Background
DesAcc EMEA Ltd operates in accordance with the GDPR and Data Protection Act 2018 (the Act). The lawful and proper treatment of personal information by DesAcc EMEA Ltd is extremely important to the success of our business and in order to maintain the confidence of our clients and personnel. DesAcc EMEA Ltd ensures that it processes personal information lawfully and correctly.
1.0 Glossary
| Term | Definition |
|---|---|
| Controller | The data controller determines the purposes for which and the means by which Personal Data is processed. |
| DPO | Data Protection Officer. |
| GDPR | General Data Protection Regulation. |
| Personal Data | Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’), which information is subject to the GDPR or the laws of non-EU EEA countries that have formally adopted the GDPR; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. |
2.0 Background
2.1 DesAcc EMEA Ltd operates in accordance with the GDPR and Data Protection Act 2018 (the Act). The lawful and proper treatment of personal information by DesAcc EMEA Ltd is extremely important to the success of our business and in order to maintain the confidence of our clients and personnel. DesAcc EMEA Ltd ensures that it processes personal information lawfully and correctly.
3.0 This Data Privacy Policy
3.1 This Data Privacy Policy has been developed so that you as a visitor to our website, social media sites or as a recipient of marketing materials are informed about what Personal Data DesAcc EMEA Ltd retains, how it is processed, and how we protect it. When conducting these activities DesAcc EMEA Ltd is acting as a Data Controller and is responsible for your Personal Data as such.
3.2 At DesAcc EMEA Ltd, data management is our businesses. To this end, we are committed to maintaining the trust and confidence of our customers as such we do not sell, rent or trade email lists with other companies and businesses for marketing purposes.
4.0 Your data, your rights
4.1 Under the new General Data Protection Regulation (GDPR), you now have more rights than ever before - you have the legitimate right to request any data we may hold on you; to rectify the Personal Data we hold about you; to withdraw consent where we are relying on your consent to process Personal Data; to be erased from our database under certain circumstances (with no effect on the lawfulness of any processing prior to your request to withdraw); the conditional right to object processing; the restriction to no further processing without prior consent, and to portability of your data.
4.2 Email your request to our DPO at DPO@DesAcc.com or call +44 (0)1566 701 203.
5.0 How do we use your information?
5.1 This information will be stored within our internal systems and may be used to enable our teams to remain in contact with you during a sales engagement, recruitment cycle, or whilst fulfilling a contractual service. As stated above, this information will not be sold, rented or traded with other companies for marketing purposes.
5.2 As our primary business is data management, DesAcc EMEA Ltd will also processes data on behalf of other data Controllers. We will always do this in a secure way as agreed with the data Controller for which we are contracted to perform the work. This processing is not the subject of this document.
6.0 What personal data do we collect and process?
6.1 Our social media sites do allow us to identify you as an individual where you’re accessing our sites using your personal profile, we may also receive additional Personal Data that you have chosen to make publicly available on your profile.
6.2 Should we send you marketing material we may collect information about how you interact with it.
6.3 DesAcc EMEA Ltd uses Personal Data to maintain the servicing of our relationship. The following data can be collected and processed when you access the website, social media, marketing materials or contact us via our website, email or via the telephone:
7.0 When do we collect information?
7.1 We collect your information when we have a legitimate need to do so, such as when you:
- Buy products and services
- Set up an account
- Enter supply agreements
- Attend events at which DesAcc EMEA Ltd is participating
- Make inquires, send a complaint or interact with DesAcc EMEA Ltd in some other matter
- Register and/or interact with marketing material (including but not limited to email, updates, social media, etc.) where we discover your contact information and believe we have a legitimate interest to contact you
8.0 What is our legal basis for using your personal information?
8.1 We will only use your Personal Data where we have a legal basis for doing so, for example:
- Consent: where you have given us clear consent for us to process your personal information for a specific purpose
- Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
9.0 How do we use your personal data?
9.1 We use Personal Data we have collected:
- To fulfil a contract we have with you (lawful basis: performance of a contract)
- To deliver our products and services (lawful basis: performance of a contract)
- To be able to handle orders as quickly as possible (lawful basis: performance of a contract and necessary for our legitimate interests in providing prompt and timely service to our customers)
- To follow-up on inquiries and quote requests (lawful basis: because you have asked us to do something prior to entering into a contract with us, or necessary for our legitimate interests in pursuing prospective customers)
- To serve you better when you approach and interact with our employees, e.g. sales, customer service, technical support (lawful basis: necessary for our legitimate interests in providing enhanced and improved customer service)
- To administer customer surveys (lawful basis: necessary for our legitimate interests to improve our business and study how customers engage with us and our products and services)
- To manage our relationship with you or your business (lawful basis: necessary for our legitimate interests in maintaining and servicing our customer base)
- To develop new ways to meet our customers’ needs (lawful basis: necessary for our legitimate interests in growing and developing our business).
- To develop and carry out marketing activities on our brand, products and services and measure the effectiveness of these (lawful basis: consent or where permissible, for our legitimate interests in marketing to our customer base)
- To inform our recruitment process (lawful basis: necessary for our legitimate interests in growing and recruiting for our business)
- To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (lawful basis: necessary to comply with a legal obligation and necessary for our legitimate interests in improving our websites).
- To use data analytics to improve our website, products, marketing, customer relationships and experiences (lawful basis: necessary for our legitimate interests to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).
10.0 Third Parties with whom we may share your personal data
10.1 We routinely share personal information with:
- Third parties we use to help deliver our products to you, e.g. payment service providers
- Other third parties we use to help us run our business, e.g. HubSpot our CRM provider, Microsoft our IT support and back up providers, as well as third party marketing agencies and marketing service providers we engage with.
10.2 DesAcc EMEA Ltd uses Google Analytics to collect anonymized browsing statistics and therefore DesAcc EMEA Ltd discloses IP-addresses to Google Analytics. Privacy terms for Google Analytics are accepted when visiting www.desacc.com and can be found here
10.3 We only allow our service providers to handle your personal information if we are satisfied they take appropriate measures to protect your personal information. We also impose contractual obligations on service providers to ensure they can only use your personal information to provide services to us and to you.
10.4 We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
10.5 We may also need to share some personal information with other parties, such as potential purchasers of some or all of our business or during a re-structuring. Usually, the information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
10.6 We will not share your personal information with any other third party
11.0 Transferring your personal information out of the UK and EEA
11.1 To deliver products and services to you, it is sometimes necessary for us to share your personal information outside the UK and/or European Economic Area (EEA), e.g. with our service providers located outside the UK/EEA, [for example IT hosting and maintenance, service providers whose servers are located in the US e.g.: Microsoft]
11.2 These transfers are subject to special rules under European and UK data protection law.
11.3 Non-UK/EEA countries do not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal information will be secure. As an example we may require the third party to enter into European Commission approved standard contractual clauses with us.
11.4 If you would like further information please contact our us (see the contact details at the bottom of this policy).
12.0 How do we protect your personal data?
12.1 We ensure that we have appropriate technical and organisational security measures in place to safeguard your personal information.
12.2 Personal Data disclosed on our websites, in person, via telephone, mail, e-mail, etc is only accessed and processed by internal divisions and employees, who have a legitimate reason and for the purpose for which it was collected.
12.3 We may for operational reasons supply 3rd party companies with data to conduct tasks on behalf of DesAcc EMEA Ltd, where this takes place the data will be limited to only what is essential for the task and we ensure that these third parties are engaged on terms which provide your Personal Data with adequate protection and that they have appropriate controls and countermeasures in place.
12.4 DesAcc Employee data is governed under a separate policy and is not covered here.
13.0 Where is your personal data stored?
13.1 Your data is stored securely on servers in the UK and potentially on local servers in the country’s where we have operations or where we use 3rd party services (i.e. Microsoft 365). Where 3rd parties transfer or store your Personal Data outside of the EEA we will ensure that there are adequate safeguards in place for the international transfer as detailed above.
