Privacy policy

 Shotton Mill - Privacy Policy 

 

___________________________________________________________________________

We are Shotton Mill Limited (referred to as we, us and our in this Privacy Policy), a company incorporated in England and Wales with company registration number 13074427 and whose registered office address is Weighbridge Road, Deeside Industrial Park, Deeside, Wales, CH5 2LW.

The information set out in this Privacy Policy is provided to individuals whose personal data we process (you or your) as data controller, in compliance with our obligations under the Data Protection Act 2018 and the GDPR (comprising the UK GDPR and the EU GDPR). ___________________________________________________________________________

This Privacy Policy includes:

1.     Data controller details1

2.     How we collect your information.. 2

3.     Information we collect and purpose for processing.. 2

4.     Sharing your information.. 5

5.     International transfers6

6.     Retention of personal data6

7.     Your rights in respect of your personal data7

8.     Automatic decision making.. 8

9.     Security8

10.       Changes to this Privacy Policy8

___________________________________________________________________________

  1.  Data controller details
    1. We are the data controller in relation to the processing of the personal information that you provide to us. Our contact details are as follows:
      1. Address: Weighbridge Road, Deeside Industrial Park, Deeside, Wales, CH5 2LW.
      2. Email address: hr@shottonmill.co.uk (please include “Personal Data Request” in your subject heading to ensure it receives the correct attention).
    2. Our Data Protection Officer is John Morris, whose contact details are as follows:
      1. Telephone number: 01244 2840000.
      2. Email address: hr@shottonmill.co.uk
  2. How we collect your information
    1. Generally, the information we hold about you comes from the way that you engage with us, for example by doing any of the following:
      1. through engaging with us via our website or applications (site);
      2. providing us with information in the course of subscribing with us or any newsletters we may operate from time to time (if you are a customer or visitor of our site);
      3. if you are a customer or supplier, we may obtain information about you in the course of carrying out due diligence, entering into negotiations and liaising with you in connection with our contractual arrangements;  
      4. if you are an employment candidate, if you engage with a third party recruitment company, agency or site which refers you to as a candidate to us; 
      5. contacting us offline, for example by telephone, SMS, email or by post; and
      6. interacting with us using social media. 
    2. We may also obtain information from publicly available sources, including public databases, registers and records.
  3. Information we collect and purpose for processing
    1. The types of personal data that we may collect, use, store and transfer about you will depend on the relationship we have with you (e.g. whether you are a customer or visitor of our website). We have set out below the types of information collected together with the purpose and legal grounds for processing. 

Customers

Personal data

We may use your information for the following purposes, based on the following legal grounds:
  • Contact details such as your name, home/work addresses, email address or landline/mobile phone numbers
  • Employment information such as your position/title
  • Community grievance form information (submitted via our site) 

 
  • If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of negotiating and entering into contractual agreements with you, in the course of providing our goods and services and handling any complaints or disputes raised by you. 
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, in order to communicate with you regarding our goods, services and fees (or re any changes to our site or services); for dealing with any complaints or issues raised by you; for insight purposes (e.g. to analyse market trends and demographics, to develop the service which we offer to you or other individuals in the future) and to send information to you about products and services which we think may be of interest to you for marketing purposes. You may at any time unsubscribe from receiving marketing communications from us (see further below). 
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Payment information such as bank details
  • If it is necessary for the performance of our contract: for the purpose of issuing/receiving payments in the course of providing our goods and services to you.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of retaining evidence of payment transactions, for insight purposes (e.g. to analyse market trends and demographics in relation to our fees).
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other relevant legal or regulatory requirements.

