PRIVACY POLICY

Pass Sport Control Limited (PSCL) is made of two sections. PSC Training Consultants and ClubCards121 a plastic card printer and print broker for small and medium size companies and organisations with a need for Identity, Membership and Loyalty Cards and other printed materials. “ClubCards121” is the online trading name for PSCL. This privacy policy explains how we use any personal information we collect about you, either through using our websites, or in any other way, verbally or in writing.

Data controller & Data Processor

PSCL is both a data controller and a data processor.

As a data controller we will hold and process a limited amount of information about you and your organisation.

As a data processor we may also receive from you, process under contract and then delete data within given timescales. This data will relate to you and your customers/members – for example your members/staff/clienteles’ specific information.

On what basis do we collect and process your data?

As a controller:

We collect information about you, our clients or prospective clients in order to process your order, manage your account and if you agree by consenting at point of collection, to email or mail you about our products and services. We also collect information when you voluntarily complete customer surveys and provide feedback. Our data is processed in the UK. The lawful basis on which we process your data is in the legitimate interests of PSCL. In identifying this lawful basis, we have conducted a ‘Legitimate Interest Assessment’ in order to be satisfied that the interests of PSCL do not override your own legitimate rights and freedoms.

There may be other personal data we collect through our ongoing relationship as client and supplier. This personal information is held and processed on our internal IT system and cloud-based accounting system should you need a formal quotation and/or become a paying client. The personal data we collect is purely for the provision of services that you procure.

As a processor;

All data processing is done under contract and therefore will have been agreed prior to starting any work. By undertaking this processing, it allows our customers to have information printed on materials. Under no circumstances is this data transmitted to other organisations or individuals, unless explicitly instructed to within the terms of the contract. The data is destroyed after a specific time frame as stated in the contract with the exception of proofs of the work which are retained for justifiable legal reasons.

 

Legitimate Interests

Clients/Customers/Prospects

The processing of client data is undertaken in order to work commercially in conjunction with each other. If processing this data were not permitted, then the company could not operate and provide services.

PSCL has conducted a Legitimate Interest Assessment and concludes that there is a justifiable necessity to process personal data under this purpose and that the balance of rights of the Data Subject and PSCL have been reviewed.

Sensitive Information

PSCL may process sensitive data in its capacity as a data processor but not as a data controller.

Categories of Data

In most cases, PSCL processes non-sensitive data. We process: Name, Address, Telephone numbers, email address, bank account details.

However, as a processor we are reliant on receiving information from our clients. Therefore, content of this data is not prescribed by PSCL. We will only process the data based on the client’s requirements and as detailed under contract. Should some medical information or other sensitive data be included on any materials that we produce, then this is the client’s choice and not that of PSCL. As the data is classed as sensitive, we implement robust procedural and technical processes to ensure the data is processed legally and securely.

Data recipients

Any personal data we collect, hold and process is retained within our own company servers based in the UK and on our cloud-based accounts platform, Xero. They reside their data centres in the USA and are bound by the USA Privacy Shield Framework and we have a data processing Addendum with them. Internally access to data is restricted to those who have a legitimate reason to retrieve it, e.g. company directors and account managers.

Data transfers

During processing and our backing up processes, personal data may be transferred to sub processors. We have obtained signed GDPR compliant agreements from each of these organisations.

 

Retention policy

As a data controller;

The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Data placed on our system will be deleted as soon as practicable after termination of a commercial contract between us and in any case within 12 months. Personal data collected and processed for Finance purposes will be held for the maximum time as determined by any legal requirement.

If you have consented to receive marketing information from us, we will retain your contact details for as long as that consent lasts.

As a data processor;

The data we are sent from you is required to perform the services detailed in the contract. Personally Identifiable Data placed on our system will be deleted as soon as practicable after termination of a commercial contract between us and in any case within 2 months. Hard copy proofs sent via email and approved by you the customer, will be retained for historic records, should the job be repeated. The email’s themselves will be archived systematically over time.

Your rights as a data subject

The regulations provide a number of rights to you as the Data Subject. PSCL is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk.  A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/

  • The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed. This privacy policy sets out that information
  • Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.
  • The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.
  • Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:
    • Where personal data is no longer necessary regarding the purpose for which it was originally collected
    • When you withdraw consent
    • When you oppose the processing and there is no superseding legitimate interest for continuing the processing
    • If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
    • If the personal data must be removed in order to comply with a legal obligation
    • If the personal data is processed in relation to the offer of information/ society services to a child.
  • Right to Restrict Processing –  If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.
  • Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
  • You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk

Automated decision making

PSCL does not conduct any profiling or automated decision making.

Other websites

Our website contains links to other websites. This privacy policy only applies to PSCL’s website, so if you follow a link to another website, you should read their own privacy policy.

Cookies Policy

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

 

 

 

Changes to our privacy policy

We keep our privacy policy under review and we will place any updates on our website. This privacy policy was last updated in May 2018.

How to contact us

Pass Sport Control Limited, 43 Lambs Farm Road, Horsham RH12 4DB

Aneal@pass-sport-control.co.uk