Privacy & Cookie Policy

1. Introduction

Caldwell National Limited is committed to protecting your personal data and upholding the highest standards of data protection. This Privacy & Cookie Policy explains how we collect, use, and safeguard personal data, as well as how we use cookies, in accordance with the Data Protection (Jersey) Law 2018 and guidance issued by the Jersey Office of the Information Commissioner (JOIC).

We apply the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability in all processing activities.

---

2. Data Controller

Caldwell National Limited is the data controller responsible for your personal data.

• Company Number: 164083
• Registered Address: 9 Bond Street, St. Helier Jersey, Channel Islands, JE2 3NP
• Email: hello@tracd.co.uk
• JOIC Registration: Caldwell National Limited – Registration Number: 103725

3. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) responsible for overseeing compliance with data protection obligations.

• Data Protection Officer: Charlotte Caldwell
• Email: hello@tracd.co.uk

The DPO is responsible for:

• Monitoring compliance with applicable data protection law
• Advising on data protection obligations
• Acting as a point of contact for data subjects and regulators
• Overseeing data protection risk management and governance

4. Categories of Personal Data

We may process the following categories of personal data:

• Identity Data: Name
• Contact Data: Email address, phone number, postal address
• Business Data: Organisation name, role/title
• Technical Data: IP address, browser type, device information
• Usage Data: Website interaction and service usage
• Communication Data: Records of correspondence and enquiries
• Marketing Preferences: Opt-in/opt-out records

We ensure that personal data collected is adequate, relevant, and limited to what is necessary.

5. Sources of Personal Data

We collect personal data from:

• Direct interactions (e.g. enquiries, forms, correspondence)
• Automated technologies (e.g. cookies and analytics tools)
• Third parties and publicly available sources where lawful

6. Lawful Basis for Processing

We process personal data on the following lawful grounds:

• Consent – where clear permission has been provided
• Contractual necessity – to perform or enter into a contract
• Legal obligation – to comply with applicable law
• Legitimate interests – where necessary for our business and not overridden by your rights

7. Purpose of Processing

We process personal data for specified and legitimate purposes, including:

• Providing and managing services
• Responding to enquiries and communications
• Managing business relationships
• Improving services, systems, and user experience
• Maintaining security and preventing misuse
• Complying with legal and regulatory obligations

8. Data Sharing and Processors

We may share personal data with:

• Approved service providers acting as data processors
• Professional advisors (legal, accounting, compliance)
• Regulatory or public authorities where legally required

All third parties are subject to contractual obligations to protect personal data.

9. International Data Transfers

Where personal data is transferred outside Jersey, we ensure appropriate safeguards are in place, including:

• Transfers to jurisdictions with adequate data protection standards
• Use of approved contractual safeguards

10. Data Retention and Disposal

We retain personal data only for as long as necessary for the purposes for which it was collected, including to meet legal obligations. We apply structured retention schedules and ensure secure deletion or anonymisation when data is no longer required.

11. Data Subject Rights

You have the following rights:

• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right to object to processing
• Right to data portability
• Right to withdraw consent

12. Data Security

We implement appropriate technical and organisational measures to ensure a level of security appropriate to risk, including:

• Access controls and authentication
• Secure systems and storage
• Encryption where appropriate
• Staff confidentiality obligations
• Ongoing monitoring and review

13. Data Breach Management

We maintain procedures for identifying, reporting, and managing personal data breaches. Where required, we will:

• Notify the Jersey Office of the Information Commissioner without undue delay
• Notify affected individuals where there is a high risk
• Maintain records of breaches and corrective action

14. Accountability and Governance

We maintain a structured compliance framework, including:

• Records of Processing Activities (ROPA)
• Data protection by design and by default
• Staff training and awareness
• Regular compliance audits and risk assessments

15. Cookies

15.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. Some cookies may be placed by third-party providers, which operate under their own privacy policies.

16. Cookie Consent

When you visit our website, you will be presented with a cookie banner allowing you to:

• Accept all cookies
• Reject non-essential cookies
• Manage preferences

Non-essential cookies are not activated unless consent is given. You may withdraw or modify consent at any time.

17. Complaints

If you have concerns about how your data is handled, you may contact:

Jersey Office of the Information Commissioner (JOIC)
Website: https://jerseyoic.org
Email: enquiries@jerseyoic.org

18. Changes to This Policy

We review this policy regularly and update it where necessary. The latest version will always be available with an updated effective date.

19. Contact

For all data protection matters:

Data Protection Officer: Charlotte Caldwell
Email: hello@tracd.co.uk
Address:
9 Bond Street
St. Helier
Jersey, Channel Islands
JE2 3NP