Privacy Policy

This privacy notice aims to give you information on how we collect and process your personal data generally and through your use of our website, including any data you may provide through our website when completing the ‘Contact Us’ form

Our website is not intended for children, and we do not knowingly collect data relating to children.

The Data We Collect About You

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We also operate a CCTV system which stores video images for 30 days.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, maiden name, last name, username or similar identifier, title, date of birth and gender.
  • Contact Data includes postal address, email address and telephone numbers.
  • Financial Data includes bank account details.
  • Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions.
  • Profile Data includes your username and password, purchases or orders made by you, and survey responses. 
  • Usage Data includes information about how you use our website, products and services.
  • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

 

Where we collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Or, where we collect any information about criminal convictions and offences, we will do so on the basis that the processing is necessary for carrying out the obligations and exercising specific rights of the Data Controller or Data Subject in the field of employment.

We may also process your Special Categories of Personal Data where the processing is necessary for establishing, exercising or defending legal claims.

Under the UK General Data Protection Regulations (GDPR) the lawful bases we rely on for processing this information are:

  1. your consent
  2. we have a contractual obligation
  3. we have a legal obligation
  4. we have a vital interest
  5. we have a legitimate interest
  6. we need it to perform a public task

 

3.      How is Your Personal Data Collected?

We use different methods to collect data from and about you including through:

  • Direct Interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
  • apply for our products or services using our ‘Contact Us’ form;
  • request marketing to be sent to you using our ‘Contact Us’ form;
  • apply for a job with us or become engaged by us; or
  • give us some feedback.

 

  • Automated Technologies or Interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, and other similar technologies.
  • Third Parties or Publicly Available Sources. We may receive personal data about you from various third parties and public sources as set out below:
  • Technical Data from the following parties:
    1. analytics providers such as Google based outside the EU; and
    2. advertising networks such as LinkedIn based inside OR outside the EU;

 

  • Identity and Contact Data from data brokers or aggregators such as Direct Marketing Agencies based inside the EU.

 

  • Identity and Contact Data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.

 

4.       How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract, we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing or any other consent you may have provided at any time by contacting us.

 

5.       Disclosures of Your Personal Data

We may have to share your personal data within the Beardow Adams Group.  Members of the Beardow Adams Group are not authorised to use or disclose the information except as provided in this privacy policy.

We will only share personal data with external third parties where appropriate safeguards and contractual agreements have been put in place. For Example:

 

  • The third party has agreed to comply with the required data security standards, policies and procedures and the law and has put adequate security measures in place;
  • Third-party service providers are not permitted to use your personal data for their own purposes and they are only permitted to process your personal data for specified purposes and in accordance with our instructions.

We may also share your personal data if required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions.

 

6.       International Transfers

We do not transfer your personal data outside the European Economic Area (EEA).

 

7.       Data Security - Protecting Personal Data

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

The following are examples of the measures we may implement:

  • We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
  • We ensure that there is in place appropriate technical and organisational measures (those measures may include, where appropriate, pseudonymisation (as set out in the Glossary) and encryption.
  • We ensure that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential and secure. All personnel who have access to and/or process personal data are also obliged to comply with our equipment and data security guidelines.
    • We deal without undue delay any incident involving the security of information including a personal data breach.
    • We dispose of securely or return personal data and copies on termination of any agreement when it is no longer required unless we are required by law to store the personal data.
    • We have integrated data protection, privacy and security requirements into our internal documents, which must be complied with by our personnel at all time.
    • We ensure our I.T. facilities, network and equipment are adequately protected against loss, misuse or unauthorised access of personal data.

 

8.      Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

We maintain retention policies and procedures to ensure personal data is deleted after a reasonable time for the purpose for which it was being held. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we may be required to keep data for a minimum period. For example,  we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

We will take all reasonable steps to securely destroy or erase from our systems all personal data that we no longer require in accordance with our guidelines on data retention. This includes requiring third parties to delete data where applicable.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

For further information about the period for which data is stored and how that period is determined please contact the Data Protection Manager.

 

9.      Your Data Protection Rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  •      Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
  • You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

 

10.       Dealing with and reporting a personal data breach 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

If you know or suspect that a personal data breach has occurred, do not attempt to investigate the matter yourself.  Immediately contact our Data Protection Manager who has been designated as the key point of contact. You should preserve all evidence relating to the potential personal data breach.

If the breach is likely to result in a risk to the rights and freedoms of individuals, then we will notify the Information Commissioner’s Office within 72 hours.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow. Cheshire. SK9 5AF

 

Helpline number: 0303 123 1113. www.ico.org.uk.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

 

11.       Training and Audit

We ensure that all of our personnel have undergone adequate training to enable them to comply with the data protection laws, this privacy notice, and related IT, data and security policies, guidelines and procedures.

We regularly test and evaluate our technical and organisational measures and our systems and processes to ensure that they are effective and compliant.

 

Changes to the Privacy Notice and Your Duty to Inform Us of Changes

This version was last updated on 19 May 2019.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

> Neueste Nachrichten

Erfahren Sie mehr: unsere neuesten Nachrichten, Events und Produktentwicklungen  Newsarchiv

Paniker features in May issue of TissueMAG

In May Paniker was featured in TissueMAG. Paniker, who have been part of the Beardow Adams Group since 2000, spoke to the magazine about how the...

Mehr…

Kontaktieren Sie uns