Privacy Policy

​This Privacy Notice tells you what to expect in relation to ‘Personal Data’ (or ‘personal information’) about you, which is collected, handled, processed and stored by us. The processing of Personal Data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”). The term 'Corton Ridge, 'we' or 'us' refers to the owner of the website, Corton Ridge Limited.

​

​We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

​

​In summary, what is the GDPR and our Data Privacy Policy all about?

​

The law requires that eight data protection principles are followed in the handling of personal data. 

​

These are that personal data must be:

1. Fairly, transparently and lawfully processed.

2. Obtained and processed for limited purposes and not in any manner incompatible with those purposes.

3. Adequate, relevant and limited to only data that is necessary to perform the purpose for which it was obtained.

4. Accurate and up to date.

5. Not kept for longer than is necessary.

6. Processed in accordance with the data subject's rights.

7. Secure.

8. Not transferred outside of the EEA or between countries without adequate protection.

 

We are committed to following these principles and will be open and transparent about the purposes for which we will use your data.

​

Who are we?

Corton Ridge Limited is the data controller and is registered with the UK Information Commissioner's Office (Registration Ref: A8428354). The data controller decides how your personal data is collected, handled, processed and stored, and for what purposes. If any of your personal information changes, you believe that any of the information we hold is incorrect or you have any queries with regard to your personal information or our data protection policies and procedures, then please contact us 

​

​What is Personal Data?

‘Personal Data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is anyone who can be identified, directly or indirectly from that data.  Identification can be by the information alone or in combination with other information that is within our possession, control or from other information to which we legally have access to.

​

What is the legal basis for processing your Personal Data?

All Personal Data that we process, will be in accordance with one or more of the following legal basis’:

• Consent from the individual (or someone authorised to consent on their behalf).

• Where it is necessary in connection with a contract between us and an individual or an individual that is authorised to represent a non-natural person with whom we have a contractual relationship.

• Where it is necessary because of a legal obligation – if the law says you must, you must.

• Where it is necessary in an emergency, to protect an individual’s ‘vital interests’.

• Where it involves the exercise of a public function – i.e. most activities of most government, local government and other public bodies.

• Where it is necessary in our legitimate interests, as long as these are not outweighed by the interests of the individual.

 

How do we protect your Personal Data?

​We protect your Personal Data, and complies with its obligations under the GDPR, by:

​

• keeping Personal Data up to date;

• only storing information in secure locations;

• destroying information that is no longer relevant;

• not collecting or retaining unnecessary or excessive amounts of data;

• protecting Personal Data from loss, misuse, unauthorised access and disclosure;

• ensuring that appropriate technical measures are in place to protect Personal Data.

• ensuring that we undertake suitable due diligence checks on 3rd parties who have a legal basis for Processing Personal Data.

 

Please note that we have a legal obligation under GDPR, that we must notify any data breach to the controller without undue delay. We therefore have processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller.

​

What personal information do we collect and what do we use your Personal Information for?

 

​1/ We use Cookies (Cookies are small pieces of data stored on a site visitor's browser,) which are primarily used to keep track of visitors site movements and actions on the site, this is to provide users with the most relevant browsing experience and to measure site performance. This can include your IP address and browser data.

​

​There are two types of Cookies that we use on this site:

• ​Session (Transient) cookies: These cookies are erased when you close your browser, and do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.

• Persistent (Permanent or Stored) cookies: These cookies are stored on your hard drive until they expire (i.e. they are based on a set expiration date) or until you delete them. These cookies are used to collect identifying information about the user, such as Web surfing behavior or user preferences for a specific site.​

 

2/ We also collect personal information (for example your name and email address) when you contact us so that we can address your request or query and provide you with information, news, events and activities that is relevant to the goods or services that we are contractually providing to you or consuming from you;

• provide you with news, events and activities, for which you have consented to us to do so

 

​How do we communicate with our site visitors?

We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages.

​

Who else has access to your Personal Data?

In order to provide you with the services that you require, there are a number of other parties who may need to process your Personal Data:

​

• ​​Our website is hosted and managed by Corton Ridge Limited ("CRL"), however other wholly-owned companies of CRL, form the Corton Ridge Group, and in order to provide the services that you require, Personal Data may need to be securely exchanged between the group companies. All Personal Data held by group companies, is processed strictly in accordance with this Privacy Policy.

​

• 3rd parties, based upon our ‘legitimate interests’ as a business, examples may include, data centres that securely store your information, credit referencing agencies, payment gateways etc that require relevant personal data in order to fulfil, on our behalf, our obligations to you, however we do not directly collect or retain any personal payment details e.g. payment details. 

 

• Any statutory, governmental or regulatory body that requests Personal Data and that we are obliged by Law or regulation, to provide.

 

• 3rd party Institutions which you may have entered into a contract with, whilst in the course of your engagement with us, You should be aware that the 3rd party will become the ‘data controller’ of any of the Personal Data that is provided to them either by you or by us, with your consent, however if your engagement with us were to end, this would not end your engagement with the 3rd party.​

 

​Further processing?

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

​

How long do we keep your personal data?

We keep your personal data for no longer than reasonably necessary, however there are circumstances when we may retain Personal Data for a longer period:

• where we have a statutory or regulatory obligation to retain the Personal Data;

• to ensure that our business is properly run in an efficient and compliant manner

​

What are your rights?

Unless subject to an exemption under the GDPR, you have the following rights in respect to your Personal

Data: -

• to request a copy of your personal data which we hold about you (Access);

• to request that we correct any personal data if it is found to be inaccurate or out of date (Recification);

• to request your personal data is erased, unless there is a legitimate reason for us not to comply (we will always provide you with more details about your Rights in our response to your request) (Erasure – ‘Right to be forgotten’);

• to transmit that data directly to another data controller, (Portability);

• to lodge a complaint with the Information Commissioners Office.

If you wish to exercise any of your rights, please contact us

​