0117 311 8200

LATCHAM DIRECT PRIVACY STATEMENT

(Updated on the 7th February 2018)

The aim of this Privacy Policy

We are delighted that you have shown interest in our Business. Data protection is of a particularly high priority for the management of Latcham Direct {We, Our}.We are both a controller and a processor under the definitions of General Data Protection Regulation (GDPR) and for the purposes of Data Protection Act 1998 we are registered with the UK Information Commissioner’s Office (ICO) as a data controller under registration number Z2061807.

Our Privacy Policy explains how we will protect data subjects {your} information and personal data, and the gold standard controls and safeguards we provide for this data. This includes understanding, at all times, precisely what data we are storing for and about you, who can access that data, and whether you give permission for that data to be shared with third-parties. We will never share your data with third-parties for marketing purposes.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR).

By means of this data protection declaration, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As a controller and processor, we have implemented technical and organisational measures which are documented and managed by our ISO27001 accredited Information Security Management System, to ensure the most complete protection of personal data processed throughout this website, on our electronic networks and throughout the entirety of our physical estate.

Who we are and what we do

Latcham Direct and CGL are Data Processors and Controllers for the purposes of the GDPR and other data protection laws applicable in Member states of the European Union and other provisions related to data protection is:

Latcham Direct Limited which has its registered office at Unit 1 Western Drive, Hengrove, Bristol BS14 0AZ

Computastat Group Limited (Latcham CGL) is a fully owned subsidiary of Latcham Direct Limited

We operate from an 82,000 sq. ft. purpose built secure site based in Hengrove, Bristol and an office in Crawley.

Our vision is to offer a client focused approach, helping our customers to simplify complex customer communication problems using digital printing, cross media and secure document management solutions.

Our website uses cookies, this is what they do and this is how you can stop them

Cookies are text files that are stored in your computer system via an Internet browser.

Many Internet sites and servers use cookies. Many cookies contain a so-called cookie ID.A cookie ID is a unique identifier of the cookie. It consists of a character string through which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This allows visited Internet sites and servers to differentiate the individual browser of the data subject from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified using the unique cookie ID.

Through the use of cookies, we can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

The categories of cookies used by this website are as follows:

Strictly necessary cookies – cookies that are required for the operation of this website and its features, such as accessing secure areas of this website

Performance cookies – cookies that allow us to recognise new and returning users to this website and to track how they navigate around it to help us improve this website:

The cookies used by this website are as follows:

Source : Google Analytics

Cookie : __utma

Description : This cookie creates a unique ID when a new visitor browses our website. It helps us to assess the number of new visitors to our site, and also identify whether we are receiving repeat visitors, too.

Cookie : __utmb & __utmc

Description : These two cookies help us to measure a visitor’s session, giving us data on what time visitors arrive and how long they spend browsing our website.

Cookie : __utmz

Description : This cookie gives us information about how a visitor got to our site (e.g. Google Search, referral site, social media, direct URL, etc.) and also which pages they viewed after they arrived.

Source : PHP

Cookie : PHPSESSID

Description : This cookie is native to the PHP development language, and is used to keep track of a visitor’s session, preserving useful data from page to page.


Most browsers allow you to refuse to accept cookies; for example:

(a) in Internet Explorer (version 11) you can block cookies using the cookie handling override settings available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;

(b) in Firefox (version 39) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”; and

(c) in Chrome (version 44), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “Cookies” heading.

Blocking all cookies will have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use all the features on our website.

You can also delete cookies already stored on your computer; for example:

(a) in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);

(b) in Firefox (version 39), you can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show Cookies”, and then clicking “Remove All Cookies”; and

(c) in Chrome (version 44), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Clear browsing data”, and then selecting “Cookies and other site and plug-in data” before clicking “Clear browsing data”.

We collect these types of data about you

You do not have to give us any personal data in order to use this website. However you may provide us with personal data by completing forms on this website or by contacting us by telephone or email.

