This Privacy Notice sets out what personal data we, RICAL GROUP, hold about you and how we collect and use it.
We are required by data protection law to give you the information in this Privacy Notice. It is important that you read the Privacy Notice carefully, together with any other information that we might give you from time to time about how we collect and use your personal data.
This Privacy Notice applies from 25 May 2018, when the General Data Protection Regulation comes into force. We may update this Privacy Notice at any time.
What is Personal Data
Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, contact details, electronic location data, business payment information).
What Are Your Rights
Under the GDPR, you have a number of legal rights relating to your personal data, which are outlined here:
- The right to make a subject access request. This enables you to receive certain information about how we use your personal data, as well as to receive a copy of it and to check that we are lawfully processing it.
- The right to request that we correct incomplete or inaccurate personal data that we hold about you.
- The right to request that we delete or remove personal data that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing.
- The right to object to our processing your personal data where we are relying on our legitimate interest (or those of a third party), where we cannot show a compelling reason to continue the processing
- The right to request that we restrict our processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- The right to request that we transfer your personal data to you or to another party, in a structured format. This right applies in respect of data that you have provided where our legal ground for using the data is that it is necessary for the performance of a contract or that you have consented to us using it (this is known as the right to “data portability”).
What Personal Data Do We Collect
We may collect some or all of the following personal data:
- Business name and Address;
- Email address;
- Telephone number;
- Job title;
- Business Payment information;
How Do You Use My Personal Data
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
- Managing your account and to provide you with the services you have requested.
- Supplying our products to you. Your personal details are required in order for us to enter into a contract with you.
- Personalising and tailoring our products for you.
- Communicating with you. This may include responding to emails or calls from you.
- We do not use your information for marketing purposes and you will only be contacted in relation to your account.
How Long Will We Keep Your Personal Data
We will not keep your personal data for longer than we need it for our legitimate purposes.
We take into account the following criteria when determining the appropriate retention period for personal data:
- the amount, nature, and sensitivity of the personal data
- the risk of harm from unauthorised use or disclosure
- the purposes for which we process your personal data and how long we need the particular data to achieve these purposes
- how long the personal data is likely to remain accurate and up-to-date
- any applicable legal, accounting, reporting or regulatory requirements that specify how long certain records must be kept
How and Where Do We Store or Transfer Your Personal Data
We will only store your personal data in the UK. This means that it will be fully protected under the GDPR.
Do We Share Your Personal Data
We will only share your personal data with third parties where we have an appropriate legal ground under data protection law which permits us to do so. Commonly, this could include situations where we are legally obliged to comply with our contractual duties or we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
How Can You Access Your Personal Data
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it.
All subject access requests should be made in writing to our Data Protection Lead at Tramway, Oldbury Road, Smethwick, B66 1NY.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection. Any changes will be made available on our website.