“WE” or “US” Bacharach “the Group” Bacharach “DPO” email@example.com “YOU” or “YOUR” Customer, Supplier, Employee “Authorizing body” Information Commissioner’s Office (UK) Information Commissioner’s Office (Ireland)
How We Use Your Personal Information
This document is to let you know how we will look after your personal information. This includes what you tell us about yourself, what we learn about you and information received by others. This document explains how we do this, tells you about your privacy rights and how the law protects you. It is subject to continual review. Your information will be held by us, and we will:
- Keep your data safe and private.
- Not sell your data.
How the Law Protects You
We are allowed to use personal information so long as there is a proper reason to do so. This includes sharing it with others. Valid reasons include:
- To fulfil a contract with you.
- When it is a legal duty.
- When it is in the legitimate interest.
- When you consent to it.
A legitimate interest is when there is a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. If based on a legitimate interest, we will tell you what that is. We may use your personal information for the following:
Use of your Personal Information Our Reasons Our Legitimate Interests To obey laws and regulations that apply to us Our legal duty Complying with regulations Quotes, orders, invoicing Fulfilling contracts To provide our services to you, and to keep our records current Respond to complaints and seek to resolve them Customer satisfaction To provide our services to you Manage risk for us and our customers Fulfilling contracts Comply with regulations, provide services to you, employee management Contact you with information on products and services Business growth, fulfilling contracts To provide our services to you Develop new products and services Continual improvement To provide our services to you Manage our suppliers Fulfilling contracts To provide our services to you, and keep our records current Manage our employees Our legal duty, employee satisfaction Comply with regulations, employee satisfaction
If you Choose not to Give Us Personal Information
We may need to collect personal information by law, or under the terms of a contract with you. If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot perform services expected by you. Any data collection that is optional would be made clear at the point of collection.
Groups of Personal Information
We use many different kinds of personal information. They are grouped as below. Some may not apply to you.
Type of Personal Information Description Behavioral How you interact with others whilst employed by us or using company property (employees only). Communications What we learn about you from emails, conversations and direct contact. Consents Any permissions, consents or preferences that you give us. Contact Where you live and how to contact you or next of kin. Contractual What we expect from you and you expect from us. Documentary Data Details about you that are stored in documents in different formats, or copies of them, e.g. passport or driver’s license (where applicable). Financial Account details, wages, pension, expenses (where applicable). National Identifier A number or code given to you by a government to identify who you are. Open Data and Public Records Details about you that are in public records and information about you that is openly available, e.g. on the internet. Social Relationships Next of kin and other relationships. Special types of data The law and other regulations treat some personal information as special. We will only collect and use these types of data if the law requires us to do so:
- Racial or ethnic origin
- Religious or philosophical beliefs
- Genetic and bio-metric data
- Health data, including gender
- Criminal convictions and offenses
Technical Details on our devices and technology you use.
Where We Collect Personal Information From
We may collect personal information about you from various sources:
- Data you give us
- When you use our networks, including websites and email
- When you use our mobile devices
- Information gained from social media, public sources or government / law enforcement agencies
- Customer feedback
- Our employees
Who We Share Your Personal Information With
We may share your personal information with:
- Government / law enforcement agencies, regulators and other authorities
- Companies within the Group, or that the Group has a joint venture or agreement to co-operate with
- Organizations that introduce you to us
- Companies that we introduce you to
- Companies you ask us to share your data with
- The Group may choose to sell, transfer, or merge parts of its business, or assets. The Group may also seek to acquire other businesses or merge with them. During any such process, the Group may share your data with other parties. The Group will only do this if they agree to keep your data safe and private.
- If a change to the Group happens, then other parties may use your data in the same way as set out in this notice
Sending Data as Part of our Global Operation
We are a global operation, and will only share information to countries outside of where you live to:
- Follow your instructions
- Comply with a legal duty
- Enable other sections of the Group to manage the Group
If we do transfer information outside your country, we will make sure that it is protected in the same way as if it was being used in your own. We will use at least one of these safeguards:
- Transfer it to a country with privacy laws that give the same protection as your own
- Put in place a contract with the recipient that means they must protect it to the same standards as your own
- Transfer it to organizations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EU.
How Long We Will Keep Your Personal Information
Personal information relating to persons not employed by us will be kept for the period required to fulfill contractual obligations and as long as there is a proper reason to retain it. The methods for review, alteration, correction or consent removal are described in sections 10 – 14. Our employees’ personal information will be kept for as long as they are employed by us. After employment ends with us, your data may be kept for up to 5 years, or longer if legally obligated to do so for one of these reasons:
- To respond to any questions or complaints
- To show that you were treated fairly
- To maintain records according to regulations that apply to your employment
How to Get a Copy of your Personal Information
You can access your personal information by emailing your request to the DPO. You have the right to get your personal information from us in a format that can be easily re-used. You can also ask us to pass on your personal information in this format to other organizations.
Letting Us Know if your Personal Information is Incorrect
You have the right to question any personal information we have about you that you think is wrong or incomplete. Please contact the DPO if you wish to do this. If you do, we will take reasonable steps to check its accuracy and correct it.
Stopping Us Using your Personal Information
This is often called the right to ‘be forgotten‘, ‘erasure‘, or ‘object‘. You have the right to:
- Object to us using your personal information
- Ask us to delete, remove, or stop using your personal information if there is no need to keep it
There may be legal or other official reasons why your data is held. But please tell us if you think that we should not be using it. We may sometimes be able to restrict the use of your data. This means that it can only be used for certain things, such as legal claims or to exercise legal rights. In this situation, we will not use or share your information in other ways while it is restricted. You can ask us to restrict the use of your personal information if:
- It is not accurate
- It is no longer relevant, but you want us to keep it for use in legal claims
- You have already asked us to stop using your data, but you are waiting for a response to tell you if we are allowed to continue using it
If you want to object to how we use your data, or wish to ask us to delete it or restrict its use, please contact the DPO.
How to Withdraw your Consent
You can withdraw your consent at any time. Please contact the DPO if you wish to do so. If you withdraw your consent, we may not be able to provide certain services to you. If this is so, we will tell you.
How to Complain
If you are unhappy with how your personal information has been used, you should contact the DPO. You also have the right to complain to the authorizing body.