Who we are and why we care about our customers’ data
MT Cashell & Sons Ltd is a private company registered in England and Wales, company number 4603321. Our registered office address is MT Cashell & Sons Ltd, 53 High Street, Crickhowell, Powys NP8 1BD.
We are committed to maintaining customers’ trust and confidence and we take your privacy very seriously. This policy explains how we collect, store and handle your personal data. For the purpose of this document, the data controller of the information you provide to us is MT Cashell & Sons Ltd (referred to in this policy as “we” or “us”). The term “data controller” is a legal phrase used to describe the person or entity that controls the way information is used and processed.
The purpose of this policy is to:
• set out the types of personal data that we collect
• explain how and why we collect and use your personal data
• explain when and why we will share personal data and with other organisations
• explain the rights and choices you have when it comes to your personal data.
This policy applies to you if your use our services. This means:
• shopping with us online, instore, over the phone or where this policy is posted
• taking part in promotions and competitions
• contacting us with a query or feedback about any of our services
• entering our recruitment process
• visiting our premises.
Information we hold about you and who we share it with
General personal data
When you use our services, you may provide us with your personal details, including your full name, billing and shipping addresses (including multiple gift delivery addresses if you choose this option), email addresses, phone numbers and date of birth and title.
We may share your personal data with other organisations (which are specific to the product/service you are receiving as listed above), as well as some general core service providers such as IT/Security companies or similar. We will only send our service providers the personal data that they need to fulfil their service to us.
In addition to this we may also share your personal data in the following circumstances:
• if the law or a public authority says we must share your data
• if we need to share personal data in order to establish, exercise or defend our legal rights and property
• as part of the purchase, merger or reorganisation of the business. The organisation (or any other successors in title to our business) can receive your personal data and use it in the same way as us.
Additional personal data (by service)
In addition to the above, you may also provide the specific information required for the services listed below. This information may be shared with the respective third parties (also listed below).
When you enter our recruitment process, we may collect:
• job position applied for
• home address
• details on your education & qualifications
• previous & current employment details (including pay)
• health information (see additional notes under “Special Category Data”)
• driving licence and conviction information (see additional notes under “Special Category Data”)
• the contact details of your references
• your signature
• other information as provided within your CV (if applicable).
This information may be shared with: Your listed references, the Food Safety Standards Agency and the Local Authority.
When you use our website, we may collect:
• information about your online purchases (for example, what you have bought, when and where you bought it and how you paid for it)
• information about your online browsing behaviour on our website
• information about any devices you have used to access our services (including the make, model and operating system, IP address, browser type and mobile device identifiers).
This information may be shared with: our website developers, Google Analytics, our chosen payment service provider (such as Worldpay or similar) and our chosen courier company.
When you shop with us instore or over the phone we may collect:
• transaction information, including the purchases you pre-order
• method of payment
• dietary information
• CCTV images.
This information may be shared with our chosen courier company.
When you place a Click & Collect order, we may collect:
• collection time/date
• name and address
• telephone number.
When you take part in promotions and competitions we may collect:
• circumstantial personal data specific to the promotion/competition format. For example you may be asked to share an image, make a comment or give feedback.
This information may be shared with: our chosen courier company.
When you contact us with a query (or if we contact you) or when you take part in surveys or questionnaires about our services, we may collect:
• circumstantial personal data you provide about yourself in relation to the query
• your feedback and contributions to customer surveys and questionnaires.
What we use your info formation and our legal basis for doing so
We use the personal information we hold about you for a number of different purposes:
• to enable you to order/purchase our products and access our services
• to enable us to fulfil those orders and provide you with progress updates throughout
• to enable us to provide you with the products and services you have purchased with the highest possible level of customer service
• to manage any account you have registered with us, including your preferences for marketing communications
• to carry out market research to better understand your views on our products and services
• to manage and improve our day-to-day operations
• to carry out internal research to improve the range of products offered and associated products and services we can offer you, and to help identify new products and services we may wish to offer in the future
• to enable us to present you with personalised communications
• to manage promotions, competitions and any other marketing activity you may take part in
• to verify your identity
• to detect and prevent fraud and other illegal activities (and to assist regulators, trade bodies and law-enforcement agencies in relation to the same)
• to comply with the law.
Our legal basis for processing your personal information for the purposes described above will typically be one of the following:
- Contract: it is necessary for us to process your personal information to perform a contract to which you are a party, or to take steps at your request prior to you entering into a contract.
- Consent: you have consented to us using your personal information for this purpose (for example, when you create an account with us, agree to receive marketing emails from us or create an alert). You can withdraw your consent at any time by deleting the information from your account or updating your marketing preferences.
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
- Vital interests: the processing is necessary to protect someone’s life.
- Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect you the individual’s personal data which overrides those legitimate interests.
Special category personal data
We use the special category personal data we hold about you for a number of different purposes, which we list below. Data protection law prohibits us from processing any special category personal data unless we have a valid legal basis for using your personal information (as listed above) and additionally, can also satisfy at least one of the specific special category data processing conditions laid down by data protection law, as set out below.
