Privacy Policy

Our privacy policy has been assembled for anyone who wants to know how we collect and handle their personally identifiable information.

The term ‘Fine Cut Group Limited [‘Fine Cut’, ‘we’ or ‘us’] refers to the business whose registered office is The Courtyard, Shoreham Road Upper Beeding, Steyning, West Sussex, BN44 3TN

We are committed to ensuring that your personal data and information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Our systems use data encryption and password protection for maximum security.


GDPR Compliance

The European Union General Data Protection Regulation (GDPR) is a data privacy regulation that applies to all companies processing and holding the personal data of data subjects residing in the European Union. This article describes the GDPR compliance status of Fine Cut.

If your company needs to ensure it is GDPR compliant, it also needs to ensure its providers are also GDPR compliant. Fine Cut is GDPR compliant and strictly enforces the regulations to protect the user data we store.

The following principles are complied with when processing personal data:

  • Data is processed fairly and lawfully
  • Data is processed only for specified and lawful purposes
  • Processed data is adequate, relevant and not excessive
  • Processed data is accurate and, where necessary, kept up to date
  • Data is not kept longer than necessary
  • Data is processed in accordance with an individual’s consent and rights
  • Data is kept secure
  • Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection

Lawful Basis of Processing Data

The lawful basis of processing of data will always be determined prior to any data being processed. Fine Cut processes personal data under one, or more, of the following Lawful Bases:

  • Consent – the individual has given their Consent to the processing of their personal data
  • Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for Fine Cut to take pre-contractual steps at the request of the individual
  • Legal Obligation – processing of personal data is necessary for compliance with a legal obligation to which Fine Cut is subject
  • Legitimate Interests – processing of personal data is necessary under the Legitimate Interests of Fine Cut or a Third Party, unless these interests are overridden by the individual’s interest or fundamental rights

Type of Personal Data Being Processed

The type of personal data being processed may include:

  • Name
  • Address
  • Email address
  • Job Title
  • Telephone number
  • Business name
  • Social media profiles
  • IP address
  • Demographic information such as postcode

How Personal Data is collected

Personal data is obtained from one or more of the following:

  • Visits and use of the above Fine Cut websites, and Company Portals
  • Use of Fine Cut social media
  • Use of Google Analytics
  • Attendees of corporate seminars and webinars
  • Subscribers to Company updates
  • Parties entering into agreements with Fine Cut
  • Requests for information about products and services offered by Fine Cut, and/or quotes
  • Employment enquiries

Why Personal Data is collected

Personal data is collected to provide legitimate business services which include:

  • For Marketing purposes
  • For us to review and reply to your enquiry
  • To provide an opinion for a service you have requested
  • To meet our statutory monitoring and reporting responsibilities
  • To handle and communicate orders, billings and payment, delivery of products and services
  • To improve Fine Cut services and product offering

However, where indicated, some of the information is optional and you can choose not to complete.


How Personal Data is used

Personal data may be used to:

  • process orders, process a request for further information, to maintain records and to provide pre and after-sales service.
  • pass to another organisation to supply/deliver products or services you have purchased and/or to provide pre or after- sales service;
  • carry out our obligations arising from any contracts entered into by you and us;
  • carry out security checks (this may involve passing your details to our Identity Verification partners, who will check details we give them against public and private databases – this helps to protect us from credit risk and both you and us from fraudulent transactions);
  • comply with legal requirements;
  • assist third parties to carry out certain activities, such as processing and sorting data, monitoring how customers use our site and issuing our emails for us;
    seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which may be of interest to you. These may include information about product updates, newsletters, events, webinars;
    inform you of various promotions, goods and services that may be of interest to you. You may be contacted by post, email, telephone, SMS or such other means with carefully selected marketing communications we deem relevant to send to you in the legitimate interests of Fine Cut as an Industrial Manufacturer. Each marketing communication sent to you by us will provide you with the option to unsubscribe and manage your data profile and communication preferences from Fine Cut at any time;
  • process a job application;
  • create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.

Where Personal Data is Stored

If a web form is completed on any of the above websites, information is stored on the Company’s CRM system. Previous browsing history on the Fine Cut websites is available to our employees only to determine your interests in order that Fine Cut can engage with you more effectively and improve our site. If Cookies are switched-off then your previous browsing history is no longer available to Fine Cut (See “Cookies” below). If you do not wish for us to have your personal information, please do not fill out any of the web forms on these sites.

As part of any services offered via the Fine Cut websites, the information you provide may be transferred to countries outside the European Economic Area (‘EEA’) i.e. our servers, or third party servers that are used to provide Fine Cut services, that are located in a country outside the EEA. By submitting your personal data, you consent to the transfer, storage and/or processing of your data wherever it be stored. However, if your data is transferred outside the EEA, steps will be taken to ensure appropriate security measures are in place to ensure your privacy rights continue to be protected as outlined in this Policy.


How long Personal Data is stored

We review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold personal data on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Please review our data retention policy for full details


Who has access to Personal Data

Only Fine Cut employees are granted access to customer data. This is ensured by the use of strict operational processes and procedures.

