Privacy Policy

An easy printable, downloadable version is available here

SCUTES Limited

 

Units 7-8 

Vauxhall Industrial Estate

Ruabon

LL14 6HA

 

01691 674074

info@scutes.co.uk

www.scutes.co.uk

 

 

 

DATA PRIVACY

POLICY

 

Author: Nicolle Elizabeth Evans

Date: 21st April 2020

 

 

CONTENTS

 

Page 3.           What Is GDPR?

 

Page 4.           Information Audit

                                    What Information Do We Collect?

                                    How Do We Collect It?

                                    Why Do We Collect It?

                                    How Do We Use It?

                                    Legal Bases

 

Page 10.         Removing, Updating, Restricting, or Obtaining Your Personal Data

 

Page 10.         Disposal of Personal Data

 

Page 11.         CCTV

 

Page 12.         Marketing

 

Page 13.         Contact Us

 

 

 

 

 

WHAT IS GDPR?

 

The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018 and in the UK will replace the previous Data Protection Act (1998). It describes how organisations must collect, handle, and store personal data[1].

 

  1. a) processed lawfully, fairly and in a transparent manner in relation to individuals;

 

  1. b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;

 

  1. c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;

 

  1. d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;

 

  1. e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

 

  1. f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

 

It also states[2]:

 

“the controller [SCUTES Limited] shall be responsible for, and be able to demonstrate, compliance with the principles.”

 

INFORMATION AUDIT

 

SCUTES AS A CONTROLLER

 

SEAT COVER CUSTOMERS

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name, Email Address, Delivery Address, Billing Address, Phone Number

From you over Email

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party shipping company.

Contract

Name, Delivery Address, Billing Address, Phone Number

From you over Facebook

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party shipping company.

Contract

Name, Phone Number, Delivery Address, Billing Address, Bank Details

From you over the phone or face-to-face

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party shipping company.

Contract

Name, Delivery Address, Email Address, Phone Number

PayPal

To ensure that goods have been paid for.

This information is processed through our database to create an invoice.

Legitimate Interest

Name, Phone Number, Delivery Address, Email Address, Billing Address

Online Sales

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party shipping company.

Contract

Name, Phone Number, Billing Address, Email Address

Cardsave

To ensure that goods have been paid for.

This information is processed through our database to create an invoice.

Legitimate Interest

Name, Email Address

Website

To send you review request emails of the products you purchased.

To send you review request emails of the products you purchased.

Legitimate Interest

 

 

 

SCUTES AS A CONTROLLER

 

RUBBER MAT CUSTOMERS

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name, Email Address, Delivery Address, Billing Address, Phone Number

From you over Email

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company.

Contract

Name, Delivery Address, Billing Address, Phone Number

From you over Facebook

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company.

Contract

Name, Phone Number, Delivery Address, Billing Address, Bank Details

From you over the phone or face-to-face

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company.

Contract

Name, Delivery Address, Email Address, Phone Number

PayPal

To ensure that goods have been paid for.

This information is processed through our database to create an invoice.

Legitimate Interest

Name, Phone Number, Delivery Address, Email Address, Billing Address

Online Sales

To enter into and perform our contract with you.

This information is processed through our database and shared with an authorised third-party rubber mats distributer & shipping company.

Contract

Name, Phone Number, Billing Address, Email Address

Cardsave

To ensure that goods have been paid for.

This information is processed through our database to create an invoice.

Legitimate Interest

Name, Email Address

Website

To send you review request emails of the products you purchased.

To send you review request emails of the products you purchased.

Legitimate Interest

 

 

SCUTES AS A CONTROLLER

 

ABANDONED CHECKOUT CUSTOMERS

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name, Phone Number, Delivery Address, Email Address, Billing Address

Shopify

To remind you of goods that weren't purchased at time of checkout.

To send an email regarding your potential purchase.

Legitimate Interest

 

 

 

 

 

NON-CUSTOMERS

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name

From you on Facebook

To identify who we are talking to.

To discuss any enquires you may have contacted us about.

