Privacy Policy

Introduction

Welcome to our privacy policy.

This privacy policy will inform you as to how we look after your personal data when we are a controller and tell you about your rights under the data protection legislation.

Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.

Changes to this privacy policy


It’s likely that we’ll need to update this privacy policy from time to time. We’ll notify you of any significant changes, but you should visit this page from time to time to note any changes we make. This privacy policy was last updated on [24 February 2021].

Who we are?

Harris & Lewis is a trading name of The Scottish Salmon Company Limited (SC107275) (“SSC”, “we”).

We operate the Harris and Lewis website: www.harrisandlewis.co.uk  (“Website”).

We can be contacted in the following ways if you have any questions on this privacy policy:
Post: Excel House, 30 Semple Street, Edinburgh, EH3 8BL
Phone: 0131 718 8500
Email: info@scottishsalmon.com

Who is this privacy policy aimed at? 

Please read this privacy policy if:

  • you interact with our Website;
  • you contact us with an enquiry and/or to order products or services from us on behalf of your organisation;
  • you order products from our Website;
  • you work for one of our suppliers or service providers;
  • you apply for a job with us.

How do we collect your personal information?

Direct interactions – you may give us your personal information directly by completing the Contact form on our Website, other  product order forms and/or by corresponding with us in person or by post, telephone, email or otherwise.

Indirect interactions – we may receive personal information about you indirectly from third parties.

How do we use your personal information and what legal basis do we rely on?

We have set out in the table below a description of all the ways we may use your personal information, and which of the legal basis we rely on to do so. For more information on what ‘legal basis’ are then please see the Glossary.  

Type of personal informationHow we use it and whyLegal basis
Name and contact details of individuals who work for our customers and suppliers. This will generally be corporate contact details.To contact them about the work we are doing for them or the work they are doing for us.We have a legitimate interest to process this information in order to keep doing business.
Name and contact details of individuals who make a reservation for our Smokehouse.So that we can process the booking and contact the individual in relation to the booking.We have a legitimate interest to process this information in order to handle bookings for our Smokehouse.
Name and contact details (such as your email, telephone number) of individuals who make enquiries to us.  Please do not provide any sensitive or special category data.So that we can respond to the enquiry submitted on our Website.Our legitimate interest of responding to the enquiry.
Free field message box. Please do not provide any sensitive or special category data.To understand the nature of your enquiry and to be able to provide you with the most accurate and helpful information in response to your request.On the basis of our and your legitimate interests. Our interests being that we would like to respond to your enquiry.  
Name and contact details (such as your email, telephone number) of individuals who can sign up to our offer/promotion subscription service.  Please do not provide any sensitive or special category data.To allow us to contact you about our offers, promotions, keep up to date with any of our products and services.We will ask for your prior consent before contacting you with our offer/promotion communications. You can ask us to stop sending you such offer/promotion communications at any time by following the provided opt-out links.
CV and cover letter of individuals who apply for jobs. Please do not provide any sensitive or special category data.To consider whether the individual is suited to the role.Contract.
Name and contact details (such as your email, telephone number, home address), financial data e.g. bank account, billing address and payment details, and transaction data about your purchase of individuals who wish to purchase our productsTo process and complete your order, contact you with confirmation and deliver the productsContract.
Contact details of existing customers who interact with usWe will use these contact details to send information about other products and services. If you do not wish to receive this information you can let us know by following the opt-out links on any marketing message sent to you or by contacting us at any time.   Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.  Our lawful basis differs depending on whether you are an individual consumer contact or a business contract  If you are an individual consumer contact: For e-mail and texts we will ask for your prior consent to send this form of marketing materials, unless we are relying on the “soft opt-in” exemption. This exemption applies when you already receive services/goods from us or have made enquiries about our services/goods, and we send you information on similar goods/ services. This is because it is necessary for our legitimate interests (to develop our products/ services and grow our business). If you are a business contact, for all methods of contact it is necessary for our legitimate interests (to develop our products/services and grow our business)

Marketing 

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms.

We may use your Contact Details and any enquiry information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing). 

You will receive marketing communications from us if you have requested information from us or purchased goods or services from us and, in each case, you have not opted out of receiving that marketing.

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. 

Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.

How do we keep your personal information up-to-date?

Please contact us as soon as possible after there is any change to your personal details, including your contact details.

Change of purpose 

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share personal data with

We contract with third party service providers and suppliers to deliver certain services. Our providers change from time to time and we will inform you if this is the case by updating this privacy policy. We only engage service providers that we trust and where appropriate arrangements are in place.

