COPPOLO & COYDE Privacy Notice

BACKGROUND:

We understand that your privacy is important to you and that you care about how your personal data is used.  We respect and value the privacy of all of our clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the Applicable DP Law (as defined below).

Coppolo & Coyde is a group of two companies made up of Coppolo & Coyde Limited, a Guernsey company registered at Private Box 443, Envoy House, St Peter Port, GY1 3ZR, and Coppolo & Coyde (Jersey) Limited, a Jersey company registered at East Wing, Royal Jersey Showground, La Route de la Trinite, Jersey, JE3 5JP (together “Coppolo & Coyde”).  

Coppolo & Coyde are specialist health and safety advisors providing health, safety, food hygiene, environmental and HSPC services and training. 

1. This Privacy Notice

This Privacy Notice explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data. 

2. What is Personal Data?

Personal data is defined by the Data Protection (Jersey) Law 2018 in Jersey and the Data Protection (Bailiwick of Guernsey) Law 2017 in Guernsey (respectively the “Applicable DP Law” as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use is set out in Part 5, below.

3. What Are My Rights?

Under the Applicable DP Law, you have the following rights, which we will always work to uphold:

For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 10.

Further information about your rights can also be obtained from the relevant Information Commissioner’s Office by reviewing the website www.oicjersey.org in respect of Jersey and www.odpc.gg in respect of Guernsey.

If you have any cause for complaint about Coppolo & Coyde’s use of your personal data, you have the right to lodge a complaint with the applicable Information Commissioner’s Office in Jersey by emailing enquiries@oicjersey.org or in Guernsey by emailing info@odpa.gg.

4. What Personal Data Do You Collect?

Coppolo & Coyde may collect some or all of the following personal data (this may vary according to your relationship with us):

Coppolo & Coyde may collect your personal data from third party providers or administrators.  It may be in relation to clients who we provide risk assessments or training records for the purpose conducting an audit or a review of relevant documents.    

5. How Do You Use My Personal Data?

Under the Applicable DP Law Coppolo & Coyde must always have a lawful basis for using personal data.  We will process personal data:

  1. As necessary in order to carry out the provision of services where our clients wish us to provide training, health and safety audits, risk assessments, and incident investigation including:
  1. As necessary for our clients’ own legitimate interests or those of other related parties and organisations, e.g.:
  1. As necessary to comply with a legal obligation, g.:
  1. Based on consent, g.:

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes.  You will not be sent any unlawful marketing. We will always work to fully protect your rights and comply with our obligations under the Applicable DP Law and you will always have the opportunity to opt-out.  However if you chose to opt out then we may not be able to provide services to you as requested.

We do not use any automated systems for carrying out certain kinds of decision-making or profiling.

6.How Long Will You Keep My Personal Data?

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:

Document

Retention period

General information including policies, inspection, accident investigations, and training records, audit records, machinery reports and examination certificates, data of other contractors, photographs, and witness statements. 

10 years from commencement of the contract

General Information relating to clients training in respect of accredited providers

In accordance with accredited providers requirements for 1 year after training commences.  

 

Financial records

10 years from commencement of relationship

Supplier Invoices

10 years

Where events occur that mean that data needs to be kept for longer, the following factors will be used to determine data retention periods for personal data:

7. How and Where Do You Store or Transfer My Personal Data?

We will only store your personal data on computers and servers based in Guernsey and Jersey, and through the provider Dropbox which is held on a server in the US. 

Personal data held in Guernsey and Jersey is fully protected under the Applicable DP Law or under equivalent data protections laws.

Personal data may be transferred to third party service providers in order to allow us to provide services to clients. 

Some countries have equivalent protections in place for personal data under their applicable laws, whereas in other countries steps will be necessary to ensure appropriate safeguards apply. These include imposing contractual obligations of adequacy in line with the data protection legislation in Jersey in order to ensure that the personal data is treated as safely and securely as it would be within Jersey.  Where this is not possible Coppolo & Coyde will rely on the client’s explicit consent to provide such information to entities in these jurisdictions which is considered to be obtained on the basis of the client’s instructions to us.  

Please contact us using the details below in Part 10 for further information about the particular data protection mechanism used by us when transferring your personal data to a third country.

8. Do You Share My Personal Data?

Subject to the Applicable DP Law we may share clients and related parties personal data with:

We require all third parties to respect the security of personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with the data subjects’ instructions.

If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above.

If any personal data is transferred outside of Jersey, the EEA or other jurisdictions not subject to adequacy decisions by the European Commission, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within Jersey and under the Law as explained above or based on your instructions and consent.

9. How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 10. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request as soon as possible and within 30 days of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

10. How Do I Contact You?

To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:

By post: Private Box 443, Envoy House, St Peter Port, GY1 3ZR in respect of Guernsey, or

East Wing, Royal Jersey Showground, La Route de la Trinite, Jersey, JE3 5JP in respect of Jersey.

By email: info@copcoy.com

11. Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data held.

Any changes will be made available on our website.

Back to Home