Privacy Policy

This privacy policy (the Policy) sets out the data privacy statement of [Smith and Allan Ltd], a company registered in [England and Wales], whose principal place of business is: [Smith and Allan, Valley Street North, Darlington, DL1 1QE] (the Company).

  1. Introduction

    1. The Company takes the privacy and security of your Personal Data very seriously, and are fully committed to safeguarding the privacy and Personal Data of every person/entity that visits and/or accesses our website [https://www.smithandallan.com] (the Website), including those with whom we communicate through the Website, whether by email or electronically, at all times (the Visitor/s).

    2. When using and/or accessing the Website, the Company may, from time to time, collect and retain your Personal Data. Should the Company ask you to provide any Personal Data by which you can be identified, when using/accessing the Website, such Personal Data will only be used/processed in accordance with this Policy.

    3. This Policy contains important information for each Visitor, detailing:
      1. information about the Company;

      2. details about the Website;

      3. what Personal Data is collected from each Visitor;

      4. how, when and why each Visitor’s Personal Data is collected, stored, used and shared;

      5. how the Company keeps each Visitor’s Personal Data secure;

      6. for how long the Company retains each Visitor’s Personal Data;

      7. each Visitor’s rights in relation to their Personal Data;

      8. issues relating to marketing; and

      9. how to contact the Company or the relevant supervisory authorities should any Visitor wish to make a complaint.

    4. When collecting, storing, using and/or processing Personal Data, the Company is subject to the provisions of the applicable Data Protection Legislation. In accordance with these laws, the Company is described as a “date controller” of Personal Data. Put simply, the Company is primarily responsible for that data, and is the ‘natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data’. The purpose of this Policy is to inform you about the nature, scope and purpose of the Personal Data processed by us, as well as your rights as a “data subject”.

    5. If any Visitor has any questions about the Company’s use of Personal Data, the Company’s nominated Data Protection Officer can answer these questions, and can be contacted using the details set out at [section 13.1] of this Policy.

    6. Visitors should note that this Website may link to other third-party websites that may also gather information about you. These third-party websites will operate in accordance with their own separate privacy policies, and the Company has no control, and bears no responsibility and/or liability, over any Personal Data that may be acquired, stored, controlled and/or used by accessing any/all third-party websites. For further information relating to the privacy policies of any/all third-party websites, the Visitors should consult the operators of those third-party websites directly, or review their privacy policies as appropriate.

  2. Definitions
    1. In this Policy, unless the context requires otherwise, the following definitions shall apply:

Company, ‘we’, ‘us’, and ‘our’ means [Smith and Allan Ltd];

Cookie Policy means [https://www.smithandallan.com/cookie-policy];

Data Protection Legislation means all applicable laws relating to the protection of Personal Data, currently in force in England and Wales;

Information Commissioners Office means the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; 

Intellectual Property means any patent, copyright, trademark, trade name, service mark, service name, brand mark, brand name, logo, corporate name, Internet domain name or industrial design, any registrations thereof and pending applications therefor (to the extent applicable), any other intellectual property right (including, without limitation, any know-how, trade secret, trade right, formula, conditional or proprietary report or information, customer or membership list, any marketing data, and any computer program, software, database or data right), and license or other contract (including without limitation license(s) to use specific telephone numbers and/or radio channels/frequencies) relating to any of the foregoing, and any goodwill associated with any business owning, holding or using any of the foregoing.

Personal Data has the meaning given to it in the applicable Data Protection Legislation;

Visitor, ‘you’, and ‘your’ means the person who is using, engaging, and/or accessing the Website, and whose Personal Data is retained and/or processed. Any references to Visitors will mean more than one Visitor;

Website means [https://www.smithandallan.com];

Website Terms of Use means [https://www.smithandallan.com/terms-of-use].









  1. Types of Personal Data
    1. In general, the types of Personal Data that the Company will acquire from each Visitor, depending upon the particular circumstances of each Visitor, will include:
      1. their names, addresses, email addresses, telephone numbers and/or other contact information;

      2. dates of birth;

      3. bank accounts and/or other financial details;

      4. details of any feedback provided by each Visitor, which may be by phone, email, post and/or via social media applications;

      5. information about the products and/or services that the Company provides to each/all Visitors;

      6. account details, such as usernames and/or login details;

      7. IP addresses, browsers, and/or operating system used by Visitors;

      8. Website pages and/or other resources on the Website, which are accessed by Visitors;

      9. details of any documents and/or other resources that Visitors have downloaded from the Website.

    2. It is important that the Personal Data held for each Visitor is accurate and up to date. Should any Visitor’s personal details change during their connection to / relationship with the Company and/or the Website, the Visitor must notify the Company of these changes as soon as reasonably possible.

    3. The Website is not intended for use by children, and the Company does not knowingly collect or use Personal Data relating to children.

  2. When Personal Data is collected
    1. Personal Data is collected about each Visitor whenever they: 

  1. access the Website; 

  2. register with the Website; 

  3. contact the Company via the Website;

  4. send feedback via the Website; 

  5. purchase products and/or services from or via the Website; 

  6. post material to the Website; 

  7. complete applications/forms on the Website; 

  8. take part in customer surveys, or participate in competitions on or via the Website; 

  9. submit reviews to or via the Website.

  1. Personal Data will be collected either directly (examples set out at [section 4.1] above) or indirectly (for example, when a Visitor is browsing the Website through the use of ‘cookies’).

  2. The amount of Personal Data received and processed by the Company will depend on: 

  1. how each Visitor accesses the Website; and/or

  2. what each Visitor does whilst accessing the Website.

  1. The Company may also use any Visitor’s Personal Data to:
    1. create and manage each Visitor’s Website account;

    2. verify each Visitor’s identity;

    3. provide products and/or services to each Visitors;

    4. customise the Website and its content to each Visitor’s particular preferences;

    5. notify each Visitor of any changes to the Website, or of the products and/or services offered by the Company, which may be of interest to / affect each Visitor;

    6. improve the products and/or services offered by the Company;

    7. receive each Visitor’s reviews and respond to them.

  1. Purposes of Personal Data use
    1. Data Protection Legislation requires that each Visitor’s Personal Data is only used for the purposes for which it was acquired, or where the Company has a substantial reason for using this data. Those reasons may include the following:
      1. Where each Visitor has given consent to the use of their Personal Data for one or more specific purposes.

      2. Where the use of the Personal Data is necessary for the performance of a contract and/or agreement to which the Visitor is a party, or in order to take steps at the request of that Visitor, prior to entering into any contract and/or agreement.

      3. Where the use is necessary for compliance with any/all legal and/or regulatory obligations that the Company is subject to. 

      4. Where the use is necessary to protect the vital interests of each Visitor, or those of any other person.

      5. Where the use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the Company.

      6. Where the use is necessary for the purposes of the Company’s legitimate interests or those of a connected third party, except where those interests are overridden by the interests or fundamental rights and freedoms of any Visitor, which require protection of their Personal Data, in particular where that relevant person is a child.

    2. The reasons set out above represent the general position as to the purposes for which Personal Data may be used, however, the specific position in relation to each Visitor’s Personal Data is that we may use it for the following purposes:
      1. in order to supply products and/or services to each Visitor through or via the Website. This processing relies upon the performance of a contract by the Company, and the steps needed to deliver those contractual services.

      2. To prevent or detect fraud, either against any Visitor, or against any other person involved in a matter in which any Visitor is also involved. This will help prevent any damage to any Visitor, connected third party, or to the Company. This processing relies upon factors related to the Company’s legitimate interests in processing Personal Data.

      3. To preserve the confidentiality of commercially sensitive information, and for the legitimate interests of the Company or connected third-parties in relation to the protection of the Company’s, or any other’s Intellectual Property and all other commercially valuable information. This processing relies upon the consent of the Visitor. Where this consent has been given, or upon factors related to the legitimate interests of the Company in processing the Personal Data (in that the Company is seeking to monitor and improve the Website and/or products / services provided by the Company).

      4. In connection with credit control and credit reference checks in relation to the services performed or the products supplied by the Company. This processing relies upon the consent of the Visitor. Where this consent has been given, upon factors related to the legitimate interests of the Company in processing the Personal Data (in that the Company is seeking to provide products and/or services, or fulfil the performance of a contract, and the steps needed to deliver those contractual services).

