1.1. The Company takes the security and privacy of your data seriously. We gather and use information or ‘data’ about you as part of our business and to manage, develop and enhance our relationship with you. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.
1.2. This general policy applies to all personal data we may hold.
1.3. The Company has measures in place to protect the security of your data as set out in this policy.
1.4. The Company will hold data for as long as is necessary for the purposes for which it was collected, or until a subject access request (see section 7) is received to delete it.
1.5. This policy explains how the Company will hold and process your information and explains your rights in respect of the data we hold.
2. Data Protection Principles
2.1. Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must: be processed fairly, lawfully and transparently; be collected and processed only for specified, explicit and legitimate purposes; be adequate, relevant and limited to what is necessary for the purposes for which it is processed; be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay; not be kept for longer than is necessary for the purposes for which it is processed; and be processed securely. We are accountable for these principles and must be able to show that we are compliant.
3. How we define personal data
3.1. ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession.
3.2. This policy applies to all personal data whether it is stored electronically, on paper or on other materials.
3.3. If you visit our web site it is standard procedure for our web servers to store your internet service provider details, the web site from which you are visiting, details as to which of our sites you are visiting and the date and duration of your visit.
3.4. Personal data we hold will have come into our possession in the ordinary course of business.
3.5. The personal data we hold may include some or all of the following information categories: name; email address; Company name; Company address your gender; skype address; mobile phone number; job title;
3.6. Note. Our employee data is more extensive but a separate policy applies.
3.7. We do not hold any information which is considered under GDPR as Special Category Data.
3.8. When using our web site data will be collected by Google Analytics. Information about what they collect and how this can be avoided can be found on their web site at https://policies.google.com/privacy?hl=en
3.9. You may also be invited to access videos via our web site. This facility is provided by You Tube and details of their policies can be found at https://policies.google.com/privacy?hl=en
4. How we define processing
4.1. ‘Processing’ means any operation which is performed on personal data such as: collection, recording, organisation, structuring or storage; adaption or alteration; retrieval, consultation or use; disclosure by transmission, dissemination or otherwise making available; alignment or combination; and restriction, destruction or erasure. This includes processing personal data which forms part of a filing system and any automated processing.
5. How will we process your personal data?
5.1. The Company will process your personal data in accordance with our obligations under the 2018 Act.
5.2. We will protect your data by implementing technical and organisational safety measures in order to avoid accidental or deliberate manipulation, loss, damage or access by unauthorised persons. Our processing includes data encryption, pass-wording and secure storage of back-up media.
5.3. We may use personal data : whilst performing contractual obligations (sale and purchase contracts including quotations);or where we believe we have a legitimate interest in making you aware of developments to our products or appraising you of the activities of the Company or Group of companies. Where we become legally obliged to do so. We will not use your personal data for any other unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.
6. Sharing your personal data
6.1. Sometimes we might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.
6.2. We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
6.3. We do not make personal data available to third parties other than as set out in clauses 6.1 and 6.6 of this policy.
6.4. We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.
6.5. Our specific GDPR Employee Policy sets out some of the measure used to protect employee data.
6.6. If third party organisations have access to personal data we ensure that they have adequate policies in place to protect the data in accordance with the GDPR requirements and principles.
7. Subject access requests
7.1. Persons who would like to know what personal information we hold may make a Subject Access Request (SAR) in relation to their own personal data. The contact person is set out in clause 8.2 below. We are required to respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.
7.2. There is normally no fee for making a subject access request.
8. Your data subject rights
8.1. You have the right to information about what personal data we process, how and on what basis as set out in this policy.
8.2. Matters arising under clauses 7.1 and 8.3 to 8.8 should be referred in writing to Datenschutz.Osterode@piller.com
8.3. You have the right to access your own personal data by way of a subject access request (see section 7 above.).
8.4. You can request that we correct any inaccuracies in your personal data.
8.5. You have the right to request that we erase your personal data where we were not entitled under the law to process it.
8.6. While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made.
8.7. You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
8.8. You have the right to object if we process your personal data for the purposes of direct marketing. You will be given the opportunity to unsubscribe from future direct email campaigns but we may retain your personal data where for legitimate business reasons we consider it appropriate to do so.
8.9. You have the right to be notified of a data security breach concerning your personal data.
8.10. You have the right to lodge a complaint with our data protection officer (see 8.2) or our data protection supervisory authority. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
- Google Analytics – Opt Out: https://tools.google.com/dlpage/gaoptout
- Facebook: https://www.facebook.com/about/privacy/update
- Twitter: https://twitter.com/en/privacy#update
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Youtube/Google: https://policies.google.com/privacy?hl=en
- dotmailer: https://www.dotmailer.com/terms/privacy-policy/
Get in touch
Want to know more about how we can empower your business? Send us a message and one of our specialists will get in touch to tell you more.