We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect will be processed by us.  Please read this privacy and fair processing policy carefully, to understand our views and practices and your rights regarding your personal data. For the purposes of data protection legislation, Thomas, Carroll is the data controller. We do update this policy from time to time, so please do review this policy regularly.

If you have any questions, complaints or requests, please write to:

Nadine Straiton
Group Operations Manager
Thomas, Carroll Group plc
Pendragon House
Crescent Road
Caerphilly
CF83 1XX

Or you can contact us:

Data Collection and Retention Policy

Find out what information we collect, why we store your data and how long we keep it for

Sharing your data

This section explains who we share your data with and why

Use of Cookies

Cookies provide information regarding the computer used by a visitor to our website. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website.

We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive. Such information will not identify you personally. It is statistical data. This statistical data does not identify any personal details whatsoever. You can adjust the settings on your computer to decline any cookies if you wish. This can easily be done by activating the reject cookies setting on your computer.

Our advertisers may also use cookies, over which we have no control. Such cookies (if used) would be downloaded once you click on the advertisements on our website.

How is your data stored and kept secure?

We take your safety and security very seriously and we are committed to protecting your personal and financial information. All information kept by us electronically, is done so on secure servers. Where we have given (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping the password confidential. We ask that you do not share a password with anyone.

We may transfer your data outside the European Economic Area (EEA). We will only do so if adequate protection measures are in place in compliance with data protection legislation.

Once we have received your information, we will use strict procedures and security to try and prevent unauthorised access.

Third Party Links

On occasions we include links to third parties on our website. Where we provide a link, it does not mean that we endorse or approve that site’s policy towards visitor privacy. You should review their privacy policy before sending them any personal data.

What are your rights?

We comply with the data protection laws in the United Kingdom and take all reasonable care to prevent any unauthorised access to your personal data.

Where processing of your personal data is based upon consent, you can withdraw that consent at any time.

You have the following rights. You can exercise these rights at any time by contacting us using the details shown above.

You have the right:

  • to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
  • to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest;
  • to request from us, access to personal information held about you;
    to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
  • to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
  • to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
  • to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.