Document number: PP-01
Revision 0: 08/05/2018
Data Controller: Glycosynth Ltd, 14 Craven Court, Warrington, WA2 8QU England.
2. Who we are:
3. Our data protection officer:
4. Why are we collecting your information?
5. What types of personal data do we collect and use?
6. Privacy of children and special categories of personal data:
7. Source of your personal information:
8. What we do with your information:
9. How will we use the information about you?
10. Complying with data protection laws
11. What is our lawful basis for using your information?
12. Sharing of your information:
13. Security of your data
14. Transferring information outside the EU
15. Can we use your information for any other purpose?
16. Links to other websites:
18. Storing your information and deleting it
19. Your rights
20. Right to withdraw consent:
21. Right to complain to the ICO
23. How to contact us
1. WHAT IS THE PURPOSE OF THIS PRIVACY STATEMENT?
This Policy applies to customers, users of our website, and those who wish to receive marketing information from us. Please read this Policy carefully to understand our views and practices regarding your personal data and how we will treat it.
We are committed to protecting the privacy and security of your personal information. This Policy explains how we collect and use personal information about you when you use our website, contact us by telephone, fax or post in accordance with the General Data Protection Regulation (GDPR).
2. WHO WE ARE:
Glycosynth Ltd is a company registered in England under company number 3139476 with our registered office at 14 Craven Court, Winwick Quay, Warrington, WA2 8QU, England.
Glycosynth is a "Data Controller". This means that we are responsible for deciding how we hold and use personal information.
3. OUR DATA PROTECTION OFFICER
Our Data Protection Officer is responsible for overseeing what we do with your information and monitoring our compliance with data protection laws. If you wish to contact the Data Protection Officer you can do so by writing to email@example.com or the postal address in section 21.
4. WHY ARE WE COLLECTING YOUR INFORMATION?
The information that you provide to us is required in order for us to:
· fulfil your orders for products with us;
· provide you with marketing information about Glycosynth’s products in which you may be interested;
· to conduct customer surveys in relation to our products and service.
5. WHAT TYPES OF PERSONAL DATA DO WE COLLECT AND USE?
We are collecting information about you in order to achieve the purposes set out above (see 'Why are we collecting your information?'). This includes:
· personal details (such as your name and company name);
· contact details (such as company address, phone number and email address);
· payment information (such as payment methods, company billing address details and other information related to payment. Please note we do not retain or store credit card, debit card or other confidential payment information);
· details of any contact with our customer services team (such as a record of your correspondence);
· details of any calls that you make to us;
· browser information and online identifiers (such as your IP address);
· marketing, and feedback information; and
· details of any agreement or objection to receiving marketing information from us.
6. PRIVACY OF CHILDREN AND SPECIAL CATEGORIES OF PERSONAL DATA:
We do not knowingly collect personal data from anyone under the age of 18. We do not knowingly obtain or store any Special Categories of Personal Data, such as information about health or medical conditions, race or religious beliefs.
If we are made aware that we have received information from anyone under the age of 18 or Special Categories of Personal Data, we will use our best efforts to locate and remove that information from our records.
7. SOURCE OF YOUR PERSONAL INFORMATION:
The information which we collect about you will be obtained through a variety of sources which include:
· if you are placing an order online via our website, over the telephone or by fax. We will never ask you to supply credit card details via email or text message;
· when you report a problem with our site and/or your order;
· when you contact us for any reason;
· when you complete surveys, such as our feedback form.
8. WHAT WE DO WITH YOUR INFORMATION: HOW WILL WE USE THE INFORMATION ABOUT YOU?
We may use personal data for the following purposes:
· We may use your personal data to provide you with information that you have requested from us.
· We may periodically send emails about our new products or other information about our company which we think you may find interesting, using the email address which you have provided. We will do this where you have made an order with us or you have otherwise confirmed that you agree to us sending you such information (see 'What is our lawful basis for using your information' below).
· Please note that you have the right to ask us not to process your personal data for marketing purposes. We will usually inform you before collecting your data if we intend to use your data for such purposes. You can exercise your right to prevent such processing by:
1. Not checking certain boxes on the forms that we use to collect your data; or
2. by emailing us at firstname.lastname@example.org.
· We use your personal data to process and fulfil your orders effectively and to carry out any further obligations arising from any contracts entered into between you and us. This will include using your email address and/or phone number so that we can send you information confirming your order.
· If you report a problem with your order, we may use your personal data to investigate that problem.
· To notify you about changes to our service.
9. WHAT MAY HAPPEN IF YOU DO NOT PROVIDE YOUR PERSONAL INFORMATION?
If you do not provide personal data, we may not be able to carry out any obligations arising from contracts entered into between you and us. For example, if you do not provide information about your method of payment or delivery address, we will not be able to complete your order with us.
10. COMPLYING WITH DATA PROTECTION LAWS
We will comply with data protection law. At the heart of data protection laws are the "data protection principles" which say that the personal information we hold about you must be:
· used lawfully, fairly and in a transparent way;
· collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
· relevant to the purposes we have told you about and limited only to those purposes;
· accurate and kept up to date;
· kept only as long as necessary for the purposes we have told you about; and
· kept securely.
11. WHAT IS OUR LAWFUL BASIS FOR USING YOUR INFORMATION?
In accordance with the data protection laws, we need a "lawful basis" for collecting and using information about you. There are a variety of different legal bases for using personal data which are set out in the data protection laws.
The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this statement will be:
· Contract: Using your information will be necessary for us to either perform the contract between us or in order to take steps at your request prior to entering into the contract;
· Legal compliance: Using your information will be necessary for us to comply with our legal or regulatory obligations;
· Legitimate interest: Using your information will be necessary for our legitimate commercial interest and our interest is not outweighed by the potential impact on your privacy. For example, we rely on legitimate interest as our lawful basis to send you marketing information by email or by post if you have placed an order with us and you have not objected to receiving such marketing information. If you would prefer not to receive marketing information from us, please email us at email@example.com;
· Consent: It is possible that you may give us your consent to use your information for a particular purpose.
12. SHARING OF YOUR INFORMATION:
We may share some of your personal data with third parties as described below. However, we will only share your information with third parties to enable us to fulfil our contract with you (for example for an order).
· To our nominated third-party carriers and insurers to enable them to deliver your order and to contact you if there is a problem with delivery (i.e. telephone, name and address only).
13. SECURITY OF YOUR DATA
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We will never ask you to confirm or supply any credit card details via email or text message. If you receive such an email or text message, please do not respond and notify us immediately at: firstname.lastname@example.org.
All information you provide to us is stored on our secure servers.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
14. TRANSFERRING INFORMATION OUTSIDE THE EU.
The data that we collect from you will not be transferred to, or stored, at a destination outside the European Economic Area ("EEA").
15. CAN WE USE YOUR INFORMATION FOR ANY OTHER PURPOSE?
We typically will only use your personal information for the purposes for which we collect it. In limited circumstances we may use your information for a purpose other than those set out in this Policy. If we intend to do so, we will provide you with information relating to that other purpose before using it for the new purpose.
We may use your personal information without your knowledge or consent only where such use is required or permitted by law.
16. LINKS TO OTHER WEBSITES:
Cookies are small text files that are placed on your computer, smartphone or other device when you access the internet.
However, and most importantly, NONE of the cookies we use collect your personal information in any way and therefore cannot be used to identify you. This website does not store any information that would, on its own, allow us to identify individual users without their express permission. Any cookies that may be used by this website are used either solely or on 'session' basis to maintain user preferences.
This type of 'session cookie' is just temporary and only exists during the time you use our website (or more strictly, until you close the browser after using our website). Session cookies help our website remember what you chose on the previous page to avoiding the need to re-enter information.
Again, at no point do any of the cookies we use enable us to identify who you are and, very importantly, are not shared with any third parties. Therefore, because our cookies cannot identify you, we are not required to seek permission to use these types of cookie under the GDPR rules. If you require any additional information, please do not hesitate to contact us.
18. STORING YOUR INFORMATION AND DELETING IT
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements to government agencies. Details of retention periods for different aspects of your personal information are available in our retention policy which is available from our Data Protection Officer.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
19. YOUR RIGHTS
If you have any questions about our use of your personal data, you are welcome to contact us. You will find our contact details at the bottom of this page. If you notice any errors in your personal data, you have the right to have them corrected.
Under certain circumstances, by law you have the right to:
· Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
· Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
· Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
· Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
· Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
· Request the transfer of your personal information to another party.
You are not always entitled to exercise each of these rights. The rights which you are entitled to exercise depend on a number of factors including the lawful basis on which we rely to use your personal data. Therefore, if you make a request to exercise a right which is not available to you, we have the right to decline the request.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact email@example.com or the postal address in section 21, in writing.
20. RIGHT TO WITHDRAW CONSENT:
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact firstname.lastname@example.org. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
21. RIGHT TO COMPLAIN TO THE ICO
You also have the right to complain to the Information Commissioner's Office (the "ICO") if you are not satisfied with the way we use your information. You can contact the ICO by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
23. HOW TO CONTACT US
By email: email@example.com
14 Craven Court
Telephone: +44 (0) 1925 575075
Fax: +44 (0) 1925 575121