Privacy Policy
1. General information

Controller’s contact details
Data Protection Officer’s contact details
How do we get information?
Your data protection rights
Request a service adjustment
Sharing your information
Links to other websites
Complaints and compliments about us
Changes to this privacy notice
Children’s information
Managing customer contact
How you can contact us
Visitors to our website
Visitors to the office

2. Reason for contacting us

Attend an appointment, seminar or workshop
Register for a webinar or online meeting
Client Contact
Make an information request
Pay a Lowndes Halsden Fee
Make a complaint
Make an enquiry
Apply for a job

1. General information

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.

we’ll tell you:

  • why we are able to process your information
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information
  • whether we intend to transfer it to another country, and
  • whether we do automated decision-making or profiling.

The first part of the notice is information we need to tell everybody.

Controller’s contact details

Lowndes Halsden & Partners Limited is the controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, including by phone, email and post. More details can be seen here.
Our postal address:

Lowndes Halsden and Partners Ltd

Holt House
184 – 190 Caerphilly Road
Birchgrove
Cardiff
CF14 4NR

Helpline number: 02920 694242

For general contact please use this page on our website.

Data Protection Officer’s contact details

Our Data Protection Officer is Spencer Drew. You can contact him using our Contact Us Page or via our postal address. Please mark the envelope ‘Data Protection Officer’.

How do we get information?

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You wish to attend, or have attended, an appointment.
  • You have applied for a job with us.
  • You are representing your organisation.
  • You have made an enquiry to us.
  • You have made an information request to us.

We also receive personal information indirectly, in the following scenarios:

  • We have contacted an organisation about a product you may have and it gives us your personal information in its response.
  • An existing client refers to you in their correspondence.
  • We have seized personal information as part of an investigation.
  • From other regulators or law enforcement bodies.
  • An employee of ours gives your contact details as an emergency contact or a referee.

If it is not disproportionate or prejudical, we’ll contact you to let you know we are processing your personal information.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you

depend on our reason for processing your information. For further information on any of the items below see; https//ico.org.uk

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

If we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the relevant section of the notice.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us using our Contact Us page if you wish to make a request

Request a service adjustmentService adjustments

As a public authority and a provider of services to the public, we have a legal duty to comply with the Equality Act (2010).

This means we need to make service adjustments for anyone with a disability who contacts us in any capacity, to eliminate any barriers to accessing our services.

We’ll create a record of your adjustment requirements. Relevant staff can access this to ensure they are communicating with you in the required way.

How long we keep it

For information about this please see our retention schedule.

What are your rights?

As we need your consent to process your special category data you have a right to withdraw your

consent at any time.

For more information on your rights, please see ‘Your rights as an individual’.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other our regulatory bodies in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

Links to other websites

Where we provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Complaints and compliments about us

We work to high standards when it comes to processing your personal information and we aim to give the best possible service to all our customers in all of the services we provide.If you are dissatisfied with our service, you can complain. You can also let us know if you think there is something we have done well.

Complain about us

If you think we should have done something differently in how we have handled your concerns, or how we have treated you, please tell us.

Compliments

If you think there is something we have done well, please tell us.

Our process for dealing with compliments is less formal. If you think there is something we have done well, we would be to hear from you. Contact us using Link or by whatever method is convenient.

Changes to this privacy notice

We keep our privacy notice under regular review to make sure it is up to date and accurate.

Children’s information

We do not provide services directly to children or proactively collect their personal information.

However, we are sometimes given information about children while handling a clients case request or conducting a review. The information in the relevant parts of this notice applies to children as well as adults.

Managing customer contact

Restricted contact

We may impose a restriction on your access to our services if it’s necessary to protect our staff from unacceptable behaviour.

If we do this, we’ll explain to you the restriction we have applied and why we feel it’s necessary. We’ll create a record of the restriction for administration purposes, so relevant staff members know the restriction is in place. This will include your name, contact details and a description of why we have

imposed a restriction. The decision to impose a restriction will be taken, and reviewed, by a manager. We’ll write to you explaining why we’ve applied the restriction and if it will be reviewed periodically. We’ll remove it if we feel your behaviour has changed or if you no longer communicate with us.

Single point of contact

We may provide a single point of contact if you and we (or both) believe it will help to create a better outcome for all concerned.

