Privacy policy & data subject rights

This policy aims to support your right to be informed. The document covers how we process the data of individuals who are clients, prospects, or suppliers.

Identity and contact details

Please click here to find out more about Jaguar Espresso Systems (Jaguar). Our postal address is Unit 12 Albury Close, Loverock Road, Reading, Berkshire, RG30 1BD.  You can contact us by email using [email protected]. We are IBERITAL UK. LIMITED, a limited company registered no. 04408688 (England and Wales), and we trade as Jaguar Espresso Systems.

Our designated supervisory authority under the UK's General Data Protection Regulation (GDPR) is the Information Commissioner’s Office (ICO). We are based in the United Kingdom.

To contact the individual in charge of Data Protection in our company please use [email protected]

What data we process

Jaguar processes data on:

  • Clients and prospects.
  • Prospects (including ex-clients).
  • Staff.
  • Suppliers.

Customers

Jaguar captures information on individuals in customers and prospective customers who are buying or interested in buying products from us. We process this data so that we can engage with the individuals to provide their organisations with our services, or we process the data as we are taking steps to enter into a contract to provide these services.

We capture this information either directly or through our website or from their contact to us using email or telephone. 

The information we capture on these people will include basic contact details such as name, telephone number, email address and postal address.

We do not capture special category or criminal offence data on these individuals. 

We use a reason of ‘contract’ to process this data as we are taking steps towards providing products and services to these individuals when we capture and process this data.   

Prospects

Jaguar captures information on individuals who we believe could have a need for our services. We use this data for direct marketing to the individuals who are corporate employees of the organisations that we target.

We can either capture this data directly from the individuals in the process of selling to them, or we can licence this data from reputable data providers.

The information we capture on these people will include basic contact details such as name, telephone number, email address and postal address.

We do not process special category data on these individuals. 

We process this data using ‘legitimate Interests'. We have conducted our gating and balancing tests to determine whether our legitimate interests do not outweigh the rights and freedoms of the individuals we are targeting.

Where regulations mandate that that we must obtain consent from individuals, for example if the data subject is not an employee of a business (a 'corporate subscriber') and we intend to use email to communicate, then we will use the lawful basis of Consent to process data to promote our services.

This lawful basis of consent can include the use of a 'soft opt-in' where the individuals we are targeting have bought from us within the past 2 years.

Staff

We process information on staff in several ways. 

For the execution of the contract

We process data for the purposes of engaging in a contract of employment or other work for Jaguar, or if individuals are taking steps to enter into a contract (for example for recruitment).  We capture this information in the course of recruiting and ‘on-boarding’ an individual to work with us.

The information we capture for this reason will include basic contact details such as name, telephone number, email address, postal address and details needed to process payments under the contracts such as bank account details and national insurance numbers. We will also capture information that relates to the appraisal of performance and timekeeping.

We can also capture special category information as the processing of this data is necessary for the purposes of performing or exercising obligations or rights which are imposed or conferred by law on the controller or the data subject in connection with employment, social security or social protection.  We have completed an appropriate policy to cover the use of this special category data. 

We use a lawful basis of ‘contract’ to process this data. 

Staff benefits

We process information on staff and can pass data on to specific parties because we are acting as an intermediary to a contract between the member of staff and the third party.  For example, where we organise pension payments for staff. We capture this information as a part of the employee ‘on-boarding’ process and we update the data at regular intervals.

The information we capture for this reason will include basic contact details such as name, telephone number, email address and postal address.

We do not capture special category information on this data.

We use a lawful basis of contract to process this data. 

Operational reasons

We process information on staff and their next of kin where it is in Jaguar's interest to do so for operational purposes.  For example, to keep staff up to date with Jaguar news, to maintain a list of the staff's next of kin for communication in the event of an emergency, or to create business cards for staff. We capture this information as a part of the employee ‘on-boarding’ process and we update the data at regular intervals.

The type of data that we process for this need includes name, email address, telephone number.

We do not capture special category information on this data.

We use the lawful basis of legitimate interests to process this data.  We have completed the specification, gate analysis and balancing tests specified under GDPR for this data.  We do not capture special category information on this data.

Suppliers and partners

We process information on suppliers and partners so that we can purchase goods and services from them.  We capture this information either from recommendations or by using data provided by the suppliers on their web sites or directories. 

