PRIVACY NOTICE

WE CAPTURE INFORMATION ABOUT YOU IN ORDER TO IMPROVE YOUR EXPERIENCE.

To help us give you more of what you love, we capture information about you in order to improve your experience of CXCS.

CXCS is a trading name of Cross Compliance Solutions Ltd at Orchard Barns, Crump Oak Farm, Lyonshall, Herefordshire, HR5 3JY, United Kingdom.

Our Data Protection Officer is Laura Charles and is contactable via dataprotection@cxcs.co.uk.

This notice is to inform you about how we collect and protect any personal information you provide to us and how you can control what personal information we collect from you and what we do with it. It sets out how we intend to use your information, who we will share it with and what rights you have about use of your information.

This notice applies however you provide personal information to us, whether you go online to our website, contact us via social media, visit us at exhibitions, enter competitions, engage in research activities or whether you telephone, email, write to or text us.

WHAT PERSONAL DATA DO WE COLLECT?

We may collect the following information about you:

  • your name, age/date of birth, gender and other relevant demographic information;
  • your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and email address;
  • your social media handles;
  • services by us that you use;
  • your online browsing activities on any of our websites;
  • information about the device you use to browse our websites including the IP address and device type;
  • your communication and marketing preferences;
  • your interests, preferences, feedback, competition and survey responses;
  • your location;
  • your correspondence and communications with us; and
  • other publicly available personal data, including any which you have shared via a public platform (such as Instagram, YouTube, Twitter or public Facebook page).

This list is not exhaustive and in specific instances, we may need to collect additional data for the purposes set out in this Notice. Some personal data is collected directly, for example when you send an email to our Customer Support team. Other personal data is collected indirectly, for example when you browse our websites. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources. We may anonymise and aggregate personal data for insight and research but this will not identify anyone.

Our websites are not intended for children and we do not knowingly collect data relating to children.

HOW WE USE YOUR DATA

General

Cross Compliance Solutions Limited (and trusted partners acting on our behalf) use your personal data:

  • to provide goods and services to you;
  • to make a tailored website available to you;
  • to manage any account(s) you hold with us;
  • to verify your identity;
  • for crime and fraud prevention, detection and related purposes;
  • with your agreement, to contact you about promotional offers, events, products and services which we think may interest you;
  • to show you promotional communications through online media as you browse the web;
  • for analysis, insight and research purposes – to better understand your needs and ensure we are giving you what you want;
  • to identify and contact competition winners;
  • to enable us to manage customer service interactions with you; and
  • where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).

Marketing – Promotional communications

To ensure you are kept up to date with CXCS, we use personal data for marketing purposes and may send you postal mail, texts and/or emails to update you on the latest offers and events. We may also show you online media communications through external social media platforms such as Facebook and Instagram and external digital advertisers such as Google.

You have the right to opt out of receiving promotional communications at any time, by:

  1. informing us that you wish to change your marketing preferences by contacting our data protection support team at dataprotection@cxcs.co.uk;
  2. making use of the simple “unsubscribe” link in emails; and/or
  3. contacting our Data Protection Officer via email to dataprotection@cxcs.co.uk. or by post to the Data Protection Officer, Cross Compliance Solutions Limited, Orchard Barns, Crump Oak Farm, Lyonshall, Herefordshire, HR5 3JY.

This may not stop service messages such as order updates.

Marketing – Personalisation and Automated Decision Making

If you visit any of our websites, you may receive personalised banner advertisements whilst browsing websites of other companies. Any banner advertisements you see will relate to your browsing activity on our website from your computer or other devices.

These advertisements are provided by us via external market leading specialist providers using techniques such as pixels, web beacons, ad tags, mobile identifiers and ‘cookies’ placed on your computer or other devices (see further information on the use of cookies in our Cookie Policy). You can remove or disable cookies at any time – see Cookie Policy for further information.

We may collect data directly from you, as well as analysing your browsing and purchasing activity online and your responses to marketing communications. The results of this analysis, together with other demographic data, allow us to ensure that we contact you with information on products, services, events and offers that are tailored and relevant to you. To do so, we use software and other technology for automated decision making. We may do this to decide what marketing communications are suitable for you and this activity is based on our legitimate interests to develop and improve our products and services.

Also to provide more personalised services and experiences, we may review data held by external social media platform providers about you, for example, details on your Twitter or Facebook profiles that you have chosen to make publicly accessible such as your name, date of birth. Some of our services enable you to sign-in via external social media platform providers such as Facebook. If you choose to sign-in via a third party app, you will be presented with a dialog box which will ask your permission to allow us to access your personal information (e.g. your full name, date of birth, email address and any other information you have made accessible).

