1. Introduction This Privacy Notice provides details on the personal data we collect from you, what we do with it, how you might access it and who it might be shared with. Star Refrigeration Group will only process personal data in a manner that is compatible with General Data Protection Regulations (GDPR) by striving to ensure we handle personal data fairly, lawfully, sensitively and with justification. Personal data relates to an individual who can be identified from that data. In line with our obligations under GDPR we ensure personal data is kept up to date, stored and destroyed securely, by not collecting or retaining excessive amounts of data, by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate security measures are in place to protect personal data.
2. Our Contact Information (Data Controller) Star Refrigeration Ltd. Star Refrigeration is the parent company of StarFrost, Star Renewable Energy, Star Technical Solutions, Star M&E Solutions, Star Learning Solutions (i-know.com) and Azane. Thornliebank Industrial Estate Nitshill Road, Thornliebank, Glasgow G46 8JW United Kingdom Telephone: (+44) 0141 638 7916 Company Email: firstname.lastname@example.org You have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK’s supervisory authority of data protection issues. Their contact details are below however if you have any concerns please raise them with us in the first instance and we will do our best to resolve these. Information Commissioner’s Office (ICO) Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113www.ico.org.uk
3. Purpose of processing data We process personal data to enable us to carry out work in order to fulfil customer contracts; promote and advertise our products and services; security, safety and prevention of crime; maintain our company records and to support and manage our employees. We may use your personal data for other similar purposes, including marketing and communications, but that will only occur in the case we have your consent or another legal justification for doing so.
4. How do we collect personal data Data will be collected from you by different methods including the examples below: Recruitment activity Letters and emails Computer records Web enquiries and registrations CCTV images
5. What personal data do we collect? The personal data we collect depends on whether you just visit our website or use our services. If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted and the access status, and your IP address. If you use our services, personal data is required to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation. We collect data including: Name and company details Contact information – address/email address/phone number Details of products and services contracted for Profile data including log in details Customer feedback and survey data
6. How do we look after personal data We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is necessary for each purpose, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes, we ensure that the personal data cannot be used further. While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
7. Purpose for which information will be processed We will only use your personal data when the law allows us to. Most commonly, we will use data in the following circumstances: Where we need to perform the contract we are about to enter into or have entered into with you. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Where we need to comply with a legal or regulatory obligation. Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending direct marketing communications to you via email. You have the right to withdraw consent to marketing at any time by contacting us (at email@example.com). We do not share data for marketing purposes out-with the Star Refrigeration group of companies and no information is shared with third-parties.
8. Who will information be shared with It may be necessary to share information with parties including those detailed below. In each case only necessary information is shared. Other companies within the Star Refrigeration group of companies Subcontractors/suppliers/service providers Professional advisors including lawyers, bankers, auditors and insurers who provide consultancy, legal, insurance and accounting services Relevant government departments as required, i.e. HMRC We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes
9. How long do we hold information We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
10. Legal rights relating to information held Under certain circumstances you have rights in relation to your personal data. You have the right to request access to any of your personal data that the company hold and if any of that information is incorrect or out of date you have the right to have that data corrected. You also have the right to request your personal data is erased where it is no longer necessary to retain such data. Where there is a dispute in relation to the accuracy or processing of your personal data, you have the right to request a restriction is placed on further processing. You also have the right to object to the processing of personal data, dependent on the purpose that the company holds the information. Where it may have been necessary to get your consent to use your personal data, you have the right to withdraw that consent. If you withdraw your consent, we will cease using your personal data without affecting the lawfulness of processing based on consent before your withdrawal. Where you have previously given your consent to process your personal data, you also have the right to request that we port or transfer your personal data to a different service provider or to yourself, if you so wish. Requests should be made to the data controller by email to firstname.lastname@example.org
11. Data security We are committed to being transparent and taking all reasonable and appropriate steps to ensure we handle data appropriately, keep it secure and to protect it from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational security measures including daily backups, which are securely stored off site. In addition, we limit access to personal data to those parties who have a business need requiring their access. They will only process your personal data in line with our policies and are subject to a duty of confidentiality. Any suspected breaches will be notified to those affected and the regulator where we are legally required to do so. As Star Refrigeration operates globally, it may also be necessary to transfer your data to other Star Refrigeration companies or to suppliers/service providers where we rely on storage, system and administrative support from outside the European Economic Area therefore the processing of your data may involve a transfer of data to countries outside of the United Kingdom. We take all reasonable steps to ensure that your personal data is processed securely. We will only transfer personal information outside the EEA where it is compliant with applicable data protection legislation and the means of transfer provides adequate safeguards in relation to your personal information.