This is the privacy notice of Harding Brothers Retail Limited. In this document, “we”, “our”, or “us” refer to Harding Brother Retail Limited.
We are company number 06489416 registered in England. Our registered office is at Avonmouth Way Avonmouth Bristol BS11 8DD England Telephone: +44 (0) 117 982 5961 VAT number: GB 904 4522 48
1. This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not. In the context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
2. If there are one or more points below which you are not happy with then please contact us via email firstname.lastname@example.org
3. We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
4. We undertake to preserve the confidentiality of all information you provide to us, and hope that you reciprocate.
5. Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR).
6. The law requires us to tell you about your rights and our obligations to you in regard to the processing and control of your personal data. We do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
7. We do not share, or sell, or disclose to a third party, any information collected through our website.
2. The bases on which we process information about you
The law requires us to determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category. If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data. If the basis changes then if required by law, we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
2.1. Information we process because we have a contractual obligation with you
When you create an account on our website, buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to:
1.1. verify your identity for security purposes
1.2. sell products to you
1.3. provide you with our services
1.4. provide you with suggestions and advice on products, services and how to obtain the most from using our website
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract.
Additionally, we may aggregate this information in a general way and use it to provide performance information, for example to monitor our performance with respect to a particular service we provide. If we use it for this purpose, you as an individual will not be personally identifiable.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
2.2. Information we process with your consent
2.3. Information we process for the purposes of legitimate interests
We may process information on the basis there is a legitimate interest, either to you or to us, of doing so.
Where we process your information on this basis, we do after having considered:
• whether the same objective could be achieved through other means
• whether processing (or not processing) might cause you harm
• whether you would expect us to process your data, and whether you would, in the round, consider it reasonable to do so
For example, we may process your data on this basis for the purposes of:
• record-keeping for the proper and necessary administration of our business.
• responding to unsolicited communication from you to which we believe you would expect a response
• protecting and asserting the legal rights of any party
• insuring against or obtaining professional advice that is required to manage business risk
• protecting your interests where we believe we have a duty to do so.
2.4. Information we process because we have a legal obligation
We are subject to the law like everyone else. Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
3. Specific uses of information you provide to us
3.1. Sending a message to our support team
When you contact us, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need. We record your request and our reply in order to increase the efficiency of our business. We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is. We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
3.3. Affiliate and business partner information
This is information given to us by you in your capacity as an affiliate of us or as a business partner.
It allows us to recognise visitors that you have referred to us, and to credit to you commission due for such referrals. It also includes information that allows us to transfer commission to you. The information is not used for any other purpose. We undertake to preserve the confidentiality of the information and of the terms of our relationship. We expect any affiliate or partner to agree to reciprocate this policy.
4. Use of information we collect through automated systems when you visit our website
4.1.1. to track how you use our website
4.1.2. to record whether you have seen specific messages we display on our website
4.1.3. to keep you signed in our site
4.2. Personal identifiers from your browsing activity
Requests by your web browser to our servers for web pages and other content on our website are recorded. We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution. We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you. If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website.
5. Access to your own information
5.1. Access to your personal information
5.1.1. At any time, you may review or update personally identifiable information that we hold about you, by signing in to your account on our website.
5.1.2 To obtain a copy of any information that is not provided on our website you may send us a request at email@example.com
5.1.3. After receiving the request, we will advise when you can expect to receive the information.
5.2 Removal of your information
If you wish to remove personally identifiable information from our website, you may contact us at firstname.lastname@example.org This may limit the service we can provide to you.
5.3. Verification of your information
When we receive any request to access, edit or delete personal identifiable information we shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
6. Other matters
6.1 Use of site by children
6.1.1 We do not sell products or provide services for purchase by children, nor do we market to children.
6.1.2. If you are under 18, you may use our website only with consent from a parent or guardian
6.2. Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trust mark in your browser’s URL bar or toolbar.
6.3. How you can complain
6.3.2 If a dispute is not settled, then we hope you will agree to attempt to resolve it by engaging in good faith with us in a process of mediation or arbitration.
