Penny Morrison respects your privacy and will not sell or make available in any way your personal information except where specific permission has been given. The nature of the services provided by Penny Morrison means that we may obtain certain information about you. This statement sets out the principles governing our use of your data. By registering to use the services and by using the Penny Morrison website generally, you agree to this use.
Our general guidelines regarding the use of your data are as follows:
- When you register to use certain areas of the site, we will ask you to provide certain data, such as your contact details and company information. We will store this data and use it to contact you, provide you with details of services and otherwise for the normal use and improvement of the site, unless you have asked us not to do so.
- We may also use the data you provide us in response to surveys and to aggregate user profiles. For the avoidance of doubt, Penny Morrison will not pass data to any third parties.
Google Analytics is also used to track website trends without identifying individual visitors. The cookie used by Google Analytics stores information such as what time the current visit occurred, whether the visitor has been to the site before, and what site referred the visitor to Penny Morrison.
Our site may link to other websites and we are not responsible for their data policies or procedures or their content.
We endeavour to take all reasonable steps to protect your personal data but cannot guarantee the security of any data you disclose online. You accept the inherent security implications of dealing online over the internet and will not hold us responsible for any breach of security unless we have been negligent or in wilful default.
Any details that you provide to us from which we can identify you are protected by the General Data Protection Regulation, coming into full effect on 25th May 2018. This framework is designed to protect your data in a networked world. GDPR requires that information gathering is carried out in a concise, informed and unambiguous way and your consent must be freely given. Our ‘sign-up forms’, both electronic and physical, are designed to ensure the user understands that they are signing up to electronic communications which will include communications from all component parts of Penny Morrison, and will including marketing campaigns. By signing up to the Penny Morrison newsletter, individuals are agreeing that we have a lawful basis for collecting and processing personal data. Unless otherwise instructed we will hold this information for five years, at which point you will be contacted to reconfirm your subscription.
By the definitions of GDPR Penny Morrison is the ‘controller’ of your data, the organisation MailChimp is the ‘processor’ of your data. Subscribers personal details will be transferred to MailChimp, the applicable activities performed by MailChimp are: data collection through electronic sign up forms, storage of personal data in distribution lists and the transfer of personal data to certain of MailChimp’s sub-processors, who perform critical support for their services. Mailchimp’s servers and offices are located in the United States, so your information may be transferred to, stored, or processed in the United States. The legal ground for transferring personal data set out in the GDPR allows for an ‘adequacy decision’ – a decision by the European Commission that an adequate level of protection exists for personal data in the country, territory or organisation to which it is being transferred. A ‘Privacy Shield’ framework is one such example. MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S Privacy Shield Framework. They are committed to subjecting all Personal Information received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles.
GDPR also stipulates an individual’s ‘right to be forgotten’. To this end if you do not wish to receive any further emails from us please use the "unsubscribe" link found in all email communications. Alternatively send your unsubscribe request to firstname.lastname@example.org. Please allow a few days for the request to process.
If you are concerned about how your data is stored please contact us by emailing email@example.com for further information; if you are not satisfied with our response you have the right to complain to the Information Commissioners Office.