Privacy Policy

INTRODUCTION

Roots To Connection

This notice describes how Roots To Connection collects, uses and manages the information it holds about you, including how the information may be shared and how the confidentiality of personal information is maintained.

The “At a Glance” section contains some very important information that will help explain what information we process and why.

 

AT A GLANCE

 

1.1    When do we collect personal data about you?

 

When we refer to personal data in this notice, we mean information that can or has the potential to identify you as an individual. 

We will collect and process personal data about you at the following stages:

 

Stage	Description
Enquiry	When you enquire about a potential Product by visiting our website, speaking to us over the telephone.
Application	When you commit to buying any of our products from our website

 

1.2    What personal data may we collect from you and why?

Enquiry

We will largely rely on our ‘legitimate interests’ to process your personal data with the exception of those areas marked with an (*) below where we will require your ‘consent’.

 

Data Category	Reason for Processing
Personal Identifiers Contact Details Personal Information	To communicate with you regarding your initial enquiry
*Personal Identifiers *Contact Details Personal Information	To retain your personal information and to contact you regarding future career opportunities
Personal Identifiers Contact Details	Internal record keeping and administration

 

Contract

We will largely rely on ‘contractual necessity’ to process your personal data with the exception of those areas marked with an (#) below where we will rely on ‘legal obligation’

 

Data Category	Reason for Processing
Personal Identifiers Contact Details Personal Information Financial Information Employment Information Special Category Information Third Party Information	To carry out our obligations and benefits to you arising from any contract inc. reimbursements etc
Personal Identifiers Contact Details Personal Information Financial Information Special Category Data Third Party Information Other Information	For internal audit and accounting purposes together with the preparation and review of management information
#Personal Identifiers #Contact Details	To comply with legal and other requirements, record-keeping and reporting obligations, physical access policies, conducting audits, management and resolution of health and safety matters, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures

 Your decision to provide any personal data described above to us is voluntary.  In addition, we will only contact third party referees if you give consent for us to do so.  If you chose not to provide any of the personal data requested, or do not consent to us contacting third party referees regarding your application, our ability to consider you as a candidate may be limited. 

FURTHER DETAILED INFORMATION

1.3    Data sharing and transfers

 

• organisations providing IT systems support and hosting in relation to the IT systems on which your information is stored
• third party service providers who perform services on our behalf based on our instructions, for instance, for the purposes of storage of information and confidential destruction.  We do not authorise these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with applicable legal obligations.

 

Where a third-party data processor is used, we ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.

Perfect Piece Suffolk may also disclose your personal data (ii) if it is required to do so by law or legal process, or (iii) in response to lawful requests from public authorities, including to meet national security, public interest or law enforcement requirements.  Roots To Connection also reserves the right to transfer Personal Data in the event of an audit or if the company sells or transfers all or a portion of its business or assets (including in the event of a merger, acquisition, joint venture, reorganization, dissolution or liquidation).

1.4    Third Country Data Transfer

 

Due to the global nature of our operations, we may transfer the personal data we collect about you to recipients in countries other than the country in which the information originally was collected.  For example, we may disclose your personal data Inc in the U.S. Access to your personal data will be limited to individuals who have a need to know the information for the purposes described in this Notice, and may include personnel in the HR, IT, compliance, legal, finance, accounting and internal audit, marketing and risk management functions.

Where we transfer your personal data to a country which may not have the same data protection laws as the country in which you initially provided the information (such as the U.S.), we will protect that information as described in this Privacy Notice and will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries other than the one in which you provided the information. Your information will also be transferred to our third-party service providers in the U.S. We have implemented appropriate safeguards to ensure an adequate level of data protection, including by concluding data transfer agreements incorporating the European Commission’s Standard Contractual Clauses under Article 46 of the EU General Data Protection Regulation (GDPR). You may contact the Data Protection Officer as indicated below to obtain further information on the transfer mechanism. 

1.5    How we protect your personal data

 We maintain appropriate technical and organisational measures designed to protect your personal data against loss or accidental, unlawful or unauthorised, alteration, access, disclosure or use.

1.6    Retention period

 We retain personal information for as long as we reasonably require it for legal and business purposes. In determining data retention periods, Perfect Piece Suffolk also takes into consideration local laws, relevant regulations and contractual obligations.

1.7    Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights: 

•   Right of access – you have the right to request a copy of the information that we hold about you.  Sunrise reserves the right to charge a reasonable fee based on our administration costs where further copies are requested.
•   Right of rectification – you have the right to correct data that we hold about you that is inaccurate or incomplete.
•   Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
•   Right to restriction of processing – where certain conditions apply you have the right to request that we restrict the processing.
•   Right of portability – in certain circumstances you have the right to have the data we hold about you transferred to another organisation.
•   Right to object – you have the right to object to certain types of processing such as direct marketing.
•   Right to object to automated processing and profiling

 All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data. 

If you would like to exercise any of your data subject rights, please contact us using one of the methods highlighted below.

1.8    Contact Information

 

Please contact us if you have any questions about our privacy notice or information we hold about you:

• By email at sales@rootstoconnection.com
• By writing to us at Data Protection Officer, Roots To Connection, Magnolia, Borley Green Woolpit, Bury St Edmunds, Suffolk, IP30 9RW

1.9    Complaints

 In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in 1.3 & 1.4 above) please contact the data protection officer at the address detailed above. 

If you are not satisfied with how your complaint has been handled you have the right to lodge a complaint directly with the supervisory authority at the Information Commissioner's Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF. Tel 0303 123 1113 or 01625 5457

 

1.11    Glossary

 Consent

In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities.
 Article 4 of the GDPR states that (opt-in) consent is "any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her." In plain language, this means that:

• you have to give us your consent freely;
• you have to know what you are consenting to;
• you should have choice over which processing activities you consent to and which you don’t; and
• you need to take positive and affirmative action in giving us your consent

 We will keep records of the consents that we have received from you. 

You have the right to withdraw your consent to these activities. You can do so at any time, and details of how to do so can be found in section 1.8

Contractual necessity

Article 6 of the GDPR states that we can process your data on the basis that such processing is necessary in order to enter into or perform a contract with you. 

The "contractual performance" lawful basis permits the processing of personal data in two different scenarios:

• Situations in which processing is necessary for the performance of a contract to which you, the data subject, is a party. 

Compliance with legal obligations

Article 6 of the GDPR states that we can process your data on the basis that the we have a legal obligation to perform such processing.  Processing is permitted if it is necessary for compliance with a legal obligation.

Legitimate Interests

Article 6 of the GDPR states that we can process your data where it is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of you which require protection of personal data.