Version 1 8.1.19
Privacy Notice
Please read the following information carefully. This Privacy Notice (“the Notice”) contains
information about what data we collect, process and store and the reasons for obtaining and
processing the data and is to be read in conjunction with our terms of business.
The Notice also sets out who we share information with, the steps we take to ensure information is
kept secure, the rights of data subjects in respect of personal data and how to contact us in the
event of a complaint.
About us
Sheldon Inns Ltd, (“the Company”) provides pub management services (“the Services”).
Through the provision of the Services by the Company and its employees, officers, consultants, it
acts as a data processor and data controller for the purpose of the General Data Protection
Regulations (“GDPR”).
If you have any questions about this Notice or about personal data you can contact the Data
Protection Contact via email at info@sheldoninns.co.uk or write to us at:
Data Protection Contact
Sheldon Inns Ltd
82 Cato Street North
Nechells
Birmingham
B7 5AN
What Personal Information do we collect?
In order to allow us to provide the Services we may collect the following information from
Customers or Suppliers, to include:
Name
Organisation or Business Name
Contact information (e.g. address, email address, telephone number)
Fee and/or billing details;
Bank details/Card details
The Customer or Supplier will usually be the source of any personal information that we hold,
unless such information is provided to us by any third party.
How do we use the Personal Information?
All personal information that we collect in relation to the provision of the Services will be recorded,
used and protected by the Company in accordance with applicable data protection legislation and
this Notice.
We will process and store the personal data and sensitive personal data provided by you to us in
order to provide and improve the Services.
In the case of personal data, the legal bases that we rely upon are that:
The processing is necessary for the performance of the contract to provide the Services to
you;
Version 1 8.1.19
The processing is necessary in order to comply with legal obligations to which the
Company is subject, the Information Commissioner’s Office, HMRC or any other statutory
regulator; and/or
The processing is necessary for the purposes of legitimate interests pursued by the
Company, such as, for the purpose of conflict-checking, for use in the defence of potential
complaints, legal proceedings or fee disputes or fee recovery, for keeping anti-money
laundering records, for training staff, or for otherwise complying with our professional
obligations.
In the case of sensitive personal data, the legal bases that we rely upon are:
In some cases, the personal data may have been manifestly made public by the Customer
or Supplier;
The processing is necessary for the establishment, exercise or defence of legal claims.
The processing is necessary for reasons of substantial public interest.
Information collected from other sources
In the provision of the Services it is likely that information will be provided solely by you; however
from time to time and depending on the nature of the instructions, information may be collected via
another party. Such information will only be processed in order to provide the Services or for use in
the defence of potential complaints, legal proceedings or fee disputes, keeping anti-money
laundering records, for training staff in confidence, or for otherwise complying with our professional
obligations, for or complying with court/tribunal directions, or for co-operating with investigations by
the Information Commissioner’s Office, or any other statutory regulator.
Personal data provided to third parties
We will not use personal data for purposes that are not clear at the time they were provided and
personal data will not be disclosed outside of the Company except where necessary for the
provision of the Services, with your consent and in accordance with the our professional
obligations.
Personal data may be shared with the following:
Representatives of other parties, in accordance with our instructions from you;
Third Parties in accordance with our instructions from you
Ombudsmen and other regulatory authorities;
the Customer and or Supplier; and
Staff in confidence.
We may share some personal data with third parties in limited circumstances, which may include
(a) if we are under a legal or regulatory duty to do so; (b) if it is necessary to do so to enforce our
contractual rights; (c) to lawfully assist the police or security services with the prevention and
detection of crime or terrorist activity; (d) where such disclosure is necessary to protect the safety
or security of any persons and/or (e) otherwise as permitted under applicable law. We will only
share any personal data in these circumstances in accordance with our professional obligations.
Version 1 8.1.19
Personal information will not be used for any other purpose than has been set out in this Notice.
Transfer of data outside the EEA
Please note that the Company does not transfer data outside of the EEA in general. There may
however be a requirement from time to time to transfer some or all of your personal data outside of
the EEA if so required in order to progress your case or to provide the Services. Where this
happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is
afforded the same or similar safeguards and processes that we undertake within the EEA.
Marketing
The Company may carry out marketing activities and communications via email, social media and
other digital platforms. In the provision of marketing activities we may collect your name, address,
email address, name of your organisation (if applicable), telephone number and details of your
enquiry. Any personal data that you provide to use will only be used to administer and provide
products and services you request or have expressed an interest in and to tailor marketing
communications from us. We will not use your data for purposes that are not clear when you
provide your details and will not disclose them outside of the Company except in limited
circumstances.
Further information and a full copy of our Marketing Privacy Notice can be found on our website
Data Retention
The Company will retain personal information for no longer than is reasonably necessary for the
provision of the Services and personal information will not be retained indefinitely or for reasons
incompatible with the relevant data protection legislation, including the GDPR and the
requirements of other regulatory bodies.
Data Security
We take the security of personal information seriously and the Company has appropriate
measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed
by those individuals authorised to do so and where there is a legitimate need to access the data.
Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to
personal data held by the Company (either through accidental disclosure or deliberate act) and in
line with the Companies obligations under applicable data protection legislation, including the
GDPR.
Rights
Under the GDPR, data subjects have a number of important rights regarding their personal
information. In summary these rights are as follows and include the right to:
Request access to personal information;
Request that inaccurate information is corrected;
Request that processing of personal information is restricted;
Request that personal information that we hold is erased in certain circumstances;
Request a copy of the personal information that has been provided to us;
Version 1 8.1.19
Object to the processing of personal information or the continued processing of personal
information;
Request not to be subject to automated decision making which produces legal effects that
concern or affect data subjects in a significantly similar way.
Further information regarding rights under the GDPR can be found by visiting www.ico.org.uk.
These rights are subject to the conditions and restrictions set out in the General Data Protection
Regulation and the Data Protection Act 2018.
Should you wish to make a request to exercise any of the above rights you should contact us via
email at via email at info@sheldoninns.co.uk or write to us at:
Data Protection Contact
Sheldon Inns Ltd
82 Cato Street North
Nechells
Birmingham
B7 5AN
When contacting us please ensure that you provide relevant information to allow us to identify you
(this can include confirmation of any of the unique or personal identifiers we hold about you such
as proof of identity or address) and state the right or rights that you wish to exercise. We may need
to contact you to request further information to verify your identity.
We will respond to you within one month from when we receive a valid request.
Where to make a complaint
We hope that you are happy with our service and that we can resolve any issues or complaints that
may arise. If you have a complaint regarding any aspect of your personal data or this Notice please
write to us at info@sheldoninns.co.uk
In the event you are not satisfied with the outcome of your complaint, you may write to the
Information Commissioner’s Office via:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
You can also contact the Information Commissioner’s Office using their online form by visiting
Changes to this Privacy Notice
We aim to meet high standards and so our policies and procedures are subject to regular review.
From time to time we may change this Notice and will inform you, usually via writing or by
publishing updated content to our website, as appropriate.
Copyright © 2018 The Queen's Head - All Rights Reserved.