Suppliers

Personal data

We may use your information for the following purposes, based on the following legal grounds:
  • Contact details such as your name, home/work addresses, email address, landline/mobile phone numbers.
  • Employment information such as your position/title, employment history, professional specialisms and qualifications.
  • If it is necessary for the performance of our contract or for the purposes of entering into a contract: for the purpose of negotiating and entering into contractual agreements with you, in the course of receiving goods or services from you e.g. contacting individuals where we need to do so to provide instructions and discuss work involved.
  • If it is in our legitimate business interests to do so: for internal record keeping for administration purposes, for the purpose of communications in relation to establishing a supplier relationship, obtaining evidence of identity of our suppliers, communications regarding the service and fees.
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Payment information such as bank details and transaction history.
  • If it is necessary for the performance of our contract: for the purpose of making or receiving payments in the course of receiving good or services.
  • If it is in our legitimate business interests to do so: for the purpose of enquiring, requesting or purchasing goods or services, for internal record keeping for administration purposes, for the purpose of retaining evidence of payment transactions and for insight purposes (e.g. to analyse market trends and demographics in relation to our suppliers’ fees).
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.
  • Identification information contained in or provided to us as part of our supplier ID checks. This includes details included in copy personal photo and residential ID documents we receive.  
  • Compliance with a legal obligation: in order to prevent fraud or money laundering or to comply with any other legal or regulatory requirements.

Data about individuals who apply for employment with us

Personal data

We may use your information for the following purposes, based on the following legal grounds:
  • Contact details such as your name, home/work addresses, email address, landline/mobile phone numbers

 
  • Our legitimate interest in processing such information: for contacting individuals where we need to do so and for obtaining/verifying evidence of identity.
  • Employment related history and qualifications information such as position/title, date of birth, employment history and CV, references from previous employees, professional specialisms, education and qualifications, languages spoken, salary and benefits etc
  • Our legitimate interest in processing such information: for assessing their suitability for the role, or considering potential packages and offers.
  • Information contained in or provided to us as part of our recruitment or take on process such as details included in copy personal photographs and residential ID documents we receive.
  • Visa documentation (right to work in the UK)
  • Our legitimate interest in processing such information: for obtaining/verifying evidence of identity.
  • Compliance with a legal obligation: in order to confirm that the individual is entitled to work in the UK and for the purpose of security and prevention of crime.

Visitors of our site

Personal data

We may use your information for the following purposes, based on the following legal grounds:
  • Technical and device information (including log and usage data, device data and location data)
  • If it is in our legitimate business interests to do so: we may use certain technical log data (such as your IP address) for research or statistical purposes; to identify and analyse user traffic and trends and for ensuring the proper administration of our site; for analytics and insight purposes e.g. to monitor market trends and demographics and to improve the user experience within our site; and to ensure that content from our site is presented in the most effective manner for you and for your computer or other device from which you access our site and/or the services we offer through the site.
  • Cookies (and other web-tracking technology)
  • We may use “cookies” and other anonymous web tracking technologies (such as “web beacon” and “pixel tags”) implemented by us or by third party service providers. A cookie is a small file of letters and numbers that is sent to your device when you visit our site, allowing our site to recognise your browser if you revisit it. Cookies may store your online preferences and other information about the interaction you make in the site. 
  • Where we collect “essential” cookies we will rely on the legitimate interest ground. We will only collect and process “non-essential” cookies where your consent has been obtained. Please refer to our Cookie Policy for more information about the type of cookies used and how we use cookies/tracking technologies within our site.
  1. We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
  1. Sharing your information 
    1. Please note that personal information we are holding about you may be shared with and processed by:
      1. any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006; 
      2. regulators, fraud prevention agencies or other third parties for the purposes of monitoring and/or enforcing our compliance with any legal and regulatory obligations, including statutory or regulatory reporting or the detection or prevention of unlawful acts;
      3. any third party in the context of actual or threatened legal proceedings, provided we can do so lawfully (for example in response to a court order);
      4. other parties and/or their professional advisers involved in a matter where required as part of the conduct of the services;  
      5. our own professional advisers and auditors for the purpose of seeking professional advice or to meet our audit responsibilities;
      6. our service providers and agents (including their subcontractors) or third parties which process information on our behalf (e.g. internet service and data storage and security platform providers, our bank, payment processing providers and those organisations we engage to help us send communications to you) so that they may help us to provide you with the products, services and information you have requested; and
      7. another organisation to whom we may transfer our agreement with you or if we sell or buy (or negotiate to sell or buy) our business or any of our assets (provided that adequate protections and safeguards are in place).
    2. Please note that we may include links within our site to third party social media providers such as Facebook and Twitter, but we will not share your information with such providers without your consent. 
  2. International transfers

We will not transfer personal data relating to you to a country which is outside the UK and EEA unless:

  1. the country or recipient is covered by an adequacy decision of the Commission under GDPR Article 45;
  2. appropriate safeguards have been put in place which meet the requirements of GDPR Article 46 (for example using the approved Standard Model Clauses for transfers of personal data outside the UK); or
  3. one of the derogations for specific situations under GDPR Article 49 is applicable to the transfer.  These include (in summary):
    1. the transfer is necessary to perform, or to form, a contract to which we are a party:
      1. with you; or
      2. with a third party where the contract is in your interests;
    2. the transfer is necessary for the establishment, exercise or defence of legal claims;
    3. you have provided your explicit consent to the transfer; or
    4. the transfer is of a limited nature, and is necessary for the purpose of our compelling legitimate interests.
  1. Retention of personal data
    1. We have systems in place to periodically review and delete data that is no longer being used by us for the purposes set out in this Privacy Policy. Unless we are required or permitted by law to hold on to your data for a specific retention period, we will only hold your personal information within our systems for the following periods:
      1. Personal data obtained from employment or work experience applicants: will be deleted after: 12 months. 
      2. Personal data obtained from users of the site: will be retained for 12 months since your last interaction with us. 
      3. Personal data obtained from customers or suppliers of our products or services: such information will be stored for 6 years following purchase/supply of the goods or services or termination or expiry of the contract (whichever is later).
      4. Personal data obtained for marketing purposes: will be retained until you unsubscribe from marketing communications (see further details below).
    2. Where we no longer need your personal information, we will dispose of it in a secure manner.
    3. In some circumstances you can ask us to delete your data: see your legal rights at paragraph 7 below for further information.
    4. In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
  2. Your rights in respect of your personal data
    1. In respect of the personal data about you that we are processing and in accordance with the Data Protection Act 2018 and the GDPR, in certain circumstances (and provided that exemptions do not apply) you will have the following rights: 
      1. right to access: the right to request certain information about, access to and copies of the personal information about you that we are holding (please note that you are entitled to request one copy of the personal information that we hold about you at no cost, but for any further copies, we reserve the right to charge a reasonable fee based on administration costs); 
      2. right to rectification: the right to have your personal information rectified if it is inaccurate or incomplete;
      3. right to erasure/“right to be forgotten”: the right to withdraw your consent to our processing of the data (if the legal basis for processing is based on your consent) and the right to request that we delete or erase your personal information from our systems;
      4. right to restriction of use of your information: the right to stop us from using your personal information or limit the way in which we can use it;
      5. right to data portability: the right to request that we return any information you have provided in a structured, commonly used and machine-readable format, or that we send it directly to another company, where technically feasible; and
      6. right to object: the right to object to our use of your personal information including where we use it for our legitimate interests or for marketing purposes.
    2. If you have subscribed to marketing communications from us, you have the right to unsubscribe from such communications at any time by following the link in the footer of the last email you received from one of our brands or by sending your request with detailed instructions to us (see contact details above).
    3. Please note that if you withdraw your consent to the use of your personal information for purposes set out in our Privacy Policy, we may not be able to provide you with access to all or certain parts of our site.
    4. If you consider our use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: www.ico.org.uk.   
  3. Automatic decision making

We do not make decisions based solely on automated data processing, including profiling.

  1. Security 
    1. We keep your information protected by taking appropriate technical and organisational measures to guard against unauthorised or unlawful processing, accidental loss, destruction or damage. For example:
      1. where appropriate, data is encrypted when transiting on our system or stored on our databases; 
      2. we have implemented safeguards in relation to access and confidentiality in order to protect the information held within our systems; and 
      3. we frequently carry out risk assessments and audits to monitor and review threats and vulnerabilities to our systems to prevent fraud.
    2. However, while we will do our best to protect your personal information, we cannot guarantee the security of your information which is transmitted via an internet or similar connection. It is important that all details of any username, password and/or other identification information created to access our servers are kept confidential by you and should not be disclosed to or shared with anyone. 
  2. Changes to this Privacy Policy 

We may amend this Privacy Policy from time to time, for example to keep it up to date, to implement minor technical adjustments and improvements or to comply with legal requirements. We will always update this Privacy Policy on our site, so please try to read it when you visit the site (the “last updated” reference tells you when we last updated our Privacy Policy). 

 

Last updated: September 2024