1. Background
DesAcc operates in accordance with the EU General Data Protection Regulation (GDPR), Data Protection Act 2018 and Personal Information Protection and Electronic Documents Act (PIPEDA) and any other state or federal laws that maybe required during the course of its daily business.
The lawful and proper treatment of personal information by DesAcc is extremely important to the success of our business and in order to maintain the confidence of our clients and personnel. DesAcc ensures that it processes personal information lawfully and correctly.
2. Data Privacy Policy
This Data Privacy Policy has been developed so that you as a visitor to our website, social media sites or as a recipient of marketing materials are informed about what Personal Data DesAcc retains, how it is processed, and how we protect it. When conducting these activities DesAcc is acting as a data Controller and is responsible for your Personal Data as such.
At DesAcc EMEA Ltd, data management is our businesses. To this end, we are committed to maintaining the trust and confidence of our customers as such we do not sell, rent or trade email lists with other companies and businesses for marketing purposes.
3. Your Data, Your Rights
Under modern data privacy law you now have more rights than ever before - you have the legitimate right to:
- request any data we may hold on you.
- to rectify the Personal Data, we hold about you.
- to withdraw consent where we are relying on your consent to process Personal Data.
- to be erased from our database under certain circumstances (with no effect on the lawfulness of any processing prior to your request to withdraw).
- the conditional right to object processing.
- the restriction to no further processing without prior consent, and to portability of your data.
Email your request to our DPO at DPO@DesAcc.com or call our UK office: +44 (0)1566 701 203.
4. How do we use your information?
This information will be stored within our internal systems and may be used to enable our teams to remain in contact with you during a sales engagement, recruitment cycle, or whilst fulfilling a contractual service. As stated above, this information will not be sold, rented or traded with other companies for marketing purposes.
As our primary business is data management, DesAcc will also processes data on behalf of other data Controllers. We will always do this in a secure way as agreed with the data Controller for which we are contracted to perform the work. This processing is not the subject of this document.
What personal data do we collect and process? Our social media sites do allow us to identify you as an individual where you’re accessing our sites using your personal profile, we may also receive additional Personal Data that you have chosen to make publicly available on your profile.
Should we send you marketing material we may collect information about how you interact with it.
DesAcc uses Personal Data to maintain the servicing of our relationship. The following data can be collected and processed when you access the website, social media, marketing materials or contact us via our website, email or via the telephone:
- Contact details (such as name, address, email address, and phone number).
- Financial information (such as payment card details).
- Demographic information (such as age, gender, and occupation).
- Information related to your interactions with us (such as website usage data, support and sales inquiries).
- Any other information you choose to provide to us voluntarily.
5. When do we collect your information?
We collect your information when we have a legitimate need to do so, such as when you:
- Buy products and services.
- Set up an account.
- Enter supply agreements.
- Attend events at which DesAcc is participating.
- Make inquires, send a complaint or interact with DesAcc in some other matter.
- Register and/or interact with marketing material (including but not limited to email, updates, social media, etc.) where we discover your contact information and believe we have a legitimate interest to contact you.
6. What is our legal basis for using your personal information?
We will only use your Personal Data where we have a legal basis for doing so, for example:
- Consent: where you have given us clear consent for us to process your personal information for a specific purpose
- Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
7. How do we use your personal data?
We use Personal Data we have collected:
- To fulfil a contract, we have with you (lawful basis: performance of a contract)
- To deliver our products and services (lawful basis: performance of a contract)
- To be able to handle orders as quickly as possible (lawful basis: performance of a contract and necessary for our legitimate interests in providing prompt and timely service to our customers)
- To follow-up on inquiries and quote requests (lawful basis: because you have asked us to do something prior to entering a contract with us, or necessary for our legitimate interests in pursuing prospective customers)
- To service you better when you approach and interact with our employees, e.g. sales, customer service, technical support (lawful basis: necessary for our legitimate interests in providing enhanced and improved customer service)
- To administer customer surveys (lawful basis: necessary for our legitimate interests to improve our business and study how customers engage with us and our products and services)
- To manage our relationship with you or your business (lawful basis: necessary for our legitimate interests in maintaining and servicing our customer base)
- To develop new ways to meet our customers’ needs (lawful basis: necessary for our legitimate interests in growing and developing our business).
- To develop and carry out marketing activities on our brand, products and services and measure the effectiveness of these (lawful basis: consent or where permissible, for our legitimate interests in marketing to our customer base)
- To inform our recruitment process (lawful basis: necessary for our legitimate interests in growing and recruiting for our business)
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (lawful basis: necessary to comply with a legal obligation and necessary for our legitimate interests in improving our websites).
- To use data analytics to improve our website, products, marketing, customer relationships and experiences (lawful basis: necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
8. Third parties with whom we may share your personal data.
We routinely share personal information with:
- third parties we use to help deliver our products to you, e.g., payment service providers.
- other third parties we use to help us run our business, e.g. HubSpot our CRM provider, Microsoft our IT support and back up providers.
