PenCarrie Limited ("We") are committed to protecting and respecting your privacy.
This Privacy Notice (together with our terms of use and any other documents referred to on it) explains how we process any personal data we collect from you, or that you provide to us.
Please read the following information carefully to understand our practices regarding personal data and how we’ll treat it. By using our website (www.pencarrie.com) you are accepting the content of this privacy notice.
For the purpose of the General Data Protection Regulation (GDPR), the data controller is:
PenCarrie Limited, PenCarrie House, South View Estate, Willand, Devon, EX15 2QW.
If you have any questions regarding our GDPR processes, please contact us at the above address or by email: gdpr@pencarrie.com and our GDPR Representative will get back to you.
We may collect and process the following data about you:
Information you give to us collected by
When does this happen?
What sort of information does this include?
Our lawful basis for processing this information is identified and recorded in our Information Asset Register.
*Calls are recorded for training and verification purposes (with the exception of those parts involved in payment card details, which, due to data protection, are excluded from recordings).
We may collect information about how you’re interacting with PenCarrie on each of your visits to our website. This helps us to improve your experience.
What sort of information may be collected?
o The Internet Protocol (IP) address used to connect your computer to the Internet
o Your login information, browser type and version
o Time-zone setting
o Browser plug-in types and versions
o Operating system and platform
o The full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time)
o Products you viewed or searched for
o Page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page
o Any phone number used to call our customer service number
Our lawful basis for processing this information is identified and recorded in our Information Asset Register.
Information we receive about you from other sources
We may receive information about you from other users of our website and from third parties such as our partners in our Subscriber Benefits Scheme.
We also work closely with other third parties, including, for example:
We may therefore receive information about you from them.
Our lawful basis for processing this information is identified and recorded in our Information Asset Register.
We use Hotjar analytics to optimise our online service and experience.
Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.)
This enables us to build and maintain our service with user feedback.
What information does Hotjar collect?
Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices.
The data it collects includes:
What does Hotjar do with this information?
Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy by clicking on this link.
You can opt-out of the creation of a user profile, Hotjar’s storing of data about your usage of our website and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good online experience and also allows us to improve our website.
For detailed information on the cookies we use and the purposes for which we use them see our Cookie policy.
We use information held about you in the following ways:
Information you give to us
We’ll use this information to:
*Where we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this by selecting the appropriate option when giving us your information.
Information we collect about you
We will use this information to:
Information we receive from other sources
We may combine this information with information you give to us and information we collect about you.
We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
To keep your data safe and protect your privacy, we require our third party processors to be compliant with the relevant data protection regulations.
Need more information about any of the third parties we may share your data with? Just drop us a line.
Examples of the kind of third parties we work with are:
We will never sell or lease your data to any third party for financial gain.
Most of the information you provide to us will be stored on our secure servers, any Payment Card Information (PCI) is stored with a secure third party and any PCI information given over the telephone will be obfuscated in the phone call recordings.
What about password security?
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Is information secure over the Internet?
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website. Any transmission is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
What about data going outside the European Economic Area?
If the data that we collect from you is transferred to, and stored at, a destination outside the European Economic Area (EEA), then we will take all steps reasonably possible to confirm with any third party involved that they are processing the data to the same standards so as to be compliant with the GDPR.
All Personal Data is stored in accordance with our Retention Policy. This means we’ll only keep it for as long as is necessary for the purpose for which it was collected.
When the Personal Data reaches the end of its retention period, it will be removed/deleted from our systems.
Some Personal Data will be stored beyond its initial retention period if it’s needed for any legal proceedings.
1. The right to be informed
You have the right to be informed about what Personal Information we process and how we do so. This Privacy Notice is one way in which we convey this information. (https://www.pencarrie.com/public/privacypolicy)
2. The right of access
You have the right to know what and have access to your Personal Information that we hold and process, you can get this access by submitting a Subject Access Request to us.
A Subject Access Request (SAR) would need to be raised in writing (by post or email), please see the 'Contact' section for where to send your SAR to.
In some circumstances we are not obliged to fulfil a request, for example if it is excessive. We would however write to you first to confirm this.
In some circumstances we can make a charge for fulfilling the request, for example if we have to incur particularly high administration costs. We would however write to you first to confirm this.
In some circumstances we can reject a request, we would however write to you first to explain why, and you would have the right to complain to the Regulatory Authority about that decision if you felt it was unjust.
3. The right to rectification
You have the right to have inaccuracies in your Personal Information rectified, please get in touch with us to request this if you are not able to do it from your account page.
4. The right to erasure (deletion)
You have the right to have your Personal Information erased, if we are holding it after the end of its retention period and there is no legal requirement for retaining it.
Please get in touch with us in writing to make your request.
We can refuse to erase the PI if it is needed for the exercise or defence of legal claims.
5. The right to restrict processing
You have the right to restrict the processing of your Personal Information if:
6. The right to data portability
You have a Right to Portability, but for your Personal Information held by PenCarrie, this is not applicable, as there is no processing carried out by automated means.
7. The right to object
You have the right to object to:
If you object, then we will stop processing the Personal Information for that purpose, unless:
PenCarrie does not process Personal Information for research purposes.
You can object by using the preferences in the Customer Account pages, or by writing to us using the contact information in the 'Contact' section.
8. Rights in relation to automated decision making and profiling
PenCarrie does not perform any solely-automatic decision making or profiling
We keep a record of what you’ve opted into or unsubscribed from. If you’ve unsubscribed, please allow up to 28 days for the request to be implemented.
As a customer, you can change your Consent preferences in your Account page.
You can also submit a request to withdraw consent, in writing using the information in the 'Contact' Section of this Privacy Notice.
All personal data is stored on our servers or those of the third parties we’ve shared it with. We have this documented and have taken the necessary steps to ensure your information is stored in compliance with the GDPR.
We have a Data Privacy Impact Assessment (DPIA) process. This documents any risks to data privacy as well as any mitigating actions that may be appropriate, before any changes to processes or tools that could affect your personal data, are made.
We have a breach reporting process that we will follow in the event of a personal data breach being identified. This would document the key information and show whether we need to report it to the ICO, and/or you as a data subject.
If you are unhappy with the way your data is being handled, please get in touch with us ( see the 'Contact' section ) and we will be happy to rectify any issues.
You also have the right to make a complaint to the Supervisory Authority if you feel we have not handled your Personal Information in accordance with the regulations. You can find their contact information on their website: https://ico.org.uk/ (opens in a new window; please note we can't be responsible for the content of external websites).
Our website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.
If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email. Please check back frequently to see any updates or changes to our privacy notice.
We hope this Privacy Notice document has been helpful in setting out the way we handle your personal data and your rights to control it, if you have any questions, comments or requests regarding this then please contact us. We’d be happy to help.
This notice was last updated: January 6th, 2020