Introduction
At Sutton House Limited, safeguarding your personal information is a cornerstone of our operations. We are committed to processing your data responsibly, securely, and transparently, ensuring compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This policy outlines how we handle personal data when acting as a controller, determining the purposes and means of its processing. It applies to all users of our website and any interactions you have with Sutton House Limited, ensuring you have clarity on how your data is collected, used, and protected.
Our approach is rooted in trust, and this policy is designed to empower you with the knowledge and understanding of your rights and how your data is managed.
Processing of Personal Data
At Sutton House Limited, we process your personal data only when necessary and for specific, lawful purposes. The following outlines how and why your data is handled:
1. Enquiry Handling
When you submit an enquiry through our website, we collect your personal information to respond effectively. Purpose: This data allows us to address your query, provide relevant information about our services, and engage with you in a professional capacity.
Legal Basis: We process this data under our legitimate interest in promoting our services and engaging with prospective clients.
Retention: Your details are securely stored for no longer than 12 months. After this period, they are permanently deleted unless further retention is required by legal or regulatory obligations.
2. Cookies
We also process cookie data when you visit our website. Cookies help us:
- Enhance Website Security: Protecting both our systems and users from unauthorised access or potential threats.
- Improve User Experience: Analysing website usage patterns to refine our services and ensure seamless navigation.
Legal Basis: We process cookies based on your consent, which can be withdrawn at any time by contacting us at info@suttonhouse.com.
Important Note: Certain features of our website may not function correctly if cookies are disabled. For more details on the cookies we use and how to manage them, please refer to the dedicated cookie section of this policy.
Data Sharing
At Sutton House Limited, we only share your personal data when it is necessary to fulfil specific purposes, and we ensure that all sharing is conducted responsibly, securely, and in compliance with data protection laws.
1. Sharing with Third Parties
We may share your personal data with trusted third parties, but only to the extent required for:
- Facilitating Enquiries: Providing you with information about our products and services, as requested.
- Service Support: Engaging third-party service providers, such as IT or hosting providers, to support the functionality of our website or systems.
All third parties are carefully vetted to ensure they adhere to strict data protection standards. We have contractual agreements in place to ensure they only process your data for the specified purposes and protect it from misuse or unauthorised access.
2. Legal and Regulatory Obligations
We may disclose your personal data to:
- Comply with legal requirements, such as court orders or government requests.
- Protect our legal rights, property, or the safety of our users or others.
Your Rights
As a data subject, you have several rights under the UK GDPR and the Data Protection Act 2018, empowering you to have greater control over your personal data. Below is an outline of your key rights and how you can exercise them:
1. Right to Access
You have the right to request:
- A copy of the personal data we hold about you.
- Information about how your data is being processed, including the purpose of processing and any third parties with whom your data has been shared.
We aim to respond to access requests within one month. If your request is complex or involves multiple data sets, this period may be extended, and we will notify you accordingly.
2. Right to Rectification
If any personal data we hold about you is inaccurate or incomplete, you can request that we correct or update the information promptly.
3. Right to Erasure (Right to Be Forgotten)
In certain circumstances, you can request that we delete your personal data, such as when:
- The data is no longer needed for the purpose it was collected.
- You withdraw your consent (where consent was the legal basis for processing).
- You object to the processing, and there are no overriding legitimate grounds for continuation.
However, please note that we may need to retain some data to comply with legal obligations or resolve disputes.
4. Right to Restrict Processing
You may request that we limit the processing of your data in the following cases:
- If you contest the accuracy of the data while we verify it.
- If you object to the processing while we assess whether our legitimate interests override your objection.
5. Right to Object
You can object to the processing of your personal data when it is based on our legitimate interests or for direct marketing purposes. If you object to direct marketing, we will cease such activities immediately.
6. Right to Withdraw Consent
Where data processing relies on your consent (e.g., cookies), you can withdraw your consent at any time by contacting us at info@suttonhouse.com.