For the purpose of the Data Protection Act 2018 and the General Data Protection Regulation (EU) 2016/679 (the GDPR), the Company is the controller of the personal data it processes about you. We are registered with the Information Commissioner’s Office with registration number: ZA497994. We also control and operate lovinglymadeingredients.com (the Website). This policy sets out how we collect, process, store and protect your personal data.
This policy applies to employees, job applicants, contractors, sub-contractors, suppliers, advisors, customers, employees of customers and visitors to our Website in relation to whom we process personal data.
2 How we collect your personal data
In relation to job applicants and employees, we collect your personal data when you apply for a job with us, either for an interview or during your employment. If you do not provide us with certain personal data we will not be able to review your job application or employ you.
Where our customers are registered companies, we will process personal data in relation to our contact at that company. Where our customers or those who subscribe to receive updates from us are individuals, we will process the personal data they provide to us.
The personal data we collect from you may include:
• your name, address, telephone number(s) and email address;
• information you provide in an application form, CV or HR form;
• records of written and verbal communications between us;
• information about your transactions with us; and
3 Additional personal data collected from employees
Where necessary, we may keep information relating to your health, which could include reasons for absence and GP reports and notes. This information will be used in order to comply with our health and safety and occupational health obligations — to consider how your health affects your ability to do your job and whether any adjustments to your job might be appropriate. We will also need this data to administer and manage statutory and company sick pay, and health insurance.
Where we process special categories of information e.g. health information, and information relating to your racial or ethnic origin, we will always obtain your explicit consent to those activities unless this is not required by law or the information is required to protect your health in an emergency. Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
4 How we use your personal data
We use your personal data in the following ways:
• to communicate with you by phone, email and post;
• to ensure that the content of the Website is presented to you effectively;
• for customers, we use your personal data to provide you with our products and services during and following your relationship with us and in order to obtain feedback from you about your experience with us;
• for job applicants, we use your personal data in order to consider your application;
• for employees, we use your personal data in order to comply with your employment contract and for internal administration purposes, including paying your wages, providing you with training and keeping a record of your employment;
• for contractors, sub-contractors, suppliers and advisors, we use personal data in relation to keeping in contact with you and maintaining a relationship with you; and
5 Our legal basis for processing
We process your personal data on the basis that it is necessary for the following purposes:
• for the performance of any contract that we enter with you or to take steps at your request prior to entering into a contract;
• for the purposes of our legitimate interests in ensuring that we provide you with the best service possible in all our interactions with you, which if you are a customer may include providing you with information about our products and services which may be of interest to you;
• for compliance with any legal obligation to which we are subject.
We may send emails to customers and those who subscribed to receive our updates on the Website in relation to services which we think they may be interested in, based on our knowledge of their business. Where we send such marketing emails we will first obtain your consent for us to do so. Please note that you are able to withdraw your consent at any time by clicking the “unsubscribe” link at the bottom of all of our emails, or by contacting us using the details provided in the contact and complaints section below. This will not affect the lawfulness of any processing that was carried out based on your consent prior to it being withdrawn.
6 Sharing your personal data
We only share your personal data with third parties where it is necessary for us to do so in order to fulfil our obligations to you under our contract, or where we are required to do so in order to comply with a regulatory or legal provision. We will never sell your personal data for direct marketing.
The circumstances in which we may share your personal data with third parties includes:
• where we are required to share your personal data, for example with HMRC;
• where we use a provider of services, for example in relation to our computer systems or programmes which we use for our business operations (e.g. employee pension and health insurance providers);
• where we use consultants such as lawyers and accountants for services;
• using security companies to monitor the CCTV we use at some of our sites; and
• where we share your personal data with our professional advisers such as insurers and lawyers.
7 Transfers of your personal data
The personal data that we collect from you will not ordinarily be transferred to, or stored at, a destination outside the European Economic Area (EEA).
However, if we do need to transfer your personal data outside the EEA we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place in order to protect your personal data.
Please contact us if you wish to find out more; if we ever transfer your Personal Data outside the EEA you can ask us for a copy of the relevant safeguards implemented in relation to the transfer.
8 How long we will retain your personal data
For employees, we will retain your personal data for a period of up to six (6) years following the end of your employment with us. For job applicants, we will retain your personal data for a period of up to 6 months following us successfully appointing a candidate. In relation to contractors, sub-contractors and suppliers, we will retain your personal data for a period of up to six (6) years following the end of our contractual relationship.
For customers, we will retain your personal data for as long as is necessary to manage our relationship with you and in order to contact you with any important information regarding any of our products. For corporate clients, we expect that we will retain personal data for up to six (6) years following the end of our relationship with you. For individual clients, we expect that that we will retain personal data for up to two (2) years following us satisfying your order. However, this may be extended and we might need to hold contact details for our former customers indefinitely where it is necessary for us to make infrequent contact with the customer regarding their hydropower operation.
The retention periods stated above are all indicative of our standard practice, however, personal data can be held for longer where it is necessary for the purposes for which it is processed; for example, if we are required by statute to hold it for a specific length of time. Please contact us should you have any queries regarding the retention of your personal data.
9 Changes to this policy
10 Your rights
Your personal data is protected under data protection laws and you have a number of rights (explained below) which you can seek to exercise. Please contact us using the details provided in the contact and complaints section below if you have any queries in relation to your rights.
If you seek to exercise your rights we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
• Right of access – You have a right to access the personal data we hold about you upon request. This is known as a “Data Subject Access Request”. You can exercise this right by making a request in writing, by email or by telephone using the contact details in the contact and complaints section below.
• Right of rectification – You can ask us to correct or update your personal data to ensure it is accurate and complete.
• Right to erasure and right to restrict processing – You can ask us to stop processing and/or to delete your personal data in certain circumstances (for example, where it is processed with your consent, or it is no longer necessary for us to process it).
• Right to data portability – You have a right to ask us to provide you with your personal data in a form that suits you, and/or to provide your information to a third party.
• Right to object – You have a right to object to our processing of your personal data.
• Profiling and automated decisions – You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling. We do not undertake any automated decision making or profiling.
• Right to object to direct marketing – Where you have consented to receive direct marketing, you can change your mind at any time by contacting us or following the link to “unsubscribe” provided in each email we send to you. Please allow a few days for us to action your request.
11 Contact and Complaints
You also have the right to lodge a complaint with a supervisory authority (the ICO) by writing to Information Commissioner’s Office, Water Lane, Wilmslow, SK9 5AF or calling 0303 123 1113. Further information about how to do this can be found at: www.ico.org.uk.