We want you to be fully informed about how we use your data, how we keep it secure and your rights.
ENSURING THE LAWFUL USE OF YOUR DATA
We will only use your personal data where we have a lawful basis to use it. We will usually only use your data where it is necessary for us to perform our contract with you (for example, to provide you with the products or services you have requested), or in a way which might reasonably be expected as part of running our business and which does not materially impact your interests, rights or freedoms. For example, we might send you samples that you have requested. Please contact us using the details below if you would like further information about this.
We may sometimes need to use data to comply with our legal obligations (for example to pass on details of people who are involved in fraud).
Further details of how we will use your personal information are provided below.
WHAT INFORMATION WE COLLECT FROM YOU AND HOW WE USE IT
The information we collect about you and how we will use it, depends on how you interact with us, for example, if you request products or services from us or contact us with a query by email or phone. The table below provides some examples of the information we collect about you and how we will use it.
|The personal data we collect from you||How we may use it||Lawful Basis|
|We will collect the personal data needed to identify you such as your name and company name. We will also collect your contact details, such as your email address, telephone number, job title and mailing address/place of work.||To enter into a business relationship with you to provide our products, services and to contact you about them where necessary.||To enter into and fulfil our contract with you/legitimate business purposes.|
|To manage the delivery of our products and services you have requested.||To fulfil our contract with you.|
|To send you marketing communications and to keep you up-to-date about our products and services which we think will interest you.||Legitimate business purposes.|
|To undertake product trials, research and development.||Legitimate business purposes.|
|To send samples that you have requested.||Legitimate business purposes.|
|If you raise an enquiry or complaint with us.||Legitimate business purposes.|
|Fraud prevention and detection.||Legal obligation/legitimate business purposes.|
|Payment details and details of your transactions.||To take payment for our products and services. We do not store any payment card numbers once the transaction has been completed. We will share this data with credit card companies and other payment providers.||To fulfil our contract with you.|
|Fraud prevention and detection.||Legal obligation/legitimate business purposes.|
|Information you provide to us when you contact us by telephone, by email, on social media or by post.||To provide you with the support and customer service you have requested.||Legitimate business purposes.|
|To train our employees.||Legitimate business purposes.|
|CCTV footage at our site.||To record images for security purposes.||Legitimate business purposes.|
|Technical information about your equipment, browsing actions and patterns.||To administer and to improve our website, to ensure it is presented in the most effective manner for you and to give you the best website experience and to allow you to participate in interactive features of our website if you choose to do so.||Legitimate business purposes.|
|For data analysis, testing, research and statistical statistics to help us to improve our products and services.||Legitimate business purposes.|
|To keep our website safe and secure.||Legitimate business purposes.|
|To make suggestions and recommendations to you and other users of our website about products or services that may interest you or them.||Legitimate business purposes.|
|To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you.||Legitimate business purposes.|
You do not have to give us any of the personal data set out above but, if you do not provide us with certain information, we may not be able to provide you with the products and services you have requested from us or to deal with your query.
AUTOMATED DECISION MAKING
We do not currently carry out automated decision-making using information we hold about you.
SHARING YOUR DATA
We share your personal data with trusted third parties to allow us to provide our services to you. When we do share your data with these third parties we have written contracts in place with them which require them to only use your data for the purpose we specify to them and that your privacy is secure and respected.
These trusted third parties include the following:
- Professional service providers who help us run our business, such as logistics providers, website hosting providers, website managing and maintenance services, system providers, website analytics providers and advertisers, for example, Google Analytics;
- Direct marketing companies who help us manage our electronic communications with you;
- Social Media or Web platforms to show you products that might interest you while you’re browsing the internet;
- Regulatory Standards and Notified bodies;
- Debt collection agencies for the purpose of tracing debtors and collecting debt; and
- Credit reference agencies, law enforcement and fraud prevention agencies, so we can help tackle fraud.
We may also share your personal data:
- In connection with a business transition (such as a merger, acquisition by another company, or a sale of all of or portion of our assets). In these circumstances, we may need to share your personal data with a prospective buyer and external professional advisors such as accountants, insurers, lawyers or financial institutions; and
- Where we have a duty or a legal obligation to do so, such as with the police, administrative authorities, other enforcement, regulatory or Government bodies, or in order to enforce or apply our Terms and Conditions.
INFORMATION WE RECEIVE FROM THIRD PARTIES
We may receive information about you from third parties, such as credit reference agencies, credit report companies and company registration bodies or from other organisations we work with, or from publicly available sources, or information which is published in the media.
Depending on your settings or the privacy policies of social media or messaging services, such as LinkedIn, Twitter or YouTube, we may collect information about you from these sources, with your permission.
We may combine the information you have given us, with information obtained from other sources, but we will only do this when we have a lawful basis to do so.
INTERNATIONAL TRANSFER OF YOUR PERSONAL DATA
A number of our service providers are located (or will access your personal data from) outside the EU/EEA which is not governed by EU data protection laws. In all such cases, at least one of the following measures will be in place to safeguard the data:
- Standard Contractual Clauses. See https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en ;
- EU/US Privacy Shield Certification. See www.privacyshield.gov ; or
- The recipient country has been deemed to provide adequate protection by the European Commission. See https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We may also keep hold of some of your personal data if we are required to do so for legal purposes, for example, to meet our legal or regulatory requirements or to prevent fraud and abuse.
We are committed to ensuring that your personal data is secure, and we have put in place suitable administrative, technical, physical, contractual and managerial measures, including:
- Strong passwords that are changed every 30 days
- We have a Cyberoam firewall in place which provides high level security controls
- We have Antivirus protection installed on all servers and computers
- We run regular software updates to ensure that we are properly patched and up to date
- We backup all data daily to Mozy Cloud
These measures are intended to protect your personal data from loss, theft, unauthorised use, disclosure or modification. Our employees who have access to and process your personal data are obliged to respect the confidentiality and security of your personal data. In addition, we have appropriate measures in place to make sure that the personal data we retain is accurate and up-to-date.
THIRD PARTY LINKS
HOW CAN I UNSUBSCRIBE FROM MARKETING COMMUNICATIONS?
You have the following rights in relation to the personal information we hold about you, to request:
- access to the personal data we hold about you (commonly known as a “data subject access request”) including a copy of it;
- the correction of the personal information that we hold about you if it is incomplete or inaccurate;
- the deletion or removal of personal data we hold about you where there is no good reason for us continuing to process it or where you have exercised your right to object to processing (see below);
- for our processing of your personal information to be restricted in certain circumstances, for example if you want to establish its accuracy or the reason for processing it;
- to obtain a copy of the personal information you’ve provided us with and to reuse it elsewhere or to ask us to transfer it to a third party of your choice; and
- to withdraw any consent you have provided to our use of your personal data. Where you withdraw consent we will stop using your data for the specific purpose, unless we have an alternative legal basis to use it.
We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data.
Right to Object
Where we are processing your personal data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your personal data or we need to process it for the establishment, exercise or defence of legal claims.
If you are dissatisfied with how we have handled your personal data, you have the right to make a complaint to your data protection regulator and we will work with them to resolve it. In the UK, this is the Information Commissioner’s Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns. We would, however, appreciate the chance to deal with your concerns before you approach the ICO (or, if you’re based outside of the UK, your data protection regulator), so please do contact us in the first instance.
- by email at firstname.lastname@example.org;
- by post atNonwovenn Ltd
- by phone at 01278 428 500