Privacy Policy

GDPR Policy

Introduction

Sefton Express Ltd (‘SEL’) trading as Sefton Express is committed to protecting and respecting your privacy. This GDPR policy outlines how we collect, use, store, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Isle of Man data protection laws.

1. Data Controller

SEL is located at Central Promenade, Douglas, Isle of Man, IM2 4NA and is the data controller responsible for your personal data. You can contact us via info@palacegroup.im or by calling 01624 632833.

2. Personal Data We Collect

We may collect, store, and use the following types of personal data:

  • Identity Data: Name, title, date of birth, gender, and identity documents.
  • Contact Data: Address, email address, and telephone numbers.
  • Financial Data: Bank account details, payment card details, transaction history and required regulatory information.
  • Technical Data: IP address, browser type, operating system, and device information.
  • Usage Data: Information about how you use our websites, products, and services.
  • Marketing and Communications Data: Your preferences in receiving marketing from us and your communication preferences.
  • Video footage from CCTV systems situated at our premises.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide our services: Managing your account, processing transactions, and providing customer support.
  • To comply with legal obligations: Ensuring compliance with licensing, regulatory, and anti-money laundering requirements.
  • To improve our services: Conducting data analysis, testing, and research to enhance our products and services.
  • For marketing purposes: Sending you promotional materials, special offers, and newsletters (with your consent).
  • To ensure security: Protecting our customers, staff, and property from crime and our website, systems, and data from fraud and other security threats.

4. Legal Basis for Processing Personal Data

We rely on the following legal bases for processing your personal data:

  • Consent: Where you have given us clear consent to process your data for a specific purpose.
  • Contract: Processing necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  • Legal Obligation: Processing necessary for compliance with a legal obligation to which we are subject.
  • Legitimate Interests: Processing necessary for our legitimate interests or those of a third party, provided your interests and fundamental rights do not override those interests.

5. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means.

6. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right to Access: You have the right to request access to your personal data and obtain a copy of the information we hold about you.
  • Right to Rectification: You have the right to request correction of any inaccurate or incomplete personal data we hold about you.
  • Right to Erasure: You have the right to request the deletion of your personal data under certain circumstances.
  • Right to Restrict Processing: You have the right to request the restriction of processing of your personal data under certain circumstances.
  • Right to Data Portability: You have the right to request the transfer of your personal data to another party.
  • Right to Object: You have the right to object to the processing of your personal data where we are relying on legitimate interests (or those of a third party), and you feel it impacts your fundamental rights and freedoms.
  • Right to Withdraw Consent: Where we are relying on consent to process your personal data, you have the right to withdraw your consent at any time.

7. Security Measures

We have implemented appropriate technical and organisational measures to protect your personal data from unauthorized access, use, alteration, and disclosure. These measures include encryption, access controls, security software, and regular security assessments.

8. Data Transfers

We may transfer your personal data to third-party service providers located outside the Isle of Man. When we do so, we ensure that appropriate safeguards are in place to protect your data, such as standard contractual clauses or reliance on the recipient’s Privacy Shield certification.

9. Third-Party Links

Our website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

10. Changes to This Policy

We may update this GDPR policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any significant changes by posting the new policy on our website and, where appropriate, by contacting you directly.

11. Contact Us

If you have any questions or concerns about this GDPR policy or how we handle your personal data, please contact us via info@palacegroup.im or by calling 01624 632833.