When you visit this website, we will automatically collect the internet protocol (IP) address of the device used by you to visit this website as well as the type of the device, browser version and time zone setting. This will enable us to identify you as a unique user for analytical purposes and to optimise our website for your device. This data does not allow us to, and we will not attempt to use this data to, identify you.

Our customer database contains information that enables a quick electronic contact to our business, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data, transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of contacting the data subject.

We hold personal information relating to existing customers, previous customers, prospective customer and our employees and suppliers.

These are your rights under GDPR

Whilst we are in possession of, or processing your personal data, you have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you free of charge (before 25 May 2018, we may charge a fee of £10 to meet our costs in providing you with a copy of any personal data held about you)
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organization in certain circumstances.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right not to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that Latcham Direct refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain to the Information Commissioner’s Office, or any other supervisory authority in an EU member state where any alleged breach of your rights has occurred

The legal basis we use to process your personal data

Article 6 of the GDPR sets out the legal basis for the use and processing of personal data. We will be using the following basis:

  1. The processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract
  2. The processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data
  3. You have given consent to the processing of your personal data for one or more specific purposes

Please find to follow further details regarding each of these.

1. The processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract;

We hold information about customers to enable us to contact you. The personal information we’re likely to hold is your name, job title, your work postal address, email address, and telephone number . We will continue to hold your personal details for two years after our last invoice to us. After which, we will either delete your personal data, or keep it because you have asked us to.Your personal information is only disclosed to our employees and vetted contracted sub-contractors.

The legal basis for processing your data is ‘fulfilling a contract’ whilst we are your supplier. When you are no longer an active customer, it will be our ‘legitimate interest’ because you may want to order from us again. We benefit from solving communication challenges and we’d like to help you in the future. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services.

2. The processing is necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data;

We may hold business contact data about you if you are a professionally relevant contact for our services, and you are employed in a UK organisation. Your data can only be used where the product or service might be relevant to you in your professional capacity.However, we want to respect your wishes about how and if you are contacted. On occasion we will contact you to verify your position, check how you would prefer to receive direct marketing, whether by post, by phone or by email and to remind you of your rights via our latest privacy statement. You may of course tell us you do not wish to be contacted at all, and we will respect your wishes, add you to a suppression list, and not contact you again.

The personal data we hold is your name, job title, and maybe your work, postal address, email address, and telephone number.

3. You have given consent to the processing of your personal data for one or more specific purposes;

There are certain circumstances where we may need consent from you in order to process your data and we recognise the above options are not the only lawful grounds for processing data. If this is the case we will ensure that the consent that you provide is by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the processing of personal data relating to you.

Further information explaining how we define our Legitimate Interests

We may rely on legitimate interest as the legal basis for processing where this is not overridden by your interests and rights or freedoms. Our assessment has taken into account. We have therefore conducted a Legitimate Interest Test which includes the following considerations:

  • The relationship between ourselves and you as the data subject
  • The sensitivity of the personal data involved
  • The reasonable expectations we think you have
  • Whether you’d be likely to object to the processing or find it intrusive?
  • Any vulnerability you may have?
  • How big an impact could this processing have on you as an individual?
  • The safeguards we have in place to minimise the risk and impact of a breach
  • Whether a mechanism exists via which youcan challenge out assessment

The Purpose Test

We consider that we have a legitimate interest in carrying out a business in favour of the well-being of all our employees and shareholders.This is enshrined in the EU Charter of Human Rights – Article 16 – Freedom to conduct a business.For prospective customers, identified as working for legal entities and whom we consider are professionally relevant post holders; we consider we have a legitimate interest to process your data for the purposes of marketing of products and services. This purpose is supported by Recital 47 of the GDPR which states that:

“The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest”

We believe that professionals rely on being kept up to date about new products or services to help them achieve their business objectives. Direct marketing is generally seen as an important tool to facilitate this. However we will always respect your wishes, if you’re the recipient of our marketing.

