1.2. We are committed to complying with the provisions of the Data Protection Legislation and ensuring that the personal data we hold is processed fairly and lawfully. This Privacy Statement has therefore been prepared to tell you about the way we collect information from you and what we do with that information. This Privacy Statement explains the legal basis for this and the rights you have over the way your information is used. If any part of this statement changes, we will tell you via our website at www.treeworks.co.uk
1.4. For the purposes of the Data Protection Legislation we are the data controller and we will process any personal information we collect about you in accordance with the Data Protection Legislation.
1.5. At all times we are legally obliged to collect, retain and process any personal information that you provide in accordance with the Data Protection Legislation. Each time you provide us with personal information we will let you know how we intend to use it and ask you to give your consent to such use. This will include (i) where we would like to use that information to send you details of other products and services we offer which are similar to the product/service for which you have subscribed; and (ii) where we would like to share that information with certain selected third parties to allow them to provide you with details of their services
and/or products which might be of interest to you.
1.6. If you have any questions about this statement or your personal information that we may collect from you, please contact us at email@example.com
2.1. How is your personal information collected?
We collect personal information in a number of ways:
2.2. How we may use the personal information
2.3. Treework services undertaken under contract
Where we contract with you or your organisation to deliver our services, we will confirm the details in a Proposal which clearly outlines the scope of that service. From each client, we will collect the following personal information:
2.4. Our legal basis for processing your information:
The use of your information for the purposes set out above is lawful because one or more of the following applies:
Where you have provided information to us for the purposes of requesting information or requesting that we carry out a service for you, we will proceed on the basis that you have given consent to us using the information for that purpose, based on the way that you provided the information to us. You may withdraw consent at any time by emailing us at firstname.lastname@example.org This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
Where we rely on your consent to contact you for direct marketing purposes, we will treat your consent as lasting only for as long as it is reasonable to do so. We may periodically ask you to renew your consent.
If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
2.5. Do we share personal data with other organisations?
All data collected is for the sole purpose of providing the services or further information for which it was collected.
We select our third-party service providers with care. We provide these third parties with the information that is necessary to provide the service and we will have an agreement in place that requires them to operate with the same care over data protection as we do.
For clients/individuals within the EEA we do not share your personal data outside of the EEA. Where clients/individuals are outside the EEA we ensure that the information has equivalent protection as if it were being processed within the EEA by entering into a Data Sharing Agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
We will only hold your personal information for as long as it is necessary for the relevant activity. For the following activities this means:
3.1. Client and individual records on CRM
We maintain a CRM database of all client interventions, these record contact details and the project management information for all Treework services. We only keep a copy of the key documents for all services, namely the plans and invoices. These records are kept indefinitely, to help us manage the history and ongoing support given to our clients, as well as information for statistical analysis.
3.2. Supplier information in our financial system
We maintain a database of all our suppliers for invoicing and tax purposes and these records are kept in line with HMRC guidelines to ensure compliance with UK tax legislation.
Treework Environmental Practice has implemented various measures to ensure that all information held by us is adequately protected against unauthorised access, use, disclosure and destruction. We take the security of the site and the information you provide very seriously. We use all appropriate technical measures utilising recognised security procedures and tools in accordance with good industry practice to protect your personal information.
Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which we have taken significantly reduce the risk. Treework shall not be held liable by any Third Party, in any event of unauthorised access, use and/or disclosure of information provided that such is not due to Gross Negligence, willful misconduct, fraud or bad faith by Treework Environmental Practice.
More information on how we keep your information secure can be seen in our Data Protection Policy
Treework Environmental Practice never sells any of your personal data and carries out all processing operations in strict compliance with European privacy laws. Personal data held in our systems is not transferred or stored outside of the EU/ EEA. Where we work with a client outside of the EU/EEA, we enter into a Standard Contractual Clause for data processing outside the EEA.
You have the right to request details of the processing activities that we carry out with your personal information through making a Subject Access Request.
You also have the following rights:
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy. To exercise any of these rights, you should contact email@example.com
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found on their website.
If we make any changes to this Privacy Notice these changes will be detailed on the Treework Data Protection website page to ensure that you are fully aware of what information is collected, how it is used and under what circumstances it will be disclosed. If we make any significant changes we will advertise this on the website or contact you directly with the information.