Cookies & Privacy

Cookie and Privacy  Policy for Lancashire Farm Dairies

What Are Cookies

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately is most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.

When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.

For more information on Google Analytics cookies, see the official Google Analytics page.

From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.

The Google AdSense service we use to serve advertising uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.

For more information on Google AdSense see the official Google AdSense privacy FAQ.

We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; Twitter, Facebook, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Data Protection Statement of Intent.

1. Introduction

Pakeeza Dairies Limited, (Pakeeza) needs to collect and use certain types of

information, (Data), about the Individuals or Service Users who come into contact

with Pakeeza, in order to undertake our operational activity and service provision.

This Data must be collected and dealt with appropriately whether it is collected on

paper, stored in a computer database, or recorded on other material or form of

media.

From May 2018, the Data Protection Act 1998 will be replaced by the General Data

Protection Regulation (GDPR). The GDPR places greater emphasis on ensuring

Data is managed to prevent the misuse of Data and ensures the security of the Data

within an organisation.

2. Data Controller

Pakeeza is the Data Controller under the Regulations, which means that it

determines what purposes personal information held, will be used for. It is also

responsible for notifying the Information Commissioner of the data it holds or is likely

to hold, and the general purposes that this data will be used for.

3. Disclosure

Pakeeza may share data with other agencies such as the local authority, funding

bodies and other voluntary agencies.

The Individual/Service User will be made aware in most circumstances how and with

whom their information will be shared. There are circumstances where the law

allows Pakeeza to disclose data (including sensitive data) without the data subject’s

consent.

These are:

a) Carrying out a legal duty or as authorised by the Secretary of State

b) Protecting vital interests of an Individual/Service User or other person

c) The Individual/Service User has already made the information public

d) Conducting any legal proceedings, obtaining legal advice or defending any

legal rights

e) Monitoring for equal opportunities purposes – i.e. race, disability or religion

f) Providing a confidential service where the Individual/Service User’s

consent cannot be obtained or where it is reasonable to proceed without

consent: e.g. where we would wish to avoid forcing stressed or ill

Individuals/Service Users to provide consent signatures.

Pakeeza regards the lawful and correct treatment of personal information/data as

very important to successful working, and to maintaining the confidence of those with

whom we deal.

Pakeeza intends to ensure that personal information/data is treated lawfully and

correctly.

To this end, Pakeeza will adhere to the Principles of Data Protection, as detailed in

the General Data Protection Regulations, (previously the Data Protection Act).

Specifically, the Principles require that personal information/data, shall be:

a) processed lawfully, fairly and in a transparent manner in relation to

individuals,

b) collected for specified, explicit and legitimate purposes and not further

processed in a manner that is incompatible with those purposes,

c) adequate, relevant and limited to what is necessary in relation to the

purposes for which they are processed,

d) accurate and, where necessary, kept up to date, personal data that is

inaccurate is erased or rectified without delay,

e) kept in a form which permits identification of data subjects for no longer

than necessary for the purposes for which the personal data are

processed. (Data may be stored for longer periods insofar as the data is

processed for archiving purposes).

f) processed in a manner that ensures appropriate security of the data,

protecting against unauthorised or unlawful processing, accidental loss,

destruction or damage, using appropriate technical or organisational

measures.

Pakeeza will, through appropriate management and strict application of criteria and

controls:

 Observe fully conditions regarding the fair collection and use of information

 Meet its legal obligations to specify the purposes for which information is

used

Commercial In Confidence – property of Pakeeza Dairies 2018.

Document Reference GDPR 001 Issue 1.0.

 Collect and process appropriate information, and only to the extent that it

is needed to fulfill its operational needs or to comply with any legal

requirements

 Ensure the quality of information used

 Ensure that the rights of people about whom information is held, can be

fully exercised in line with the GDPR. These include:

o The right to be informed that processing is being undertaken,

o The right of access to one’s personal information

o The right to prevent or restrict processing in certain circumstances

o The right to rectification i.e. correct, rectify, block or erase

information which is regarded as wrong information.

o The right to data portability

o The right to object and

o rights in relation to automated decision making and profiling.

 Take appropriate technical and organisational security measures to

safeguard personal information

 Ensure that personal information is not transferred abroad without suitable

safeguards

 Treat people justly and fairly whatever their age, religion, disability, gender,

sexual orientation or ethnicity when dealing with requests for information

 Set out clear procedures for responding to requests for information

4. Data collection (Lawful basis for processing).

Pakeeza, will ensure that data is collected within the boundaries defined in this

statement of intent. This applies to data that is collected in person, or by completing

a form.

In line with GDPR, Pakeeza, must demonstrate a valid lawful basis for the collection

and processing of personal information/data. Pakeeza also recognise that as part of

the collection and processing of data, this will include special category data.

Pakeeza have identified that the bases for processing of personal information/data in

line with the requirements of the GDPR, applicable to the operations, service

provision and activities of the organisation are:

Article 6.

1) Consent, the individual has given clear consent for Pakeeza to process their

personal data for a specific purpose.

2) Contract, the processing is required for a contract held between Pakeeza and the

individual, or because the individual has asked Pakeeza to take specific steps before

entering into the contract.

3) Legal Obligation, the processing of the data is required to ensure compliance

with the Law.

When collecting and processing data, Pakeeza, will ensure that the Individual/Service

User:

a) Clearly understands why the information is needed and the lawful basis for

the collection and processing of the information.

b) Understands what it will be used for and what the consequences are

should the Individual/Service User decide not to give consent to

processing.

c) As far as reasonably possible, grants explicit consent, either written or

verbal for data to be processed.

d) Is, as far as reasonably practicable, competent enough to give consent

and has given so freely without any duress

e) Has received sufficient information on why their data is needed and how it

will be used.