Staff are trained on security systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose. All employees are kept up-to-date on the Fine Cut security and privacy practices. Employees are notified and/or reminded about the importance we place on privacy, and what they can do to ensure that customer information is protected.

All IT systems are kept in a secure environment with appropriate access control.

Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

We will not sell or rent your information to third parties.


Individuals’ Rights

Your rights relating to GDPR are enforced and include the below:

  • Right to be informed: we clearly inform our customers about the data we collect and how we will use that data
  • Right of access: you can contact us to obtain access to your personal data that we store
  • Right of rectification: simply contact us and we’ll update our records
  • Right of erasure: you can also contact us at any time and we’ll handle your erasure queries
  • Right to restrict processing: we don’t process the data of our customers (or our customers end-users)
  • Right to data portability: our users may contact us anytime if they would like an export of their data
  • Right to object: we handle all requests on this matter from our customers
  • Right not to be subject to automated decision-making including profiling: we don’t do that (and never will)

The accuracy of personal data is imperative. We aim to keep it updated at all times. The personal data we hold on you is available upon request by contacting info@finecut.co.uk. You can request that your data is updated and/or deleted at any time, unless Fine Cut can justify that it is retained for legitimate business or legal purpose. When updating your personal data, you may be asked to verify your identity before your request can be actioned.

You can change your marketing preferences at any time by emailing info@finecut.co.uk, or by clicking on the “Unsubscribe” link at the bottom of any of Fine Cut e-shots.


Links to other websites / from other websites

Fine Cut websites may contain links to other websites run by other organisations. Fine Cut Privacy Policy only applies to Fine Cut websites and you are encouraged to read the Privacy Statements on the third party websites that you visit such as Google. Fine Cut is not responsible for the Privacy Policies and practices of other websites even if they were accessed via a Fine Cut website. Equally, if you link to a Fine Cut website from a third party site, Fine Cut is not responsible for the Privacy Policies and practices of that third party site.


Children – 16 or Under

We do not offer services to children under the age of 16.

If you are aged 16 or under‚ please get your parent/guardian’s permission before making contact and/or providing us with personal information.


Questions, Complaints and Subject Access Requests (SARs)

Any questions or Subject Access Requests (SARs) should be sent to: info@finecut.co.uk.

You have a right to lodge a complaint in the event that you believe that Fine Cut has not upheld the rights, obligations and responsibilities set out in this Privacy Policy. Please send any complaints to: info@finecut.co.uk.


Data Protection by Design and Data Protection Impact Assessments

Whenever Fine Cut develops a new system, security and the protection of your data comes first when designing the architecture of our systems.


Data Protection Officers

Our Data Protection Officer is Debra Venour, she can be reached via:

Email: accounts@finecut.co.uk

Phone: +44 (0) 1903 751666

Address: Fine Cut Group Limited, 46 Marlborough Road, Lancing Business Park, Lancing, West Sussex. BN15 8UF England


International

Fine Cut, a company registered in England & Wales, is located in the UK and, thus, our supervisory authority is based in the UK.


Review of this Policy

Our policies are regularly revised to ensure compliance with the latest regulatory standards. Should you have any queries about the security of our website or your private information, please contact info@finecut.co.uk for more information.


Notification of changes

We reserve the right to make changes to our GDPR policy at any time, however if we do so any changes will be posted on this page immediately so that you are always aware of what information we collect, how we collect it, and where it is kept.

Policies and Procedures

Data Retention Policy

The purpose of this Policy is to ensure that necessary records and documents are adequately protected and maintained and to ensure that records that are no longer needed, or are of no value, are discarded at the proper time. This Policy applies to all members of staff and any third parties that work on behalf of Fine Cut.

Records may need to be securely retained to meet statutory, regulatory or contractual requirements, as well as to support essential business activities. Examples include records that may be required as evidence that an organisation operates within statutory or regulatory rules, to ensure defence against potential civil or criminal action or to confirm the financial status of an organisation to shareholders, external parties and auditors. National law or regulation may set the time period and data content for information retention.

We have assessed our records to:

  • Determine their value as a source of information about Fine Cut, its operations, relationships and environment
  • Assess their importance as evidence of business activities and decisions
  • Establish whether there are any legal or regulatory retention requirements

The following data retention periods apply:

  • Customer details – Life of relationship plus six years
  • Supplier details – Life of relationship plus six years
  • Non associate details (e.g. prospects, non-customers) – Current year plus one year
  • Financial records – Current year plus six years
  • Contract records – Life of contract plus six years

In some instances, this Data Retention Policy may be temporarily suspended, specifically if an investigation, court case, or audit is anticipated. In some instances, this policy’s Data Retention schedule may conflict with the need to produce documents relevant to the aforementioned legal or regulatory procedures. If this is the case, then the need to comply fully with the law and/or regulation will override this policy, causing this policy to be temporarily suspended until the matter in question is satisfactorily resolved. Suspension of this policy will take the form of no business documents being disposed of whatsoever for a period of time.

The Company’s Data & Records Retention Schedule is maintained by the GDPR Compliance Manager.

