1 – IMPORTANT NOTICE
1.1 This is the Privacy Notice of Cannon Hygiene Limited whose registered office is at Riverbank, Meadows Business Park, Camberley GU17 9AB (“we”, “us” or “our”) and sets out how we collect and process your personal data. This Privacy Notice also provides certain information that is legally required and lists your rights in relation to your personal data.
1.2 This Privacy Notice relates to personal information that identifies “you” where you are a customer or potential customer, an individual who browses our website or an individual outside our organisation with whom we interact. If you are an employee, supplier or otherwise engaged in work for us or applying to work for us, a separate privacy notice or data processing agreement applies to you instead.
1.3 We refer to this information throughout this Privacy Notice as “personal data” and section 3 sets out further detail of what this includes.
1.4 Please read this Privacy Notice to understand how we may use your personal data.
1.5 This Privacy Notice may vary from time to time so please check it regularly.
2 – HOW TO CONTACT US
2.1 Data controller and contact details
2.1.1 For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice.
2.1.2 If you need to contact us in connection with our processing of your personal data, you can contact us in the following ways:
(a) via our Customer Contact Centre or your account manager, details of which you will find on your contract with us or on our website; or
(b) you can contact the Data Protection Officer directly using the details at paragraph 2.2 of this notice.
2.2 Data Protection Officer
You can contact our Data Protection Officer:
(a) by email at: firstname.lastname@example.org
(b) by post to: Data Protection Officer, Cannon Hygiene Limited, Northgate House, White Lund Industrial Estate, Morecambe. LA3 3BJ.
3 – CATEGORIES AND TYPES OF PERSONAL DATA WE COLLECT AND WHERE WE COLLECT IT FROM
3.1 Personal data is any data which enables us to identify you, either directly or indirectly, such as your name, address, telephone number, email address or the ip address of your computer.
3.2 The categories and types of personal data about you that we may collect are:
3.2.1 when you make an enquiry with us or visit our website:
(a) personal data, such as your name, address, telephone number and computer ip address you provide or that is recorded when you write to us, email or call us;
(b) personal data that you enter via our website or portal such as MyCannonHygiene, LivePerson or contact forms, including the contact details you supply when establishing a profile on our website;
(d) details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data.
3.2.2 in relation to the services we provide:
(a) personal data that you provide in the course of instructing us to carry out the services requested from us, such as your name, address, telephone number and email details;
(b) personal data that, in the case of a business relationship, your employer provides about you in the course of instructing us to carry out the services requested from us, such as your name and contact details as a representative of the business;
(c) personal data, such as your name and financial position, from credit reference agencies;
(d) personal data from tracing agents in the event you fail to pay any invoice by the due date and we are unable to locate you using the contact details you have provided us with;
(e) personal data in the form of images or video footage that is taken at one of our locations or at your location if required for us to effectively carry out or assess the services you have requested from us;
(f) personal data you provide if you complete customer care surveys from us.
3.2.3 in order to develop, personalise or promote our products and services:
(a) personal data obtained directly from you, such as your name and contact details and preferences relating to particular services and / or products;
(b) personal data, such as contact details, your interests and preferences and professional activity obtained from public or social media sources, such as LinkedIn, Facebook and Twitter;
(c) personal data gathered from data brokers who have sought your consent to share your personal data with us for the purposes of direct marketing, such as your name, postal and / or email address and professional activity;
(d) personal data you provide such as your name and email address, if you enter into a competition, promotion or prize draw;
(f) details of your visits to our websites including but not limited to traffic data, location data, weblogs and other communication data.
3.3 We may also create personal data about you if you, for example, contact us by telephone to make a complaint about our services or goods, then we may make a written record of key details of the conversation so that we can take steps to address the complaint. This may include obtaining data concerning health. Data concerning health is considered a “Special Category of Data” and this Privacy Notice specifically sets out how we may process these types of personal data at paragraph 4.1.2.
4 – HOW WE USE YOUR PERSONAL DATA & OUR BASIS FOR USING IT
4.1 Where we are relying on a basis other than consent
4.1.1 We will only process your personal data using one of more of the following lawful bases permitted under data protection legislation. The table below also sets out the linked purposes for which
|Purposes for which we process your personal data||The basis on which we can do this (this is what the law allows)|
In order to perform our contractual obligations to you.
The processing is necessary in connection with any contract that you may enter into with us.
In order to comply with our own legal obligations, e.g. health and safety or tax legislation.