DesAcc uses Google Analytics to collect anonymized browsing statistics and therefore DesAcc discloses IP-addresses to Google Analytics. Privacy terms for Google Analytics are accepted when visiting www.DesAcc.com and can be found here: www.google.com/privacy
We only allow our service providers to handle your personal information if we are satisfied, they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal information with other parties, such as potential purchasers of some or all of our business or during a re-structuring. Usually, information will be anonymised, but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
We will not share your personal information with any other third party.
9. Transferring your personal information out of the UK and EEA
To deliver products and services to you, it is sometimes necessary for us to share your personal information outside the UK and/or European Economic Area (EEA), e.g., with our service providers located outside the UK/EEA, [for example IT hosting and maintenance, service providers whose servers are located in the US e.g.: Microsoft]
These transfers are subject to special rules under European and UK data protection law.
Non-UK/EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. As an example, we may require the third party to enter into European Commission approved standard contractual clauses with us.
If you would like further information, please contact our us (see the contact details at the bottom of this policy).
10. Transferring your personal information Inter-provincial (Canada)
DesAcc will apply federal and provincial rules stated in PIPEDA and other provincial rules when transferring data that may involve inter-provincial or international personal information flows in the course of its commercial activities.
11. Where is your personal data stored?
Your data is stored securely on servers in the UK and potentially on local servers in the country’s where we have operations or where we use 3rd party services (i.e. Microsoft 365). Where 3rd parties transfer or store your Personal Data outside of the UK, EEA or Canada we will ensure that there are adequate safeguards in place for the international transfer as detailed above.
Where servers are hosted by DesAcc, external access is restricted by a firewall and measures to prevent Cyber-attacks and all endpoints that attach to the DesAcc network are also individually protected with complex endpoint security.
Access to the data stored is restricted to users by permissions which prevent unauthorized processing. The installation of appropriate programs/applications used to process data is restricted to only those that are required to view or use this data.
12. How long do we store your personal data?
We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information. If an active customer relationship is in place, we will store your data as long as necessary in order to service you. We will store all other data in line with any applicable legislation.
We may need to retain Personal Data by law, or in order to fulfil the terms of a contract, we have with you.
13. Data Breach
If there is a suspicion of a data breach originating from DesAcc servers or external partners, prompt action will be taken, such as:
- Uncovering the extent of the breach
- Notify potentially affected individuals where required to do so by law.
- Notify relevant Data Protection Agencies where required to do so by law.
14. Cookies
A cookie is a small text file which is placed onto your device (e.g., computer, smartphone or other electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.
We will ask for your permission (Consent) to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.
If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
For further information on cookies, our use of cookies, please see our Cookie Policy.
15. Marketing
We may use your personal information to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products and services. We will only send your electronic marketing where we have your consent, or it is in our legitimate interests to do so. We will always treat your personal information with the utmost respect and never sell it to other organisations for marketing purposes.
If you have given your consent to receive marketing communications, or it is in our legitimate interests to send them because you are a business customer, you always have the right to opt out of receiving further promotional communications by following the ‘unsubscribe’ instructions contained in all marketing emails. We may ask you to confirm or update your marketing preferences if there are changes in the law, regulation, or the structure of our business.
Please note that we may also send you other communications in relation to your purchase of products or services or in order to respond to queries you have raised, such communications are service communications and are not a form of marketing.
16. Contacting us and exercising your legal rights
Should you have any issues with unsubscribing, or need to contact us for any other reason in relation to this policy, you can do so via telephone: +44 (0)1566 701 203 or via email: DPO@DesAcc.com.
Should you have a complaint relating to DesAcc and a data processing issue, you may contact our DPO via telephone: +44 (0)1566 701203 or via email: DPO@DesAcc.com. In accordance with the GDPR regulations, you have the right to make a complaint about data protection issues at any time to the Information Commissioner's Office (ICO). Complaints can be made to the ICO at https://ico.org.uk/concerns or telephone: +44 (0) 303 1231 113.
You can at any point request access to the Personal Data we hold and request for it to be updated, deleted, restricted or supplied in a portable format. If you wish to exercise any of these rights, please contact: DPO@DesAcc.com. Please be aware that once this data is deleted, it is not restorable.
17. Revision of Policy
Our data processing procedures are under continual review and this policy is revised when needed.
18.0 Glossary
| ACRONYM\TERM | DEFINITION |
|---|---|
| Controller | The data controller determines the purposes for which and the means by which Personal Data is processed. |
| DPO | Data Protection Officer, also known as Privacy Manager under PIPEDA |
| GDPR | General Data Protection Regulation is a law that protects the privacy and data of people in the EU and the EEA, and applies to any organization that deals with their data. |
| Personal Data | Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’), which information is subject to the GDPR or the laws of non-EU EEA countries that have formally adopted the GDPR; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
| PIPEDA | The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. It sets out the ground rules for how businesses must handle personal information during their commercial activity. |