Pastel is committed to protecting your privacy and complying with data protection regulations. Ensuring transparency of any data collection is important to us, as well as general security and the protection of information.
1. About us
At Pastel Holdings Ltd (Pastel) we believe in a people-first approach to delivering business solutions. To help us achieve this, we need to process varying amounts of personal data on our employees, contractors, business partners, suppliers, website visitors and members of the public.
Pastel is committed to protecting your privacy and complying with the UK Data Protection Act 2018, UK and the General Data Protection Regulation (collectively referred to as the UK GDPR). We will monitor and update this policy to reflect changes in these and all other relevant current and future data protection legislation.
Ensuring transparency of all and any data collection is important to us at Pastel. We will be open about what information we are collecting. Security at Pastel is paramount, and we believe in protecting the confidentiality and security of information we collect about you; this includes current and prospective clients and members of the public. This Privacy Notice is intended to bring to your attention our practices relating to the collection, processing and disclosure of personal information.
This notice is intended to inform those visitors, not directly employed by Pastel how we use their data, how we use personal data of employees is detailed within our internal Employee Privacy Notice. We may update this Privacy Notice from time to time, and any new Privacy Policy will automatically be effective when it is published on the website. You should therefore return here regularly to view our most up to date Privacy Policy. Feel free to print a copy for your records.
For the purposes of this Privacy Notice, the term “personal information” refers to personal information relating directly or indirectly to an identifiable person. Our website is owned and operated by Pastel Holdings Ltd; registered in England under company registration number 14672734. We are registered with the UK Information Commissioner's Office under registration number ZA149127.
2. Personal data we collect
To facilitate the interactions between us and your interest in Pastel, we may collect and process the following data about you:
- Personal data when you actively enquire about our services;
- Name, place of work, position, employer and qualifications;
- Contact information including telephone numbers, email address, social media account names;
- Postal address;
- Your interests and motives regarding our services, including customer enquiries and complaints;
- Relevant information in your day-to-day dealings with us;
- Electronic signatures when digitally signing documents;
- Your image on CCTV if you visit any of our offices or sites;
- Your device IP or MAC address, system/software name, location, date and time of interaction;
- The pages which you visit on our website and the method in which you found our website;
- Various information stored in third party cookies.
- Details of any consents you give such as with newsletter signups.
The information that is processed about you is dependent on the purpose and channel of your enquiry. This includes:
- Enquiries for more information about Pastel;
- A complaint; and,
- Job applications (see below).
Some of the information we collect about you may include your sensitive personal data as defined in the GDPR (please see section 5 below for more details).
When anyone visits our website, we also store information about the way you interact with our website through the use of cookies. This helps us to make sure it is the best possible experience for you. Find out more about the way we use cookies here.
Sharing your data with credit reference agencies:
In order to process your application, we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at experian.co.uk/crain.
4. How we collect your personal data
In the main, we will collect your personal data directly from yourself, however, your information may be received from third parties such as your employer, a personal representative or recruitment company. We may collect your personal data when you contact us through our website, by telephone, post, email or through any other means. Your image may be captured if you visit any of our sites or offices and if it is necessary to issue you with a temporary pass card.
We may use publicly accessible information to verify information we are provided with and to manage and expand our business.
5. Sensitive personal data
The GDPR provides a definition for special category data, more commonly referred to as “sensitive personal data”. This relates to information concerning an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, or details of criminal offences. In recruitment some sensitive data may be requested on a purely voluntary and anonymous basis for equality monitoring purposes.
6. How we use personal data for our lawful basis
We will use the information held about you for the purposes for which it was provided to us as stated at the point of collection (or as may be obvious in the context of collection).
Your personal data will be used by us in the following ways:
- To respond to your enquiries; To send you information you have requested;
- To facilitate the business relationship which we have;
- To enter into contractual obligations;
- To improve our business and the service we provide;
- To facilitate any interest in a career at Pastel and;
- For market research purposes;
- To deal with any lawful enquiries from an official statutory body.
We do not collect or compile personal data for release or sale to outside parties for consumer marketing purposes or host mailings on behalf of third parties. In order to process your personal data, we must have a lawful reason, the main lawful reasons Pastel utilise to process your personal information are:
- Your implied, or explicit consent which you may withdraw at any time;
- The performance of a contract with you for the provision of our services or to take preliminary steps at your request to enter into one;
- For us to fulfil our legal or regulatory obligations;
- For reasons of substantial public interest; or,
- The purposes of the legitimate interests pursued by us or by a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We consider that we have implemented sufficient checks and protections to ensure that your rights and interests are not unreasonably intruded on.
NB. You can object to processing on any of these bases at any time and, if you do so, we will stop processing the personal data unless we can show compelling legitimate grounds which override your rights and interests, or we need the data to establish, exercise or defend legal claims (see “Your rights” below).
