For the purpose of the Data Protection Act 1998 and, from 25th May 2018, the General Data Protection Regulation the data controller is Werxco and 34BC Ltd.
- It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
- For the purpose of applicable data protection legislation (including but not limited to the General Data Protection Regulation (Regulation EU 2016/679 – the “GDPR”), the company responsible for your personal data (“Werxco” or “us”) can be found here.
What kind of personal data do we collect?
- Customer Data: In order to provide the best possible service to you, we need to process certain information about you. We only ask for details that will genuinely help us to help you, such as your name, contact details, print requirements and associated details.
- Supplier Data: We need a small amount of information from our Suppliers to ensure that things run smoothly. We need contact details of relevant individuals at your organisation so that we can communicate with you. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
- People whose data we receive from Customers and Staff such as additional contact details and emergency contacts: In order to provide Customers with printing solutions for extended members of staff for example the printing of business cards, we will require further information to be supplied from the main point of contact. In regards to information gathered from staff as an emergency contact, this information is required in the event of an emergency with that individual member of staff.
- Website Users: We will collect a limited amount of data from our website users. This will be from our contact/enquiry form which you can purposefully choose to opt-in or out of receiving any marketing information from us if you were to send an enquiry.
- Depending on the type of personal data in question and the grounds on which we may be processing it, should you decline to provide us with such data, we may not be able to fulfil our contractual requirements or, in extreme cases, may not be able to continue with our relationship.
- We also monitor our premises with CCTV. This data is kept on a secure network for up to 3 months, it is then permanently deleted.
How do we collect your personal data?
- Customer Data: There are two main ways in which we collect your personal data:
- Directly from you.
- From third parties – for example other customers or other limited sources such as Credit Safe
- To the extent that you access our website or read or click on an email from us, we may also collect certain data automatically or through you providing it to us.
- Supplier Data: We collect your personal data during the course of our work with you.
- People whose data we receive from Customers and Staff such as additional contact details and emergency contacts: We collect your contact details only where a Customer or a member of our Staff puts you down as their emergency contact or where a Customer gives them to us in order for you to serve your chosen printing job.
- Website Users: We collect your data automatically via cookies when you visit our website, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please click here. We will also collect data from you when you contact us via the website, for example by using the contact/enquiry form.
How do we use your personal data?
- Customer Data: The main reason for using your personal details is to help you complete your printing request. The more information we have about you, the better chance we have at fulfilling any chosen printing requirements you have. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for marketing. Where appropriate, we will seek your consent to undertake these activities.
- Supplier Data: The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.
- People whose data we receive from Customers and Staff such as additional contact details and emergency contacts: We use additional data supplied to us by other customers in order to complete your printing requirements. We use the personal details of a Customers or Staff member’s emergency contacts in the case of an accident or emergency affecting that Candidates or member of Staff .
- Website Users: We use your data to help us to improve your experience of using our website. We may use data from your use of our websites to enhance other aspects of our communications with, or service to, you.
- Please note that communications to and from Werxco’s Staff including emails may be reviewed as part of internal or external investigations or litigation.
Who do we share your personal data with?
- Customer Data: We may share your personal data with our outsourced printers. This data for example could be contact information held on a business card that is sent to a printer. We will not share your data with any other third parties without your consent.
- Supplier Data: Unless you specify otherwise, we may share your information with other suppliers and/or our customers in order to promote communication and to develop business relationships.
- People whose data we receive from Customers and Staff such as additional contact details and emergency contacts: Unless you specify otherwise, we may share your information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services.
How do we safeguard your personal data?
- We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
How long do we keep your personal data for?
- If we have not had meaningful contact with you (or, where appropriate, the company you are working for or with) for a period of two years, we will Delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation).
How can you access, amend or take back the personal data that you have given to us?
- Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
- Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
- Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
- Data Subject Access Requests (DSAR): Just so it’s clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or Delete such information. At this point we may comply with your request or, additionally do one of the following:
- We may ask you to verify your identity, or ask for more information about your request; and
- Where we are legally permitted to do so, we may decline your request, but we will explain why if we do so.
- Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to “erase” your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so.
- Right of data portability: If you wish, you have the right to transfer your data from us to another data controller. We will help with this – either by directly transferring your data for you, or by providing you with a copy in a commonly used machine-readable format.
- Right to lodge a complaint with a supervisory authority: You also have the right to lodge a complaint with your local supervisory authority, details of which can be found here.
- If your interests or requirements change, you can unsubscribe from part or all of our marketing content by clicking the unsubscribe link in the email, or by updating your preferences through our preference centre.
- If you would like to know more about your rights in respect of the personal data we hold about you, please click here.
How do we store and transfer your data internationally?
- We sometimes outsource our production capabilities to third parties. In these case your data would not be transferred unless it was being physically printed onto something. For example a business card with your name and contact details. This is the only time such data would be transferred internationally.