We aim to update you about products and services which are of interest and relevance to you as an individual. To help us do this, we process data by profiling and segmenting, identifying what our customers like and ensuring messages we send them are relevant based on their demographics, interests, purchase behaviour, online web browsing activity and engagement with previous communications. We may also use your data to exclude you from communications which we feel are irrelevant to you. For example, we may exclude someone from resends of marketing emails when we know that person has already opened the original email sent.

Another example of how we may tailor our communications with you is that we may group individuals with similar interests using this data, so we can send them product news or promotional offers that are relevant to that shared interest.

You have the right to opt out of any automated processing, including profiling, at any time by:

  1. informing us that you wish to opt out of automated processing by contacting our customer support team at dataprotection@cxcs.co.uk; and/or
  2. contacting our Data Protection Officer via email to dataprotection@cxcs.co.uk. or post to Data Protection Officer, Cross Compliance Solutions Limited, Orchard Barns, Crump Oak Farm, Lyonshall, Herefordshire, HR5 3JY.

COOKIES

Our websites use cookies to capture information. This includes information about browsing behaviour by people who access our websites, including pages viewed, and customer journey around our websites.

Detailed information is set out in our Cookie Policy and is provided to ensure you are fully aware of the cookies we use, allowing you to make an informed choice about your acceptance of cookies.

SHARING DATA WITH THIRD PARTIES

Our service providers and suppliers

In order to make certain services available to you and to help us better understand your preferences, we have partnered with certain trusted third parties including logistics and marketing service providers. We may need to share your personal information with some of our service partners. We only allow our service providers to handle your personal information when they have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your information to provide services to us and to you, and for no other purposes. We may provide outside companies with aggregated and anonymised information and analytics about our customers but that would never identify you and we will never sell or rent your personal information to other organisations for any purposes.

To help you understand which partners we share data with, here are the types of companies with whom we share data to provide and promote our goods and services:

External Service Provider
Reason for sharing your data
Example
Companies that help us provide our goods to you including providers of payment, logistics, delivery, courier and returns management services.We have help from outside organisations in order to ensure we can provide our products and services to you.Allowing the courier to know where to deliver your product/ information.
Companies that help us provide a better CXCS experience tailored to you including providers of intelligence tools, social media platforms, providers of website hosting, marketing and advertising services.We want to make sure that we are always relevant, completely understand your needs and give you the best customer journey to ensure we can tailor your experience, reach you in the platforms you enjoy using and save you time.Using information about what areas of our website is of interest to you for us to be able to advertise similar products to you in the future.
Companies that provide advertising distribution over the internet and through social media using information that we have collected from our website users.We input user data into internet applications to ensure that our advertising is targeted at those who use our website and also to an audience similar.A user has browsed the Farm Safety Solutions section of our website whilst logged into social media and we use the information to re-target the user with advertising on the same social media platform
Companies that provide storage solutions off-site for documents and personal information.We require our staff to be able to work remotely from various locations across the UK and we rely on hosted storage solutions to back up our documents and data.All documents are stored on Microsoft Sharepoint which can be accessed remotely.
Companies that provide a means to send you information that you have signed up for or would be in your best interest if you are a customer.We use applications to send emails with useful/ need to know information to subscribers and also to our clients.We send an email out to all clients of the Farm Assurance service to say our terms and conditions have changed.

Here are a list of the companies we share data with for the purposes as described in the above table:

  • Google
  • Microsoft
  • Apple
  • Acronis
  • CSM Logisitcs
  • UPS
  • WorldPay
  • Xero
  • Mailchimp
  • Sendgrid

Other third parties

We may also share your data with:

  • other companies within our group;
  • to purchasers, investors, funders and advisers if we sell our business or assets or restructure whether by merger, re-organisation or otherwise;
  • our legal and other professional advisers, including our auditors;
  • credit reference agencies where necessary for card payments;
  • governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so: –
    • to comply with our legal obligations and the administration of justice;
    • to exercise our legal rights (for example in court cases);
    • for the prevention, detection, investigation of crime or prosecution of offenders; and
    • for the protection of our employees and customers.

LEGAL BASIS FOR USING DATA

We are required to set out the legal basis for our processing of your personal data.

