Privacy policy
1. Policy statement
Every day British Rema will receive, use and store personal information about our customers, prospective customers, suppliers and prospective suppliers. It is important that this information is handled lawfully and appropriately in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
2. About this policy
This policy sets out the basis on which British Rema will process any personal data we collect or process. The Data Officer is responsible for ensuring compliance with the Data Protection Requirements and with this policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be addressed in the first instance to the Data Officer.
3. What is personal data?
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data plus other information in our possession).
Processing is any activity that involves the use of personal data. It includes obtaining, recording or holding the data, organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties.
4. Privacy principles
British Rema will ensure that data is:
- processed fairly, lawfully and in a transparent manner;
- collected for specified, explicit and legitimate purposes and any further processing is completed for a compatible purpose;
- adequate, relevant and limited to what is necessary for the intended purposes;
- accurate, and where necessary, kept up to date;
- kept for no longer than necessary for the intended purposes;
- processed in line with the individual’s rights and in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage;
- not transferred to people or organisations situated in countries without adequate protection and without firstly having advised the individual.
5. What data do we process and why?
The following sets out the personal data that British Rema may process, the reason for processing and the lawful basis as defined by the Data Processing Requirements.
If you are a customer or a supplier (actual or prospective)
Categories of data
- Contact details
- Sign-ups for promotional material
Purposes of processing
- to administrate or otherwise carry out our obligations arising from any contracts entered into between you and us
- to provide you with the information, products and services that you request from us
- to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about
- to notify you about changes to our service
Lawful basis of processing
- you have provided British Rema with your specific consent to the processing of your personal data
- the processing is necessary for the performance of our contract with you
- the processing is necessary for British Rema to comply with its legal obligations
- the processing falls within British Rema’s legitimate interests (when fairly balanced against your individual privacy interests)
If you are a website visitor or you interact with us on social media
Categories of data
- information about you that you give us by filling in forms on our site www.britishrema.com including your name, address, email address and phone number
- cookie information to distinguish you from other users of our website
Purposes of processing
- to ensure that content from our services is presented in the most effective manner for you and for your computer
- to provide you with a good experience when you browse our website and also allow us to improve our site and services
- to fulfil any request that you have made or orders placed, or to contact you with information relevant to your interaction with us
- for our business purposes, including data analysis, audits, enhancing, improving or modifying our services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities
Lawful basis of processing
- You have provided us with your specific consent to the processing of your personal data
- the processing is necessary for the performance of any contract entered into with you
- the processing is necessary for British Rema to comply with our legal obligations
- the processing falls within British Rema’s legitimate interests (when fairly balanced against your individual privacy interests)
6. Processing in line with data subject’s rights
We will process all personal data in line with data subjects’ rights, in particular your right to:
- confirmation as to whether or not personal data concerning you is being processed;
- request access to any data held about you by a data controller;
- request rectification, erasure or restriction on processing of your personal data;
- lodge a complaint with a supervisory authority;
- object to processing, including for direct marketing through an opt-out option.
7. Data security
We will take appropriate security measures against unlawful or unauthorised processing of personal data, and against the accidental or unlawful destruction, damage, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed.
We put in place procedures and technologies to maintain the security of all personal data.
We may transfer any personal data we hold to a country outside the European Economic Area (‘EEA’) or to an international organisation, such as Salesforce or MailChimp, provided that one of the following conditions applies:
a. The country to which the personal data are transferred ensures an adequate level of protection for the data subjects’ rights and freedoms.
b. The data subject has given his consent.
c. The transfer is necessary for one of the reasons set out in the Act, including the performance of a contract between us and the data subject, or to protect the vital interests of the data subject.
d. The transfer is legally required on important public interest grounds or for the establishment, exercise or defense of legal claims.
e. The transfer is authorised by the relevant data protection authority where we have adduced adequate safeguards with respect to the protection of the data subjects’ privacy, their fundamental rights and freedoms, and the exercise of their rights.
Subject to the requirements above, personal data we hold may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Those staff may be engaged in, among other things, the fulfilment of contracts with the data subject, the processing of payment details and the provision of support services.
8. Disclosure and sharing of personal data
We may share personal data we hold with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
9. Subject access requests
Individuals who wish to make a formal request for information we hold about them should do so in writing addressed to the Data Officer, British Rema, Image Works, Foxwood Close, Chesterfield S41 9RB.
10. Changes to this policy
We reserve the right to change this policy at any time. Where appropriate, we will notify changes by mail or email.