Worcestershire +44 (0) 1299 829 676 Warwickshire +44 (0) 1926 642 886

What is this Privacy Policy for?

This privacy policy is for this website www.williamsandcooper.com and served by Williams and Cooper and governs the privacy of its users who choose to use it.

The policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore the way this website processes, stores and protects user data and information will also be detailed within this policy.

The Website

This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies to all UK national laws and requirements for user privacy.

Use of Cookies

This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer / device.

Cookies are small files saved to the user’s computers hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.

This website uses tracking software to monitor its visitors to better understand how they use it. This software is provided by Google Analytics which uses cookies to track visitor usage. The software will save a cookie to your computers hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information. You can read Google’s privacy policy here for further information [ http://www.google.com/privacy.html ].

Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected.

Contact & Communication

Users contacting this website and/or its owners do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use, as detailed in the Data Protection Act 2018. Every effort has been made to ensure a safe and secure form to email submission process but advise users using such form to email processes that they do so at their own risk.

This website and its owners use any information submitted to provide you with further information about the products / services they offer or to assist you in answering any questions or queries you may have submitted. This includes using your details to subscribe you to any email newsletter program the website operates but only if this was made clear to you and your express permission was granted when submitting any form to email process. Or whereby you the consumer have previously purchased from or enquired about purchasing from the company a product or service that the email newsletter relates to. This is by no means an entire list of your user rights in regard to receiving email marketing material. Your details are not passed on to any third parties.

Email Newsletter

This website operates an email newsletter program, used to inform subscribers about products and services supplied by this website. Users can subscribe through an online automated process should they wish to do so but do so at their own discretion. Some subscriptions may be manually processed through prior written agreement with the user.

Subscriptions are taken in compliance with UK Spam Laws detailed in the Privacy and Electronic Communications Regulations 2003. All personal details relating to subscriptions are held securely and in accordance with the Data Protection Act 2018. No personal details are passed on to third parties nor shared with companies / people outside of the company that operates this website. Under the Data Protection Act 2018 you may request a copy of personal information held about you by this website’s email newsletter program. A small fee will be payable. If you would like a copy of the information held on you please write to the business address at the bottom of this policy.

Email marketing campaigns published by this website or its owners may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity [this is by no far a comprehensive list].
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.

In compliance with UK Spam Laws and the Privacy and Electronic Communications Regulations 2003 subscribers are given the opportunity to un-subscribe at any time through an automated system. This process is detailed at the footer of each email campaign. If an automated un-subscription system is unavailable clear instructions on how to un-subscribe will by detailed instead.

External Links

Although this website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites, similar to; www.craftykingsboutique.co.uk or Kings Trains Models.)

The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Adverts and Sponsored Links

This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve.

Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computers hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.

Social Media Platforms

Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.

This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.

Shortened Links in Social Media

This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://bit.ly/zyVUBo).

Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.



1.1. Everyone has rights with regard to how their personal information is handled. During the course of our activities we will collect, store and process personal information about our clients and suppliers and any others we communicate with, and we recognise the need to treat it in an appropriate and lawful manner.
1.2. The types of information that we may be required to handle include details of current, past and prospective clients and suppliers and others that we communicate with. The information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the EU General Data Protection Regulation (GDPR) and other UK data protection law. These laws impose restrictions on how we may use that information.
1.3. We have a commitment to ensuring that personal data is processed in line with GDPR and relevant UK law and that all our employees conduct themselves in line with this and other related policies. Where third parties process data on our behalf, we will ensure that the third party takes the necessary measures to maintain our commitment to protecting personal data.
1.4. This Data Protection Policy, also known as a Privacy Standard, may be amended at any time. Any breach of this policy will be taken seriously and may result in disciplinary action.


2.1. This policy sets out our rules on data protection and the legal conditions that must be satisfied in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.
2.3. If you consider that this policy has not been followed in respect of personal data about yourself or others you should raise the matter with Williams & Cooper.


3.1. Data is personal information about an individual who can be directly or indirectly identified from that information. Data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a view on a person). This personal information is referred to as ‘Data’ in the remainder of this policy.

