our business.
- Recovering debts owed to us.
- Advising clients of changes to our services or prices.
- Advising clients of changes to our policies.
Ashworth Group may use Personal Data where we need to comply with a legal obligation.
How do we protect your Personal Data
Ashworth Group has put in place appropriate security measures and controls to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees and other third parties who have a business need to use such data. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
When you enter Personal Data on our website, it is encrypted in transit using TLS/SSL and transmitted over HTTPS.
We maintain appropriate administrative, technical and physical safeguards to protect Personal Data at rest on our systems. This may include password protection, access/authentication controls, pseudonymisation and encryption.
How long do we retain your Personal Data
Ashworth Group will only retain your Personal Data for as long as is necessary to fulfil the purposes for which it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
Personal Data collected from our website for the purpose of responding to an enquiry is retained by Ashworth Group for 30 days and then is securely deleted.
Personal Data collected from our website as part of a booking but which is abandoned part way or before payment is completed is retained by Ashworth Group for 7 days and then securely deleted from our systems.
Personal Data collected for the purposes of direct marketing is retained by Ashworth Group for as long as you give us your explicit consent to do so.
Ashworth Group will retain Personal Data on behalf of our clients for as long as required to provide our services to that client or as otherwise required to by law. Where a Client does not undertake a service with Ashworth Group for more than 2 years, their Personal Data will be deleted.
International transfer of Personal Data
Ashworth Group do not transfer any of your Personal Data to systems outside of the European Economic Area (EEA).
Data Controller and Processor
Ashworth Group processes Personal Data both as a Controller and as a Processor as defined in the GDPR.
All Personal Data is stored securely on Sage, Dropbox, Digital Ocean or Amazon Web Services. All website hosting is performed in accordance with the highest security regulations. Ashworth Group has sought confirmation from its providers, ensuring compliance with the GDPR. Eg. All data is processed on servers in the European Economic Area (EEA) only.
Third Party Processors
Ashworth Group works with a number of third party service providers including but not limited to the ones named in the ‘Data Controller and Processor’ section.
These third parties may have access to, or process Personal Data or Client Data as part of providing those services for us. We limit the Personal Data provided to these service providers to that which is reasonably necessary for them to perform their functions. We have sought confirmation that our third party processors and service providers are GDPR compliant, thus requiring them to maintain the confidentiality of any Personal Data provided to them.
Ashworth Group does not carry out business with or knowingly collect any Personal Data from anyone under the age of 13. In the event that we find out or are informed that we have collected information from a child under the age of 13, we will delete that Personal Data as quickly as possible.
Special Category Data
Ashworth Group does not collect any Special Category or sensitive personal data. Special Category data is defined in the GDPR as information that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We also do not collect any information about criminal convictions and offences.
Data breach or compromise of Personal Data
Ashworth Group have put in place procedures to deal with any suspected data breach.
In the event that Personal Data is compromised as a breach of security, Ashworth Group will promptly notify any affected data subjects or clients as well as the Information Commissioner’s Office (ICO) in compliance with the GDPR.
From 25th May 2018, you will have extended rights in relation to our use of your Personal Data. These are:
Right of access to your Personal Data
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. You will not have to pay a fee to access your Personal Data. However, we may charge a reasonable fee if your request is manifestly unfounded, excessive or repetitive.
If your request is made electronically, we will provide the Personal Data in a commonly used electronic format, once we have verified your identity. Else it will be in writing.
Right to rectification
Ashworth Group takes reasonable steps to ensure that the Personal Data we hold about you is accurate and complete. However, if you do not believe that this is the case, please contact us and make a request for rectification verbally or in writing.
Please note that Ashworth Group can refuse to comply with a request for rectification if we believe that we are satisfied that the data is accurate or that a request is manifestly unfounded or excessive (In which case we can charge a reasonable fee before dealing with the request).
In either case we will contact you within one month of the request.
Right to erasure
This right is also known as ‘the right to be forgotten’. It is not absolute and only applies in certain circumstances, whereby you have the right to ask us to erase your personal information. An example would be where the Personal Data we collected is no longer necessary for the original purpose for which it was collected or where an individual withdraws their consent (Where consent was the lawful basis for holding the data).
Please note that a request for right to erasure also needs to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request.
Right to restrict processing
This is not an absolute right but in certain circumstances, as an alternative to requesting the erasure of Personal Data, you are entitled to ask us to stop using your Personal Data. An example would be where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.
When processing is restricted, Ashworth Group are still permitted to store the Personal Data but not to use it.
Right to data portability
In certain circumstances, you have the right to ask that we transfer any Personal Data that you have provided to us to another organization or third party. The Personal Data will be provided free of charge and in a structured, commonly used and machine readable form such as a CSV file.
Right to object
You can ask us to stop sending you direct marketing messages at any time. Ashworth Group will stop processing Personal Data for direct marketing purposes as soon as we receive an objection.
Right not to be subject to automated-decision making
An individual has the right to object to their Personal Data being input into a system or computer and a decision or profile being calculated by an automatic process rather than by a human.
Ashworth Group do not make automated decisions or carry out profiling using Personal Data.
Right to withdraw consent
Where Ashworth Group has asked you for explicit consent, you have the right to withdraw your consent to further use of your Personal Data at any time. Please note we may not be able to provide you certain services if you withdraw your consent.
If you wish to exercise any of the rights set out above, you can do so by contacting us in the ‘How to Contact Us’ section below. You will not have to pay a fee. However, we may charge a reasonable fee for the administrative costs of complying with the request if your request is manifestly unfounded, excessive or repetitive.
We may also need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (Or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
Once we have confirmed your identity, we will endeavour to implement any requests within 7 days and no later than one month from the time of the original request.
Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Links to other websites
How to Contact Us
If you wish to contact Ashworth Group, wish to withdraw your consent or have any additional questions about Ashworth Group collection and storage of your Personal Data, our details are:
Ashworth Property Management Ltd
72 Queens Road
Tel: 0208 989 0545 or by email at firstname.lastname@example.org
If you are not happy with any aspect of how Ashworth Group collect and use your data, you have the right to lodge a complaint to the Information Commissioner’s Office (ICO) https://ico.org.uk/, who are the UK supervisory authority for data protection issues.
However, we would be grateful if you could contact us first if you do have a complaint so that we can try to resolve it for you.
Last updated: 17/04/2018