6.3.3 If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Data Protection Commissioner. This can be done at https://www.dataprotection.ie/docs/complaints/1592.htm
6.4 Retention period for personal data
Except as otherwise mentioned in this privacy notice, we keep your personal information only for as long as required by us:
6.4.1. to provide you with the services you have requested;
6.4.2. to comply with other law, including for the period demanded by our tax authorities;
6.4.3. to support a claim or defence in court.
6.5. Compliance with the law
7. Applicant data and the recruitment process
7.1. Why we process personal data
Harding Retail needs to process personal data about you for the purpose of recruitment. We rely upon consent and our legitimate interests as a lawful basis for processing employment applications and may also process personal data where we are obliged to by law or regulation. Where we wish to process personal data about you for other purposes, we will obtain your consent for processing beforehand.
Our purposes of processing personal data about candidates include:
- Recruiting new employees;
- Conducting background checks to ensure the suitability of candidates;
- Reporting on candidates’ backgrounds where we are obliged to do so;
- Maintaining health, safety, security and discipline, and preventing fraud;
- Monitoring and improving the effectiveness of our resourcing and processes.
Personal data about our candidates may be analysed to improve the training and career development provided to our employees, to track the response to our careers marketing communication, to review, develop and improve the employment services we offer (including market research), and for statistical analysis.
We conduct identifiable and anonymous research to provide longer-term insight into the effectiveness of our candidate services, and to support our service planning and delivery.
7.2. What personal data we collect
7.2.1. Personal data you provide to us
We collect personal data you provide to us through your application for employment, including but not limited to personal details (name, gender, age etc.), contact information (home address, phone number, email address etc.), details of your background, employment history, qualifications, interests and communications preferences, personal and professional references, evidence of professional and academic qualifications.
Should we wish to offer you employment, further personal data will be required, including but not limited to contact information for next of kin, beneficiary and family, bank details, proof of travel documents (driving licence, passport, national identity card etc), professional certificates, references and other relevant information.
7.2.2. Personal data generated by your application to us
Your application for employment with us will result in personal data being generated by us. Examples include:
- Candidate records: Details of previous applications to Harding Retail including interview details, audio/video recordings of interviews, outcomes and associated notes;
- Assessment records: Results of pre-employment checks and references, and analysis of applications, interviews and other tests;
- Correspondence: In the course of your application you will be referenced in, or the subject of, internal records including emails, documents, structured data, paper records, the nature of which will depend upon your application.
7.2.3. Personal data received from other organisations
As part of your application for employment, we may receive personal data about you from third parties. Examples include professional and personal references, and pre-employment checks. Personal data about you may be shared with law enforcement agencies for security and immigration purposes. Personal data may also be shared with these agencies in order to prevent and detect crime as well as to safeguard children and vulnerable adults. These checks may involve sending personal data between different countries.
7.2.4. Sensitive personal data
We do not process sensitive personal data about you except where we have a need and a lawful basis to do so. Sensitive personal data that may be processed by us can include:
- Health and welfare: We may require candidates to undergo health screening as part of their pre-employment checks. We may also require you to be tested for the use of drugs and other substances where these are illegal or prohibited by company policy. We provide occupational health services and may request information about treatment or support required;
- Biometrics: Photographs of employees are used for identification purposes to maintain security and safety whilst they are on board our cruise line partners’ ships, and will be required as part of the recruitment process;
We may from time to time process personal data relating to suspected or actual criminal activity of individuals, for example disclosures made as part of the recruitment process or as a condition of specific roles, or if screening checks reveal information about criminal activity.
7.3. Sharing personal data
7.3.1. Sharing personal data within Harding Retail
We process personal data about our employees at our offices in the United Kingdom and worldwide depending upon the type of role that is being recruited. We may transfer personal data about you to other areas of the organisation for purposes connected with your application, or the management of the company’s business. Personal data exchanged internally is subject to appropriate legal and technical controls to ensure that it is processed lawfully and securely.
7.3.2. Sharing personal data with third parties
We will share your personal data where we are obliged to by law or regulation, where there is a legitimate interest that is not overridden by your interests or in cases where we have obtained your consent for that sharing. Where personal data about you is disclosed to third parties in connection with your application or as otherwise required by law, it will be restricted to only those details that are required for the purpose in hand. Care will be taken that personal data is not disclosed to unauthorised persons and checks will be carried out where there is any doubt about the entitlement of the third party to be given your personal data.
