REVISION DATE NAME DESCRIPTION
1.0 01/07/2017 Mr S Shahi Original
1.1 07/12/2017 Mr M Corr Revised for GDPR
1.2 29/05/18 Mr M Corr Amendment regards data sharing to USA
Approved by board / management on: 12/12/2017
Policy became operational on: 13/12/2017
Next review date: 12/12/2018
White & Company plc know that your privacy is very important to you. When it comes to your information, we follow some straightforward principles. We aim to be clear about the data we collect and why.
All our employees who handle personal data have agreed to the terms of our Data Protection Policy (which can be found in the About Us section of our website) and have a responsibility to comply with it accordingly.
What personal data do we collect?
It is the nature of the services we provide that requires us to collect and process personal data. This will, at a minimum, include:
– Your name
– Your phone number and/or email address
– Origin and destination addresses
We may need to collect more personal data if it is necessary to the delivery of the service you have requested. For example, international moves may require us to collect an image of your passport.
If you don’t provide us with personal data, we’ll try to provide the service but it may be impossible.
(N.B. Please do not provide us with the personal data of anyone else without their permission, unless you have obtained the explicit consent from that person.)
How else we have obtained your personal data?
We may have purchased your data from a direct marketing firm who collect personal data from individuals who have consented to third party marketing communications. If you did not consent to third party marketing communications, then they may have collected your data from publicly accessible sources. For example, information on a property in the public domain includes whether it is ‘for sale’ or ‘sold subject to contract’.
In either case, you have, by law, the right to object to direct marketing. If you want to exercise this right, then please contact us on 01489 858362. We apologise for the inconvenience and will never contact you again with marketing communications.
How do we use your personal data?
We limit the use of personal data to ensuring we deliver the service you have requested. Furthermore, we retain your personal data only for as long as is necessary to deliver you this service. Under certain circumstances we will retain your personal data longer if it part of an accounting record which we are obliged by law to retain for 7 years. Where this is the case, your personal data will be archived. Records in an archived state means access to them is greatly restricted.
After that, unless we need it for a particular investigation, we securely destroy records your personal data is contained within in line with our retention schedule. Destruction of paper records is done securely and appropriately. For example, we securely shred paper records in line with the British Standard for secure destruction of confidential material (BS EN 15713).
To whom might we disclose your personal data?
If another organisation helps us to provide the service, we’ll also make your personal data available to them. If this involves transferring information to a country not recognised by the Information Commissioner’s Office as providing equivalent protection, we’ll use additional safeguards approved by UK or EU regulations.
We shall only disclose your personal data to third parties in circumstances that are necessary for delivering the service agreed with you. For example, we will disclose your personal data to our overseas partners who will be carrying out the destination services of your international move.
Importing or exporting to and from the USA
Where the service you book with, or is allocated to, White & Co plc includes importing or exporting your possessions into or via the U.S., U.S. Customs and Border Protection will legally obtain some of the shipper’s personal information. This information includes data elements such as the shipper’s name, address, passport number, and the name and address to which the shipment is consigned.
While this information is necessary for White & Co plc to deliver the service we provide, it is our duty to inform you of the risk that some of this information will be published by third party companies who have access to vessel manifests and household goods shipments.
Under current U.S. law, third-party companies can access and examine vessel manifests and summary statistical reports of imports and exports, including household goods shipments. These third-party companies can copy this information for publication and disseminate to entities that have purchased their services. Because of the potential threat of identity theft, this policy has obviously prompted complaints regarding privacy issues and U.S. Customs and Border Control has facilitated a method where an individual can request confidential treatment for your shipment. Unfortunately this must be done on an individual basis.
You can request confidentiality on your shipment by writing to the following:
Laurence E. Castelli – CBP Privacy Officer
U.S. Customs and Border Protection,
Regulations and Rulings,
Office of International Trade,
799 9th Street, NW, 7th Floor,
Washington, D.C. 20229
The letter should include your full name as it appears on your passport, your U.S. Social Security number (if applicable) or your passport number together with the delivery address in the United States. If you do not have a delivery address, you should use the following address as the company that will be handling delivery of your household goods and personal effects in the United States.
We have never and will never sell your personal data.
If there are attacks on our services, or other criminal activity, we may share information with the police or similar public body.
How do we secure your personal data?
Unfortunately, no data transmission over the internet or any other network can be guaranteed as 100% secure, but we take appropriate steps to try to protect the security of your personal data. For example, we encrypt all personal data disclosed to third parties. Likewise, White & Company plc servers and all data stored locally are protected by a hardware firewall that is preventing unauthorised intrusion into the network. Software solutions are also in place which constantly scan for malware and viruses on the network.
All staff are required to ensure that any paper files not in current use are stored in filing cabinets and locked at all times when offices are unoccupied. Any paper documentation containing personal data is shredded once it becomes superfluous.
Access to personal data is restricted to authorised users on a need-to-know basis.
In the event of a data breach involving your personal data which presents a high risk we will contact you immediately.
Inaccuracies and corrections
We would like to keep your personal data accurate and up to date. If you become aware of any errors, noted on our correspondence with you for example, then please let us know by phoning or emailing our Branch assigned to you.
How to contact us and exercise your rights?
Under the Data Protection Act 1998 you have certain rights over your personal data that we hold:
– To receive a copy of your personal data that we hold;
– To ask us to correct any errors; and
– To delete it once we no longer need it.
To contact us regarding those rights, or anything else in this data privacy statement, please write to our compliance officer, Matthew Corr, by email (email@example.com) or at our postal address below:
FAO Matthew Corr, White and Company, International House, Unit G, Bar End Ind. Est., Winchester SO23 9NP
If you don’t feel we’ve dealt with your request appropriately, you have the right to appeal to the Information Commissioner’s Office.
Links to other websites
What are cookies?
A cookie is a small file which asks permission to be placed on your computer’s hard drive. A cookie can’t read data off your hard disk or read cookie files created by other sites. Cookies do not damage your system; they allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than the personal data you choose to share with us.