Rockall Safety Ltd (“Rockall”) are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018, once enacted. Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it to offer you a better experience.
- How and why Rockall collect information from you;
- Who we share your information with, why and on what basis; and
- What your rights are.
If we make changes to this notice we will notify you by updating it on our website. Rockall will be what is known as the ‘Data Controller’ of the personal data you provide to us, and we will sometimes refer to ourselves in this notice as “we” or “us”. By Data Controller, this means Rockall determines the purposes and way in which any personal data are, or will be, processed.
Should you need to contact us, please write to:
Data Protection Officer Rockall Safety Ltd, 8 Lambourne Crescent, Cardiff Business Park, CF14 5GF
or via email@example.com quoting Security and Privacy Enquiry.
This privacy notice was last updated on 18th May 2018.
What information we collect and why?
When you buy goods from us, you are entering into a contract with us. To enable us to set this up we will ask you to provide specific information such as;
- Company Name
- Contact Name
- Contact Numbers
- Email Address
When you apply for a credit account, we apply for information about your company from credit reference agencies. This is covered in more detail in the section, “Who we share your information with and why”.
How do we use your information?
Data Protection says that we can use and share your data only where we have a proper reason to do so. The law says we must have one or more reasons, and these are:
- Contract – your personal information is processed to fulfil a contractual arrangement (e.g. to send you your Directory catalogue.)
- Consent – where you agree to us using your information in this way.
- Legitimate Interests – this means the interests of Rockall in managing our business to allow us to provide you with the best products and service in the most secure and appropriate way (e.g. to transfer your data to certain Third Party’s such as delivery partners).
- Legal Obligation – where there is statutory or other legal requirement to share the information (e.g. when we share your information for law enforcement purposes).
Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.
|What we use your personal information for||Our reasons (legal basis)||Our legitimate interests|
|Set up your Rockall Safety account||• Legitimate interest||Process efficiency in dealing with such activity.|
|Process your orders||• Fulfilling a contract||N/A|
|Notify you of your order status.||• Legitimate interests||Process efficiency in dealing with such activity, and to make improvements to our services.|
|Manage your account/ provide customer services to you.||• Legal obligation/Legitimate interests (depending on nature of services)||Keeping our records up to date, handling our customer contact efficiently and effectively, working out which of our products and services may interest you and telling you about them.|
|Marketing communications to inform you of special offers, promotions, new lines and Sales. Provide you with online advertising.||• Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Notifying you about enhancements to our services, such as changes to the website and new services that may be of interest to you.||• Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research.||• Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction with our sites.|
|Maintaining network and data security||• Legitimate interests||To maintain the security of our network this in turns helps us to maintain the safety and confidentiality of your information.|
Who We Share Your Information With and Why
Rockall works with trusted suppliers, and businesses in order to provide you the high-quality goods and services you expect from us, such as delivery companies.
Some examples of the categories of third parties with whom we share your data are:
- Supplier Partners – Rockall works with trusted partners who supply products and services on our behalf. All partners are subject to thorough security checks, and will only hold the minimum amount of personal information needed to fulfil the orders you place or provide a service on our behalf.
- Delivery Partners – In order for you to receive your goods, Rockall works with a number of delivery partners. Again, we only pass limited information to them to ensure delivery of your items.
Rockall works with trusted third-party payment processing providers to securely take and manage payments.
Keeping in touch with you
We want to keep you up to date with information about new ranges, special offers and improvements to our website.
Rockall will not share your information with companies for their marketing purposes.
If you decide you do not want to receive this marketing information you can request that we stop by writing to the Data Protection Officer at the address provided above, emailing firstname.lastname@example.org, by calling the Contact Centre on 0845 330 0447, or clicking the unsubscribe link within the email.
You may continue to receive mailings for a short period while your request is dealt with.
How long we keep your information
If we collect your personal information, the length of time we retain it is determined by factors that include the purpose for which we use that information and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:
- The law requires us to hold your personal information for a longer period, or delete it sooner;
- You exercise your right to have the information erased (where it applies) and we do not need to hold it for any of the reasons permitted or required under the law;
- We bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- In limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
What are your rights
You are entitled to request the following from Rockall Safety; these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk
- Right of access – to request access to your personal information and information about how we process it.
- Right to rectification – to have your personal information corrected if it is inaccurate and to have incomplete personal information completed.
- Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased. Contact our Call Centre on – 0845 3300 447.
- Right to restriction of processing – to restrict processing of your personal information.
- Right to data portability – to electronically move, copy or transfer your personal information in a standard form.
- Right to object – to object to processing of your personal information.
- Rights with regards to automated individual decision making, including profiling – rights relating to automated decision making, including profiling.