Examples of personal data that is shared where we are obliged to do so include:
- Immigration authorities: We are required to co-operate with government and law enforcement agencies and public authorities, including customs and immigration authorities;
- Tax, benefits and corporate reporting: We are required to report to appropriate government agencies on your earnings and any tax deducted at source;
- Law enforcement: Where required to do so, we will disclose personal data to law enforcement authorities;
- Maritime authorities: Where required to do so, we disclose personal data to maritime authorities.
- Our cruise line partners: Where required to do so, we will disclose personal data to our cruise line partners to enable the processing of your embarkation/debarkation.
We contract other companies and individuals to perform certain activities on our behalf. Examples include:
- Pre-employment screening: We conduct pre-employment and employment background screening and may share personal data about you with recognised screening providers.
- Drug screening: Where candidates are required to undergo screening for illegal substances, these tests will be processed by third party providers;
- Travel: If the company arranges travel for you, we may pass your personal data on to relevant suppliers of your travel such as travel agents, airlines, hotels and transport companies.
- Health: We may share personal data with third party healthcare providers with your consent or where it is in your vital interests or the public interest to do so;
- Occupational Health: If you require occupational health support, you may be asked to provide personal data to an external occupational health provider contracted to act on our behalf.
We do not routinely share personal data with trade unions but may do so at your request and with your consent.
At your request and with your consent, information relating to your employment or earnings may be disclosed to other parties in connection with applications or requests you may have made to or through them.
7.3.3. Transferring personal data to third countries
We collect and process personal data in the European Union (EU). When necessary we will process your personal data worldwide, including on board ships belonging to our cruise line partners, and the destinations you travel to in the course of your employment. This may involve sending your personal information between different countries, including countries outside the EU where controls on data protection may not be as strong as the legal requirements in the EU.
7.4. Storing personal data about you
We retain your personal data for no longer than the period required for processing, or where we are under an obligation to do so, for example employment data retained for mandatory reporting requirements.
We retain employment applications for no longer than the period required for reporting purposes, to investigate disputes and for the prevention and detection of fraud; or for the duration of employment if the candidate is successful in obtaining employment.
7.5. Securing personal data
We take the security of candidate personal data seriously, and use organisational and technical security measures including policies, standards, technology solutions and ongoing training to safeguard the personal data we process from improper access, use, alteration, destruction and loss.
Where we share personal data with other companies, we require those companies to process personal data to an equivalent or higher level of security.
7.6. Your rights concerning personal data
You have rights over how we use personal data about you and may exercise those rights by emailing email@example.com
In some cases, our ability to uphold these rights for you may depend upon our obligations to process personal data for security, safety, fraud prevention or legal defence reasons, or because processing is necessary for the performance of your contract of employment. Where this is the case, we will inform you of specific details in response to your request.
7.6.1. Accessing the personal data we hold about you.
If you wish to view personal data held about you or would like to receive a copy of personal data held about you, you should apply by emailing firstname.lastname@example.org
7.6.2. Controlling how we process personal data about you
The majority of the personal data about employees is processed under contract or as a result of our legitimate interests. If we have obtained your consent for processing of personal data about you, you have the right to withdraw this consent at any time. Where we process personal data about you in ways for which your consent is not required, you may in some circumstances ask us to cease processing, or restrict the nature of the processing, if you wish. You may object to automated decision-taking or profiling where it is used.
7.6.3. Ensuring the accuracy of personal data we hold about you
To ensure that all personal data held is correct and up to date, please notify us as soon as there are any changes in your personal circumstances. We will update or amend personal data we hold about you if you inform us of inaccuracies.
7.6.4. Deleting personal data we hold about you
We will delete personal data we hold about you if you ask us to do so, except where exemptions apply.
8. How to find out more or to complain about our processing of personal data
If you have a concern or complaint about our processing of personal data, please email email@example.com
If you are not satisfied with our processing of personal data, how we have responded to your complaint about the processing of personal data, or you believe our processing of personal data is not in accordance with the law, you have the right to complain to the Information Commissioner’s Office (ICO) by calling +44 (0)303 123 1113, or visiting https://ico.org.uk/concerns/