A decision will be made by a manager to give you a single point of contact. This may be where you have several complaints and we believe it will be more efficient for us to deal with them in this way. We’ll make a record of the fact that you have a single point of contact. All relevant staff will know about using it to manage communications between our office and you. It will include your name, contact details and a description of the need to have a single point of contact. We’ll review this requirement from time to time.

What are your rights?

For more information on your rights, please see ‘Your rights as an individual’.

How you can contact us

Calling us directly

When you call our main line (02920 694242), we collect Calling Line Identification (CLI) information. This is the phone number you are calling from (if it’s not withheld). We hold a log of the phone number, date, time and duration of the call, but do not audio-record the call itself. We hold this

information for 90 days.

We use this information to understand the demand for our services and to improve how we operate. We may also use the number to call you back if you have asked us to do so, if your call drops, or if there is a problem with the line. We may also use it to check how many calls we have received from it.

We don’t audio record any calls, but we might make notes.

We also hold statistical information about the calls we receive for a number of years, but this does not contain any personal data.

Emailing us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government guidance on email security. Most webmail such as Gmail and Hotmail use TLS by default.

We’ll also monitor any emails sent to us, including file attachments, for viruses or malicious software.

You must ensure that any email you send is within the bounds of the law.

Visitors to our website

Analytics

When you visit https://lowndesonline.co.uk, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.

Cookies

You can read more about how we use cookies on our Cookies page. We use a cookies tool on our website which relies on implied consent of users. In recognition of the fact that the implementation date for the revised e-Privacy Regulation remains unknown, we are taking reasonable steps now to align our use of cookies the standard of consent required by GDPR.

This means that we are in the process of updating the tool (Cookie Tool) which, by default, requires explicit opt in action by users of our website. This will apply to the non-necessary cookies. We will ensure any necessary cookies for functionality and security are marked so that they are not deleted by the tool.

The purpose for implementing all of the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.

Visitors to the office

We meet visitors at our office, including:

  • dignitaries;
  • external training providers;
  • job applicants;
  • suppliers and tradespeople;
  • stakeholders; and
  • organisations we may be interviewing about their processing.

If your visit is planned, we’ll send your name and visit information to reception before your visit so that they will be ready when you arrive.

If you arrive without an appointment, you maybe asked to wait a short time while we gather some personal data for verification.

We ask all visitors report to reception and show a form of ID. The ID is for verification purposes only, we only record this information if needed for regulatory money laundering purposes.

We have Wi-Fi on site for the use of visitors. We’ll provide you with the address and password, if it is turned on.

We record the device address and will automatically allocate you an IP address whilst on site. We also log traffic information in the form of sites visited, duration and date sent/received.

We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.

The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which

allows us to process personal data when its necessary for the purposes of our legitimate interests.

For information about how long we hold personal data, see our retention schedule.

2. Reason for contacting us

This section of the privacy notice provides information that is specific to your reason for contacting us.

Attend an appointment, seminar or workshop

Purpose and legal basis for processing

Our purpose for collectiAng this information is so we can facilitate the event and provide you with an acceptable service.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR. When we collect any information about dietary or access requirements we also need your consent (under article 9(2)(a)) as this type of information is classed as special category data.

What we need

If you wish to attend one of our events, you will be asked to provide your contact information including your organisation’s name and, if offered a place, information about any dietary requirements or access provisions you may need. We may also ask for payment if there is a charge to attend.

Why we need it

We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.

What we do with it

If you are not successful in securing a place, we’ll let you know and hold your details on a reserve list in case a place becomes available.

If you are allocated places at an event, we’ll ask for information about any dietary/access requirements.

We don’t share this information in any identifiable way with the venue, and we delete it after the event.

We don’t publish delegate lists for events.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We rely on your consent to process the personal data you give us to facilitate the event. This means you have the right to withdraw your consent at any time. If you do that, we’ll update our records immediately to reflect your wishes.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?

No

Register for a webinar or online meeting

Purpose and legal basis for processing

Our purpose for collecting this information is so we can facilitate the event or meeting and provide access to it.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.

What we need

If you wish to register for one of our webinars or online meetings, you will be asked to provide your contact information.

Why we need it

We use this information to facilitate the event or meeting and provide you with an acceptable service.

What we do with it

We’ll email you with the webinar or online meeting details before the event or meeting, and these are never recorded.

We don’t publish delegate lists for webinars

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We rely on your consent to process the personal data you give us to facilitate the webinar or online meeting. This means you have the right to withdraw your consent at any time. If you do that, we’ll update our records immediately to reflect your wishes.