Special Category Data.

Special Category Data, is personal information/Data, which is recognised as more

sensitive within the guidance of the GDPR. Pakeeza recognise that such special

category data includes:

Race

Ethnic Origin

Politics (Political views and preference).

Religion

Membership of a Trade Union or other recognised trade organisation

membership.

Genetics

Biometrics

Health

Sex Life

Sexual Orientation.

Pakeeza, in line with the requirements of GDPR, identify the following conditions for

the processing of special category data:

Article 9 (2)

(b) the processing of the special category data is necessary for the purposes of

carrying out the obligations and exercising specific rights of the controller, (Pakeeza)

or of the data subject in the field of employment and social security and social

protection law, in so far as it is authorised by Union or Member State Law or a collective

agreement pursuant to Member State Law providing for appropriate safeguards for the

fundamental rights and the interests of the data subject.

(f) the processing is necessary for the establishment, exercise or defence of legal

claims or whenever courts are acting in their judicial capacity.

(h) the processing is necessary for the purposes of preventive or occupational

medicine, for the assessment of the working capacity of the employee, medical

diagnosis, the provision of health or social care or treatment or the management of

health or social care systems and services on the basis of Union or Member State law

or pursuant to contract with a health professional and subject to the conditions and

safeguards identified within the GDPR.

5. Data Storage

Information and records relating to the data subject and service users will be stored

securely and will only be accessible to authorised staff as approved by Pakeeza.

Information will be stored for only as long as it is needed or required statute and will

be disposed of appropriately.

It is the responsibility of Pakeeza to ensure all personal and company data is nonrecoverable

from any computer system previously used within the organisation,

which has been passed on/sold to a third party.

6. Data access and accuracy

All Individuals/Service Users have the right to access the information Pakeeza holds

about them. Pakeeza will also take reasonable steps ensure that this information is

kept up to date by asking data subjects whether there have been any changes.

In addition, Pakeeza will ensure that:

 It considers the need to appoint a Data Protection Officer with specific

responsibility for ensuring compliance with Data Protection in line with the

requirements of the GDPR.

 Everyone processing personal information understands that they are

contractually responsible for following good data protection practice

 Everyone processing personal information is appropriately trained to do so

 Everyone processing personal information is appropriately supervised

 Anybody wanting to make enquiries about handling personal information

knows what to do

 It deals promptly and courteously with any enquiries about handling personal

information

 It describes clearly how it handles personal information

 It will regularly review and audit the ways it hold, manage and uses personal

information

 It regularly assesses and evaluates its methods and performance in relation to

handling personal information

 All staff are aware that a breach of the rules and procedures identified in this

policy may lead to disciplinary action being taken against them.

 Breaches of security impacting on the storage of personal information/data is

investigated and actions taken to address the breach. (In line with the GDPR

that such breach is reported to the supervisory authority, (ICO), within 72

hours based on the likelihood and severity of risk to data subjects).

This Statement of Intent will be updated as necessary to reflect best practice in data

management, security and control and to ensure compliance with any changes or

amendments made to the General Data Protection Regulations, related regulatory

requirements or guidance.

In case of any queries or questions in relation to this policy please contact the

Pakeeza Dairies Limited Acting Data Protection Officer: Paul Doherty, Health, Safety

and Human Resource Manager.

Signed: P.Doherty

Position: Health, Safety and Human Resource Manager. (DPO/Appointed Person)

Date: 24/05/2018

Review Date: 23/05/2019.

Glossary of Terms

Data Controller – The person who (either alone or with others) decides what personal

information Pakeeza will hold and how it will be held or used.

Data Protection Act 1998 – The UK legislation that provides a framework for responsible

behaviour by those using personal information. (To be replaced by the General Data

Protection Regulation in May 2018).

General Data Protection RegulationThe General Data Protection Regulation (GDPR)

(Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of

the European Union and the European Commission intend to strengthen and unify data

protection for all individuals within the European Union (EU).

Data Protection Officer – The person(s) responsible for ensuring that Pakeeza

follows its data protection statement of intent, related policies and procedures and that

Pakeeza complies with the Data Protection Act 1998 / GDPR.

Individual/Service User/data subject – The person whose personal information is being

held or processed by Pakeeza for example: a client, an employee, or supporter.

Explicit consent – is a freely given, specific and informed agreement by an

Individual/Service User in the processing of personal information about her/him. Explicit

consent is needed for processing sensitive data.

Notification – Notifying the Information Commissioner about the data processing activities of

Pakeeza as certain activities may be exempt from notification.

The link below will take to the ICO website where a self-assessment guide will help you to

decide if you are exempt from notification:

http://www.ico.gov.uk/for_organisations/data_protection/the_guide/exemptions.aspx

Information Commissioner – The UK Information Commissioner responsible for

implementing and overseeing the Data Protection Act 1998 and GDPR.

Processing – means collecting, amending, handling, storing or disclosing personal

information.

Personal Information – Information about living individuals that enables them to be identified

– e.g. name and address. It does not apply to information about organisations, companies

and agencies but applies to named persons, such as individual volunteers or employees

within (GROUP).

Sensitive data – refers to data about:

 Racial or ethnic origin

 Political affiliations

 Religion or similar beliefs

 Trade union membership

 Physical or mental health

 Sexuality

 Criminal record or proceedings

 

More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. However if you are still looking for more information then you can contact us through one of our preferred contact methods.

Email: marketing@lancashirefarm.com

Phone: 01706641551