This Privacy Policy sets out how Jempson Ltd (“we”, “our”, “us”, “the Company”) handles the Personal Data of our customers, suppliers and other third parties.

Under the GDPR individuals have the right to be informed about how their Personal Data is being processed. The Regulation clearly stipulates that this must be done in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) aims to harmonise data protection legislation across EU member states, enhancing the privacy rights for individuals. It applies to organisations processing Personal Data which have an establishment within the EU and also those organisations which operate outside the EU but offer goods or services to, or monitor the behaviour of, individuals in the EU. The GDPR is applicable from 25 May 2018.
Overall the GDPR provides the following rights for individuals, many of which apply whatever the basis of processing, although there are some exceptions:
The right to be informed how Personal Data is processed (Article 13)
The right of access to their Personal Data (Article 15)
The right to rectification (Article 16)
The right to erasure (Article 17)
The right to restrict processing (Article 18)
The right to data portability (Article 20)
The right to object (Article 21)
Rights in relation to automated decision making and profiling (Article 22)

The GDPR sets out six lawful grounds for processing, and these are set out in Article 6.1 as follows:
CONSENT – the individual has given their Consent to the processing of their Personal Data.
CONTRACTUAL – processing of Personal Data is necessary for the performance of a contract to which the individual is a party or for the Controller to take pre-contractual steps at the request of the individual.
LEGAL OBLIGATION – processing of Personal Data is necessary for compliance with a legal obligation to which the Controller is subject.
VITAL INTERERSTS – processing of Personal Data is necessary to protect the vital interest of the individual or of another individual.
PUBLIC TASK – processing of Personal Data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
LEGITIMATE INTERESTS – processing is necessary under the Legitimate Interests of the Controller or Third Party, unless these interests are overridden by the individual’s interests or fundamental rights.
In addition to ‘Consent’ the options under which we can operate as a business allows the application of either (or both) of ‘Contractual’ and ‘Legitimate Interests’. Of these we have decided that the lawful ground of ‘Contractual’ best fits the business model.

How do we use your personal information?
We store your personal data on a secure drive and where further user privileges are used to maintain a secure data boundary. We will retain your personal data until such time as you request its deletion.
If any submission requires the transfer of your personal data outside the United Kingdom we will request your explicit permission by way of an e-mail from you.
You always have the right to request that we delete any of your personal data that we hold.
To avoid the possibility of an unauthorised release of your personal data all documents containing such data will be transferred to third parties in an encrypted form.
All communication concerning your personal data will be archived on our secure server.
We will only store personal data that is relevant to our business.
We will store data for as long as is necessary and to ensure that we meet our legal obligations.
We do not send any of our data outside of the EEA.

What information we may hold:
Full name
Home address
Email address
Home telephone number
Mobile number
Place of work
Date of birth
How many people are in your household and age bracket they fall into
How you travel to Jempson’s
Where you shop the most
When we may ask for it:
On the SavaClub Card application form
Online enquiry forms
Via telephone or email discussion
Where your information may be stored:
Forms within Job files stored in the Office
Online Server in job folder
Email account

Why we ask for it:
To enable us to correspond with you
To understand our Customer’s shopping habits
To enable any of the organisations listed below to print personalised vouchers/letters
Who we may share your personal information with:
Rother Valley Press
Care Signs
Rockpool Creative – Rockpool Creative is owned by Jennifer Sinclair, Frances Clifford & Emily Foster, employed by The Rye Bakery – Jempsons.

Rockpool Creative work on behalf of The Rye Bakery to aid website function, assist with marketing: including but not exclusive to Mailchimp newsletters, Facebook Adverts, Google Adverts and Data organisation. They will never share your information with third parties without your prior consent.

We require the third party service provider to respect the security of your personal data and to treat it in accordance with the law. We do not allow them to use your personal data for their own purposes and we only permit them to process your personal data in accordance with our instructions. We will not disclose your personal data to any other external third party without your consent or unless required to do so by law.
How we would erase your data if requested:
Shred hard copies
Fully and permanently delete

If you have any questions about our use of your data, please contact us as soon as possible.