      5. To analyse the usage made of the Website. The Company may make use of:

i) each/any Visitor’s IP address; 

ii) the details of the geographical location where each Visitor is based; 

iii) the type and version of the browser each Visitor uses; 

iv) details of each Visitor’s operating system; 

v) details of how each Visitor came to the Website (for example whether they were referred from other websites, advertisements and/or search engines); 

vi) how long each Visitor used, accessed, and/or remained on the Website; 

vii) the number of pages that each Visitor viewed on the Website; 

viii) how each Visitor moved around the Website, the links that they followed, and whether any of those links were used to leave the Website. 

This processing relies upon each Visitor’s consent. Where this has been given, or upon factors related to the legitimate interests of the Company in processing  Personal Data (in seeking to monitor and improve the Website and/or the products / services offered and/or provided by the Company).

  1. To improve the operation of the Website and provide those products and/or services which each Visitor has requested the Company to provide. This may include taking such security measures as are appropriate, backing up the Personal Data held, and making contact with each/any Visitor. This processing relies upon each Visitor’s consent. Where this consent has been given, or upon factors related to the legitimate interests of the Company in processing the Personal Data (in seeking to provide products / services, or the performance of a contract, and the steps needed to deliver those contractual services).

  2. In relation to information which each Visitor wishes to include in, or post on, the Website (for example by submitting a review of the products / services, supplying a blog post or the publishing of other information). This processing relies upon the consent of the Visitor. Where this consent has been given, or upon factors related to the legitimate interests of the Company in processing the Personal Data (in seeking to provide products / services, or the performance of a contract, and the steps needed to deliver those contractual services).

  3. For dealing with any enquiry submitted by each/any Visitor in connection with the products and/or services offered, or in relation to the supply of newsletters, email notifications, product data or general updates. This processing relies upon the consent of the Visitor. Where this consent has been given, or upon factors related to the legitimate interests of the Company in processing the Personal Data (in seeking to provide products / services, or the performance of a contract, and the steps needed to deliver those contractual services).

  4. Where it is necessary to do so in order to establish, exercise or defend a legal claim, whether in court proceedings or in an administrative or out-of-court procedure. This processing relies upon factors related to the legitimate interests of the Company in processing the Personal Data.

  5. In connection with the compliance of any/all legal and/or regulatory obligations that the Company is subject to, or in order to protect the vital interests of each/any Visitor, the Company, or of any other natural person.

  1. The purposes set out above will not apply to what is termed ‘special category personal information’. This includes personal information revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs, or trade union membership, genetic and biometric data, and data concerning health, sex life or sexual orientation. The Company will only ever process information of that nature with the explicit consent of each Visitor to which that information relates.

  1. Contact with Visitors
    1. In addition to the points covered in [section 5] of this Policy, each Visitor may also receive updates concerning the products and/or services offered, and also about any relevant developments in relation to each Visitor, or other related matters which might concern each/any Visitor, or be of interest to them. This contact may be made by post, telephone, email, text, or via social media applications, and may include information about the products and/or services offered, and information relating to changes in those products and/or services.

    2. The Company maintains a legitimate interest in processing each Visitor’s Personal Data for the purposes set out in [section 6.1] of this Policy, and take the view that the Visitor’s consent is not required in order to do so. From time to time, the Company undertakes what are known as ‘legitimate interest assessments’, in order to balance the Company’s business interests in contacting each Visitor regarding their interests in relation to their Personal Data. If the Company determines that each/any Visitor’s consent is required, those Visitor’s in question will be contacted specifically for this, and will be updated in a clear and transparent manner.

    3. Where the Visitor has provided their prior agreement / consent, they may also receive information about third-party products and/or services, in which that Visitor may have expressed an interest, or which are relevant to any products and/or services that they have previously been supplied.

    4. Each Visitor can be assured that their Personal Data will be treated with the utmost respect and will never be shared with others for marketing or promotional purposes. Each Visitor has, at all times, the right to request that they are not contacted for any purpose other than for supplying products and/or providing services, or carrying out the matter which the Company is instructed to undertake. The Company may however, require that each Visitor confirm their marketing preferences from time to time, so that we can be sure that your views remain the same, particularly in relation to issues such as legal and regulatory updates.