We collect and use customers’ personal data:

1. as necessary to perform our contract with you:

    • for the purposes of complying with our duties and exercising our rights under a contract for the sale of goods or services to a customer; or

2. as necessary for the pursuit of our legitimate interests, including:

    • selling and supplying goods and services to our customers;
    • promoting, marketing and advertising our products and services;
    • sending promotional communications which are relevant and tailored to individual customers (including administering loyalty schemes);
    • to identify and contact competition winners;
    • understanding our customers’ behaviour, activities, preferences, and needs;
    • improving existing products and services and developing new products and services;
    • protecting customers, employees and other individuals and maintaining their safety, health and welfare;
    • good governance, accounting and managing and auditing our operations and complying with our legal and regulatory obligations;
    • preventing, investigating and detecting crime, fraud or anti-social behaviour and prosecuting offenders, including working with law enforcement agencies;
    • handling customer contacts, queries, complaints or disputes;
    • protecting our company, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to us;
    • handling any legal claims or regulatory enforcement actions taken against us; and
    • fulfilling our duties to our customers, colleagues, shareholders and other stakeholders; or

3. as necessary for complying with our legal obligations including:

    • where you exercise your rights under data protection laws
    • for compliance with legal and regulatory requirements;
    • to establish or defend legal rights; or

4. based on your consent for example in relation to sending direct marketing communications via email or text message.

You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.

HOW WE PROTECT YOUR DATA

Our controls

Cross Compliance Solutions Limited is committed to keeping your personal data safe and secure.

Our security measures include: –

  • encryption of data;
  • regular cyber security assessments of all service providers who may handle your personal data;
  • regular planning to ensure we are ready to respond to cyber security attacks and data security incidents;
  • security controls which protect our IT systems infrastructure and our premises from external attack and unauthorised access;
  • internal policies setting out our data security rules for our personnel; and
  • regular training for our employees.

WHAT YOU CAN DO TO HELP PROTECT YOUR DATA

You should always be cautious when sharing your personal data. No one from our company will ever ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Cross Compliance Solutions Limited asking you to do so, please ignore it and do not respond.

If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.

In addition, we recommend that you take the following security measures to enhance your online safety: –

  • keep your account passwords private because anyone who knows your password may access your account or be compromised if your account is accessed without authority.
  • when creating a password, use a difficult word/number combination of at least 8 characters and something that is not easily guessed by hackers such as your name, email address, or other personal data that can be easily obtained. Also, frequently change your password. You can do this in your account settings.
  • avoid using the same password for different online accounts.

HOW LONG WE KEEP YOUR DATA

We will not retain your data for longer than necessary for the purposes set out in this Notice. Different retention periods apply for different types of information, and our Data Retention Policy sets out the length of time we will usually retain personal data and where these default periods might be changed.

In summary, various laws, accounting and regulatory requirements applicable to us require us to retain certain records for specific amounts of time. In relation to your personal data, we will hold this only for so long as we require that personal data for legal or regulatory reasons or for legitimate organisational purposes. We will not keep your data for longer than is necessary for the purposes for which we collect them. If we have collected your personal data as you showed interest in our services, we will retain this for up to 12 months due to the farming calendar year or when you say you’re no longer interested, which ever comes first.

INTERNATIONAL TRANSFERS OF YOUR DATA

To deliver products and services to you, it is sometimes necessary to share your personal information outside of the European Economic Area (the EEA). This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.

If we transfer your personal information outside the EEA, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to assess the laws and practices of the destination country and relevant service provider and the security measures that are to be taken as regards the data in the overseas location; alternatively, we use standard data protection clauses.

YOUR RIGHTS

You have the following rights:

  • the right to be informed about our processing or your personal data which is the aim of this Notice;
  • the right to request access to personal data we hold about you at any time;
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
  • the right to object to processing of your personal data and/ or to withdraw any consent you have given us and to opt out of any marketing communications that we may send you;
  • the right to prevent processing that is likely to cause damage or distress to you or anyone else;
  • the certain rights in relation to automated decision making including profiling;
  • the right to request that we erase your personal data in certain circumstances (the right to be forgotten) for example when the data are no longer necessary for the purpose for which we collected them;
  • the right to have your personal data provided to you by us in a structured, commonly used and machine-readable format and transmitted to another data controller. This is known as the right to data portability.

If you wish to exercise any of the above rights, you can always contact us either by email to dataprotection@cxcs.co.uk. or by post to the Data Protection Officer, Cross Compliance Solutions Limited, Orchard Barns, Crump Oak Farm, Lyonshall, Herefordshire, HR5 3JY, United Kingdom.

You have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom if you believe we have not handled your personal data in accordance with the law. Further information, including contact details, is available at https://ico.org.uk.

Cross Compliance Solutions Limited
Orchard Barns
Crump Oak Farm
Lyonshall
Herefordshire
HR5 3JY
United Kingdom

Marketing Permissions

CXCS will use the information you provide on this form for the sole purpose of communicating helpful reminders, industry information and the latest CXCS news.

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at dataprotection@cxcs.co.uk. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms.