We are committed to ensuring that your privacy is protected and that all personal data obtained and processed by us is done so in accordance with the General Data Protection Regulations (GDPR) and UK data protection laws.
‘Personal Information’ means data that relates to a natural individual who can be identified from that information or together with other information which is held by or is likely to be held by the company. Whilst GDPR does not cover information that identifies an organisation, it does cover personal and sensitive information relating to individuals within it (e.g. directors, beneficial owners or other controlling officials).
Who we are
The company responsible for the processing of your personal information is Robert Scott & Sons Ltd of Oak View Mills, Manchester Road, Greenfield, Oldham OL3 7HG. This means that we are a ‘data controller’ under the GDPR. Our registration number with the Information Commissioner’s Office is ZA365235.
What we might collect
Data is only obtained, processed or stored when we have met the lawfulness of the processing requirements of the GDPR. We may collect the following information to effectively and compliantly carry out everyday business transactions:
- Name and job title.
- Addresses including all site locations.
- Contact details including email address, mobile and landline numbers.
- Financial information including bank details, credit/debit card details (although we do not retain complete card payment information).
- Demographic information such as postcode, along with preferences and interests.
- Other information relevant to purchases, surveys and promotions.
How the information is collected
Most of the personal information we hold about you is that which we collect directly from you. Personal data can be collected in one or more of the following ways:
- When you communicate through email, phone or website.
- When you apply to open an account.
- When you register to receive information from us.
- Each time you purchase our products or services.
- If you interact with us, respond to communications or surveys, or enter competitions.
- When you accept cookies on our website.
What we do with the information we gather and the legal basis for processing
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- It is necessary for the performance of a contract between you and us, and essential for our legitimate interests and legal obligations including payment details.
- To process payments and assess financial risks by carrying out credit reference checks, etc.
- Fulfill our obligations owed to a relevant regulator, tax authority or revenue service as is necessary for compliance with our legal and regularity obligations.
- We may use the information to improve our products and services.
- To send communications about new products, services, company news and promotions or other information which we think you may find interesting using the email which you may have provided.
We will not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent. We only share personal data where we are required to do so by law, where it is necessary to fulfil our statutory obligations and in limited circumstances with certain third parties acting on our behalf in order to provide a service you have requested from us.
We undertake to share only information which is relevant and necessary for the provision of the relevant service. People we share your information with are obliged to keep your details securely and use them only to fulfil your request.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.
If it is necessary to transfer personal information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA and we will use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by emailing the Data Controller at firstname.lastname@example.org or by calling 01457 819400.
The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
This includes breaches that are the result of both accidental and deliberate causes. Personal data breaches can include:
- Access by an unauthorised third party.
- Deliberate or accidental action (or inaction) by a controller or processor.
- Sending personal data to an incorrect recipient.
- Computing devices containing personal data being lost or stolen.
- Alteration of personal data without permission.
- Loss of availability of personal data.
If there is a data breach which leads to the loss of highly sensitive data and poses a risk to that data, we will notify the relevant Information Commissioner Office within 72 hours of first becoming aware of that breach. The data subject will also be notified.
How long do we keep personal data?
We will retain your personal data for as long as is necessary to allow us to carry out our business or where appropriate as required to be kept by law, regularity requirements or in in connection with any anticipated litigation.
Links to other websites
You should exercise caution and look at the privacy statement applicable to the website in question and make sure you are satisfied how that information is collected and shared.
Under the GDPR and the Data Protection Act (DPA) 2018 you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- You have the right to obtain access to and copies of personal information we hold about you which you have provided to us, including for the purpose of you transmitting that data to another data controller. We will provide this information at the earliest opportunity, but at a maximum 30 days from the date the request was received.
- Deliberate or accidental action (or inaction) by a controller or processor.
- Where the provision of information is complex or subject to a valid delay, the period may be extended by two further months where necessary and you will be kept informed throughout the retrieval process of the reasons for the delay.
- You have the right to require us to update and amend personal information we hold about you which you have provided to us.
- You have the right to request us not to send you marketing communication.
- You have the right to request us to erase all your personal information (the right to be forgotten).
We have ensured that exercising your right to the above is as clear and straightforward as possible, and can be done so by stating your request in writing to The Data Controller, Robert Scott & Sons Ltd, Oak View Mills, Manchester Road, Greenfield, Oldham, OL3 7HG. Or by email to email@example.com.
If you no longer wish to receive marketing information from us, this can be done by clicking on the unsubscribe link in the relevant marketing communication or by contacting the data controller above.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply. If, for any reason, we are unable to act in response to a request for erasure, we always provide a written explanation to the reasons why.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner and you can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.
Last updated 21/03/2020.