Last Updated: 20 May 2018
We are committed to protecting and respecting your privacy.
Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.
This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
For the purpose of UK data protection laws, the data controller is Sterimatic Worldwide Limited at Unit 8, Griffin Mill, London Road, Stroud, Gloucestershire GL5 2AZ.
Data protection principles
When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:
- processed lawfully, fairly and in a transparent manner,
- processed for specified, explicit and legitimate purposes,
- adequate, relevant and limited to what is necessary,
- accurate and kept up-to-date,
- kept for no longer than is necessary, and
- processed in a manner than ensures appropriate security.
Information you give to us
We may collect, use, store and transfer different kinds of personal information about you, including:
- Identity Data, such as your name, marital status, title, date of birth, gender, job title and your employer,
- Contact Data, such as your home and work addresses, personal and work email addresses and personal and work telephone numbers,
- Financial Data, such as bank account, salary and payment card details,
- Transaction Data, including details about payments to and from you, and other details of services you purchase from us,
- Technical Data, including IP addresses, your log-in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website,
- Profile Data, such as your username, password, purchases or orders made by you, your interests, preferences, feedback and survey responses,
- Usage Data, including information about how you use our website, products and services, and
- Marketing Data, such as your preferences in receiving marketing from us and our third parties, and your communication preferences.
How we collect your personal information
We may obtain personal information by directly interacting with you, such as:
- meeting with you in our offices, at events or elsewhere,
- receiving your instructions to provide a consultancy service, and in the performance of those services,
- filling in forms on our website,
- giving us your business card, • providing us with feedback,
- requesting marketing material to be sent to you, or
- corresponding with us by phone, email, letters or otherwise.
We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.
We may also collect personal information about you from third parties or publicly-available sources, such as:
- business networks with which both you and we are connected,
- analytics providers (such as Google),
- providers of technical, payment and delivery services, and
- by conducting searches of publicly-available databases or social media sites, such as Facebook, Twitter, LinkedIn.
How we use your personal information
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- we need to perform a contract we are about to enter into, or have entered into, with you,
- where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interests, or
- where we need to comply with a legal or regulatory obligation.
Purposes for which we will use your personal information
We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:
|Purposes for which we will use the information you give to us||Legal basis|
|To register you as a new customer||It will be necessary for the performance of the contract between you and us|
|To process your order/services (including managing payments)||It will be necessary for the performance of the contract between you and us (including managing payments)|
|To collect and recover money owed to us||It will be necessary for our legitimate business interests namely to ensure we receive payment|
|To notify you about changes to our terms of business or privacy notice||It will be necessary for our legitimate business interests, namely to keep you up to date|
|To send you information about Sterimatic products. This would be up-to 6 times per year and you can opt out of this.||It will be necessary for our legitimate business interests, namely to keep you up to date|
We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
What if you will not provide us with your personal information
If it is a contractual requirement for you to provide us with certain information, for example, a delivery address, we will be unable to provide you with the range of devices/equipment.
We use the following cookies:
- Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and use a shopping cart.
- Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
- Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
- Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.
Disclosure of your information
We may share your personal information with the parties set out below:
- business networks with which we are connected,
- our outsourced IT services provider, i.e. providers of our wi-fi, IT and system administration services to our business, including Dropbox, One Drive, Google Drive and other online cloud and data-room providers,
- our professional advisers (including bankers, auditors and insurers),
- our quality assurance assessors,
- HM Revenue & Customs, and the Information Commissioner’s Office
- suppliers and sub-contractors to the extent we consider it reasonably necessary for us to perform our services,
- analytics and search engine providers that assist us in the improvement and optimisation of our website
We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Where we store your personal information
All information you provide to us is stored on our secure servers in the United Kingdom, or on secure cloud-based services (For example you can view dropbox privacy statement at https://www.dropbox.com/privacy ).
We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:
- Entry controls. Access to our offices is not possible unless visitors are personally let into the building by an appropriate member of staff.
- Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
- Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
- Our internal policies require that users lock or log-off from their computer when it is unattended.
- Firewalls and encryption. We apply industry-standard firewall protection and encryption technology.
- We ensure our employees are trained in the importance of data security.
- Electronic access. All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone.
- Payment details. Where appropriate, we will send payment and banking details by secure messaging system to reduce the risk of those emails being unlawfully intercepted.
- Overseas transfers. Whenever we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Economic Area, to recipients in countries approved by the European Commission, to recipients that are party to the EU-US Privacy Shield, or by using specific contracts approved by the European Commission).
Some of the data that we collect from you may be transferred to third parties (for example, to Dropbox and other cloud providers) who will store the data at a destination outside the United Kingdom. If you are concerned about the levels of data security in those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long we will store your personal information
The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:
|Legal basis||Length of time|
|Where we use/store your data because it is necessary for the performance of the contract between you and us||We will use/store your data for as long as it’s necessary for the performance of the contract|
|Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject||We will use/store your data for as long as it is us necessary for us to comply with our legal obligations|
|Where we use/store your data because it is necessary||We will use/store your data for as long as it is for necessary for our legitimate business interests|
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
Further details relating to periods of retention and methods of destruction are set out in our standard terms of business.
You have various legal rights in relation to the information you give us, or which we collect about you, as follows:
- You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
- You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
- You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
- You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
- You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
- Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which is more important than your interests, rights and freedoms.
- Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
If you wish to exercise any of your legal rights, please contact our Office Manager, Alison Rowley, by writing to the address at the top of this policy, or by emailing Alison at email@example.com
You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information your give us, or that we collect from you.
Opting out of receiving marketing communications
You can ask us to stop sending you marketing communications at any time by contacting our Office Manager, Alison Rowley, by writing to the address at the top of this policy, or by emailing Alison at firstname.lastname@example.org.
We do not use automated decision-making processes.
Third party links
Our website may include links to third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Changes to our policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media. Please check our website frequently to see any updates or changes to our policy.
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Office Manager, Alison Rowley, by writing to the address at the top of this policy, or by emailing Alison at email@example.com