Secondhand Alley respects your privacy and seeks to protect your personal data. The following information describes how we gather and use data. The amount of information we hold on you and how it uses it depends on your relationship with us and on what service you use, so some sections below may not be relevant to you.
We respect and value the privacy of everyone who visits this website and will only collect and use personal data in ways that are described here, and in a manner that is consistent with our obligations and your rights under the law.
Data Controller and Data Protection Officer
Ken Masters, Secondhand Alley, Maulden Garden Centre, Maulden, Bedfordshire, MK452GP
T: 07885 731 725
M: 07885 731 725
Categories of data subjects
We may hold personal data of persons and experts:
- Who are working with us or have worked with us in the past;
- Who have shown an interest in working with us on future and ongoing projects;
- Who we have identified and/or contacted as part of our ongoing or past business opportunities;
- Working with organisations which we are working with, or have worked with, on a joint project;
- Working with organisations with which we have been in contact with as part of ongoing or past opportunities.
Purposes and lawfulness of processing personal data
Personal data is processed for:
- Identifying, contacting and assessing experts and organisations, and for sharing personal data as part of bidding/contracting processes or for ongoing or planned projects;
- Sending information to experts and organisations;
- Sharing personal details as part of bidding/contracting processes or for ongoing or planned projects;
- Proposing and agreeing fee rates for bidding/contracting processes or for ongoing or planned projects;
- Demonstration of justification of past activities.
The lawfulness of processing personal data is based on legitimate interest or contract or legal obligations.
Categories of personal data
We may collect some or all of the following personal and non-personal data set out below, namely:
- Contact details – e-mail, address, phone number and other contact information provided to us;
- Business/company details and / or job title;
- Information about previous work history for projects;
- Information about previous history of involvement in business opportunities and projects;
- IP address – we may use a web analytics service to track and report on general website traffic using IP address.
We do not keep personal data for any longer than is necessary in light of the reason(s) for which it was first collected and / or for as long as we have your permission to keep it.
Transfer of data outside EU or ETA
Personal data may be transferred outside the EEA (the EU plus Norway, Iceland and Liechtenstein). This is mainly related to marketing/bidding processes ands contracted projects.
The data controller processes personal data according to the EU’s personal data protection laws outside the EU/ETA area. The data controller might need to present or disclose personal data to other recipients outside the EU (for example, to clients). The data controller is not responsible for processing of their personal data.
Sharing of data
Personal data may be sent to:
- Clients as part of a bidding process or contracted projects;
- Beneficiaries as part of a bidding process or contracted projects;
- Experts assisting with bids or contracted projects.
In certain circumstances we may be legally required to share certain data held by us, which may include personal data. This may include, for example, where we are involved in legal proceedings, where we are complying with legal obligations or a government authority.
Data subject’s rights
The data subject has the right to request from the data controller access to and rectification or erasure of personal data, restriction or objection of data processing, as well as the right to data portability.
The data subject can contact the Data Protection Officer at any time to complain.
We will respond to any request to access or delete your personal data as soon as possible, but certainly within 30 days.
Your ultimate point of contact for all data protection matters in the UK is the Information Commissioner’s Office. See the Contact us page on the ICO website.