Customer and Supplier Privacy

Doncasters Group (“Doncasters” or “we/us/our”) respects its customers and supplier’s privacy and is committed to protecting the personal information that you may have provided and shared with us in the normal course of business activities. This Notice describes how Doncasters uses, collects and processes the personal information that you may have provided to us in the normal course of business activities.

This Privacy Notice is effective from 25th May 2018.

WHAT PERSONAL INFORMATION DO WE COLLECT:

Doncasters Limited is the “Data Controller” and is committed to protecting the rights of individuals in line with the UK Data Protection Act 1998 (“DPA”) and the EU General Data Protection Regulation 2016 (“GDPR”) (collectively referred to as “Data Legislation”).

Doncasters has appointed a “Group Data Protection Officer” to oversee and manage the protection of personal information across Doncasters. The Group Data Protection Officer can be contacted at GDPRInquiry@doncasters.com.

In general, we do not collect or process our suppliers or customers personal information (as defined in the Data Legislation).

However, in the normal course of business and as part of our commercial engagement with you, we may collect, use and process (which includes but is not limited to) the following ‘commercial information’ for business purposes:

  • Your Name;
  • Your Job Title/Position;
  • Your Department;
  • Your Company Name(s);
  • Your Place of Work Address/Location;
  • Your Work Email Address;
  • Your Work Mobile Phone Number;
  • Your Work Landline Number;
  • Your Company Website;
  • Your Company ISP Address.

We will not collect or process any ‘Special Categories’ of personal information (as defined in the Data Legislation) i.e. ‘Sensitive’ personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation.

However, we will collect ‘Sensitive’ personal information concerning ‘Contractors and Sub-Contractors Health’, for occupational, health and safety and wellbeing reasons, in order to permit such contractors and sub-contractors on to our sites. This is to ensure all contractors and sub-contractors permitted on site are physically and mentally fit and healthy to perform their duties in a safe manner and to ensure the relevant health and wellbeing support is provided by the business.

If under any circumstances, we receive, collect, use or process your personal information, then we shall obtain your express written consent in the first instance and our activities shall be in accordance with the Data Legislation and our Group Data Protection Policy, Group Code of Ethics, Group IT Policies and Group Document Retention Policy (“Group Policies”). These Group Policies are available upon request for review.

WHAT DO WE DO WITH THE PERSONAL INFORMATION WE COLLECT:

We may use your personal information to provide you with better products and services or to procure goods and services from you, and in particular (but not limited to) for the following reasons:

• Internal record keeping;
• To improve our products and services;
• To procure goods and services
• To contact you regarding any specific request or enquiry you make;
• Customer and supplier statistical analysis; and
• To carry out direct or e-mail marketing.

WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH:

Your personal information shall be made available and shared within the Doncasters group of companies and to those selected third party service providers, whom we engage to help us run our business. This may include (but is not limited to):

• Occupational Health Services;
• Insurance Coverage;
• IT Support Services;
• Other Professional Services (i.e. Legal, Accounting and Auditing); and
• Other Services related to our business.

Your personal information may be provided to selected third party service providers on the strict basis that they do not collect, use or disclose the personal information for any reason whatsoever, other than to perform their services in accordance with the contractual arrangement on our behalf or as otherwise required by law.

Other than as set out above, we will not transfer, disclose, sell, distribute or lease your personal information to any third parties unless we have your express permission and consent to do so or are otherwise required or permitted to do so by law.

WHERE IS YOUR PERSONAL DATA LOCATED:

Any personal information you may have provided in the normal course of business and as part of your commercial engagement with Doncasters is held and processed in the United Kingdom and the European Economic Area.

However, some of the Doncasters group companies and third party service providers are located outside the United Kingdom and European Economic Area, in countries which do not have or provide the same level of protection as the United Kingdom and European Economic Area. As such, we will take all reasonable steps to ensure that your personal information transferred outside of the United Kingdom and European Economic Area, will continue to be afforded the level of protection (if not higher) required under Data Legislation.

DIRECT MARKETING AND YOUR PREFERENCES:

Doncasters may wish to provide you with information about new products, services, promotions and offers, which may be of interest to you and your organisation and we may invite you to take part in market research or request feedback on our products and services. This communication may occur by email, online or by post. Prior to any direct marketing engagement or market research activities, we will obtain your expressed ‘Opt-In’ consent as required under the Data Legislation.

Doncasters will ensure that any direct marketing engagement or market research activities that you receive or are contacted about, will provide a simple means for you to refuse and reject any further marketing. For example, in emails it may provide you with an ‘unsubscribe’ link, or an email address to which you can send an ‘Opt-Out’ request.

Doncasters will stop any marketing to which you object, refuse or reject or in respect of which you withdraw your consent within a reasonable period, in order to allow sufficient time for the change to be administered.

In such cases Doncasters will remove all your personal information and any commercial information from its database(s), respecting your changed direct marketing preferences.

YOUR RIGHTS UNDER DATA LEGISLATION:

Under the Data Legislation, you have certain rights in relation to the way we collect, hold, handle, store, retain and process your personal information. You can find out if we hold any personal information by making a ‘Subject Access Request’ under the Data Legislation, free of charge and can obtain a copy of the private personal information we hold and process about you.

You also have other rights in relation to your private personal information which you can enforce by a Subject Access Request. Details of which can be found on the UK Information Commissioners Office website. Please note that you cannot enforce your rights under Data Legislation to gain access to commercial information, which is held under a confidentiality agreement, service, supply or procurement contract.

Should you wish to make a request to exercise your rights, then please contact us at GDPRInquiry@doncasters.com or write to our Group Data Protection Officer at Doncasters Group, Repton House, Bretby Business Park, Ashby Road, Burton-on-Trent, Staffordshire, DE15 OYZ.

SECURITY AND STORAGE:

We take reasonable measures to ensure that any private personal information provided or disclosed to us is kept secure, accurate and up to date at all times and kept/retained and stored only for so long as is necessary for the purposes for which the private personal information was collected.

COMPLAINTS:

If you are unhappy with the way in which your private personal information has been collected and processed, then you may in the first instance contact the Group Data Protection Officer using the contact details above.

If you still remain dissatisfied then you have the right to apply directly to the UK Information Commissioner Office for a decision. The Information Commissioner can be contacted at:

Information Commissioner’s Office Wycliffe House, Water Lane, Wilmslow, Cheshire,
SK9 5AF, England, UK

www.ico.org.uk

DOWNLOADS:

You can download a full copy of the policy and a factsheet by clicking the links below:

Customer & Supplier Privacy Policy (pdf)

Customer & Supplier Privacy Factsheet (pdf)