Privacy, Security and Cookies Policy
- Introduction and General Terms
In order to provide you with a full range of services, we are sometimes required to collect information about you.
Occasionally our website and blogs contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies, including cookies, and we urge you to review them. They will govern the use of personal information you submit or are collected by cookies whilst visiting these other websites. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
- What information will The Green Cow Co. collect about me?
When you register for an online account with us we may ask for personal information about you. This can consist of information such as your name, email address, postal address, telephone or mobile number. Different web-pages may ask for different personal information.
By entering your details in the fields requested, you enable The Green Cow Co. to provide you with the services and products you select. In fact, some services cannot be provided without some of the details mentioned.
IP addresses are used to identify the location of users, the number of visits from different countries and also to block disruptive use; and to analyse and improve the services offered on our website. e.g. to provide you with the most user-friendly navigation experience.
- How will The Green Cow Co. use the information they collect about me?
We will use your personal information for a number of purposes including the following:
For providing services to you in the way of delivering goods to your address.
Replying to your enquiries and requests.
Sending emails to you regarding changes to our services, products, prices or delivery schedule.
Sending automated electronic communications relating to your account, such as your bill or payment reminder.
Including you in occasional prize draws or other reward-based events run by ourselves.
Where we propose using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for your use other than as listed above.
- When will The Green Cow Co. contact me?
The Green Cow Co. may contact you:
In relation to the order you have placed on the website to ensure that we can deliver the services to you;
When we need to request payment for goods or services provided;
Where you have opted to receive further correspondence;
When we need to advise you of changes to prices or terms of service or delivery days.
- Will I be contacted for marketing purposes?
The Green Cow Co. won’t contact you for general marketing purposes, or promote new or a third party’s services to you unless you specifically agree to be contacted for these purposes.
We may occasionally contact you with news or information about the products you already buy from us (dairy goods and groceries) if the price or product is changing. If you do not wish to be contacted about these please let us know by email.
- Will The Green Cow Co. share my personal information with anyone else?
We will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies).
8. New GDPR Guidelines
The Green Cow Co. collect and hold a range of data including:
Customer full name including title
Customer full address including postal code
Customer mobile telephone number
Customer home telephone number
Customer email address
Customer holiday information
Customer account numbers
Customer sort codes
Customer bank address
It is your right at any time to request the information that we hold on your account, make any alterations to the information we have on your account and also to have this information permanently erased. The Green Cow Co. has the capability to ensure the safe and correct disposal of any sensitive information that we hold. Requests for information will be dealt with in a timely fashion and well within the new GDPR guidelines of 28 days. Information will be provided in a clear, understandable and transparent format that is widely accessible and may be provided in printed form upon request. Requests for access to the information we hold may be made either in writing or verbally. It is a legal requirement that access to data may only be provided upon proof of the identity of the persons requesting it.
Right to erasure including retention and disposal. Individuals have the right to be forgotten and request erasure when deliveries have ceased and are no longer required as long as the account has been settled and there are no outstanding balances. Individuals also have the right to be forgotten and request erasure if data has been collected unlawfully or unlawfully processed. Individuals may request to be forgotten either verbally or in writing. The Green Cow Co. will carry out ID verification before any request to be forgotten is processed. The Green Cow Co. will respond to any request to be forgotten within the 28 days GDPR timescale. The Green Cow Co. may refuse a request to be forgotten if there is a need to exercise or defend a legal claim or if the information is required for statistical purposes
The right to limit the processing of your data. Individuals have a right to block or restrict the processing of their personal data. When processing is restricted, we are permitted to store the personal data, but not further process it. We can retain just enough information about the individual to ensure that the restriction is respected in the future. A restriction may be placed on your account either in writing or verbally however checks will be made to ensure proof of identity.