The following third parties may have access to your personal information and, in some circumstances, your special category data (if applicable), for the purposes noted below:

  • our Website hosting and design company, currently, Primate Incorporated Ltd (who may use subcontractors from time time), processing data in the UK and the US via its subcontractors which whom they have entered into Standard Contractual Clauses;
  • our third party payment processing provider, currently, Stripe LLC (processing data in the US, we have entered  into Standard Contractual Clauses with our payment processing provider);
  • our thirdparty online email platform, currently Campaign Monitor (processing data in the US, we have entered into a Standard Contractual Clauses with our email platform provider);
  • our third party email mailbox provider, currently Google LLC, (processing data in the US, we have entered  into Standard Contractual Clauses with our our email mailbox provider);
  • third party delivery service providers that we engage to deliver the products ordered ;
  • third party delivery provide that we integrate into our service to deliver the products ordered, currently Royal Mail (processing data in the UK and outside the UK via its subcontractors and partners, if necessary in order to complete the delivery and with whom they shall put appropriate safeguards in place to protect your personal information);
  • any other person who is authorised to act on your behalf;
  • regulators, government departments, law enforcement authorities, tax authorities and insurance companies;
  • any relevant dispute resolution body or the courts; and
  • persons in connection with any sale, merger, acquisition, disposal, reorganisation or similar change in our business.

Except as provided above, we will not share personal information with any other third parties without informing you beforehand, unless required by, or in connection with, law and / or regulatory requirements.

We will not sell, trade or lease your personal information to others.

Storage of personal information

The personal information that we collect will usually be stored inside the UK or the EEA.

We may transfer data outside the UK or the EEA where our service providers host, process, or store data outside the UK or the EEA, or when you are located outwith the UK or EEA and we require to communicate with you.

Where we do this, we will ensure that the transfer is to a country covered by a decision of the European Commission or the Secretary of State and or the ICO or is otherwise made in circumstances where we have put appropriate safeguards in place to protect your personal information in accordance with the data protection legislation (e.g. standard contractual clauses, etc.).

Data retention

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Generally, we will not hold your personal information for any longer than is necessary for the uses outlined in this privacy policy, unless we are required to keep your personal information longer to comply with the law and any regulatory requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

We apply the following retention periods:

  • for all enquiries submitted via the website: 6 months after we have answered your enquiry;
  • for purchase and transaction information: 7 years after the completion of the transaction;
  • for those individuals acting for consumers or suppliers: 7 years after completion of the transaction;
  • for CVs and cover letters: 6 months post recruitment process.


Cookies

The Website use cookies. Cookies are small text files that are sent by web servers and stored on visitor’s computers so they can be read back at a later date. This is a convenient way of allowing a computer to remember specific information relating to a website and provide a better user experience.

Strictly necessary cookies are cookies that are required for the operation of the website. We would also like to set optional cookies, which can include cookies used for statistics and analysis, targeted advertising and social sharing. Persistent cookies have an end date, and once that end date is met, it will be destroyed by the device. If the end date is not set then it is a session cookie and will last until you close down your browser.

The table below explains the cookies we use on our website, why we use them, how long they last on your device, and any personal data collected by the cookie.

Cookie categoryCookie namePurpose of cookieNature of cookieExpiryDetails of any personal information collected by the cookie
Google Analytics These cookies are used to collect information about how visitors use our website. Please see Google’ overview of privacy and safeguarding data_gatUsed by Google Analytics to throttle request rate.OptionalTwo (2) years after the user is no longer visiting the siteNone, google analytics does not collect personal identifiable information

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website may become inaccessible or not function properly. 

To find out more about cookies, including how to see what cookies have been set, visit www.aboutcookies.org or www.allaboutcookies.org.

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

Your Rights

You have rights in relation to your personal data and can make request(s) to SSC to seek to implement your rights using the contact details noted above.

  • Request access to your personal information.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal information where the data protection legislation permits this.
  • Object to processing of your personal information where the data protection legislation permits this.
  • Request restriction of processing of your personal information where the data protection legislation permits this.
  • Request the transfer of your personal data to you or to a third party. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent as a legal basis.
  • You have the right to make a complaint at any time to the ICO (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

You will not usually have to pay a fee to exercise any of your rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Please note that if you choose to exercise your rights to have personal data restricted or deleted, then we may not be able to respond to your query [or complete your purchase of our products].

Further details about your rights can be found on the ICO’s website at https://ico.org.uk/

Glossary

  • personal information or personal data is information that can be used to identify or contact a specific individual and which is related to that individual.
  • a controller is someone who decides why personal data is to be collected and how it will be used and treated.
  • the ICO is the information commission’s office, who is the regulator of data protection matters in the UK.
  • when we refer to data protection legislation we mean the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the Data Protection Act 2018, and any applicable legislation adopted by the UK pre or post the UK ceasing to be a member state of the EU (whichever is in force at the time of this privacy policy).
  • the EEA is the European Economic Area.

To process your personal data we need to be able to rely on one of the following legal basis:

  • consent: you have given your consent for us to process your personal data for that purpose.
  • contract: the use of your personal data is necessary for the performance of a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
  • legal obligation: the use of your personal data is necessary for us to comply with the law (not including contractual obligations).
  • vital interests: the use of your data is necessary to protect your vital interests e.g. your life.

legitimate interests: the use of your personal data is necessary for legitimate interests pursued by us or a thir