1.1.The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which is updating data protection law and aims to harmonize data protection legislation across EU member states, enhancing privacy rights for data subjects (individuals) and providing a strict framework within which commercial organizations can legally operate. GDPR comes into force across the European Union on 25th May 2018. Through this privacy notice we intent to notify you, how we comply with the requirements of the new law.
1.2. Personal data is information about a living person, that means we can work out who they are such as name, address, telephone number, date of birth, bank details and others. This can include:
1.2.1. Written letters,
1.2.4. Audio recordings and
1.2.5. Video recordings.
1.3. Some data is called special category data which is more sensitive, and we have to look after it more carefully. This includes:
1.3.1. details of ethnic origin,
1.3.2. religious beliefs,
1.3.3. sexual orientation,
1.3.4. trade union membership,
1.3.5. health data,
1.3.6. biometric (e.g. fingerprints, facial recognition) and
1.3.7. genetic (e.g. DNA) data.
2. The data controller and the data protection officer
2.1. The data controller is Clifton Packaging Group Ltd. with registered office at Meridian Business Park, Centurion way. Leicester UK. the data protection officer is will be company’s Human Resource Officer The data subject may contact the Data Protection Officer and the company, regarding any data protection issues at the email address firstname.lastname@example.org or email@example.com or phone 01162893355
3. Your data we may hold
3.1. your personal details such as your name or address, telephone number, date of birth, bank details etc. This can include written letters, emails, photographs, audio recordings and video recordings
3.2. details of the communication we’ve had with you relating to the delivery or proposed delivery of a product or service
3.3. details of any product or services you’ve received from us
3.4. our correspondence and communications with you
3.5. information about any complaints you make
3.6. any questions you ask us
3.7. information we receive from other sources. This could be publicly available information, information provided on your reference.
4. How we use your personal data
4.1. We may use your personal data:
4.1.1. to help us to deliver the goods or services to you as per the contact between you and Clifton packaging Group ltd. This might include processing your personal data if you’re an employee, subcontractor, supplier or customer of ours
4.1.2. for the purposes of our own interests, provided our interests don’t override any of your own interests, rights and freedoms which require the protection of your personal data. These interests might include marketing, business development, statistical and management purposes
4.1.3. for certain additional purposes with your consent. Please be aware of the fact that, when we ask your consent and you provide it, you have the right to withdraw this consent at any time.
4.1.4. to get in touch with you by post, email or telephone
4.1.5. to verify your identity where we need to
4.1.6. to understand what you need and how we can achieve this
4.1.7. to maintain our records in accordance with legal and regulatory or obligations and to implement and maintain the IMS standards
4.1.8. to process financial transactions
4.1.9. to provide you with information on our products and services,
4.1.10. to ask you your thoughts and opinions on the products and services we provide
4.1.11. to let you know about any changes to our products and services
4.1.12. to prevent and detect crime, fraud and corruption.
4.2. We might use your personal data for more than one of the above purposes at the same time.
5. Period of retention of your personal data
5.1. We will not keep your personal data for longer than is necessary for the purpose. the decision on the retention of the personal data will be based on the
5.1.1. the requirements of our business and the services we provide
5.1.2. any statutory or legal obligations
5.1.3. the reason why we originally collected the personal data
5.1.4. the lawful grounds on which we base our processing
5.1.5. the types of personal data we’ve collected
5.1.6. the amount and categories of your personal data
5.1.7. whether the purpose of the processing could reasonably be fulfilled in other ways.
5.1.8. We’ll keep your data for six years – even if we stop working with you
Who can access to your personal data
6.1. We won’t sell or rent your information to third parties.
6.2. We won’t share your information with third parties for marketing purposes.
6.3. Anyone who has access to your information will fully abide by the duty of confidentiality and they will comply with the requirements of the GDPR
7. Service Providers working for us or on our behalf
7.1. In some cases, we use service providers, agents or contractors to provide professional advice or services to Clifton or on our behalf
7.2. Whenever we use service providers, agents or contractors, we disclose only the personal information that’s necessary to deliver the service they provide. They will be obliged to comply with the requirements of the GDPR.
7.3. The service providers, agents or contractors are required to take reasonable and appropriate security measures to protect your personal data.
7.4. Apart from the above service providers, we’ll not release your information to other third parties unless you’ve requested that we do so, or we’re required to do so by law or a binding obligation.
8. Security measures to protect your personal data
8.1. We have put security measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way. We also limit access to your personal data to those employees, agents, contractors and service providers, who have a business need to know. They will only process your personal data on our instructions and they’re subject to a duty of confidentiality.
8.2. We’ve put procedures in place to deal with any suspected data security breaches. If this happens, we’ll notify you and any applicable regulator of a suspected breach where we’re legally required to do so.
8.3. Your data will usually be processed in our offices at Meridian Business Park, Centurion way. Leicester UK.
8.4. In a situation we may have to share your information outside European Economic Area (EEA). This will be via the insertion of the data into databases managed by the company. The management of the databases and the processing of the data therein will be in compliance with the purposes for which the information was collected, and such activities shall be carried out in strict compliance with the applicable laws on the protection of personal data. These measures may include agreements based on standard contractual clauses for the transfer of data outside the EEA, as approved by the European Commission, among other methods
9. Your duty to inform us of changes in your personal data
9.1. It is important that the personal data we hold about you is accurate and current. So, if it changes, please inform us as soon as the change happens so that we can update your data in our system
10. Your rights under GDPR
10.1.1. Ask for access to your personal data. You can have access to all the personal data we hold about you and you can check that we are processing it lawfully
10.1.2. Ask us to correct the personal data that we hold about you
10.1.3. Ask us to delete your personal data. This means we will remove personal data where there is no good reason for us to continue to process it. You also have the right to ask us to delete or remove your personal data where you have objected to us processing it
10.1.4. Object to us processing your personal data where we are relying on a legitimate interest of ours or a third party, and you have a situation which makes you want to object to us processing your data.
10.1.5. Ask for the restriction of the processing of your personal data. This means you can ask us to suspend the processing of personal data about you
10.1.6. Ask for the transfer of your personal data to you or another data controller.
10.1.7. If you wish to exercise any of these rights, please get in touch with us.
10.1.8. You do not have to pay any fee to access your personal data, however, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. We may even decline to comply with the request in such circumstances.
10.1.9. To prevent your personal information being disclosed to anyone who has not got the right to receive it, when you exercise your right to access the information or to exercise any of your other rights under GDPR, to confirm your identity, we may request specific information from you.
11. Your right to withdraw your consent
11.1. You have the right to withdraw your consent for us to collect, process and transfer your data at any time. This applies to specific circumstances too, where you might have provided your consent. To withdraw your consent, please get in touch with us using the contact details provided above.
11.2. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to. That is unless we have another legitimate basis for doing so.
12. Making a complaint
13. The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO
Our postal address is:
Meridian Business Park,
Our email address is: firstname.lastname@example.org