Sash UK is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use information about individuals and companies during and after your contractual relationship with us, in accordance with the General Data Protection Regulation (GDPR).
Sash UK is a data controller and a data processor. This means that we are responsible for deciding how we hold and use information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice.
It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing information about individuals and companies, so that you are aware of how and why we are using such information.
The following paragraphs outline our commitment to you and how we intend to comply with GDPR, effective from 25th May 2018.
The kind of information we hold about you
We hold contact information, such as first name, surname, job title, work email address and work phone number. This information may identify you as an individual but will only be the contact information in relation to your business activity and will not include any private information. We will store and use only the information that you have supplied to us for use in your professional capacity.
Why do we require the information we hold about you and how will we use it?
Main contact – we require a main point of contact so that we can stay in touch with you regarding your account with us, any changes to our product offering and product updates. It is very important that you let us know if your main contact changes so that we can keep our data up-to- date.
Finance contacts – we require an invoicing contact so that we can administer the financial part of your account. If you have given us contact details of your Financial Director or other finance department contacts, we store these in the same way and will use them only if required to contact you regarding financial matters. It is not necessary to send us identifiable information, the email can be a generic departmental address.
Managerial team contacts – if you have given us information about Directors or Managers in your organisation, we store these and may use them to contact the organisation in the event that we cannot get hold of the main contact person.
What about marketing Emails?
We send out emails designed to keep you informed of developments at Sash UK, events we are attending, our own events, our public relations and marketing activities and any other news that may be of benefit to you.
The mailing list for this information contains the same contact details that you have supplied to us. Every email contains an Unsubscribe option so that you can remove yourself from this list at any time if you should decide in the future that you no longer want to receive this information.
How do we collect this information?
At the time that you create an account with Sash UK , we ask you to supply us with the contact information for all required contacts and also for any additional contacts you would like to add to the list.
The only stipulation is that we require a main contact and a finance contact as a minimum so that we can administer your contract.
Who will we share your information with?
We may have to share your data with third parties, including third party service providers and other entities in the group. We require third parties to respect the security of your data and to treat it in accordance with the law. We may transfer your personal information outside the EU. If we do, you can expect a similar degree of protection in respect of your personal information.
We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation.
How secure is my information with third party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies.
We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, in accordance with GDPR guidelines. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a legitimate business need. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures are available upon request.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
We may, from time to time, use electronic decision-making to ensure that our communications are sent to the right people. For example, we may select only manufacturers of one type of product from our mailing list.
These decisions are not made in a way that includes any personal information. It is limited to company and product information.
We keep all required information as long as your account is current with us. We endeavour to keep this information up-to-date.
When the contract ends, we will remove any contact information that we will not require in the future, but we may need to keep some contact details for financial and legal purposes. This information will be kept only as long as is required.
If a staff member leaves the organisation, they can request that their information be removed from our system, unless we are required to retain it for legal or financial audit reasons.
Change of purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your information changes during your working relationship with us.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the Sash UK, Ferrymoor Way, Park Springs, Grimethorpe, Barnsley, S72 7BN.
No fee usually required – You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you – We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent – In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact the Data Officer at Sash UK, Ferrymoor Way, Park Springs, Grimethorpe, Barnsley, S72 7BN. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
Data protection officer
We have appointed a data protection officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact the Data Protection officer in writing at: Sash UK, Ferrymoor Way, Park Springs, Grimethorpe, Barnsley, S72 7BN. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice, please contact Data Protection officer in writing at: Sash UK, Ferrymoor Way, Park Springs, Grimethorpe, Barnsley, S72 7BN.