Data Breach Policy

What is Data Breach?

A Personal Data Breach can include:

  • Access by an unauthorised third party
  • Deliberate or accidental action (or inaction) by a controller or processor
  • Sending personal data to an incorrect recipient
  • Computing devices containing personal data being lost or stolen
  • Alteration of personal data without permission
  • Loss of availability of personal data

A breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable and this unavailability has a significant negative effect on individuals.

Procedure to Report a Data Breach

As soon as it has become apparent, or suspected, that a personal data breach has occurred, the Company’s GDPR Compliance Manager should be notified as soon as possible via info@finecut.co.uk providing as much detail as possible.

On becoming aware of a breach, the Compliance Manager will work with the relevant departmental managers to assess the severity of the data breach and inform the Board. Fine Cut will try to contain it and assess the potential adverse consequences for individuals, based on how serious or substantial these are, and how likely they are to happen.

Reporting the Data Breach to the ICO

When a personal data breach has occurred, the likelihood and severity of the resulting risk to people’s rights and freedoms will be established. If it is likely that there will be a risk then the ICO will be notified; if it is unlikely then the ICO need not be informed. Where we decide not to report the breach, it will be documented to justify this decision.

Where Fine Cut uses a data processor, and the processor suffers a breach, they must inform us without undue delay as soon as they become aware; Fine Cut will then notify the ICO of the data breach.

ICO: www.ico.org.uk

ICO Reporting Timescales

A notifiable breach will be reported to the ICO without undue delay, but no later than 72 hours after becoming aware of the breach. If it takes longer, then reasons for the delay will be given.

As it is not always possible to investigate a breach fully within 72 hours to understand exactly what has happened and what needs to be done to mitigate it, the required information can be provided in phases, as long as it is done without undue further delay.

Information required for the ICO

When reporting a breach to the ICO it will include:

  • A description of the nature of the personal data breach including, where possible:
  • The categories and approximate number of individuals concerned; and
  • The categories and approximate number of personal data records concerned;
  • The name and contact details of the data protection officer or other contact point where more information can be obtained;
    A description of the likely consequences of the personal data breach; and
  • A description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

Notifying the Individual of a Data Breach

The individual will be notified of a breach where it is likely to result in a high risk to the rights and freedoms of the individual.

  • When notifying the individual of a data breach, it will be done using clear and plain language and describing the nature of the personal data breach and, at least include:
  • the name and contact details of where more information can be obtained;
  • a description of the likely consequences of the personal data breach; and
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.

Recording of Data Breaches

Regardless of whether or not a data breach was reported to the ICO, all breaches will be recorded. It will record the facts relating to the breach, its effects and the remedial action taken.

Remedial Action of Data Breaches

All breaches will be investigated to establish whether or not it was a result of human error or a systemic issue and see how a recurrence can be prevented; whether that be through better processes, further training or other corrective steps.

Subject Access Request (‘Sar’) Procedure

Fine Cut does not process large quantities of information about individuals (individuals are also known as ‘Data Subjects’). Communication between Fine Cut and its customers relate to business matters and not about the individual itself, however all individuals (customers, past/present employees/applicants/casual & contracted staff) have the right to submit a Subject Access Request (‘SAR’).

What rights do Data Subjects have?

Data Subjects have the right to obtain:

  • Confirmation that their data is being processed
  • Access to their personal data
  • Other supplementary information (mostly the information provided in privacy notices).
  • Given a description of the personal data, the reasons it is being processed, and whether it will be given to any other organisations or people;
  • Given a copy of the information comprising the data; and given details of the source of the data (where this is available).

How do Data Subjects submit requests for their information?

The information Fine Cut hold is available upon request by contacting info@finecut.co.uk

Individuals can also request their data is updated and/or deleted at any time, unless Fine Cut needs to retain it for legitimate business or legal purposes, by submitting a request to this email address.

Responding to Subject Access Requests

Fine Cut may ask the individual to verify their identity before their request is actioned.

Fine Cut has the right to ask the individual for enough information to judge whether the person making the request is the individual to whom the personal data relates. This is to avoid personal data about one individual being sent to another, accidentally or as a result of deception.

Fine Cut has the right to ask for information that is reasonably needed to find the personal data covered by the request. If no personal information about the individual is held, they will be informed.

If data processing is outsourced, subject access requests may be sent to the third party to respond.

Fine Cut GDPR Compliance Manager will refer to the Company’s GDPR Data Register to locate all the information held on the individual and liaise with the IT Department plus any other Fine Cut department and/or Third Parties concerned in order to collate all the information.

Information will be provided within at least one month of receiving the request. Where requests are complex or numerous, Fine Cut has the right to extend the deadline for providing the information to three months. However, a response to the request explaining why the extension is necessary, will be sent within one month.

Data Access Requests that are manifestly unfounded or excessive can be refused or a charge be made. If a request is refused, the individual will be informed as to why and advised that they have the right to complain to the ICO and to a judicial remedy. The refusal will be made without undue delay and at the latest, within one month.

Information will be provided free of charge.

Contact our Team

Privacy Policies