7. Recruitment
If you apply to work with us, we will use the information you supply to process your application and to monitor recruitment statistics. We will remind you of these privacy terms if you apply for a job with us. For some positions we may ask some pre-qualification questions, such as do you have a driving licence, however no automated decision making takes place during the recruitment process.
Once a person has taken up employment with us, we will compile a file relating to their employment. At that stage we will give more details about how we hold employee data and we will expect the employee to sign up to additional privacy terms as part of their employment, employment is subject to satisfactory references.
During the recruitment process you will be invited to provide special category information about yourself including details of your religion, sexuality and ethnic origin. This is wholly voluntary and will purely be used for statistical purposes to assist with our equal opportunities ambition. For some positions you may be invited to take a psychometric test to assist us with our decision making, this is not mandatory and will be performed with your explicit consent.
If you apply to work with us through a third party, such as a recruitment agency, please also check their privacy policy before proceeding and please note, some recruitment websites utilise location services to offer you local vacancies, this information is held by the recruitment agency and not Pastel.
Pastel have an active social media presence. Pastel do utilise LinkedIn and other business networking channels to identify potential candidates and approaches to individuals via these channels will be undertaken in line with the platform terms of business.
We do not encourage unsolicited approaches either directly from individuals or from third parties, however, if an unsolicited approach is made please ensure all parties have read and understood this privacy policy.
We may retain details of candidates who may be of interest to us, either now or in the future, usually for a period of 12 months; on the anniversary of your application, you will be invited to extend the retention period further. We are happy to delete your information sooner, just contact us using the contact details below or email hello@pastelgroup.co.uk.
We may use third parties to consider potential hires. We may also verify details in your application and make what we consider to be reasonable and necessary background checks about you. These background checks may require a third party to contact you and obtain information.
8. Your rights
You have the following rights under the General Data Protection Regulation (GDPR):
Right to be informed
- You have the right to be informed about the collection and use of your personal data. There are a few circumstances when Pastel do not need to provide you with privacy information, such as if you have already given us information or if it would involve a disproportionate effort for us to provide it to you.
- Any information we will provide will be concise, transparent, intelligible, easily accessible, and it must use clear and plain language.
Right to access your personal data
You have the right to make a data subject access request (DSAR). Requests should be made to the Data Protection Officer. Contact details can be found in section 14.
Right to have your information corrected
- We take all reasonable steps to ensure that the information we have about you is accurate and where necessary kept up-to-date. If you think that the information, we hold is not accurate or up-to-date, please tell us as soon as possible and we will ensure it is corrected.
- Please let us know if the personal data that we hold about you needs to be updated by contacting us at hello@pastelgroup.co.uk or call us on 03300 538898.
Right to erasure
You have a right to have your personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances.
Right to restrict processing
- GDPR gives you the right to restrict the processing of your personal data in certain circumstances. This means that you can limit the way that Pastel uses your data. This is an alternative to requesting the erasure of your data.
- When processing is restricted, Pastel are permitted to store your personal data, but not use it.
Right to data portability
The right to data portability allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right does not apply to any information held by Pastel.
Right to object
You have the right to object to the following things:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
- Direct marketing
- Processing for purposes of scientific/historical research and statistics.
Rights related to automated decision-making including profiling
- Automated individual decision-making is a decision made by automated means without any human involvement.
- The GDPR restricts Pastel from making solely automated decisions, including those based on profiling, that have a legal or similarly significant effect on individuals.
Please note that these rights may be subject to some conditions and exceptions. To exercise any of these rights and make such a request, please use the contact details provided below.
You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office whose contact details can be found at the bottom of this notice or here: ico.org.uk
Marketing communications and social media
If you have given permission, we may contact you by mail, telephone and email about our products and services and invitations to events which may be of interest to you. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by clicking the “Unsubscribe” option in any of the marketing communications we send you or by contacting us by email or telephone. Pastel has a presence on social media including on Twitter and LinkedIn. You should view their privacy policies to understand how they may process your personal data. Please remember that when you share information publicly on the website, for example a comment on a blog post it may be indexable by search engines, including Google, which may mean that the information is made public.
9. Disclosure of your information
It may be necessary to disclose or share your personal data with either internal and external parties. We will only do this where it is strictly necessary for example in connection with our legitimate business activities, to enforce our policies, comply with our legal obligations or in the interests of security, public interest or law enforcement. For example, we may respond to a request by a law enforcement agency or regulatory or governmental authority. We may also disclose data in connection with actual or proposed litigation, or to protect our property, security, people and other rights or interests.
We share your information with third parties who help deliver our products and services to you. Examples include hosting our web servers, analysing data, providing marketing and legal assistance, access control services, CCTV monitoring and providing customer service. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose.