For more information on your rights, please see ‘Your rights as an individual’

Do we use any data processors? No

Client Contact

Purpose and legal basis for processing

Our purpose for collecting the information is so we can provide you with a service and let you know about your next appointments.

The legal basis we rely on for processing your personal data is your consent under article 6(1)(a) of the GDPR.

What we need

You will be asked to provide your contact details.

Why we need it

We use your email address to send you our details of your products or about arranging an upcoming review appointment.

What we do with it

We only use your details to provide the service.

We’ll email you to make you aware that you are due an upcoming review appointment.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We rely on your consent to process the personal data you provide to us for marketing purposes. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. If you do that, we’ll update our records immediately to reflect your wishes.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors? No

Make an information request

Purpose and legal basis for processing

Our purpose for processing your personal data is so we can fulfil your information request to us.

The legal basis for this is article 6(1)(C) of the GDPR, which relates to processing necessary to comply with a legal obligation to which we are subject.

What we need and why we need it

We need information from you to respond to you and to locate the information you are looking for. This enables us to comply with our legal obligations under the legislation we are subject to:

  • General Data Protection Regulations (2016)
  • Data Protection Act (2018)
  • Freedom of Information Act (2000)
  • Environmental Information Regulations (2004)

What we do with it

When we receive a request from you, we’ll set up an electronic case file containing the details of your request. This normally includes your contact details and any other information you have given us. We’ll also store on this case file a copy of the information that falls within the scope of your request.

If you are making a request about your personal data, or are acting on behalf of someone making such a request, then we’ll ask for information to satisfy us of your identity. If it’s relevant, we’ll also ask for information to show you have authority to act on someone else’s behalf.

We’ll use the information supplied to us to process your information request and check on the level of service we provide.

If the request is about information we have received from another organisation – regarding a complaint, for example – we’ll routinely consult the organisation/s concerned to seek their view on disclosure of the material.

We compile and publish statistics showing information such as the number of requests we receive, but not in a form that identifies anyone.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?

No – we do not use data processors for the above.

Pay a Lowndes Halsden fee

Purpose and legal basis for processing

Our purpose for collecting personal data regarding the fee payment is so that we can communicate with you about the fee and any related issue.

The legal basis we rely on to process your personal data is article 6(1)(e) of the GDPR, which allows us to process personal data when this is necessary to perform our tasks.

What we need

If you are required to pay a fee, we need to take certain personal information from you, such as the name and contact details of the person who is responsible for paying the fee. We’ll also hold payment information including account details if you are paying via standing order.

Why we need it

We need contact information to send fee payment reminders and to raise any queries we may have about your payment.

What we do with it

We include some of the information you provide in a register of fee payers.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We process personal data contained in fee payments in our capacity as a regulator, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?

Yes – we use Cater Allen to take payments.

Make a complaint

Purpose and legal basis for processing

Our purpose is to investigate and take regulatory action in line with our regulated duties.

What we need

We need information from you to investigate your complaint properly, so our complaint reports are designed to prompt you to give us everything we need to understand what’s happened.

When we receive a complaint from you, we’ll set up a case file. This normally includes your contact details and any other information you have given us about the other parties in your complaint.

Why we need it

We need to know the details of your complaint so we can investigate it and fulfil our regulatory duties.

What we do with it

We will use your personal information to investigate your complaint and check on our level of service.

We compile and publish statistics showing information like the number of complaints we receive, but not in a form that identifies anyone.

No third parties have access to your personal information unless the law allows them to do so.

If you are acting on behalf of someone making a complaint, we’ll ask for information to satisfy us of your identity and if relevant, ask for information to show you have authority to act on someone else’s behalf.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We are acting in our official capacity to investigate your complaint, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’

Do we use any data processors?

No

Make an enquiry

Purpose and legal basis for processing

When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it.

What we need and why we need it

We need enough information from you to answer your enquiry. If you call us, we wont make an audio recording of it, but in certain circumstances we may make notes to provide you with a further service as required.

If you contact us via email or post, we’ll need a return address for response.

What we do with it

We’ll set up a case file on our case management system to record your enquiry and so we can get it to the correct area of the business to be dealt with. We’ll also keep a record of our response. We use the information supplied to us to deal with the enquiry and any subsequent issues that may arise, and to check on the level of service we provide.

How long we keep it

For information about how long we hold personal data, see our retention schedule.

What are your rights?

