1.1 The Channel Islands Co-operative Society Limited (the “Society”, “us”, or “we”), its subsidiaries and all affiliated entities, are committed to respecting and protecting your privacy. This Privacy Policy (the “Privacy Policy”) explains how we will collect, store and use any personal data you provide via our website, when you place an online order, email or network with our people and when you otherwise communicate with us:
(a) in the course of the delivery of our general retail services to customers; and
(b) or otherwise in the course of running our business.
1.2 The Society is registered as a data controller (this means we determine the purpose and manner in which your personal data is used) with the Office of the Information Commissioner in Jersey, and our registration number is 15593. We are also registered as a data controller with the Office of the Data Protection Commissioner in Guernsey, and our registration number is 10219.
1.3 The Society is registered under the Industrial & Provident Societies Act 1965 - 1978 (Industrial & Provident Societies (Channel Islands) Order 1965 - 1978) and has its registered office at Co-operative House, 57 Don Street, St Helier, Jersey JE2 4TR. The Society is registered with the Mutuals Section of the Financial Conduct Authority in the United Kingdom (Number 14672R). The Financial Conduct Authority acts as Registrar for Industrial & Provident Societies (Co-operatives).
1.4 This Privacy Policy may change from time to time and, if it does, the up-to-date version will always be available on our website and becomes effective immediately. You are advised to regularly check our website for updates in relation to our privacy notice.
1.5 Please take the time to read this Privacy Policy, which contains important information about the way in which we collect, process and use your personal data.
1.6 For the purposes of this Privacy Policy, the “Data Protection Law” shall mean The Data Protection (Jersey) Law 2018, as amended from time to time, or as appropriate in context, The Data Protection (Bailiwick of Guernsey) Law 2017, as amended from time to time.
2. Data we may collect about you
2.1 We may collect and process personal data about you through various means, including:
2.2 The personal data we will ask you to provide may include:
2.3 Each time you visit our website, we may automatically collect the following information:
2.4 We may ask you for information when you report a problem with our website.
2.5 If you contact us, we may keep a record of that correspondence.
3. Cookie Policy
3.1 Our website uses cookies to distinguish you from other users, to improve your experience on our website and to recommend content that may be of interest to you. For full details on how we use cookies, please see our Cookie Policy.
4. How we will use your data
4.1 We will store and use the data you provide or which we gather in order to carry out the activities necessary to process and deliver your online order. We will only do this to:
4.2 We will not use your personal data in any automated decision-making process without your consent.
5. Legal grounds for processing your information
5.1 We will rely on the following legal bases under the Data Protection Law for processing your personal data:
6. Marketing Communications
6.1 We will only send you literature describing our services if you ask for them.
6.2 We will only send you marketing communications if you have consented to receive them when requesting our services, or when you change your marketing preferences though our members’ portal. You do not have to agree to receive marketing communications from us in order to receive any of our services. You can also unsubscribe from receiving marketing materials from us at any time.
6.3 We will never sell or share your personal data with third parties for marketing purposes without your consent.
7. Who will have access to your data within the business?
7.1 Your personal data will only be seen or used by our employees who have a legitimate business need to access your data for the purposes set out in this Privacy Policy.
7.2 We take your privacy seriously and have implemented appropriate physical, technical and organisational security measures designed to secure your personal data against accidental loss, destruction or damage and unauthorised access, use, alteration or disclosure.
8. Who else might we share your data with?
8.1 Except as explained in this Privacy Policy, we will not share your personal data with third parties without your consent unless required to do so by law. If we share your information with third parties, they will process your information as either a data controller, joint data controller or as our data processor and the nature of their role may vary depending upon the legal basis relied upon when we shared your personal data with these third parties. We will only share your personal data in compliance with the Data Protection Law.
8.2 We will share your personal data with the following third parties who assist us with administering the provision of our services to you:
8.3 In most cases, our third parties’ ability to use your personal data is limited and we will only allow them to use your personal data for specific purposes in accordance with our instructions and not for their own purposes. However, where a third party is a data controller or a joint data controller their privacy notice will also apply to your personal data and you should contact them for questions about how they collect, use and process your personal data. We will ensure that where these third parties are a processor of your personal data they do so in a way that is consistent with this Privacy Policy and in compliance with the Data Protection Law. Information collected through third-party apps, tools, widgets and plug-ins is collected directly by the providers of these features. This information is subject to the privacy policies of the providers of the features, and we are not responsible for those providers' information practices.