  2. Sharing Personal Data with Third Parties
    1. Notwithstanding the fact that each Visitor’s Personal Data will not be shared for marketing purposes, it may be necessary to share your Personal Data with other third parties in order to: 
      1. provide the products and/or perform the services required by the Visitor/s; 

      2. comply with contractual obligations to each/any Visitor; 

      3. comply with any/all legal and/or regulatory obligations in relation to each Visitor; or 

      4. comply with any/all contractual, legal and/or regulatory obligations that the Company is subject to.

    2. When sharing Personal Data, the Company will ensure at all times that those third parties with whom it is shared, process the data in an appropriate manner and take all necessary measures in order to protect it. [In doing so we impose contractual obligations on all providers of products and/or services to ensure that your Personal Data is kept secure.] The Company will only ever allow other third parties to handle each/any Visitor’s Personal Data once confirmation is provided that those third parties have appropriate measures in place for the protection of that Personal Data.

    3. From time to time the Company may be required to disclose each/any Visitor’s Personal Data, and/or exchange information about each/any Visitor, or relating to them, with government, law enforcement, and other regulatory bodies and agencies, in order to comply with all legal and regulatory obligations.

    4. Personal Data may also need to be shared with other third parties, such as potential buyers of the Company’s business, or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of any Personal Data will be bound by confidentiality obligations.

    5. From time to time it may be necessary to share Personal Data for statistical purposes (for example with regulatory bodies). Steps will be taken to ensure that all Personal Data will be anonymised, but this may not always be possible. In this circumstance, the recipient of any Personal Data will be bound by confidentiality obligations.

    6. Other than as set out above, your Personal Data will not be shared with any other third party.

  3. How Personal Data is kept
    1. Personal Data will be kept secure at all times.

    2. The Personal Data may, from time to time, be held, stored, used, and/or processed on [specify electronic methods for storing data, and any safeguards put in place to protect that data]. Where this takes place outside of the [UK/EEA] then the provisions set out in [section 9] of this Policy will apply.

    3. The Company utilises various security measures in order to prevent loss of, or unauthorised access to any Personal Data. In order to ensure this, access will be restricted to only those with a genuine commercial/business requirement to access such Personal Data. Procedures remain in place to deal with any suspected data security breach. Each Visitor will be notified of any suspected security breach (together with any applicable regulator) involving their Personal Data, where legally required to do so. 

    4. The following additional steps will be taken to protect all Personal Data: [encryption, security measures, policies].

    5. Any Personal Data processed by the Company will not be retained for any longer than is necessary for that processing, or for purposes relating to or arising from that processing.

    6. Where Personal Data is retained after any Visitor is finished receiving the products and/or services, or where any contract/agreement with that Visitor has ended in any other way, this will generally be for one of the following reasons:
      1. in order to respond to any questions, complaints or claims made by the Visitor, or on their behalf;

      2. in order to demonstrate that the matter in question was dealt with adequately and that the Visitor was treated fairly; and/or

      3. in order to comply with any/all legal and/or regulatory requirements.

    7. In general, each Visitor’s Personal Data will be retained only for as long as it is necessary for the various objectives and purposes contained in this Policy. Each Visitor should note that the periods of time for retaining each Visitor’s Personal Data will vary, depending on the type of data being retained, and the purpose for its retention.

for such time as is necessary in order to comply with any/all legal and/or regulatory obligations, or in order to protect each Visitor’s vital interests, or the vital interests of any other natural person.

  1. If it determined by the Company that there is no further requirement to retain any specific Personal Data, such data will be deleted and/or anonymised.

  1. Transferring Personal Data outside of the UK [and the EEA]
    1. From time to time, it may be necessary to transfer Personal Data outside of the UK[/EEA] where; 
      1. To respond to any questions, complaints and/or claims made by any Visitor and, those with whom the Company must make contact with on the Visitor’s behalf have offices outside of the UK[/EEA]; 

      2. where electronic services and/or resources are based outside of the UK[/EEA]; or 

      3. where there is an international element to any Visitor’s matter. 

