Privacy Policy

Version 1 8.1.19

Privacy Notice

Please read the following information carefully. This Privacy Notice (“the Notice”) contains

information about what data we collect, process and store and the reasons for obtaining and

processing the data and is to be read in conjunction with our terms of business.

The Notice also sets out who we share information with, the steps we take to ensure information is

kept secure, the rights of data subjects in respect of personal data and how to contact us in the

event of a complaint.

About us

Sheldon Inns Ltd, (“the Company”) provides pub management services (“the Services”).

Through the provision of the Services by the Company and its employees, officers, consultants, it

acts as a data processor and data controller for the purpose of the General Data Protection

Regulations (“GDPR”).

If you have any questions about this Notice or about personal data you can contact the Data

Protection Contact via email at info@sheldoninns.co.uk or write to us at:

Data Protection Contact

Sheldon Inns Ltd

82 Cato Street North

Nechells

Birmingham

B7 5AN

What Personal Information do we collect?

In order to allow us to provide the Services we may collect the following information from

Customers or Suppliers, to include:

 Name

 Organisation or Business Name

 Contact information (e.g. address, email address, telephone number)

 Fee and/or billing details;

 Bank details/Card details

The Customer or Supplier will usually be the source of any personal information that we hold,

unless such information is provided to us by any third party.

How do we use the Personal Information?

All personal information that we collect in relation to the provision of the Services will be recorded,

used and protected by the Company in accordance with applicable data protection legislation and

this Notice.

We will process and store the personal data and sensitive personal data provided by you to us in

order to provide and improve the Services.

In the case of personal data, the legal bases that we rely upon are that:

 The processing is necessary for the performance of the contract to provide the Services to

you;

Version 1 8.1.19

 The processing is necessary in order to comply with legal obligations to which the

Company is subject, the Information Commissioner’s Office, HMRC or any other statutory

regulator; and/or

 The processing is necessary for the purposes of legitimate interests pursued by the

Company, such as, for the purpose of conflict-checking, for use in the defence of potential

complaints, legal proceedings or fee disputes or fee recovery, for keeping anti-money

laundering records, for training staff, or for otherwise complying with our professional

obligations.

In the case of sensitive personal data, the legal bases that we rely upon are:

 In some cases, the personal data may have been manifestly made public by the Customer

or Supplier;

 The processing is necessary for the establishment, exercise or defence of legal claims.

 The processing is necessary for reasons of substantial public interest.

Information collected from other sources

In the provision of the Services it is likely that information will be provided solely by you; however

from time to time and depending on the nature of the instructions, information may be collected via

another party. Such information will only be processed in order to provide the Services or for use in

the defence of potential complaints, legal proceedings or fee disputes, keeping anti-money

laundering records, for training staff in confidence, or for otherwise complying with our professional

obligations, for or complying with court/tribunal directions, or for co-operating with investigations by

the Information Commissioner’s Office, or any other statutory regulator.

Personal data provided to third parties

We will not use personal data for purposes that are not clear at the time they were provided and

personal data will not be disclosed outside of the Company except where necessary for the

provision of the Services, with your consent and in accordance with the our professional

obligations.

Personal data may be shared with the following:

 Representatives of other parties, in accordance with our instructions from you;

 Third Parties in accordance with our instructions from you

 Ombudsmen and other regulatory authorities;

 the Customer and or Supplier; and

 Staff in confidence.

We may share some personal data with third parties in limited circumstances, which may include

(a) if we are under a legal or regulatory duty to do so; (b) if it is necessary to do so to enforce our

contractual rights; (c) to lawfully assist the police or security services with the prevention and

detection of crime or terrorist activity; (d) where such disclosure is necessary to protect the safety

or security of any persons and/or (e) otherwise as permitted under applicable law. We will only

share any personal data in these circumstances in accordance with our professional obligations.

Version 1 8.1.19

Personal information will not be used for any other purpose than has been set out in this Notice.

Transfer of data outside the EEA

Please note that the Company does not transfer data outside of the EEA in general. There may

however be a requirement from time to time to transfer some or all of your personal data outside of

the EEA if so required in order to progress your case or to provide the Services. Where this

happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is

afforded the same or similar safeguards and processes that we undertake within the EEA.

Marketing

The Company may carry out marketing activities and communications via email, social media and

other digital platforms. In the provision of marketing activities we may collect your name, address,

email address, name of your organisation (if applicable), telephone number and details of your

enquiry. Any personal data that you provide to use will only be used to administer and provide

products and services you request or have expressed an interest in and to tailor marketing

communications from us. We will not use your data for purposes that are not clear when you

provide your details and will not disclose them outside of the Company except in limited

circumstances.

Further information and a full copy of our Marketing Privacy Notice can be found on our website

www.sheldoninns.co.uk

Data Retention

The Company will retain personal information for no longer than is reasonably necessary for the

provision of the Services and personal information will not be retained indefinitely or for reasons

incompatible with the relevant data protection legislation, including the GDPR and the

requirements of other regulatory bodies.

Data Security

We take the security of personal information seriously and the Company has appropriate

measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed

by those individuals authorised to do so and where there is a legitimate need to access the data.

Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to

personal data held by the Company (either through accidental disclosure or deliberate act) and in

line with the Companies obligations under applicable data protection legislation, including the

GDPR.

Rights

Under the GDPR, data subjects have a number of important rights regarding their personal

information. In summary these rights are as follows and include the right to:

 Request access to personal information;

 Request that inaccurate information is corrected;

 Request that processing of personal information is restricted;

 Request that personal information that we hold is erased in certain circumstances;

 Request a copy of the personal information that has been provided to us;

Version 1 8.1.19

 Object to the processing of personal information or the continued processing of personal

information;

 Request not to be subject to automated decision making which produces legal effects that

concern or affect data subjects in a significantly similar way.

Further information regarding rights under the GDPR can be found by visiting www.ico.org.uk.

These rights are subject to the conditions and restrictions set out in the General Data Protection

Regulation and the Data Protection Act 2018.

Should you wish to make a request to exercise any of the above rights you should contact us via

email at via email at info@sheldoninns.co.uk or write to us at:

Data Protection Contact

Sheldon Inns Ltd

82 Cato Street North

Nechells

Birmingham

B7 5AN

When contacting us please ensure that you provide relevant information to allow us to identify you

(this can include confirmation of any of the unique or personal identifiers we hold about you such

as proof of identity or address) and state the right or rights that you wish to exercise. We may need

to contact you to request further information to verify your identity.

We will respond to you within one month from when we receive a valid request.

Where to make a complaint

We hope that you are happy with our service and that we can resolve any issues or complaints that

may arise. If you have a complaint regarding any aspect of your personal data or this Notice please

write to us at info@sheldoninns.co.uk

In the event you are not satisfied with the outcome of your complaint, you may write to the

Information Commissioner’s Office via:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

You can also contact the Information Commissioner’s Office using their online form by visiting

www.ico.org.uk

Changes to this Privacy Notice

We aim to meet high standards and so our policies and procedures are subject to regular review.

From time to time we may change this Notice and will inform you, usually via writing or by

publishing updated content to our website, as appropriate.