Data Privacy Statement

Data Privacy Statement

White & Company plc

DATA PRIVACY STATEMENT WHITEANDCOMPANY.CO.UK LOGO
REVISION HISTORY

REVISION      DATE                NAME                DESCRIPTION
1.0                   13/12/2017    Mr M Corr         Original draft
1.1                    04/06/2018  Mr M Corr        Updated to include data sharing to USA
1.2                    29/05/18       Mr M Corr        Updated in line with industry guidance

Approved by Ian Palmer on: 30/05/2018
Document became operational on: 13/12/2017
Next review date: December 2019

Introduction

White & Company takes your privacy very seriously. This Data Privacy Statement describes White & Company’s policy regarding the collection and use of personal data and sets forth your privacy rights.

We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Data Privacy Statement as we undertake new information security practices or adopt new privacy policies.

We are a registered ‘data controller’ with the Information Commissioner’s Office (registration number ZA458951).

What we need to know about you and how we use that information

The services we provide require your personal information. Exactly what personal information we require varies on the service. However, we require a minimum of specific personal information in all cases. This typically includes:
•The full name for a point of contact;
•An email address and/or phone number; and
•The collection and/or delivery addresses.
Other personal information we will collect includes:
•Financial information (e.g. payment card information).
Typically, payment card information is provided directly by customers, either in person or via phone call, and entered into a PCI/DSS-compliant payment processing service. White & Company does not, itself, process or store payment card information.
•Data collected by our website (e.g. web form submissions).
White & Company’s website collects personal information submitted through its enquiry web form. It also collects certain information automatically and stores it in log files, for example internet protocol (IP) addresses. We use this information to help us design our site to better suit our users’ needs.

Our website is maintained by Futurenet Publishing with whom White & Company has a Data Processing Agreement. Futurenet Publishing only handles personal data collected from White & Company’s website at our instruction.

Please note that White & Company’s website uses Google Analytics. Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. A cookie is a small file which asks permission to be placed on your computer’s hard drive. A cookie can’t read data off your hard drive or read cookie files created by other websites. Cookies do not damage your system; they allow web applications to respond to you as an individual. A cookie in no way gives us access to your computer or any information about you, other than personal data you choose to share with us.

The information generated by cookies about your use of White & Company’s website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purposes of evaluating your website activity and internet usage, compiling reports on website activity for website operators and providing other services relating to website activity usage.

•Lead generation.
We purchase information about properties on the market from a lead generation company, TwentyCi. TwentyCi collects address information both directly from individuals and publicly available sources, for example, information about a property in the public domain includes whether it is ‘for sale’ or ‘sold subject to contract’.

Sharing information with our Partners

Often the services we provide involve a national or transnational supply chain, such as overseas removals. Where one of our Partners helps us to complete a service, we share only the personal information they need. If this involves transferring information to a country not recognised by the Information Commissioner’s Office as providing equivalent protection, we’ll use additional safeguards where required.

Where the service you book with, or is allocated to, White & Company includes importing or exporting your possessions into or via the United States, U.S. Customs and Border Protection (CBP) will legally obtain the Vessel Manifest. This document includes some of the shipper’s personal information, for example, the name and address to which the shipment is consigned and their passport number.

Being a responsible ‘data controller’, it is our duty to inform you of the risk that some of this information may be published by third party companies who have access to Vessel Manifests. You can mitigate this risk, and we recommend you do so, by completing the IAM’s Vessel Manifest Confidentiality Request Form. By completing this form you are requesting that your shipment, and you as the shipper, is kept confidential by the CBP.

Securing your personal information

The on-premise servers on which we store personal information are kept in a secure environment protected by a hardware firewall which prevents unauthorised access. Where we transmit sensitive personal information online we use encryption to preserve its integrity and confidentiality.

All our staff use two-factor authentication and only employees who need specific personal information to perform a specific task (for example, billing or customer service) are granted access to that personal information.
We will securely store your personal information for the duration of the service. Where we are legally obliged, personal information is securely stored longer, for example, invoices are retained beyond the duration of the service.

When it is no longer necessary for White & Company to retain personal information, we securely erase and shred hardcopies.

Your privacy choices and rights

Here are your privacy choices:
•You can choose to not provide us with personal information, in which case we will try to provide the service but it may be impossible.

•You can reject the use of cookies while browsing our website.

Here are your rights:

•You can access the personal information we hold about you.
•You can make us correct any of this personal information if it is inaccurate.
•You can object to receiving our direct marketing communications. You can do this by contacting us at compliance@whiteandcompany.co.uk.
•You can ask us to erase the personal information about you we hold and which is no longer necessary to delivering the service for you.
•You can complain about our handling of your personal information to the Information Commissioner’s Office. (Please tell us first, so we have a chance to address your concerns.)

Contact us

If you are a customer and wish to exercise your rights, please contact the Branch and Department you have been speaking with. If you prefer, you can contact us at compliance@whiteandcompany.co.uk or write to us at:
FAO Compliance
White & Company
International House, Unit G
Bar End Ind. Est.
Winchester
SO23 9NP
If you don’t feel we’ve dealt with your request appropriately you have the right to lodge an appeal with the Information Commissioner’s Office.