Legitimate Interest

Name, Email Address, Phone Number

From you over Email or Phone

To identify who we are talking to and a method to contact you back if necessary.

To discuss any enquires you may have contacted us about.

Legitimate Interest

Name, Email Address, Delivery Address

From you from subscription forms for marketing emails

To identify who you are when we send you marketing emails.

To send marketing emails regarding the company and products.

Consent

 

 

 

 

 

AFTER SALES

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name, Email Address, Delivery Address

From you when you consent to marketing emails

To be able to send you marketing emails.

To send you marketing emails

Consent

 

 

SCUTES AS A CONTROLLER

 

TRADE CUSTOMERS

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name(s), Email Address(es), Company Address, Phone Number(s), Company Number, VAT Numbers, Authorisation Letter

Trade Application Form

To enter into and perform our contract with you.

This information is processed through our database to create an account.

Contract

Name, Email Address, Delivery Address

From you over phone or email

To enter into and perform our contract with you.

This information is processed through our database to create an order and shared with an authorised third-party shipping company and/or our authorised rubber mat distributor (if required).

Contract

Name(s), Email Address(es), Company Address, Phone Number(s), Company Number, VAT Numbers, Authorisation Letter,

Order Information, Historical Payment Information, Account Information

From our database

To perform our contract with you.

To share to debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.

 

Legitimate Interest

 

 

 

 

 

SCUTES AS A PROCESSOR

 

DROPSHIP ORDER

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name, Email Address, Delivery Address, Billing Address, Phone Number

From our trade customers

To act as a processor to complete an order from our trade customers

This information is processed through our database to create an order and shared with an authorised third-party shipping company and/or our authorised rubber mat distributor (if required).

Contract

 

 

SCUTES AS A CONTROLLER

 

EMPLOYEES & POTENTIAL EMPLOYEES

Information We Collect

How Do We Collect It?

Why Do We Collect It?

How Do We Use It?

Legal Bases

Name, Address, Phone Number(s)

From you

To enter into and perform our contract with you

May be passed to a third-party engineer when home maintenance visits are required and/or suppliers when supplies are ordered for direct delivery.

Legitimate Interest

Bank/Building Society Details, NI number, Tax Information, Date of Birth, Student Debt, Passport/Work Permit, Nationality, Sex, Marital Status

From you

To perform our contract with you

To ensure we comply with current regulations. Information is shared with Payroll, HMRC, Nest Pension Scheme, & any other legal entities that we are required to by law.

Contract

Information about your sickness and absence records (including, but not limited to, information relating to your physical and or mental health)

From you and/or your doctor

To comply with legal obligations. For monitoring purposes.

To maintain employment records. To administer sick pay entitlement

Legitimate Interest

Information on grievances/conduct issues raised by, or involving you

From you, from complainants, from witnesses, and from other members of staff, CCTV

To comply with legal obligations. To protect you and other staff members.

For employee administration. To deal with grievances

Legitimate Interest

Details of your appraisals, performance reviews, improvement plans, details of your time and attendance and work output

From you, your boss, and other employees you work with, CCTV

To perform our contract with you

For staff administration and assessment monitoring. For bonus and overtime payments.

Contract

Your use of our IT, communication, and other systems.

From computers

To monitor/manage staff access to our systems. To ensure that our policies are adhered to.

For staff administration and network security.

Legitimate Interest

Details in references about you

From you, from people you have stated we can contact

To enter into contract with you

To enable us to confirm your details before we enter into a contract with yourselves

Legitimate Interest

 

 

We will keep your personal data for the purposes set out in this data privacy policy and only for as long as any legal basis continues to apply. Below is a non-exhaustive list of some of the reasons we need to retain your personal data:

 

  • Compliance with the requirements of the Financial Conduct Authority
  • Compliance with Anti Money Laundering Regulations
  • Reporting obligations to the Credit Reference Agencies
  • Ensuring we have relevant information in the event of any queries or complaints
  • Being able to identify if you have purchased a product which is subject to a product recall
  • Being able to service any product or service guarantee you have purchased
  • To assist with the establishment, exercise or defence of legal claims

 

The length of time we need to keep the personal data will vary depending on the nature of the personal data and the reason we are obliged to hold it.