We may also share your personal data:
- With our delivery partners, such as contractors in order to fulfil our contractual obligations.
- With Pastel employees and agents to manage our relationship with you;
- With any third party with whom you have asked us to share your personal data. We will perform reasonable due-diligence on those parties to keep any personal information both confidential and secure and request that they use the information solely for the purposes of providing the specified services to us.
If we or any part of our organisation is sold, or some of its assets transferred to a third party, your personal information, as a valuable asset, may also be transferred to the acquirer, even if they are not in the same line of business as us. Our customer database could be sold separately from the rest of the business, in whole or in a number of parts. Potential purchasers and their advisors may have limited access to data as part of the sale process. However, use of your personal information will remain subject to this Privacy Policy. Similarly, your personal information may be passed on to a successor in interest in the unlikely event of a liquidation, bankruptcy or administration.
10. Cookies and other information-gathering technologies and links to other sites
Our website may, from time to time, contain links to other websites, mainly those of our partners and clients, but also those of other third parties. Please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before either agreeing to their terms or before you submit any personal data to these websites or use them.
To allow our site to operate we use cookies which are simply small text files placed on your computer when you visit this website. We also use Google Analytics to gather statistics on site usage and this is managed by way of consented cookies. There are more details in our cookie policy and Google’s own privacy policy. Google may aggregate data they collect from their various services including Google Analytics, Google Translate, Google Maps and YouTube. Pastel has no control over Google’s data collection. You should look at Google’s privacy policy for details of their data collection practices.
We shall ask for your permission before we use any non-essential cookies by way of our cookie banner when you first arrive at the site. If you have asked us to share data with third party sites (such as social media sites), their servers may not be secure. Note that, despite the measures taken by us and the third parties we engage, the internet is not secure. As a result, others may nevertheless unlawfully intercept or access private transmissions or data.
11. Security
We have put in place security measures that we consider to be reasonable to protect the security of your personal information and keep it confidential and to guard against unauthorised or unlawful processing of your personal data and against accidental loss or destruction of, or damage to, your personal data. We review these measures regularly to make sure they remain appropriate.
While no system is completely secure, we believe the measures implemented by Pastel reduce our vulnerability to security problems to a level appropriate to the type of data involved. We cannot guarantee the security of any third-party application you may use to transmit your data (for example, internet browsers).
12. How long we will keep your information
We will keep your personal information for at least as long as we have a relationship with you. When deciding how long to keep your personal information after our relationship with you has ended, we take into account our legal, regulatory and professional obligations.
As a rule, we will keep your personal information for as long as is necessary, including:
- To respond to any questions, complaints or claims made by you or on your behalf;
- To show that we treated you fairly;
- To keep records required by law.
Retention periods
Employee data:
- Employee files will be deleted, for legal purposes, no later than seven years after the employee leaves.
- Pension data and certificates for medical tests, for example, eye or hearing tests for legal purposes indefinitely.
Recruitment information:
-CVs and applications for unsuccessful candidates will be deleted no later than six months after the campaign, unless the candidate has consented to a longer retention period.
Client information:
-All client information will be kept to prove consents and in case of legal disputes seven years after the relationship ends or last activity.
Enquiries
Retained for two years - we retain for this period as often enquiries can take this period of time to come to fruition.
Financial Information
Tax records, payroll, etc - for legal purposes - seven years.
Analytics
Semi-anonymous analytical data for 25 years.
Email broadcasting
Semi-anonymous analytical data from email interaction for 25 years.
13. Where your information is processed
We endeavour to process your personal data within the UK, or EEA, however, any transfer of your data will be subject to a European Commission approved contract or agreement which will safeguard your privacy rights and give you remedies in the unlikely event of a security breach.
If we transfer your personal data outside of the UK or EEA, we will take steps to ensure that your privacy rights continue to be protected in compliance with applicable data protection law and this Privacy Policy.
14. Contact us
If you have any further questions about the way we manage your data, you wish to activate any of your rights, or have a complaint regarding our data protection practices you can contact the Pastel Protection Officer using any of the channels below.
Email: hello@pastelgroup.co.uk
Telephone: 03300 538898
Mail: Data Protection Officer, Pastel Holdings Ltd, Lymedale Business Centre, Hooters Hall Road, Newcastle-under-Lyme, ST5 9QF
Pastel Holdings Ltd is a public limited company registered in England under company registration number 14672734. Registered with the UK Information Commissioner's Office under registration number ZA149127.
Information Commissioner’s Details
Should you remain unsatisfied you can contact the appropriate data protection regulator listed below.
UK Information Commissioner: +44(0)303 123 1113 or visit the ICO website at ico.org.uk.
Did our fascinating policy make you think again about your needs? We thought so. Let's find the best solution for all your technology needs with our full range of business services.