8.4 If a business transfer or change of business ownership takes place or is envisaged, we may transfer your personal data to the new owner or a prospective new owner. If this happens, we will inform you of this transfer.
8.5 We may transfer personal data about you between Jersey and Guernsey. As Jersey and Guernsey are not within the European Economic Area (EEA), we may therefore transfer personal information about you outside the EEA. To ensure that your personal information receives an adequate level of protection we will put in place appropriate measures to ensure that your personal information is treated by those third parties in a way that is consistent with and which respects the Data Protection Law in both jurisdictions.
8.6 We may share some broader statistics and customer profiling information with third parties and other entities owned by the Society, but all such data will be anonymised, so you would not be identifiable from that data. We will not rent or sell your details to any other organisation or individual.
8.7 To perform our pick-up and delivery services, we may share delivery information with third parties such as shippers, consignees, third party payers and recipients. We may also share personal information with third parties who perform services on our behalf based on our instructions. These third parties are not authorised by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.
8.8 We also may share the personal information we obtain with our affiliates. We may share physical location data with other third parties to, for example, enhance location-based services and develop accurate and up-to-date maps.
9. How do we protect your data?
9.1 We take your privacy seriously and are committed to maintaining the privacy and security of the personal data you provide to us, and the choices you have regarding our collection and use of your personal data.
9.2 We maintain administrative, technical and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use. Although we take steps to limit access to our facilities and vehicles to authorised individuals, information that is located on the outside of a package or letter may be visible to others.
9.3 We follow strict security procedures as to how your personal data is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access. Details of these measures are available upon request. We have put in place appropriate security measures to prevent your personal data from being lost, used, accessed, altered or disclosed by accident or without authorisation. In addition, we limit access to your personal data to those officers, employees and contractors who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
9.4 We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
9.5 Unfortunately, the transmission of your personal data via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us over the internet and you acknowledge that any transmission is at your own risk.
9.6 Our website may, from time to time, contain links to and from the websites of advertisers and partners. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
10. How long do we keep your data?
10.1 We will keep your personal data for no longer than is necessary for the purposes we have set out above.
10.2 We will keep your personal data for ten (10) years after the year in which we have provided our services to you, or have last interacted with you.
10.3 If we are required by law to keep any of your personal data for longer, in order to protect your vital interests or the vital interests of another natural person, or in connection with any legal claim we will only keep such data for as long as the law says we must.
10.4 The third parties we engage to provide services on our behalf will keep your data no longer than the periods set out above. If we end our relationship with any third party providers, we will request they securely delete or return your personal data to us.
10.5 We may retain personal data about you for statistical purposes. Where data is retained for statistical purposes it will always be anonymised meaning that you will not be identifiable from that data. We may also retain basic information about you and the services provided for a further ten (10) years after we have provided our services to you, so that we can provide appropriate care and consideration to related persons who may contact us in the future.
11. What are your rights?
11.1 You have a number of rights in relation to your personal data under the Data Protection Law. There are circumstances in which your rights may not apply. You have the right to request that we:
11.2 We will ask you to provide proof of identity before we show you your personal information. This is so that we can prevent unauthorised access to your personal data.
11.3 For more information on your rights and how to exercise them, or if you would like to make any of the requests set out above, please contact us, using the details below. We will respond to all such requests within the time period required by Data Protection Law.
12. Who can you ask for more information?
We are data controllers because we collect personal data about you and determine how and why it will be used. If you have any questions or concerns about how we handle your personal data, you can contact us using any one (or more) of the following:
Post:
Christopher Lintell
Data Protection Officer
The Channel Islands Co-operative Society
Co-operative House
57 Don Street
St Helier
Jersey
JE2 4TR
Email: dpo@channelislands.coop
Telephone: 01534 879822
Exercising my rights:
To exercise your rights under the Data Protection Law please go to our Enforcing your rights section of our corporate website.
If you are unsatisfied with our response to any data protection issues you raise with us, you have the right to make a complaint to the Office of the Information Commissioner in Jersey or the Office of the Data Protection Authority in Guernsey.
You can contact them as follows:
Jersey
Office of the Information Commissioner
2nd Floor
5 Castle Street
St Helier
Jersey
JE2 3BT
Tel: 01534 716530
Email: enquiries@oicjersey.org
Web: www.oicjersey.org
Guernsey
Office of the Data Protection Authority
St Martin's House
Le Bordage
St Peter Port
Guernsey
GY1 1BR
Tel: 01481 742074
Email: enquiries@odpa.org
Web: https://odpa.gg/
Effective From: 17 August 2020