RS Safety Solutions – Customer Privacy Notice
Why should You read this document?
During the course of dealing with us, we will ask You to provide us with personal information relating to Your employees, and other persons under the control of or linked to Your organisation (You/Your), to whom we supply goods or services (Your Personal Data), in order to fulfil the contractual and/or legal obligations agreed with You. This document is important as it allows us to explain to You what we will need to do with Your Personal Data, and the various rights You have in relation to Your Personal Data.
What do we mean by “Your Personal Data”?
Your Personal Data means any information that describes or relates to Your personal circumstances.
Your Personal Data may identify You directly, for example Your name, address, date of birth, National Insurance number, Clock card number. Your Personal Data may also identify You indirectly, for example, Your employment, the goods and services issued to You.
In the context of providing You with the supply of Personal Protective Equipment (PPE), Workwear, and other goods and services, Your Personal Data may include:
• Title, names, date of birth, gender, nationality, contact details, addresses and documents that are necessary to verify Your identity, in analogue and/or digital format
• Employment details including job title/status, and employment ID including clock card number and/or Department/Cost centre or other identification supplied by You
• Records of PPE and other goods or services issued to You as part of the supply agreement with You
Examples of Your Personal Data that we may hold from time to time, and the way in which this data is handled by us, are listed in Appendix A. This list is non-exhaustive, and may change without further notice, and will vary according to your contractual requirements.
The basis upon which our organisation will deal with Your Personal Data
When we speak with You about Your requirements we do so on the basis that both parties are entering a contract for the supply of goods and/or services.
In order to perform that contract, and to arrange the products You require, we have the right to use Your Personal Data for the purposes detailed below.
Alternatively, either in the course of initial discussions with You or when the contract between us has come to an end for whatever reason, we have the right to use Your Personal Data provided it is in our legitimate business interest to do so and Your rights are not affected. For example, we may need to respond to requests from You or Your advisers relating to the goods or services we have supplied to You, or to make contact with You to seek feedback on the service You received.
On occasion, we will use Your Personal data for contractual responsibilities we may owe our certification body or for wider compliance with any legal or regulatory obligation to which we might be subject. In such circumstances, we would be processing Your Personal Data in order to meet a legal, compliance or other regulatory obligation to which we are subject.
The basis upon which we will process certain parts of Your Personal Data
We do not currently envisage circumstances under which we will ask You information about Your ethnic origin, Your health and medical history (Your Special Data). If this situation changes, we will update our Customer Privacy Notice accordingly and in agreement with You.
How do we collect Your Personal Data?
We will collect and record Your Personal Data from a variety of sources, but mainly directly from You. You will usually provide information during the course of our commercial transactions following
initial meetings or conversations with You to establish Your circumstances and needs and preferences in relation to the issue of goods or services to You. You will provide information to us verbally and in writing, including email.
What happens to Your Personal Data when it is disclosed to us?
In the course of handling Your Personal Data, we will:
• Record and store Your Personal Data in our paper files, mobile devices and on our computer systems (websites, email, hard drives, and cloud facilities). This information can only be accessed by employees within our organisation and only when it is necessary to provide our service to You and to perform any administration tasks associated with or incidental to that service
• Provide Your Personal Data to Product Providers including within our own organisation both in paper form and in electronic form. The provision of this information to a third party may be essential in allowing us to process the supply of the product or service to You
• Use Your Personal Data for the purposes of responding to any queries You may have in relation to any goods or services issued to You during the course of our supply agreement
Sharing Your Personal Data
Your Personal Data will only be shared with other parties for legitimate purposes set out under GDPR.
From time to time Your Personal Data will be shared with:
• Product Providers for the purposes of the fulfilment of our contract, purchase order or other agreement with you
• Third parties who we believe will be able to assist us with Your enquiry or application, or who are able to support Your needs as identified. These third parties will include but may not be limited to, our Compliance Advisers, Product specialists, providers of legal services (in each case where we believe this to be required due to Your particular circumstances).
In each case, Your Personal Data will only be shared for the purposes set out in this customer privacy notice, i.e. to fulfil our contractual obligations to You and to ensure legal and regulatory compliance, and to provide You with our commercial services.
Please note that this sharing of Your Personal Data does not entitle such third parties to send You marketing or promotional messages: it is shared to ensure we can adequately fulfil our responsibilities to You, and as otherwise set out in this Customer Privacy Notice.
We do not envisage that the performance by us of our service will involve Your Personal Data being transferred outside of the European Economic Area (EEA), unless you have specifically instructed us to do so, for example where your payment processing centre or other administration is situated outside the EEA. Where this arises, there will be an agreement in place to govern the use of Your Personal Data.
Security and retention of Your Personal Data
Your privacy is important to us and we will keep Your Personal Data secure in accordance with our legal responsibilities. We will take reasonable steps to safeguard Your Personal Data against it being accessed unlawfully or maliciously by a third party.
We also expect You to take reasonable steps to safeguard Your own privacy when transferring information to us, such as not sending confidential information over unprotected email, ensuring email attachments are password protected or encrypted and only using secure methods of postage when original documentation is being sent to us.
Your Personal Data will be retained by us either electronically or in paper format for a minimum of six years, or for a period in agreement with you, or in instances whereby we have legal right to such information we will retain records indefinitely.
Your rights in relation to Your Personal Data
You can:
• request copies of Your Personal Data that is under our control
• ask us to further explain how we use Your Personal Data
• ask us to correct, delete or require us to restrict or stop using Your Personal Data (details as to the extent to which we can do this will be provided at the time of any such request)
• ask us to send an electronic copy of Your Personal Data to another organisation should You wish
• change the basis of any consent You may have provided to enable us to market to You in the future (including withdrawing any consent in its entirety)
How to make contact with our Firm in relation to the use of Your Personal Data
If You have any questions or comments about this document, or wish to make contact in order to exercise any of Your rights set out within it please contact:
Data Protection Manager, RS Safety Solutions, Mariner Way, Newport NP19 4PQ
If we feel we have a legal right not to deal with Your request, or to action, it in different way to how You have requested, we will inform You of this at the time.
You should also make contact with us as soon as possible on You becoming aware of any unauthorised disclosure of Your Personal Data, so that we may investigate and fulfil our own regulatory obligations.
If You have any concerns or complaints as to how we have handled Your Personal Data You may lodge a complaint with the UK's data protection regulator, the ICO, who can be contacted through their website at https://ico.org.uk/global/contact-us/ or by writing to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.