COPPOLO & COYDE Privacy Notice
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the Applicable DP Law (as defined below).
Coppolo & Coyde is a group of two companies made up of Coppolo & Coyde Limited, a Guernsey company registered at Bon Enfant Vinery, La Rochelle Road, Vale, GY3 5DZ, and Coppolo & Coyde (Jersey) Limited, a Jersey company registered at East Wing, Royal Jersey Showground, La Route de la Trinite, Jersey, JE3 5JP (together “Coppolo & Coyde”).
Coppolo & Coyde are specialist health and safety advisors providing health, safety, food hygiene, environmental and HSPC services and training.
1. This Privacy Notice
This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
2. What is Personal Data?
Personal data is defined by the Data Protection (Jersey) Law 2018 in Jersey and the Data Protection (Bailiwick of Guernsey) Law 2017 in Guernsey (respectively the “Applicable DP Law” as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
3. What Are My Rights?
Under the Applicable DP Law, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 10.
- The right to access the personal data we hold about you. Part 10 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 10 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 10 to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 10.
Further information about your rights can also be obtained from the relevant Information Commissioner’s Office by reviewing the website www.oicjersey.org in respect of Jersey and www.odpc.gg in respect of Guernsey.
If you have any cause for complaint about Coppolo & Coyde’s use of your personal data, you have the right to lodge a complaint with the applicable Information Commissioner’s Office in Jersey by emailing firstname.lastname@example.org or in Guernsey by emailing email@example.com.
4. What Personal Data Do You Collect?
Coppolo & Coyde may collect some or all of the following personal data (this may vary according to your relationship with us):
- Date of birth;
- Email address;
- Telephone number;
- Business name;
- Job title;
- Payment information;
- Financial details including bank accounts;
- Copies of Training Certificates of employees or contractors;
- Employment details for purpose of writing reports; and
- The provision of personal information relating to training, incident investigation or health and safety audits. The exact types of data will depend on the incident investigation or the safety audit. It may include sensitive data relating to the health of those whose have been effected by accidents, personal information in relation to persons working under the age of 18, and religious beliefs where such relate to personal protective equipment
Coppolo & Coyde may collect your personal data from third party providers or administrators. It may be in relation to clients who we provide risk assessments or training records for the purpose conducting an audit or a review of relevant documents.
5. How Do You Use My Personal Data?
Under the Applicable DP Law Coppolo & Coyde must always have a lawful basis for using personal data. We will process personal data:
- As necessary in order to carry out the provision of services where our clients wish us to provide training, health and safety audits, risk assessments, and incident investigation including:
- To take steps at a client’s request prior to entering into the contract for services;
- To decide whether to enter into a contract for services with prospective clients;
- To arrange for the setting up of bank accounts and the purchase of property or other assets for clients;
- To prepare details of assets held by the clients in particular jurisdictions; and
- To update clients and related parties’ records.
- As necessary for our clients’ own legitimate interests or those of other related parties and organisations, e.g.:
- For good governance, accounting, and managing and auditing business operations;
- To monitor emails and other communications with clients and relevant parties; and
- For market research, analysis and developing statistics.
- As necessary to comply with a legal obligation, g.:
- When a client exercises their rights under the Applicable DP Law and make requests;
- For compliance with legal and regulatory requirements and related disclosures;
- For establishment and defence of legal rights; and
- For activities relating to the prevention, detection and investigation of crime.
- Based on consent, g.:
- When clients or related parties request that we disclose personal data to other people or organisations or to a government department or third party agency or training body in order to issue training certificates;
- When we are audited and asked to see candidates work by accreditation bodies where acting as a accredited training provider
- To send clients or related parties communications including marketing communications where you have agreed to this; and
- Where you send us personal information which we do not request then you agree to consent to us processing such information.
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes. You will not be sent any unlawful marketing. We will always work to fully protect your rights and comply with our obligations under the Applicable DP Law and you will always have the opportunity to opt-out. However if you chose to opt out then we may not be able to provide services to you as requested.
We do not use any automated systems for carrying out certain kinds of decision-making or profiling.
6.How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:
General information including policies, inspection, accident investigations, and training records, audit records, machinery reports and examination certificates, data of other contractors, photographs, and witness statements.
10 years from commencement of the contract
General Information relating to clients training in respect of accredited providers
In accordance with accredited providers requirements for 1 year after training commences.
10 years from commencement of relationship
Where events occur that mean that data needs to be kept for longer, the following factors will be used to determine data retention periods for personal data:
- Retention in case of queries. We will retain personal data as long as necessary to deal with queries (e.g. if an application to subscribe is unsuccessful);
- Retention in case of claims. We will retain personal data for as long as a client or a data subject might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We will retain personal data after the services provided have come to an end based on our legal and regulatory requirements which is normally 10 years.
7. How and Where Do You Store or Transfer My Personal Data?
We will only store your personal data on computers and servers based in Guernsey and Jersey, and through the provider Dropbox which is held on a server in the US.
Personal data held in Guernsey and Jersey is fully protected under the Applicable DP Law or under equivalent data protections laws.
Personal data may be transferred to third party service providers in order to allow us to provide services to clients.
Some countries have equivalent protections in place for personal data under their applicable laws, whereas in other countries steps will be necessary to ensure appropriate safeguards apply. These include imposing contractual obligations of adequacy in line with the data protection legislation in Jersey in order to ensure that the personal data is treated as safely and securely as it would be within Jersey. Where this is not possible Coppolo & Coyde will rely on the client’s explicit consent to provide such information to entities in these jurisdictions which is considered to be obtained on the basis of the client’s instructions to us.
Please contact us using the details below in Part 10 for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.
8. Do You Share My Personal Data?
Subject to the Applicable DP Law we may share clients and related parties personal data with:
- Related companies, and their employees, officers, agents or professional advisors;
- Sub-contractors and other persons who help us provide our products and services;
- Companies and other persons providing services to clients and related parties;
- Legal and other professional advisors, including auditors;
- Government bodies and agencies in Jersey, or Guernsey as applicable, and overseas e.g. accreditation bodies in other jurisdictions;
- Courts, to comply with legal requirements, and for the administration of justice;
- Other parties where necessary in an emergency or to otherwise protect clients and related parties vital interests;
- Other parties if there is a restructure or in the case of a merger or re-organisation;
- Payment systems (e.g. Visa or Mastercard), and who may transfer personal data to others as necessary to operate the accounts and for regulatory purposes; to process transactions; resolve disputes; and for statistical purposes, including sending personal data overseas; and
- Anyone else where the clients or related parties consent is given or as required by law.
We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the data subjects’ instructions.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above.
If any personal data is transferred outside of Jersey, the EEA or other jurisdictions not subject to adequacy decisions by the European Commission, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within Jersey and under the Law as explained above or based on your instructions and consent.
9. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 10. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request as soon as possible and within 30 days of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
10. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
By post: Bon Enfant Vinery, La Rochelle Road, Vale, Guernsey GY3 5DZ in respect of Guernsey, or
East Wing, Royal Jersey Showground, La Route de la Trinite, Jersey, JE3 5JP in respect of Jersey.
By email: firstname.lastname@example.org
11. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data held.
Any changes will be made available on our website.
Coppolo & Coyde Limited
Private Box 443
St Peter Port
T: 01481 237711
Coppolo & Coyde (Jersey) Limited
Royal Jersey Showground
La Route de la Trinite
T: 01534 870455
F: 01534 870454