We are acting the capacity to respond to your enquiry, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors? No

Apply for a job

Purpose and legal basis for processing

Our purpose for processing this information is to assess your suitability for a role you have applied for.

The legal basis we rely on for processing your personal data is article 6(1)(b) of the GDPR, which relates to processing necessary to perform a contract or to take steps at your request, before entering a contract. The legal basis we rely on to process any information you provide as part of your application which is special category data, such as health, religious or ethnic information is article 9(2)(b) of the GDPR, which also relates to our obligations in employment and the safeguarding of your fundamental rights and article 9(2)(h) for assessing your work capacity as an employee. And Schedule 1 part 1(1) and (2)(a) and (b) of the DPA2018 which relates to processing for employment, the assessment of your working capacity and preventative or occupational medicine.

What will we do with the information you give us?

We’ll use all the information you provide during the recruitment process to progress your application with a view to offering you an employment contract with us, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide with any third parties for marketing purposes.

We’ll use the contact details you give us to contact you to progress your application. We’ll use the other information you provide to assess your suitability for the role.

What information do we ask for,and why?

We do not collect more information than we need to fulfil our stated purposes and will not keep it longer than necessary.

The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for but it may affect your application if you don’t.

Application stage

If you use our online application system, your details will be collected by a data processor on our behalf (please see below).

We ask you for your personal details including name and contact details. We’ll also ask you about previous experience, education, referees and for answers to questions relevant to the role. Our recruitment team will have access to all this information.

You will also be asked to provide equal opportunities information. This is not mandatory – if you don’t provide it, it won’t affect your application. We won’t make the information available to any staff outside our recruitment team, including hiring managers, in a way that can identify you. Any information you provide will be used to produce and monitor equal opportunities statistics.

Shortlisting

Our hiring managers shortlist applications for interview. They will not be provided with your name or contact details or with your equal opportunities information if you have provided it.

Assessments

We may ask you to participate in assessment days; complete tests or occupational personality profile questionnaires; attend an interview; or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held by us.

If you are unsuccessful after assessment for the role, we may ask if you would like your details retained in our talent pool. If you say yes, we would proactively contact you should any further suitable vacancies arise.

Conditional offer

If we make a conditional offer of employment, we’ll ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We must confirm the identity of our staff and their right to work in the United Kingdom, and seek assurance as to their trustworthiness, integrity and reliability.

You must therefore provide:

• proof of your identity – you will be asked to attend our office with original documents; we’ll take copies

• proof of your qualifications – you will be asked to attend our office with original documents; we’ll take

• a criminal records declaration to declare any unspent convictions

• your email address, which we’ll pass to the Government Recruitment Service, which will contact you to complete an application for a Basic Criminal Record check via the Disclosure and Barring Service, or Access NI, which will verify your declaration of unspent convictions.

• We’ll contact your referees, using the details you provide in your application, directly to obtain references

• We’ll also ask you to complete a questionnaire about your health to establish your fitness to work.

If we make a final offer, we’ll also ask you for the following:

• bank details – to process salary payments + pension if applicible.

• emergency contact details – so we know who to contact in case you have an emergency at work

After your start date

Some roles require a higher level of security clearance – this will be clear on the advert or job description (or both). If so, you will be asked to submit information to the FCA. The FCA will be the data controller for this information.

The FCA will tell us whether your application is successful or not. If it is not, we will not be told the reasons but we may need to review your suitability for the role or how you perform your duties.

Our Code of Conduct requires all staff to declare if they have any potential conflicts of interest. If you complete a declaration, the information will be held on your personnel file. You will also need to declare any secondary employment

How long is the information kept for?

For information about how long we hold personal data, see our retention schedule.

How we make decisions about recruitment

Final recruitment decisions are made by hiring managers and members of our recruitment team. We take account of all the information gathered during the application process.

You can ask about decisions on your application by speaking to the office manager Spencer Drew or by emailing SD@lowndesonline.co.uk

Your rights

As an individual, you have certain rights regarding your own personal data.

For more information on your rights, please see ‘Your rights as an individual’.

Do we use any data processors?

Yes – we use several processors to provide elements of our recruitment service for us.

We sometimes advertise through An Employment Website or Recruitment Agencies. They will collect the application information and may ask you to complete a work preference questionnaire that is used to assess your suitability for the role; the results are assessed by recruiters. Information collected by them will be kept for 12 months after the end of our agreement. Each website or agency will have their own privacy policy; Details of this can be obtained directly from them.