3.2. Data Subjects for the purpose of this policy include all living individuals about whom we hold Data. A Data Subject need not be a UK national or resident. All Data Subjects have legal rights in relation to their Data.

3.3. Data Controllers are the people who or organisations which determine the purposes for which, and the manner in which, any Data is processed. They have a responsibility to establish practices and policies in line with relevant laws. We are the Data Controller of all Data used in our business.

3.4. Data Users include people whose work involves using Data. Data Users have a duty to protect the Data they handle by following our data protection and security policies at all times.  There is a responsibility, when using Data, to comply with any security safeguards and procedures we put in place.

3.5. Data Processors include any people who or organisations which process Data on behalf of a Data Controller.  Williams & Cooper process data on behalf of Data Controllers and all data is protected under the individual controller.  Williams & Cooper comply with any safeguards and procedures the controllers put in place.

3.6. Processing is any activity that involves use of Data. It includes obtaining, recording or holding Data, or carrying out any operation or set of operations on Data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring Data to third parties.

3.7. Special Categories of Data are sensitive categories of Data about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, or sexual orientation. It also includes genetic and biometric Data (where used for ID purposes). Special Categories of Data can only be processed under strict conditions and may require the explicit consent of the person concerned.

3.8. Criminal Offence Data is Data which relates to an individual’s criminal convictions and offences. It can only be processed under strict conditions and may require the explicit consent of the person concerned.

3.9. Data Breach is any act or omission which compromises the security, confidentiality, integrity or availability of Data, or the safeguards that we or a third party put in place to protect the Data, including losing the Data or disclosing it to unauthorised people.


4.1. Anyone processing Data must comply with the eight enforceable principles of good practice. These provide that personal data must be:

(a) Processed fairly, lawfully, and in a transparent manner. (Fairness, Lawfulness and Transparency)

(b) Processed for specified, explicit and legitimate purposes and in an appropriate way. (Purpose Limitation)

(c) Adequate, relevant and limited to what is necessary for the stated purpose. (Data Minimisation)

(d) Kept accurate and up to date (Accuracy)

(e) Not kept longer than necessary for the stated purpose. (Storage Limitation)

(f) Processed in a manner that ensures appropriate security of Data, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage, by using appropriate technical or organisational measures. (Security, Integrity and Confidentiality)

(g) Not transferred to another country without appropriate safeguards being in place. (Transfer Limitation)

(h) Processed in line with Data Subjects’ rights. (Data Subject’s Rights and Requests)

4.2. We are responsible for and need to demonstrate compliance with the data protection principles listed above (Accountability).


5.1. The purpose of GDPR and UK data protection laws is not to prevent the processing of Data, but to ensure that it is done fairly and without adversely affecting the rights of the Data Subject. The Data Subject must be told who the Data Controller is (in this case the Company), who the Data Controller’s representative, the purpose for which the data is to be processed by us and the legal basis for doing so, and the identities of anyone to whom the Data may be disclosed or transferred.

5.2. GDPR allows processing of Data for specific purposes, which are where it is needed:

(a) for the performance of a contract, such as a contract for delivery of service

(b) to comply with a legal obligation

(c) in order to pursue our legitimate interests (or those of a third party) and where the interests and fundamental rights of the Data Subject do not override those interests

(d) to protect the Data Subject’s vital interests

(e) in the public interest, or

(f) in situations where the Data Subject has given explicit consent.

5.3. We, as Data Controller, will only process Data on the basis of one or more of the lawful bases set out in 5.2 above. Where consent is required, it is only effective if freely given, specific, informed and unambiguous. The Data Subject must be able to withdraw consent easily at any time and any withdrawal will be promptly honoured.


6.1. We will provide all required, detailed and specific information to Data Subjects about the use of their Data through appropriate Privacy Notices which will be concise, transparent, intelligible, easily accessible and in clear and plain language.

  1. Purpose Limitation

7.1. Data may only be processed for the specific purposes notified to the Data Subject via the Privacy Notice. This means that Data must not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the Data is processed, the Data Subject must be informed of the new purpose via a new or amended Privacy Notice before any processing occurs.


