Updated July 2020
This privacy notice explains what personal data we hold, how we collect it and how we use and may share information about you. We are required to notify you of this information under the General Data Protection Regulations (GDPR).
Please ensure you read this privacy notice as it contains important information regarding your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
Who we are
We, Plastic Reinforcement Fabrics Ltd (PRF), are the data controller of the personal information you provide to us. When we process data, we act in accordance with, and are regulated by, the GDPR (2018), the Data Protection Act (2018), the Privacy and Electronic Communications (EC Directive) Regulations (PECR) (2003) and our own Data Protection Policy.
In this privacy notice, references to ‘our’, ‘we’ or ‘us’ means PRF.
Data Protection Principles
We, and therefore any person who handles personal data on behalf of PRF, will comply with the data protection principles as set out in Article 5 of the GDPR and sections 83-89 of the Data Protection Act (2018) when gathering and using personal information, as set out in our Data Protection Policy.
The personal information we collect and use
The categories of information that we collect, hold and share include:
- Personal information, such as name, contact details, correspondence address, telephone numbers and email addresses
- Contact details for other people who you have authorised to speak to us, who have given you their authority to pass details to us
- Financial information. For example, we may collect bank and/or payment card details to process payments, although this information is not stored
- We may collect references and may consult credit reference agencies before approving you as a customer
- Should you visit one of our offices or sites, we may capture CCTV images of you, and we may record basic details in our visitor books, such as your name, the company you work for and your car registration, if you travelled by car
- CV information such as employment history and qualifications, where you have applied for a job with us
- In the unlikely event that you are involved in an accident when visiting our premises, details of the accident will be recorded, which may include personal data. This data may need to be shared with emergency responders and, depending on the severity of the accident, with the HSE
Why we collect and use your information
We use your data:
- To be able to perform our contract with you or the organisation for which you work. For example, to process and deliver an order
- To make payments or process refunds
- To assess the quality of our service and maintain our systems
- To comply with applicable laws and regulations, including those regarding data sharing and health and safety
- Where we have your consent, i.e. for marketing purposes
- To maintain the security of our offices and sites, as well as the people working or visiting these locations
- For recruitment, where applicable
- To respond to your queries and to resolve complaints
- For fraud prevention
The lawful basis on which we use your information
We will only use your personal data where we have a lawful basis to do so. We determine the lawful grounds based on the purposes for which we have collected your personal data, in accordance with Article 6 of the GDPR and UK law. These lawful bases include the following:
- Consent: You have given consent to the processing of your personal data for one or more specific purposes
- Contractual obligation: We need to use your data in order to perform a contract with you or to take steps prior to entering into a contract with you
- Legal obligation: In some cases, we may have to use or keep your personal data in order to comply with the law
- Vital interests: We need to process your data to protect your vital interests or the vital interests of another person
- Legitimate interests: We may need to use your data in order to achieve our legitimate business interests, but only where such interests do not come at the expense of your interests and fundamental rights and freedoms. Our legitimate interests include processing your data in order to perform a contract with the organisation for which you work, for considering any job applications you have made or CVs submitted for recruitment purposes, and maintaining the physical and digital security of our business and operations.
Securing your data
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality including measures detailed in our Data Protection Policy.
How long we keep your personal data
We do not store personal data indefinitely; data is only stored for as long as is necessary to complete the task for which it was originally collected and then is destroyed in a secure manner.
Who we share your information with
We may share your information with:
- Banks and online payment platforms – to receive payment and allow payment to be made
- Law enforcement for debt recovery
- Other authorities if required by applicable law i.e. Inland Revenue
- Delivery organisations
- Third parties that host or monitor specific electronic content for us and or help us deliver our services to you, such as our website, our HTML email provider, marketing, and our database and IT support companies.
We may, on occasion, share your information with our suppliers. This will only be in order to fulfil a specific enquiry that you have made, where we cannot fulfil this enquiry without sharing your information. We will never do this without prior consent from yourself.
Why we share your information
We do not share information about you with anyone without your consent unless the law and our policies allow us to do so.
If we share information with a third party i.e. a delivery company, there will be a third-party Processing Agreement in place. This is a contract between PRF, the data controller, and the third Party, the data processor, which determines the processor’s responsibilities under the GDPR, therefore ensuring your data is processed in a lawful manner.
Transferring information outside the EU
Where third parties are based outside of the EU, we will only transfer your data where permitted by the law – i.e. where there is an adequacy decision by the European Commission in respect of the country in which the third party is based, where we have standard contractual clauses in place with such third parties, or where the third party is subject to the EU-US Privacy Shield. This means that the third party to which we transfer your personal information is treated by those third parties in a way that is consistent with and which respects the EU and UK laws on data protection. If you require further information about protective measures, you can request it from our Data Protection Manager.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the contract we have entered into with you (or the company for which you work), or we may be prevented from complying with our legal obligations.
Use of your information for marketing purposes
We fully support your choices regarding certain uses of personal data, particularly for marketing and advertising purposes. From time to time, we would like to provide you with information about our latest news, products and services. We target these messages so that they are relevant and useful to you and/or your business and relate to the products and services we provide to you. We will only include you in these messages if you choose to opt in, whereby by you give us your consent to use your data for these purposes and to share this data with our HTML email provider.
You can opt out of these messages at any time by emailing email@example.com or writing to us at the address at the end of this notice. Please include your name and use ‘Opt out’ as the subject line of the email or reference line of your letter. We will process these requests with the utmost urgency and endeavour to update your records within 10 days from receipt of your request.
If we wish to share your data outside of the PRF for marketing purposes, we will obtain your explicit consent before any data is transferred. If you do not wish us to share your data, we will abide by that request.
Website and cookies
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers.
Questions or changes to your preferences
You can review or alter your data preferences at any time. Please email: firstname.lastname@example.org. These requests will be dealt with the utmost urgency.
Your rights regarding the personal data that we hold about you
You have several rights relating to your personal information, these are:
- The right to be informed about how your information is being used (as described in this privacy notice)
- The right to access the personal information that we hold on you via a data subject access request
- The right to request the rectification of inaccurate personal information that we hold on you
- The right to request that we erase your data, or restrict its use, in some circumstances
- The right to object to our processing of your information, in some circumstances
- The right to request that we transfer your data to yourself or another service provided, in some circumstances
- The right to withdraw consent for any consent-based processing at any time
- The right to complain to your data protection regulator – the Information Commissioner’s Office is the regulator in the UK and can be contacted here: https://ico.org.uk/global/contact-us/
We will respond to all data subject requests within one month. If your request is complicated or if you have made a large number of requests, it may take us longer. We will let you know if we need longer than one month to respond. You will not have to pay a fee to obtain a copy of your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Please note that we may need to request identification when dealing with data subject requests for security purposes.
If you want to exercise your rights, have a complaint, or just have questions then please contact us using the following details:
3 Upton Road,