The type of data that we process for this need includes name, email address, telephone number.

We do not capture special category information on this data.

We use a lawful basis of contract to process this data.

Any recipient or categories of recipients of the personal data

Jaguar pass data on to other data controllers for the following purposes:

  • For data relating to those applying to be members of staff or for staff who have found other employment after the end of a contract, we share data with third parties to obtain and provide references.
  • As the data controller of data, we may provide access to data processors that process data on our behalf, who will only process the data according to the written instructions in the Data Processing Agreements in place with them.
  • We share data with organisations with which we have a legal obligation to share data (for example HMRC).
  • We share data on staff with organisations where we are acting as an intermediary between the staff and an organisation providing benefits to the staff member (for example pension providers).

Details of transfers to third country and safeguards

We will not transfer your data to countries outside the UK to destinations that are not considered 'adequate' by relevant legislation without additional safeguards. Any additional safeguards that are required and obtained are documented in our internal data protection policy.

We transfer data to other organisations who are processors of data that we control. We maintain a list of data processors and ensure that we have data processing agreements between Jaguar and the data processor. Where relevant and if the data processor transfer data outside of the UK and EEA, we obtain commitment from the data processors that additional safeguards are in place.  Again, these are documented in our data protection policy.

Jaguar transfer personal data to other controllers, as covered in our privacy statement. We do this to that we can operate as a business, for example to set up mobile phone access through telecoms providers, or to communicate with our customers through mail delivery organisations such as the Royal Mail.

Retention period or criteria used to determine the retention period

  • We will retain information on customers for 7 years after the latest purchase as we will need to retain this information for financial purposes.
  • We will retain information that we use on prospective customers for the purposes of direct marketing for 3 years after the latest interaction with the individual where we use legitimate interests as a lawful basis for processing the data.
  • We will retain information that we use on prospective customers for the purposes of direct marketing for 3 years after the latest interaction with the individual where we use consent as a lawful basis for processing the data.
  • We will retain information on staff members for 7 years after their employment with us ends, as we need to retain information on staff members for legal reasons.
  • We will retain information on individuals who we have details on for recruitment purposes, but who have not gone on to be employees, for 1 years after the job role that they were being considered for has been filled.  If we believe that their details may be suitable for future roles, we will obtain their consent to retain their CVs for longer periods. 
  • We will retain the details of the suppliers or partners for as long as we might have a need for the services that the supplier or partner offer.   

If these data retention timescales clash with legal or contractual obligations then these other obligations will override the retention timescales outlined. For example, UK limited companies are required to retain records on tax paid for 6 years. 

All records are disposed of securely when deleted. 

How we look after data

We take reasonable technical and procedural precautions to prevent the loss, misuse or unauthorised alteration of personal data. We are Cyber Essentials certified (certificate IASME-CE-037237).

We store the personal data that we collect securely.

We do not publish the details of the safeguards we use to protect the personal data that we control as this could reduce the effectiveness of those safeguards.

Cookies

Cookies are text files placed on your computer to collect information about which pages you visit, and how long for. This information is used to track use of the website and to compile statistical reports on website activity.

When you visit our website you will be presented with a choice which will allow you to decide whether cookies are used or not. In a few cases some of our website features may not function if you choose not to allow cookies on our website.

Personal data may be shared with third parties to enable us to conduct web analytics to monitor use of our website. We use Google Analytics and you can opt out of Google Analytics by using this link: https://tools.google.com/dlpage/gaoptout?hl+en=GB.

Other websites

Our website contains links to other websites. This privacy policy only applies to this website, so when you link to other websites you should read their own privacy policies.

Your rights

Jaguar recognises the rights of individuals as defined in the UK’s GDPR.

We will always seek to uphold those rights and the links provided will enable you to communicate with us to exercise those rights, where relevant.

Jaguar recognises your right to lodge a complaint with a supervisory authority. You can access the ICO's website from this link.

 

Version control

Date

 

Alterations

Changes by

15 July 2021

 

Initial draft of document

Blake Consultants

12 Aug 2021

 

Updates

Blake Consultants

23 Mar 2022

 

  • Re-structure of data processing sections
  • Extension of amount of time CVs are retained for unsuccessful applicants
  • Explicit inclusion of appropriate policies for special category data

Blake Consultants

11 Oct 2022

 

Review and update

  • Addition of new data processors

Blake Consultants