8.1. Data should only be collected to the extent that it is required for the specific purposes notified to the Data Subject in the Privacy Notice. Any Data which is not necessary for those purposes should not be collected in the first place.


9.1. Data must be accurate, complete and kept up-to-date. Information which is incorrect is not accurate and steps should therefore be taken to check the accuracy of any Data at the point of collection and at regular intervals afterwards. Inaccurate or out-of-date Data should be amended or destroyed.


10.1. Data should not be kept longer than is necessary to carry out the specified purposes. This means that Data should be destroyed or erased from our systems when it is no longer required, and in accordance with our Data Retention Policy.


11.1. We will ensure that appropriate technical and organisational security measures are taken against unlawful or unauthorised processing of Data, and against the accidental loss of, or damage to, Data. Data Subjects may apply to the courts for compensation if they have suffered damage from such a loss.
11.2. We will put in place procedural and technological safeguards appropriate to our size, scope and business, our available resources and the amount of Data we hold, to maintain the security of all Data from the point of collection to the point of destruction.
11.3. We will consider and use, where appropriate, the safeguards of encryption, anonymisation and pseudonymisation (replacing identifying information with artificial information so that the Data Subject cannot be identified without the use of additional information which is kept separately and secure).
11.4. We will regularly evaluate and test the effectiveness of these safeguards. Employees have a responsibility to comply with any safeguards we put in place.
11.5. Maintaining data security means guaranteeing the confidentiality, integrity and availability of the Data, defined as follows:

(a) Confidentiality means that only people who are authorised to use the Data can access it.

(b) Integrity means that Data should be accurate and suitable for the purpose for which it is processed.

(c) Availability means that authorised users should be able to access the Data if they need it for authorised purposes.

11.6. Failure to follow rules on data security may be dealt with via the Disciplinary Procedure.


12.1. We use a secure server based in the UK to store all data in our IT systems. The hosting company is subject to local data protection laws and GDPR. All users of systems, who handle your data for and on behalf of the company shall be subject to, and must comply with, the provisions of the company’s Data Protection and IT Security Policies and the provisions of the Data Protection Act 2018 and GDPR.

12.2 Our website is hosted by a company based in the UK who are also GDPR compliant. Any third parties that may be used and may be based in the USA will participate in and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Data transferred from European Economic Area (“EEA”) member countries to the United States.


13.1. Data must be processed in line with Data Subjects’ rights. Data Subjects have the following rights which apply in certain circumstances:

(a) The right to be informed about processing of Data

(b) The right of access to their own Data

(c) The right for any inaccuracies to be corrected (rectification)

(d) The right to have information deleted (erasure)

(e) The right to restrict the processing of Data

(f) The right to portability

(g) The right to object to the inclusion of Data

(h) The right to regulate any automated decision-making and profiling of Data

(i) The right to withdraw consent when the only legal basis for processing Data is consent

(j) The right to be notified of a Data Breach which is likely to result in high risk to their rights and freedoms

(k) The right to make a complaint to the Information Commissioner’s Office or other supervisory authority.

13.2. A formal request from a Data Subject for details of Data that we hold about them must be made in writing (Data Subject Access Request). Any member of staff who receives such a written request should forward it to their manager immediately.


14.1. Where a Data Breach is likely to result in a risk to the rights and freedoms of the individual(s) concerned, we will report it to the Information Commissioner’s Office within 72 hours of us becoming aware of it, and it may be reported in more than one instalment.

14.2. Individuals will be informed directly if the breach is likely to result in a high risk to their rights and freedoms.

14.3. If the breach is sufficient to warrant notification to the public, we will do so without undue delay.


15.1. New employees (or sub contractors) must read and understand this policy as part of their induction. All employees receive training covering basic information about confidentiality, data protection and the actions to take upon identifying a potential Data Breach. All employees are trained to protect individuals’ Data to which they have access, to ensure data security and to understand the consequences to themselves and us of any potential breaches of the provisions of this policy.


16.1. We will keep records of all our data processing activities.


17.1. We will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives.


Resources & Further Information

25 May 2018 by: Williams and Cooper

Talk to us today!