This privacy notice tells you what to expect when our organisation, the Style Group, collects personal data, and how to contact us should you wish to discuss any aspect of how we handle that data.

Our organisation

• Our primary holding company is Style Holdings Ltd, company number 26793, registered in Jersey.
  Style Holdings Ltd has a number of subsidiary trading companies, the primary ones being:
• Style Shopfitting Ltd, company number 8635, registered in Jersey.
  Style Shopfitting Ltd also trade as Style Office Systems.
• Style Shopfitting (Guernsey) Ltd, company number 9163, registered in Guernsey.
• Style Windows Limited, company number 95420, registered in Jersey.
  Style Windows Limited also trade as HSR.
• AC Mauger & Son Ltd, company number 2902, registered in Jersey.
  AC Mauger & Son Ltd also trade as AC Mauger Construction, AC Mauger Small Works and AC Mauger Special Projects.
• Subsidiary companies of AC Mauger & Son Ltd include:
  • Style Homes Ltd, company number 85695, registered in Jersey.

Data protection officer

The best means of contact for any query regarding data protection is via email at dpo@style.je. Although data protection queries to anyone in the company will be forwarded to the person responsible by the recipient, a direct email to this address assures a timely response.
If you have any questions or concerns regarding how we work with personal data, please don’t hesitate to contact us via the DPO email.

The data we process

We store and process only the data that we need, and we delete it when it’s no longer required. The primary collections of data we use are as follows. Unless otherwise stated, we don’t pass this data to anyone else and the data is stored on our servers in Jersey. If you’d like more detail, you’re welcome to get in touch.

Employee data

We store personal data on our employees so that we can run the company and pay our employees. This includes names and contact details, pre-employment screening information, performance and disciplinary data, and health information and bank details; it also includes emergency contacts and next-of-kin information as provided to us by each employee. We retain data for former employees for a period of ten years following cessation of their employment, in accordance with our data retention policy, or as long as we’re required to by law.

Customer and supplier data

We store and process customer and supplier data in order that we can correspond with, provide/receive goods and services to, and process payments from/to, our customers and suppliers.

Customer data will be retained for a period of ten years following the satisfactory fulfilment of all our contractual obligations to that customer. Personal data held shall be used only for the purposes of fulfilling that contract, or longer where there is a legal obligation to do so or where expressly agreed, unless such consent is withdrawn.

Once the retention period expires, personal data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Phone call logs

Our ‘phone system retains logs of the calls we make and receive (unless, for incoming calls, the caller’s number is withheld). Only the date and time of the call and the phone number (where available) are retained.

Marketing data

Where we use data for marketing and we need your consent to do so, we keep a record of that consent for as long as you choose to receive that data. If you withdraw your consent for one, some or all of our mailing lists we’ll take you off the list and will record the fact that you’ve done so for audit purposes.

Data Processors

Data processors are third parties who do work on our behalf using personal data we provide to them. They cannot do anything with your personal data unless we instruct them to do so (which includes sharing your data with others), and they must store the data securely and delete it when it is no longer required.

Outsourced IT support

Our IT systems are primarily hosted and managed by an external agency, Logicalis Jersey Ltd further details of their Privacy Policy can be found https://www.logicalis.com/privacy-policy. We also utilise the following IT systems for other day to day operations:

• RedSky IT – Accountancy Software (Privacy Policy http://www.redskyit.com/company/privacy.htm)
• Egnyte – Cloud Based Storage (Privacy Policy https://www.egnyte.com/corp/privacy_policy.html)

As you would expect, the contract between us and our IT support partner contains appropriate clauses regarding information security and data protection, and we carry out regular service reviews.

Our marketing team

Our marketing team comprises in-house employees and a number of staff from third party marketing companies. As with our outsourced IT support, the agreement between us and them is robust with regard to information security and data protection, and the service is reviewed regularly. The personal data we work with isn’t transferred to their systems.

Email marketing

We use ’MailChimp’ to manage our customer mailing lists. Their privacy statement can be found at:
https://mailchimp.com/legal/

Information security

Our IT systems are located in a secure room to protect them against theft and environmental risks (flood, fire, power cuts, etc.). All our computer systems run up to date anti-virus software, and system updates are applied regularly to protect against potential security problems. Back up tapes are held securely off site. All the user login IDs on our systems are restricted so that each user has access only to the data that he or she requires.

Security on mobile devices

All our laptops’ hard drives are fully encrypted, so the data held on them is safe should one be lost or stolen. Our staff have access to their work email etc. from their mobile phones which have an inbuilt security PIN code to access data.
Internet interaction

Our Web site

We use Google Analytics to collect standard log information, along with data about how people use our web sites. The information doesn’t identify anyone, and nor do we attempt to find anyone’s identity from the information. If we do want to collect personally identifiable information through our web sites we will be open and transparent and will explain what we plan to do with it.
We use cookies on our Web site, both to make it work and to provide a good customer experience. You can tweak the settings on the site to suit your privacy preferences.

Social media

We may use LinkedIn, Facebook, X (formerly Twitter) and other social networking platforms to post news and information, and to look at the profiles of people who apply for employment with us (though we don’t take copies of any of that information). We don’t use social media to (for example) build mailing lists.

People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We also monitor any emails sent to us, including file attachments, for security threats such as phishing scams, viruses or other malicious software. Please note that you have a responsibility to ensure that any email you send us is within the bounds of the law.

Contact for data protection purposes

You have a number of rights under the laws of data protection. As we mentioned earlier, please contact the Data Protection officer by email or phone if you have any queries or concerns. We retain a log of requests that we receive and remove entries when they are a year old.

Right of access

You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable time, and always within a month. Unless the request is particularly complex or onerous there’s no cost to you for making these requests.

Right to rectification

We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we’ve done so.

Right to erasure

If you ask us to erase your personal data, we must do so unless there’s a legitimate reason for us to keep it. For example, if you choose to withdraw your consent regarding marketing mailings we’ll remove you from our mailing lists, but if (say) you’re also a customer and we need some of your personal data in order to satisfy our contract with you (for example to interact with you or to send you bills), we’ll keep just the information we need for those purposes.

Right to restriction of processing

If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we can’t do anything else with it until the dispute is resolved. We’ll inform you prior to beginning processing once the restriction has been removed.

Our recruitment process

We are the data controller for any information you provide as part of our recruitment process. All of the information you provide during the process will only be used for the purpose of processing your application, or to fulfil legal or regulatory requirements if necessary.

We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes, and your data will be stored on our IT systems in Jersey.

We may look up applicants’ profiles on social media, though we don’t copy that information or store it on our systems.

We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for. The information we ask for is used to assess your suitability for employment: you don’t have to provide what we ask for, but it might affect your application if you don’t.
Unsuccessful applicants’ data will be retained for no more than a year and then deleted.

Complaints

This privacy notice is designed to be clear and concise. We are happy to provide any additional information you need: please contact us via email or phone using the contact details in the Data protection officer section, above.

Should you have any cause for complaint, please write to us at:

Data Protection
Style Holdings Ltd
Style House
La Grande Route de St Pierre
St Peter
Jersey
JE3 7AY

If you’re dissatisfied with the way in which your complaint has been handled you may contact your local data protection supervisory authority, or write to our local Information Commissioner:

Office of the Information Commissioner
Brunel House
Old Street
St Helier
Jersey
JE2 3RG