We will also use the special category personal data we hold about you for the following reasons:
• to comply with and demonstrate compliance with best practice and any applicable laws
• to comply and demonstrate compliance with any regulatory requirements such as the Food Standard Agencies “Regulatory Guidance and Best Practice Advice for Food Business Operators”
In these cases, the condition(s) we rely upon for processing the information is that:
• the processing is necessary for reasons of public interest in the area of public health
• the processing is necessary for the establishment, exercise or defence of legal claims.
We will not otherwise process your sensitive or special category information unless you have given us explicit consent to do so.
Protection of your personal data
We know how important it is to securely store, protect and manage your personal data. We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. To ensure internal confidentiality we only authorise access to employees who need it to carry out their job responsibilities. We use full login and password controls on our computer systems. We are are also fully PCI compliant in terms of credit card security.
In return, we ask that you keep secure the user name and password you have chosen to use on our website.
Storing your personal information
We may transfer, store or process your personal information outside of the European Economic Area (“EEA”). The laws in some countries may not provide as much legal protection for your personal information as in the EEA. By submitting your personal information, you agree to this transfer, storing or processing. Where we use service providers outside the EEA, we rely on approved data transfer mechanisms (for example, the EU Standard Contractual Clauses and the EU-US Privacy Shield) to ensure that your personal information is adequately safeguarded in the recipient country.
Unfortunately, transmission of information over the internet is not completely secure. We will do our best to protect your personal information, but we cannot guarantee its security and any transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to try to prevent unauthorised access.
We keep your personal information for as long as is necessary for the purposes for which it is processed. These periods vary depending on the nature of the information and your interactions with us. You can delete your Cashells account at any time using the account settings page.
If you choose to subscribe to our newsletter we will occasionally contact you by email to advise you about our products, events and promotions. However, we will never inundate you with messages. If you no longer wish to be contacted, you can unsubscribe in one click from a link at the bottom of the e-newsletter, or contact us direct by phone or email.
External links within our website
We use additional cookies to allow users to log into their accounts and ensure that logged-in users can access their account information. These cookies expire after 24 hours.
If you want to disable cookies you will need to change your website browser settings. How you do this will depend on your browser. You can find details for your specific version through Google. Disabling cookies will affect how well the website operates. If you only disable third-party cookies you will not be prevented from making purchases on this site. But if you disable all cookies you will be unable to complete a purchase on this site.
Social media platforms
Communication, engagement or any other action taken through external social media platforms that this website and its owners participate on are subject to the terms and conditions, as well as the privacy policies, held with each social media platform respectively. Users are advised to use social media platforms wisely and with due diligence in regard to their own privacy and personal details.
Competitions on social media platforms
From time to time we may run promotions/competitions via our social media platforms. Users entering such activities will have their public screen name shared and will be contacted via the social media platform in question for the sole purpose of notifying the winner. Each promotion/competition will be served with its own terms and conditions. The data we collect for this purpose is outlined above under “Additional Personal Data (by service)”.
We collect information during the recruitment process – see above under “Additional Personal Data (by service)” – in order to carry out the necessary processing required for recruitment under the legal basis of legitimate interests. This information will be used for recruitment purposes only within our business.
If your application for employment is successful, any personal data gathered during the recruitment process will be transferred to your Human Resources file and retained for the duration of your employment (and in some cases beyond). Please ask us for more details.
If your application for employment is unsuccessful, we will hold your data on file for (up to) four weeks after the end of the relevant recruitment process. At the end of that time, or once you withdraw your consent, your data will be securely destroyed. You can contact us to withdraw your consent at any time. Opting not to provide this consent will not have an adverse effect on your application.
Individual rights and where to go if you want more information
The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible on their website and they ensure that the registered details of all data controllers such as ourselves are publicly available. You can access them on the ICO’s website.
Data protection legislation provides individuals with a number of different rights in relation to their data. For example, you have the right to ask us whether we hold information about you and if so, for us to give you certain details about that information and/or the information itself. This right is commonly known as a “subject access request”. Certain exemptions and conditions apply to this right.
There are other rights which you may also be able to exercise, such as the right to have inaccurate personal data rectified, to object to the processing of personal data, to object to direct marketing, to the erasure of personal data or to have the processing of your personal data restricted as well as the right to have electronic data made portable. All these rights are subject to certain conditions and exemptions.
For more information on your rights as an individual please visit the ICO’s website.
You can exercise these rights by contacting us at any time. You’ll find our contact details at the end of this policy.
Where your personal data is processed on the basis of your consent or explicit consent, you have the right to withdraw your consent to the processing at any time. You can do this by contacting us using the details provided at the end of this policy. Any withdrawal of consent will not affect the lawfulness of any processing of your personal data based on consent before the withdrawal is notified.
If any of your personal details change during the time you make use of our services you should notify us using the details provided at the end of this policy and provide us with the updated accurate information.
You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. We will always do our best to solve any problems you may have.
For further details please contact us:
MT Cashell & Sons Ltd
53 High Street
Powys NP8 1BH
Tel: 01873 810405