The Balancing Test

A balancing test has been undertaken to compare our legitimates interests and the interests or fundamental rights and freedoms of prospective customers who require protection of their personal data,

We will only process personal data if we have determined that our services are ‘professionally relevant’ to you and your organisation.Material that we send to you may be relevant based on your profile, because of the type, size or location of the organisation that you work in, or because you are the right post-holder for a certain set of decisions based on factors like your role, seniority, and responsibilities.

We believe that the recipients of our marketing have a reasonable expectation that we as a Controller will process their Personal Data.The data we may hold on recipients originates from primary research by our telephone research team, publically available material held on websites, events we have jointly attended, personal data we have captured via business cards or similar interaction;or referrals from other organisations,

The personal data we hold is strictly limited to the organisational name, contact name, email addresses, telephone numbers, postal addresses, sector/industry classification of companies that are separate legal entities.In addition it is never sensitive data, and in most cases exists in the public domain.

Our assessment has taken into consideration the state of the art and sector leading security that Latcham Direct has in place via a dedicated secure storage and production facility for the print and fulfilment of sensitive and high value items maintaining ISO27001, C&CCC (APACS) and CLASS accreditation.

It also recognises the safeguards we have put in place through the implementation of the British Standard BS10012:2017 – Personal Information Management Framework delivering readiness to GDPR.Outputs of this framework include, but are not limited to:

  • Data Protection Impact Assessments as standard
  • data minimisation
  • de-identification
  • technical and organisational measures
  • privacy by design and default
  • adding extra transparency
  • additional layers of encryption
  • multi-factor authentication
  • data retention limits
  • restricted access
  • opt-out options
  • anonymisation
  • encryption, hashing, salting
  • other technical security methods used to protect data

Our conclusion is that the likelihood of impact and the severity of negative impact or distress of the data processing we undertake is negligible.

If you feel we are not being fair with you, please tell us, we would like to correct this. If you wish to contact us, our details are on the contact page here. You may also complain to the UK regulator, Information Commissioners Office (www.ico.org.uk).

Third party websites

Our website may contain links to and from the websites of third parties. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Email marketing

In relation to any email marketing that you may receive from us, either at your request or in any other circumstances, we may monitor whether you open and/or click on any links in such emails and we uses various tracking techniques to measure the effectiveness of our email campaigns and tailor our communications to your interests

You may unsubscribe from emails at any time by clicking the relevant link in those emails. We conduct this email marketing in adherence with the Privacy and Electronic Communications Regulation which derive from the European Directive 2002/58/EC.This allows for B2B marketing on an opt-out basis in so long as a lawful means of processing under GDPR has been established.

Disclosing information collected about you

We will not disclose any personal information about you with any third party unless:

  • You expressly agree to such disclosure
  • We are required to do so in order to comply with any legal or regulatory obligation
  • Our company or its business is merged with or acquired by a third party (in which case, such information may form part of the merged or acquired assets)
  • We are using a third party service provider to provide services to us in connection with this website

Where we store information collected about you

We may transfer your information to our data processors within and outside the European Economic Area, but will do so with appropriate measures and controls in place to protect that information in accordance with applicable data protection laws and regulations and regulatory guidance. In all instances, we will take into account the nature of the information we are transferring, and the level of protection provided by those processors.

How long we keep information collected about you

Any information provided by you will be retained for as long as necessary in connection with the purposes for which it was provided, for example, to respond to your enquiry. In respect of any contact information stored within our customer relationship management (CRM) system, we will delete your details upon request and if we have not had any further communication with you within a period of three years.

Any information collected about you or your activity through the use of cookies will be retained for the time periods set out in the above table.

In any case, once we have processed any information about you in connection with the purposes for which it was provided or collected, we will securely delete or anonymise (to the extent such information was capable of identifying you in the first instance) such information upon expiry of the above time periods.

Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or profiling.

Changes to this policy

Any changes we make to this policy will be published via our website, and where appropriate and where we hold your email address, notified to you by email. Please check back frequently to see any updates or changes to this policy.

Contact Details of the Data Protection Officer

Contact Name: Peter Batchelor
Address: Latcham Direct, 1 Western Drive, Bristol BS14 0AF
Email: peter.batchelor@latchamdirect.co.uk