John Burn & Co Ltd is aware that the security of your company information is an important concern. The protection of your data is a serious matter to us and we want to be transparent about the data we maintain and the data we discard.
The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. This new regulation replaces the existing Data Protection Act (1998).
As part of the process of working to compliance with the new regulations internally we have:
- Reviewed the purposes of our processing activities, and selected the most appropriate lawful basis (or bases) for each activity.
- Checked that the processing is necessary for the relevant purpose, and are satisfied that there is no other reasonable way to achieve that purpose.
- Documented our decision on which lawful basis applies to help us demonstrate compliance.
- Included information about both the purposes of the processing and the lawful basis for the processing in this privacy notice.
What Information Do We Collect About You?
Site visitation tracking
Like most websites, the John Burn website uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address which could be used to personally identify you but Google do not grant us access to this. We consider Google to be a third-party data processor.
Contact forms and email links
If you contact us via an email link like this one, none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors defined on page 4 of this document. Instead the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices.
Should you choose to contact us using the contact form on our Contact us page, your name, email address and contact telephone number will be saved to this website’s database. In addition, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP) described above.
If you choose to join our mailing list, the email address that you submit to us will be forwarded to Constant Contact who provide us with email marketing services. We consider Constant Contact to be a third party data processor.
Your email address will remain within the Constant Contact database for as long as we continue to use its email marketing service or until you specifically request removal from the list. If you wish to be removed, you can do so by clicking the unsubscribe links contained in any emails that we send you or by requesting removal via email. When requesting removal via email, please send your email to us using the email account that is subscribed to the mailing list.
If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter.
While your email address remains within the Constant database, you will receive periodic emails from us no more than twice a month.
We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever.
You can adjust the settings on your computer to decline any cookies if you wish by activating the reject cookies setting on your computer.
Third Party Data Processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with GDPR legislation. All third parties listed below are are EU-US Privacy Shield compliant.
- In the event that we sell any or all of our business.
- Where we are legally required by law to disclose your personal information.
- To further fraud protection and reduce the risk of fraud.
- Only to businesses owned either fully or partly by John Burn & Co Ltd
Access & Correction
You have the right to review and amend any personal data stored in our systems. if you believe it may be out of date or incorrect. Just send us an e-mail.
You have the right at any time to withdraw your consent to the use of your personal data in the future. To do so, please email us or submit an enquiry via our contact form.
We will report any unlawful data breach of the John Burn & Co Ltd website’s database or the databases of any of our third party data processors to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
John Burn & Co Ltd, Unit 30 Gravelly Industrial Park, Tyburn Road, Birmingham, B24 8HZ, United Kingdom
+44 (0)121 508 4144