This document demonstrates our commitment to protecting the privacy and security of your personal information. It contains information regarding how we collect and use personal data or personal information about you in accordance with the General Data Protection Regulation (GDPR) and all other data protection legislation currently in force.
Pursuant to that legislation, when processing data we will:
- process it fairly, lawfully and in a clear, transparent way
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it in a way that ensures it will not be lost or destroyed or used for anything that you are not aware of or have consented to (as appropriate)
MecWash Systems Ltd is a “data controller”. This means that we are responsible for determining the purpose and means of processing personal data relating to you.
“Personal data”, or “personal information” means any information relating to an identified, or identifiable individual in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
We do not process any special categories of data in connection with business contacts.
This data protection compliance statement (privacy notice) applies to current, former or prospective customers or suppliers of the company.
DETAILS OF INFORMATION WE MAY HOLD ABOUT YOU
The list below identifies the kind of data that we may hold about you:
- Contact details such as name, title, company address, telephone numbers, and company email addresses
- Location of workplace
- Information about your use of our information and communications systems
- When you visit our website we may collect
- Your IP address
- The referring website
- The version of internet browser you are using
- Cookies that are used by Google analytics – cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Cookies allow a website to recognise a user’s device. They are used to improve the user’s experience.
The company does not envisage circumstances where we would hold any special categories of data.
METHOD OF COLLECTION OF PERSONAL INFORMATION
Your personal information will be collected from enquiry forms you have completed, or from previous correspondence between us (either by post or email), or from public sources or third parties you have authorised to share data with us.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
PROCESSING INFORMATION ABOUT YOU
We will only administer personal information in accordance with the lawful bases for processing. At least one of the following will apply when we process personal data:
- consent: You have given clear consent for us to process your personal data for a specific purpose.
- contract: The processing is necessary for a contract we have with you, or because we have asked you to take specific steps before entering into a contract.
- legal obligation: The processing is necessary for us to comply with the law (not including contractual obligations).
- vital interests: the processing is necessary to protect someone’s life.
- public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
- legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
LAWFUL BASIS FOR PROCESSING YOUR PERSONAL INFORMATION
We consider that the basis for which we will process the data contained in the list above (see section above - details of information we will hold about you) is either:
- necessary for the performance of the contract we have with you
- to enable us to comply with our legal obligations
- to pursue legitimate interests of our own or those of third parties, provided your fundamental rights do not override those interests.
The circumstances in which we will process your personal information are listed below.
- To ensure content from our website is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you.
- To carry out our obligations arising from any contracts.
- To contact you with important information relating to your purchase or request, such as confirming your order.
- To prevent fraud.
- To ensure our administrative and IT systems are secure and robust against unauthorised access.
- To provide the best possible customer service and to help us with internal administration.
- To keep our database accurate and relevant.
- For statistical purposes
There may be more than one reason to justify processing your personal information.
We do not anticipate that any of our decisions will occur without human involvement. Should we use any form of automated decision making we will advise you of any change in writing.
Your data will be shared with colleagues within the Company where it is necessary for them to undertake their duties.
It may be necessary for us to share your personal data with a third party or third party service provider (including, but not limited to, contractors, agents or other associated/group companies) within the European Union (EU). Data sharing may arise due to a legal obligation, as part of the performance of a contract or in situations where there is another legitimate interest (including a legitimate interest of a third party) to do so.
The list below identifies which activities are carried out by third parties on our behalf:
- IT / marketing services
- legal/HR/health & safety advisors
- insurance providers
Data may be shared with 3rd parties in the following circumstances:
- in relation to the maintenance support and/or hosting of data
- to adhere with a legal obligation
- in the process of obtaining advice and help in order to adhere with legal obligations.
If data is shared, we expect third parties to adhere and comply with the GDPR and protect any data of yours that they process. We do not permit any third parties to process personal data for their own reasons. Where they process your data it is for a specific purpose according to our instructions.
We do not anticipate that we will transfer data to other countries.
As part of our commitment to protecting the security of any data we process, we have put the following measures in place:
- all computer information is backed up daily, onto encrypted cartridges that are stored off-site.
- the computer servers are protected by firewalls from unauthorized access.
- the computer system is protected by anti-virus software.
If you would like further details please contact the company.
In addition, we have put further security measures in place to avoid data from being accessed, damaged, interfered with, lost, stolen or compromised. In cases of a breach, or suspected breach, of data security you will be informed, as will any appropriate regulator, in accordance with our legal obligations.
Any data that is shared with third parties is restricted to those who have a business need, in accordance with our guidance and in accordance with the duty of confidentiality
We anticipate that we will retain your data for no longer than is necessary for the purpose for which it was collected.
We have given consideration to the following in order to decide the appropriate retention period:
- risk of harm
- purpose for processing
- legal obligations
At the end of the retention period, upon conclusion of any contract we may have with you, or until we are no longer legally required to retain it, it will be reviewed and deleted, unless there is some special reason for keeping it.
YOUR RIGHTS IN RELATION TO YOUR DATA
We commit to ensure that any data we process is correct and up to date. It is your obligation to make us aware of any changes to your personal information.
In some situations, you may have the;
Right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
Right to request access. You have the right to access the data that we hold on you. To do so, you should make a subject access request.
Right to request correction. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
Right to request erasure. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
Right to object to the inclusion of any information. In situations where we are relying on a legitimate interest (or those of a third party) you have the right to object to the way we use your data.
Right to request the restriction of processing. You have the right to ask us to stop the processing of your personal information. We will stop processing the data (whilst still holding it).
Right to portability. You may transfer the data that we hold on you for your own purposes.
Right to request the transfer. You have the right to request the transfer of your personal information to another party.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
If you ask us to stop sending direct marketing communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere with such requests.
If you wish to exercise any of the rights explained above, please contact the company secretary at the address below:
MecWash Systems Ltd
64 Hundred Severn Drive
Tewkesbury Business Park
Consequences of your failure to provide personal information
If you neglect to provide certain information when requested, it may affect our ability to enter into or continue a contract with you, and it may prevent us from complying with our legal obligations.
Change of purpose for processing data
We commit to only process your personal information for the purposes for which it was collected, except where we reasonably consider that the reason for processing changes to another reason and that reason is consistent with the original basis for processing. Should we need to process personal information for another reason, we will inform you of this and advise you of the lawful basis upon which we will process.
Important note: We may process your personal information without your knowledge or consent, in compliance with the above rules (see above section - lawful basis for processing your personal information).
In the event that you enter into an employment contract with us, any information already collected may be processed further in accordance with our data protection policy, a copy of which will be provided to you.
QUESTIONS OR COMPLAINTS
Should you have any questions regarding this statement, please contact the company.
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO:
Information Commissioner’s Office