Right to Data Portability – The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services. They can receive personal data or easily move, copy or transfer that data from one business to another in a safe and secure way. The Green Cow Co. has systems enabling the secure transfer, copy or movement of personal data via CSV file. The Green Cow Co. is able to provide CSV file data free of charge and can transfer the data directly to another business if required. Requests for data porting may be made verbally or in writing however reasonable measures will be taken to ensure customer identity. Requests will be dealt with within the recommended GDPR timescale of one month from receipt of the request.
The Right to Object – Individuals have a right to object to the processing of their personal data in certain circumstances. The Green Cow Co. does not and does not intend to share or distribute data with any third party. Data will only be used by The Green Cow Co. for the purposes of providing a service and as such, the right to object is overall not needed. However, if the individual feels their data has been processed outside of their legitimate interest, The Green Cow Co. will cease processing that data immediately and investigate further. Requests for objection may be made verbally or in writing however reasonable measures will be taken to ensure the personal identity of the individual. Requests will be dealt with within the recommended GDPR timescale of one month from receipt of the request.
Rights related to automated decision making including profiling – The Green Cow Co. has identified that none of its processing operations constitutes automated decision making and has, therefore, included no additional procedures. The GDPR defines profiling as any form of automated processing intended to evaluate certain personal aspects of an individual, in particular, to analyse or predict their: * performance at work; * economic situation; * health; * personal preferences; * reliability; * behaviour; * location; or * movements. If an individual disagrees with The Green Cow Co.’s decision on this matter contact must be made immediately either verbally or in writing, reasonable measures will be taken to ensure personal identity. Requests will be dealt with within the recommended GDPR timescale of one month from receipt of the request.
The Green Cow Co. does not use any outside of third party processor and therefore it is not applicable at this time to ensure a contract is in place for these purposes. If however in future a third party processor was required, The Green Cow Co. would only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected.
The Green Cow Co. management has carefully considered and assessed the type and sensitivity of the data that it holds and has concluded that internal technical measures are sufficient to protect the data that the company holds on its client base. For instance, all basic information is encrypted with passwords only accessible by senior members of staff or those with GDPR training. Complex data such as account details and signatures are filed under pseudonyms in physical form away from normal day to day paperwork, these documents are again only accessible by required senior members of staff and those that are GDPR trained.
The Green Cow Co. recognises the importance of Data Protection Impact Assessments (DPIA’s) and should the business begin a large scale project involving personal data, it has the means and knowledge to perform a DPIA beforehand to identify and reduce any risk to that data. DPIA’s would be carried out locally and independently, it has been decided who within the company would carry out the DPIA and who else needs to be involved. This process has been linked to the existing risk management strategy.
The Green Cow Co. has concluded that a specified Data Protection Officer (DPO) is not required for the purposes of the GDPR however for the purposes of the following:
inform and advise the organisation and its employees about their obligations to comply with the GDPR and other data protection laws; * monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, awareness-raising and training of staff and conducting internal audits; * advise on and monitor data protection impact assessments; * act as the contact point for, and to cooperate with the ICO, and to consult on any data protection matter; and * be the contact point for individuals whose data is processed (employees, customers etc).
All parties involved in the compliance of The Green Cow Co. promote a positive attitude towards the GDPR and encourage all members of staff to exercise good data protection practices. It is stressed to all staff members the importance of the GDPR and the response has been excellent.
A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. The Green Cow Co. systems are manned 24hrs by security software both by The Green Cow Co. itself and by a partner. The Green Cow Co. recognises the requirement to notify the ICO within 72 hours of becoming aware of a data breach unless it is non-notifiable due to it being unlikely to result in a risk to the rights and freedoms of individuals. Upon recognising a data breach, The Green Cow Co. would immediately launch a full investigation and should provide information to the ICO as soon as it becomes available. The Green Cow Co. has offered training to all staff members required to handle personal data and all fully understand what constitutes a personal data breach, and that this is more than a loss of personal data.
The Green Cow Co. does not engage in ANY International transfers of any kind and this section is not applicable.