We are committed to ensuring that your privacy is protected and that all personal data obtained and processed by us is done so in accordance with the General Data Protection Regulations (GDPR) and UK data protection laws.
‘Personal Information’ means data that relates to a natural individual who can be identified from that information or together with other information which is held by or is likely to be held by the company. Whilst GDPR does not cover information that identifies an organisation, it does cover personal and sensitive information relating to individuals within it (e.g. directors, beneficial owners or other controlling officials).
Who are we
The company responsible for the processing of your personal information is Astral Hygiene Ltd of Charlesfield Industrial Estate TD6 0HH. This means that we are a ‘data controller’ under the GDPR. Our registration number with the Information Commissioner’s Office is ZA390105.
What we might collect
Data is only obtained, processed or stored when we have met the lawfulness of the processing requirements of the GDPR. We may collect the following information to effectively and compliantly carry out everyday business transactions:
- Name and job title.
- Addresses including all site locations.
- Contact details including email address, mobile and landline numbers.
- Financial information including bank details, credit/debit card details (although we do not retain complete card payment information).
- Demographic information such as post code, along with preferences and interests.
- Other information relevant to purchases, surveys and promotions.
How the information is collected
Most of the personal information we hold about you is that which we collect directly from you. Personal data can be collected in one or more of the following ways:
- When you communicate through email, phone or website.
- When you apply to open an account.
- When you register to receive information from us.
- Each time you purchase our products or services.
- If you interact with us, respond to communications or surveys, or enter competitions.
- When you accept cookies on our website.
What we do with the information we gather and the legal basis for processing
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:
- It is necessary for the performance of a contract between you and us, and essential for our legitimate interests and legal obligations including payment details.
- To process payments and assess financial risks by carrying out credit reference checks, etc.
- Fulfill our obligations owed to a relevant regulator, tax authority or revenue service as is necessary for compliance with our legal and regularity obligations.
- We may use the information to improve our products and services.
- To send communications about new products, services, company news and promotions or other information which we think you may find interesting using the email which you may have provided.
We will not pass personal data to third parties for marketing, sales or any other commercial purposes without your prior explicit consent. We only share personal data where we are required to do so by law, where it is necessary to fulfil our statutory obligations and in limited circumstances with certain third parties acting on our behalf in order to provide a service you have requested from us.
We undertake to share only information which is relevant and necessary for the provision of the relevant service. People we share your information with are obliged to keep your details securely and use them only to fulfil your request.
In the event of an unpaid account or disputed account, we will instruct our appointed debt recovery agents/solicitors to proceed with the necessary course of action to retrieve any monies due to our Company without prior consent from the customer. Only information held that is relevant to the matter in hand will be passed to our appointed third party agents.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.
If it is necessary to transfer personal information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA and we will use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA.
- Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by emailing the Data Controller at firstname.lastname@example.org or by calling 01835 824342.
The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
This includes breaches that are the result of both accidental and deliberate causes. Personal data breaches can include:
- Access by an unauthorised third party.
- Deliberate or accidental action (or inaction) by a controller or processor.
- Sending personal data to an incorrect recipient.
- Computing devices containing personal data being lost or stolen.
- Alteration of personal data without permission.
- Loss of availability of personal data.
If there is a data breach which leads to the loss of highly sensitive data and poses a risk to that data, we will notify the relevant Information Commissioner Office within 72 hours of first becoming aware of that breach. The data subject will also be notified.
How long do we keep personal data?
We will retain your personal data for as long as is necessary to allow us to carry out our business or where appropriate as required to be kept by law, regularity requirements or in in connection with any anticipated litigation.
A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
You should exercise caution and look at the privacy statement applicable to the website in question and make sure you are satisfied how that information is collected and shared.
Under the GDPR and the Data Protection Act (DPA) 2018 you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
- You have the right to obtain access to and copies of personal information we hold about you which you have provided to us, including for the purpose of you transmitting that data to another data controller. We will provide this information at the earliest opportunity, but at a maximum 30 days from the date the request was received.
- Deliberate or accidental action (or inaction) by a controller or processor.
- Where the provision of information is complex or subject to a valid delay, the period may be extended by two further months where necessary and you will be kept informed throughout the retrieval process of the reasons for the delay.
- You have the right to require us to update and amend personal information we hold about you which you have provided to us.
- You have the right to request us not to send you marketing communication.
- You have the right to request us to erase all your personal information (the right to be forgotten).
We have ensured that exercising your right to the above is as clear and straightforward as possible, and can be done so by stating your request in writing to:
The Data Controller
Astral Hygiene Ltd
Charlesfield Industrial Estate
Or by email to email@example.com
If you no longer wish to receive marketing information from us, this can be done by clicking on the unsubscribe link in the relevant marketing communication or by contacting the data controller above.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply. If, for any reason, we are unable to act in response to a request for erasure, we always provide a written explanation to the reasons why.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner and you can find out more about your rights under data protection legislation from the Information Commissioner's Office website: www.ico.org.uk.