Where this is the case, special rules will apply to the protection of the Personal Data.

  1. For further information on the above, queries can be raised with the Company’s nominated Data Protection Officer, using the contact details listed in [section 13.1] of this Policy.

  1. Visitor’s rights relating to Personal Data
    1. Data Protection Legislation gives each Visitor, referred to as a “data subject”, various rights in relation to their Personal Data, which is held, stored, used, and/or processed by the Company. These rights are exercisable without charge, and the Company is subject to specific time limits to respond to any queries raised by any Visitor. These rights include the following:
      1. Right of access – the right to obtain confirmation as to whether any Visitor’s Personal Data is being processed, and, where that is the case, access to that Personal Data and various other information, including the purpose for the processing, with whom the data is shared, how long the data will be retained, and the existence of various other rights (see below).

      2. Right to rectification – the right to, without undue delay, correct any inaccurate Personal Data relating to any Visitor.

      3. Right to erasure – the right to request, in certain circumstances, that all Personal Data relating to a particular Visitor is deleted/removed from the Company’s records.

      4. Right to restrict processing – the right to request, in certain circumstances, restrictions in processing any Visitor’s Personal Data.

      5. Right to data portability – the right, in certain circumstances, to receive a copy of any Personal Data, relating to a Visitor, held by the Company, in a structured, commonly used and machine-readable format, and the right to have that Personal Data transmitted to another controller.

      6. Right to object – the right, in certain circumstances, to object to Personal Data being processed by the Company, where it is in relation to direct marketing, or processing supported by an argument of legitimate interest.

      7. Right not to be subject to automated decision making – the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning, or significantly affecting any Visitor.

    2. Full details of each Visitor’s rights can be found in the applicable Data Protection Legislation, [and applicable European data protection legislation], or by reference to guidance produced by the Information Commissioner’s Office.

    3. In the event that any Visitor wishes to exercise any of these rights, they may do so by:
      1. contacting the Company in writing, by telephone, by text, or electronically, [or using such social media applications utilised by us] for communication purposes;

      2. completing an application form supplied by the Company; and/or

      3. through a third-party whom you have authorised for this purpose.

  2. About Cookies
    1. For full details about what cookies the Company uses on the Website, please see our Cookie Policy, which can be accessed via the following link: [https://www.smithandallan.com/cookie-policy].

  3. Keeping Personal Data secure
    1. In order to ensure that all Personal Data is kept secure, and to prevent any breach of confidentiality, security measures have been established which are intended to prevent any Personal Data being accidentally lost or used, or accessed unlawfully. Access to Personal Data is restricted to those with a need to access it, and regard will be had to the need for confidentiality when that Personal Data is processed.

    2. In the event of a suspected data security breach, any Visitor who’s Personal Data may have been breached will be notified, together with the appropriate regulator (including the Information Commissioner’s Office), where legally required to do so.

  4. Complaints Procedure
    1. If any Visitor has any queries as to the acquisition, use, storage or disposal of any Personal Data relating to them, they can contact the Company’s nominated [Data Protection Officer], using the following details:

[Data Protection Officer]: [Chris Hardy]

Telephone: [01325 462228]

Email: [[email protected]]

The Company can also be contacted at: [[email protected]]

  1. Notwithstanding the best efforts of the Company, inevitably sometimes things do go wrong. If any Visitor is unhappy with any aspect of the use and/or protection of their Personal Data, they have the right to make a complaint to the Information Commissioner’s Office, who may be contacted in writing at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; by telephone on 0303 123 1113; by fax on 01625 524510; or online at www.ico.org.uk.

  1. This Policy
    1. We may amend/update the terms of this Policy from time to time, and will publish any updated version of this Policy of the Website. You should check the terms of this Policy from time to time, to ensure that you are agreeable with all of its terms. This latest version of the Policy was published on [09/05/2022].

    2. If you would like a copy of this Policy to be supplied to you in another format (for example audio, large print, braille) please contact the Company at the address listed at the start of this Policy, or by using the email address set out at [section 13.1] of this Policy.

    3. For any further information relating to the use of our Website, please see our Website Terms of Use, which can be accessed via the following link: [https://www.smithandallan.com/terms-of-use].