13.2 Where servers are hosted by DesAcc, external access is restricted by a firewall and measures to prevent brute force attacks and all PC’s that attach to the DesAcc network are also individually protected with firewalls.
13.3 Access to the data stored is restricted to users by permissions which prevent unauthorized processing.
13.4 The installation of appropriate programs/applications used to process data is restricted to only those that are required to view or use this data.
14.0 How long do we store your personal data?
14.1 We will not retain your personal information for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of personal information.
14.2 If an active customer relationship is in place, we will store your data as long as necessary in order to service you. We will store all other data in line with any applicable legislation.
14.3 We may need to retain Personal Data by law, or in order to fulfil the terms of a contract, we have with you.
15.0 Data breach
15.1 If there is a suspicion of a data breach originating from DesAcc EMEA Ltd servers or external partners, prompt action will be taken, such as:
- Uncovering the extent of the breach
- Notify potentially affected individuals where required to do so by law
- Notify relevant Data Protection Agencies where required to do so by law
16.0 Cookies
16.1 A cookie is a small text file which is placed onto your device (e.g. computer, smartphone or other electronic devices) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.
6.2 We will ask for your permission (consent) to place cookies or other similar technologies on your device, except where they are essential for us to provide you with a service that you have requested.
16.3 If you do not want to accept any cookies, you may be able to change your browser settings so that cookies (including those which are essential to the services requested) are not accepted. If you do this, please be aware that you may lose some of the functionality of our website.
16.4 For further information on cookies, our use of cookies, please see our Cookie Policy.
17.0 Marketing
17.1 We may use your personal information to send you updates (by email, text message, telephone or post) about our products and services, including exclusive offers, promotions or new products and services. We will only send your electronic marketing where we have your consent or it is in our legitimate interests to do so.
17.2 We will always treat your personal information with the utmost respect and never sell it to other organisations for marketing purposes.
17.3 If you have given your consent to receive marketing communications, or it is in our legitimate interests to send them because you are a business customer, you always have the right to opt-out of receiving further promotional communications by following the the ‘unsubscribe’ instructions contained in all marketing emails.
17.4 We may ask you to confirm or update your marketing preferences if there are changes in the law, regulation, or the structure of our business.
17.5 Please note that we may also send you other communications in relation to your purchase of products or services or in order to respond to queries you have raised, such communications are service communications and are not a form of marketing.
18.0 Contacting us and exercising your legal rights
18.1 Should you have any issues with unsubscribing, or need to contact us for any other reason in relation to this policy, you can do so via telephone: +44 (0)1566 701 203 or via email: DPO@DesAcc.com.
18.2 Should you have a complaint relating to DesAcc and a data processing issue, you may contact our DPO via telephone: +44 (0)1566 701203 or via email: DPO@DesAcc.com. In accordance with the GDPR regulations, you have the right to make a complaint about data protection issues at any time to the Information Commissioner’s Office (ICO). Complaints can be made to the ICO at https://ico.org.uk/concerns or telephone: +44 (0) 303 1231 113.
18.3 You can at any point request access to the Personal Data we hold and request for it to be updated, deleted, restricted or supplied in a portable format. If you wish to exercise any of these rights, please contact: DPO@DesAcc.com. Please be aware that once this data is deleted, it is not restorable.
19.0 Revision of policy
19.1 Our data processing procedures are under continual review and this policy is revised when needed.
19.2 This Data Privacy Policy was last updated in August 2020. If we change our Data Privacy Policy, we will post the details of any changes here. We may also take reasonable steps to notify you if such changes affect how your Personal Data is processed.
20.0 What happens if you choose not to give us your personal data?
20.1 If you choose not to give us this Personal Data, it may delay or prevent us from providing our products or services to you.