This privacy notice tells you what to expect when our organisation collects personal data, and how to contact us should you wish to discuss any aspect of how we handle that data.
Our primary trading company is Beresford Street Kitchen Ltd, company number 118475, registered in Jersey.
Data protection officer
Although the nature of our business doesn’t oblige us to appoint a Data Protection Officer , we do have a central point of contact for data protection queries. Gabby Ellmers, our MD, oversees our data protection.
The best means of contact for any query regarding data protection is via email to firstname.lastname@example.org or by phone on +44 1534 509644.
If you have any questions or concerns regarding how we work with personal data, please don’t hesitate to contact us via the email or phone number.
The data we process
We store and process only the data that we need, and we delete it when it’s no longer required. The primary collections of data we use are as follows. Unless otherwise stated, we don’t pass this data to anyone else and the data is stored on our servers in Jersey. If you’d like more detail, you’re welcome to get in touch.
Employee and volunteer data
We store personal data on our employees and volunteers so that we can run the company and pay our employees. This includes names and contact details, pre-employment screening information, performance and disciplinary data, and health information and bank details; it also includes emergency contacts and next-of-kin information as provided to us by each employee. We retain data for former employees only for as long as we’re required to by law, and where there is no statutory retention period we use the CIPD’s best practice guidelines.
We store and process customer data in order that we can correspond with, and take payments from, our customers. When we have not done business with you for two years or longer, we will delete your personal data from our systems; we retain purchase information for statistical purposes, but we anonymise that data so you can’t be identified from it.
We have CCTV equipment in our premises in Jersey. This is for crime prevention and purposes, and access to the recordings is restricted to only a small handful of our staff. Recordings are all stored on a server in Jersey and are deleted after 90 days, and we don’t share them except when obliged to do so (e.g. on production of a court order).
Where we use data for marketing and we need your consent to do so, we keep a record of that consent for as long as you choose to receive that data. If you withdraw your consent for one, some or all of our mailing lists we’ll take you off the list and will record the fact that you’ve done so for audit purposes.
Data processors are third parties who do work on our behalf using personal data we provide to them. They cannot do anything with your personal data unless we instruct them to do so (which includes sharing your data with others), and they must store the data securely and delete it when it is no longer required.
Outsourced Payroll support
Our payroll system is supported by Paymaster Solutions, a Jersey based company. The agreement between us and them is robust with regards to information security and data protection, and the service is reviewed regularly. The personal data we work with isn’t transferred to their systems.
Our marketing team
Our marketing team comprises in-house employees and a number of staff from The Refinery, a Jersey based marketing and design company. The agreement between us and them is robust with regards to information security and data protection, and the service is reviewed regularly. The personal data we work with isn’t transferred to their systems.
Our IT systems are located in secure data centres to protect them against theft and environmental risks (flood, fire, power cuts, etc.). All our computer systems run up to date anti-virus software, and system updates are applied regularly to protect against potential security problems. All the user login IDs on our systems are restricted so that each user has access only to the data that he or she requires.
Security on mobile devices
All our laptops’ hard drives are fully encrypted, so the data held on them is safe should one be lost or stolen. Our staff have access to their work email from their mobile phones, which we secure with a Mobile Device Management system, so we can remotely wipe any device if it is lost or stolen.
Our Web site
We use Google Analytics to collect standard log information, along with data about how people use our web sites. The information doesn’t identify anyone, and nor do we attempt to find anyone’s identity from the information. If we do want to collect personally identifiable information through our web sites we will be open and transparent and will explain what we plan to do with it.
We use LinkedIn, Facebook, Instagram and Twitter to post news and information, and to look at the profiles of people who apply for employment with us (though we don’t take copies of any of that information). We don’t use social media to (for example) build mailing lists.
If you send us a direct or private message via social media, we will erase it after three months.
People who email us
We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.
We also monitor any emails sent to us, including file attachments, for security threats such as phishing scams, viruses or other malicious software. Please note that you have a responsibility to ensure that any email you send us is within the bounds of the law.
Contact for data protection purposes
You have a number of rights under the laws of data protection. As we mentioned earlier, please contact the Data Protection officer by email or phone if you have any queries or concerns. We retain a log of requests that we receive and remove entries when they are a year old.
Right of access
You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable time, and always within a month. Unless the request is particularly complex or onerous there’s no cost to you for making these requests.
Right to rectification
We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we’ve done so.
Right to erasure
If you ask us to erase your personal data, we must do so unless there’s a legitimate reason for us to keep it. For example, if you choose to withdraw your consent regarding marketing mailings we’ll remove you from our mailing lists, but if (say) you’re also a customer and we need some of your personal data in order to satisfy our contract with you (for example to interact with you or to send you bills), we’ll keep just the information we need for those purposes.
Right to restriction of processing
If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we can’t do anything else with it until the dispute is resolved. We’ll inform you prior to beginning processing once the restriction has been removed.
Our recruitment process
We are the data controller for any information you provide as part of our recruitment process. All of the information you provide during the process will only be used for the purpose of processing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes, and your data will be stored on our IT systems in Jersey.
We may look up applicants’ profiles on social media, though we don’t copy that information or store it on our systems.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. The information we ask for is used to assess your suitability for employment: you don’t have to provide what we ask for, but it might affect your application if you don’t.
Unsuccessful applicants’ data will be retained for no more than a year and then deleted.
This privacy notices is designed to be clear and concise. We are happy to provide any additional information you need: please contact us via email or phone using the contact details in the Data protection officer section, above.
Should you have any cause for complaint, please write to us at:
Beresford Street Kitchen, 17 Beresford Street, St Helier, JE2 4WN
If you’re dissatisfied with the way in which your complaint has been handled you may contact your local data protection supervisory authority, or write to our local Information Commissioner:
Office of the Information Commissioner