Customers/Visitors/Interested Parties/Contractors and Sub Contractors/Suppliers Privacy Notice
We take customers’, visitors’ and interested parties’ privacy seriously and will only use personal information to administer and handle all aspects of your account including providing the products and/or services you order from us or providing you with information relating to an enquiry regarding our products and services. When we receive personal information from you that enables us to provide you with the requested products and/or services, your consent to allow us to use and deal with that personal information in a reasonable manner is we believe implied and therefore, a clear affirmative action.
The confidentiality and security of customers’ personal information is protected with safeguards – physical, electronic and procedural – appropriate to the sensitivity of the information. We may utilise the services of a credit insurance company to assist with the setting of an appropriate credit limit. We will never release your personal information to anybody else for any other purpose without your consent unless required to do so for example by law, in the course of legal proceedings or in order to pursue debt recovery.
In the interests of security we may use CCTV recording equipment around our premises.
This Privacy Notice sets out what personal data we hold about you and how we collect and use it. It applies to anyone who is a customer of the Proclad Group.
Please note that we will not necessarily hold, use or share all of the types of personal data described in this Privacy Notice in relation to you. The specific types of data about you that we will hold, use and share will depend on the nature of the contract held between customer and supplier.
We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other similar or additional information that we might give you from time to time about how we collect and use your personal data.
This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation comes into force. It does not give you any contractual rights. We may update this Privacy Notice at any time.
Who is the controller?
The Proclad Group is the “controller” for the purposes of data protection law. This means that we are responsible for deciding how we hold and use personal data about you.
What is personal data?
Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, email address,). It can be factual (e.g. contact details), an opinion about an individual’s actions or behaviour, or information that may otherwise impact that individual in a personal or business capacity.
Data protection law divides personal data into two categories: ordinary personal data and special category data. The only information held by United Cast Bar (UK) Ltd in relation to you is ordinary personal data.
What type of ordinary personal data do we hold about you and why?
We collect, hold and use the following types of ordinary personal data about you:
- Basic contact information, i.e. name, email address, phone number etc.
- Publicly available information about you, such as your business social media presence
- Business card information provided
- Qualifications, certificates, insurance documents, RAMs, method statements, information relating to liability insurance signed by a Director of your company
We hold and use this personal data so that we can:
- Administer your account
- Provide the products and services you have requested from us
- Verify information provided
- Keep appropriate records concerning the account
- Where you have provided a business card, we will use your contact details to provide you with marketing information
- For recording information relating to inductions carried out for H&S purposes
What are our legal grounds for using your ordinary personal data?
Data protection law specifies the legal grounds on which we can hold and use personal data.
We rely on one or more of the following legal grounds when we process your ordinary personal data:
- We need it to take steps at your request in order to enter into a contract with you (entry into a contract),
- We need it to comply with a legal obligation (legal obligation),
- It is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (legitimate interest).
How do we collect your personal data?
You provide us with most of the personal data about you that we hold and use, for example through completing customer account application forms, or through forming a contract by purchasing goods or services from us.
Some of the personal data about you that we hold and use may come from external sources. Some information may also be obtained about you from publicly available sources, such as your LinkedIn profile or other media sources.
When you interact with us on social media platforms such as LinkedIn we may also obtain some personal information about you. The information we receive will depend on the privacy preferences you have set on each platform and the privacy policies of each platform. To change your settings on these platforms, please refer to their privacy notices.
You may provide us with a business card at external events, meetings or at our premises. We will contact you based on your interest in the business and use this information to provide you with information regarding our products and services which may be commercially beneficial to you. We accept that by providing your business card, this in itself is a clear affirmative action and consent for us to contact you for marketing purposes.
What information we might collect
When you engage with us by phone, mail, in person or online, we may collect information about you (referred to in this Privacy Notice as 'personal information'). This may include your name, address, email address, telephone number, date of birth, job title and details of your qualifications, insurance certificates, and other information relating to you personally which you may choose to provide to us.
Who do we share your personal data with?
We do not share your personal data with third parties unless we have an appropriate legal ground under data protection law which permits us to do so.
Consequences of not providing personal data
We only ask you to provide personal data that we need to enable us to fulfil our obligations in administering your account or contract with us and providing the products and services requested from us or information regarding our products and services in which you have implied an interest by providing your personal information for contact purposes.
If you choose not to provide us with personal data requested, we will tell you about the implications of any such decision at the relevant time.
How long will we keep your personal data?
Customers - We will keep your personal data throughout the sales contract and up to 25 years following the final contract or longer if the insurance of the contract dictates. We will not keep your personal data for longer than we need it for our legitimate purposes.
Visitors, Interested Parties, Contractors, Sub-Contractors and Suppliers – We will keep your personal data for a period of 12 months to comply with our induction process, record keeping and insurance requirements. We may keep this information longer where it forms part of a customer contract. We will not keep your personal data for longer than we need it for our legitimate purposes.
DATA PROTECTION OFFICER/RESPONSIBLE PERSON
We have appointed Teresa Young as our Data Protection Officer to oversee compliance with this privacy notice and GDPR.
You have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your data, as well as to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing.
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to withdraw your consent to us using your personal data. As described above, we do not normally rely on your consent as the legal ground for using your personal data. However, if we are relying on your consent as the legal ground for using any of your personal data and you withdraw your consent, you also have the right to request that we delete or remove that data, if we do not have another good reason to continue using it.
- The right to request that we transfer your personal data to another party, in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
If you would like to exercise any of the above rights, please contact the GDPR Team via email to firstname.lastname@example.org or in writing to:
FTV Proclad International Ltd
Viewfield Industrial Estate
Note that these rights are not absolute and in some circumstances we may be entitled to refuse some or all of your request.
Note too that you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. Details of how to contact the ICO can be found on their website: https://ico.org.uk
We are registered with the Information Commissioner’s Office as a Data Controller.