The processing is necessary for us to comply with the law.
In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident and we have to give your personal details to medical personnel).
The processing is necessary in order to protect the vital interests of an individual.
In order to operate our business, but otherwise than in performing our contractual obligations to you, for example:
We have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights or freedoms.
This includes our legitimate interest in:
4.1.2 In addition, in a limited number of circumstances we may lawfully process Special Categories of Data in certain ways. We set these out below along with the legal bases on which we process these Special Categories of Data:
Purposes for which we process your personal data
The bases on which we can do this (this is what the law allows)
In order for us to respond to any claim or potential claim by you involving personal injury or a health issue.
We have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights or freedoms. Our legitimate interest is:
The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
4.2 Where we rely on consent
4.2.1 We would like to use your personal data for a variety of different purposes. For some of these purposes it may be appropriate for us to obtain your prior consent. These circumstances are as follows:
(a) where, in the handling of a complaint, we collect Special Categories of Data relating to health;
(b) where we may process a child’s personal data, we will ask for evidence of the consent;
(c) where we would like to use photos or images taken of you in promotional materials;
(d) where we or our carefully selected third parties have new products and services which we think you will be interested in.
4.2.2 The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
4.2.3 You may at any time withdraw the specific consent you give to process your personal data where we are relying on your consent. Please contact us using the contact details set out in section 2. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes. We will tell you if this is the case.
5 – WHO RECEIVES YOUR PERSONAL DATA
5.1 We may disclose your personal data to:
5.1.1 our group companies and affiliates who may process data on our behalf to enable us to carry out or improve our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
5.1.2 third party data processors (such as Google) to enable us to carry out or improve our usual business practices. We have contracts in place with our data processors, which means that they cannot do anything with your personal information unless we have instructed them to do it and they must hold your data securely and retain it only for the period we instruct;
5.1.3 legal and regulatory authorities who request your personal data or to report any potential or actual breach of applicable law or regulation;
5.1.4 external professional advisers such as accountants, auditors and lawyers, provided that they are under duties of confidentiality;
5.1.5 law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
5.1.6 third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
5.1.7 third parties which are considering or have decided to buy some or all of our assets or shares (including in the event of a reorganisation, dissolution or liquidation); and
5.1.8 third parties operating plugins or content (such as Facebook, Twitter, LinkedIn) on our website which you choose to interact with.
6 – INTERNATIONAL TRANSFERS OF PERSONAL DATA
6.1 It is possible that personal data we collect from you may be transferred, stored and/or processed outside the European Economic Area, specifically the United States.
6.2 In connection with such transfers:
6.2.1 the relevant safeguard in place is the standard data protection contractual clauses between us and the recipient; or
6.2.2 this is made on the basis of an adequacy decision, namely:
(a) the Privacy Shield for transfers to the US; or
(b) the European Commission has decided that the relevant non-EU country ensures an adequate level of protection.
7 – HOW LONG WILL WE STORE YOUR PERSONAL DATA FOR
7.1 We will store your personal data for the time period which is appropriate in accordance with our data retention policy. The length of time set out in our retention policy is determined by one or more of the following criteria:
7.1.1 we are required to retain your personal data in order to comply with any legal requirements, such as under trade law, tax law or competition law;
7.1.2 where retention of your personal data is necessary to facilitate and support the original purpose for processing your personal data;
7.1.3 protection against any potential claims arising from the original purpose of processing; or
7.1.4 where we rely upon your consent to process your personal data and you continue to consent to the processing.
7.2 If you would like details about how long we hold your data, please contact us using the contact details set out in section 2.
7.3 We keep the length of time that we hold your personal data for under review. These reviews take place annually.
8 – CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
8.1 In certain circumstances the provision of personal data by you is a requirement:
8.1.1 to comply with the law or a contract; or
8.1.2 necessary to enter into a contract.
8.2 It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If however you do not provide your personal data then we may be unable to perform all or some of the services you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you because we rely on the personal data you provide in order to do so. Please see our terms and conditions for further details.
9 – YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
9.1 Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see section 4.2.3), you may have a number of rights in connection with the processing of your personal data, including:
9.1.1 the right to request access to your personal data that we process or control;
9.1.2 the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
9.1.3 the right to request, on legitimate grounds as specified in law:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
9.1.4 the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
9.1.5 the right to receive your personal data in a structured, commonly used and machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
9.1.6 the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body. Please see https://ico.org.uk/concerns/ for how to do this.
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in section 2.