 

We may transfer your personal data to the following third parties:

 

  • Technology service providers – our partners who provide IT and website services.

 

  • Telephone providers – our partners who provide telephone services and functionality.

 

  • Delivery companies – our couriers, parcel firms and mail firms who deliver your goods or services and manage any returns on our behalf.

 

  • Marketing service providers – our partners who work with us to make sure we send your information about products, services and special offers that are of interest to you.

 

  • Debt collectors, tracing agencies, debt purchasers or organisations providing debt support – our partners who help us to recover debts, who purchase debts or who offer debt advice and support.

 

  • Regulators and other governmental agencies or law enforcement agencies.

 

  • Organisations who may be interested in purchasing our business or organisations who we may be interested in purchasing - we may sell parts of our business or acquire other businesses and your personal data may be shared with such third parties as part of this process.

 

 

 

REMOVING, UPDATING, RESTRICTING, OR OBTAINING YOUR PERSONAL DATA

 

You have the right to:

  • Ask what information we have about you, and why.
  • Ask how to gain access to that information.
  • Ask for that information to be deleted/removed, updated, or restricted.
  • Ask to move, copy, or transfer the information from our IT environment to another

 

These requests can be made via post or email. You can phone to request a form to be sent via post or email. This is to ensure that all requests are made in writing and can be documented.

Requests will be reviewed and answered within one calendar month. No reasonable requests will be denied.

Identities will be verified before information is handed out.

Information can be given formally in writing, or informally over the phone – whichever you prefer.

Deletion/removal request within reasonable grounds will be accepted providing we are not required by law to keep them.

It is important that the personal information we hold about you is correct and current.  Please keep us informed if your information changes during your contract with us.

 

 

DISPOSAL OF YOUR PERSONAL DATA

When it comes to disposing of your personal data we do so in a secure way. All printed and written documentation including any personal details are shredded before disposal. All emails and electronic forms of personal data are deleted at all instances of storage.

 

 

 

CCTV

 

We use “Closed Circuit Television” CCTV to monitor our property for the prevention of crime.

 

The live screens of the four cameras we have around the property are in a secure office and can only be monitored off-site by the authorised person using a business phone.

 

The only time this information is shared is in the event of a crime or work related issue. This information may be shared with staff where work grievances and work time issues need to be dealt with. It may also be handed over to the police until they are finished with it and it is disposed of by them.

 

The CCTV has only one authorised user who is fully trained in its use and security.

 

Recordings are only kept for 30 days before they are automatically overwritten on the system.

 

Our CCTV system uses high quality, clear imagery.

 

CCTV cannot be accessed by anyone other than the authorised user bar the live video showing in the secure office.

 

The ability to view anything beyond the live video within the office has been locked with a password and only the authorised user can use it.

 

The footage is only stored in one place unless the police request footage where it is supplied on a separate USB stick.

 

 

MARKETING

 

On our website we offer positive opt-in pop-up forms for our marketing newsletter. This information provided here will only be used in the way you signed up for it to be used; in this instance our marketing email.

 

On our website we offer a positive opt-in tick box to receive our marketing newsletter and a request to review the product you are purchasing. This information provided here will only be used in the way you signed up for it to be used; in this instance our marketing email and an email requesting a product review.

 

If your preferences ever change for any reason please let us know by emailing info@scutes.co.uk or by phoning 01691 674074

 

 

CONTACT US

 

If you have any queries about anything in the policy, or anything else, then please feel free to contact us.

 

We are contactable by post, email, or phone.

 

SCUTES Limited

Units 7-8 

Vauxhall Industrial Estate

Ruabon

LL14 6HA

 

01691 674074

info@scutes.co.uk

www.scutes.co.uk

 

 

[1] Official Journal of the European Union – Page 35-36 – http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

[2] Official Journal of the European Union – Page 36 –http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN