Privacy Notice
Privacy Notice
Marketing & End User
Version 1.0
May 2018
Document
Control
This document is subject to change control and any amendments will be
recorded below.
Version Date Circulation Changes
1.0 17/05/2018 Websites Original
Version Awareness
The audience of this document should be aware that a printed copy may
not be the latest available version. The latest available version, which
supersedes all previous versions, is available by contacting GDPR.Committee@J.Marr.co.uk. Those to whom this policy applies
are responsible for familiarising themselves periodically with the latest
version and for complying with Policy requirements always.
The intellectual property contained within this
publication is the property of the J. Marr & Son Limited.
This publication (including its text and illustrations)
is protected by copyright. Any unauthorised projection, editing, copying,
reselling, rental or distribution of the whole or part of this publication
in whatever form (including electronic and magnetic forms) is prohibited.
Table of Contents
Document Control 1
Version
Awareness. 1
Table
of Contents. 2
1. Introduction. 3
2. Purpose. 3
3. Data Protection Officer (DPO) 3
4. The Personal Data we hold about you. 3
5. Special Categories of Personal Data. 3
6. Why do we collect this information about you and what is the legal basis?. 3
7. How your Personal Information is collected. 4
8. How we will use information about you. 4
9. Mailing List 4
10. Competitions. 4
11. Google Analytics. 4
12. Careers, CVS and Speculative Emails. 5
13. Lead Forensics. 5
14. Adimo. 5
15. Automated Decision Making and Profiling. 5
16. Cookies. 5
17. Links to other websites. 5
18. If you fail to provide personal information. 5
19. Change of Purpose. 5
20. Data Security and Storage. 6
21. Data sharing. 6
22. Which third party service providers process my personal information. 6
23. Data retention – how long will you use my information for?. 6
24. Your duty to inform us of changes. 6
25. Your rights in connection with personal information (Data Subject Access
Request) 7
Introduction
J Marr & Son Limited (and its subsidiary companies) here after
known as the Company, is committed to protecting the privacy and security of
your personal information. It is
important that you read this notice, together with any privacy notice we may
provide on specific occasion when we are collecting or processing personal
information about you, so that you are aware of how and why we are using such
information.
Purpose
J Marr & Son Limited is a “data controller”. This means that the Company is responsible
for deciding how we hold and use personal information about you. We
are required under data protection legislation to notify you of the information
contained in this Privacy Notice. We
reserve the right to update this privacy notice at any time, and we will
provide you with a new privacy notice when we make any substantial
updates. We may also notify you in other
ways from time to time about the processing of your personal information. If you have any questions about this privacy
notice, please contact the Data Protection Officer or the GDPR Committee.
This notice applies to all those who visit one of our group websites
and end users of our products and services.
Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) to oversee
compliance with this Privacy Notice. The
DPO is responsible for the upkeep, amendment and modification of this document. If you have any questions about this Privacy Notice
or how we handle your personal information, please contact the Data Protection Officer
by emailing GDPR.Committee@j-marr.co.uk.
You also have the right to make a complaint at any time to the
Information Commissioners Office, the UK supervisory authority for data
protection issues.
The Personal Data we hold about you
Personal data, or personal information, means any information about an
individual from which that person can be identified. It does not include data where the identity
has been removed (anonymous data).
We collect, store and use the
following categories of personal information about you;
4.1.
Personal contact details, such as name, title,
address, telephone numbers and personal email addresses
4.2.
CV, application forms and recruitment information
as part of the application process.
4.3.
Date of Birth
4.4.
Credit card and/or payment details
4.5.
Proof of age (in relation to alcohol)
4.6.
IP Address
Special Categories of Personal Data
“Special categories” are more sensitive personal data including information
such as race or ethnicity, religious beliefs or sexual orientation, Trade Union
Membership, health including any medical conditions, health and sickness
records, genetic information or biometric data, or information about criminal
convictions.
In the marketing and sales of our products, we do not currently
collect and/or store any special categories of personal data.
Why do we collect this information about you and what is the legal basis?
It is necessary for us to collect information about you for
our legitimate business needs in order for us to conduct certain business and
marketing activity. We only collect the data that is needed, for the purpose
intended will only share data where we need to in order to complete activity as
outlined in points 21 and 22. The third parties we share data with can be found
later in this notice.
We require your consent to using your data. On accepting this privacy
policy, you consent to us using your data for the outlined processes. We ask
for consent when signing up to our mailing list. When processing sales orders,
enquiries, competition entries and complaints it is contractual that we need
this personal data to perform the activity. With regards to monitoring website,
app and social media usage as well as monitoring reviews it is in the
legitimate interest of both Company and individual to improve the performance of
both our products and services.
Some of the above
grounds for processing will overlap and there may be several grounds which
justify our use of your personal information.
How your Personal Information is collected
We collect personal information about customers and end users directly
from the data subject or through third party providers such as Google Analytics
and Lead Forensics.
We collect personal
information about you in the following ways;
7.1.
When signing up to our mailing list, either
through the website or in writing.
7.2.
Through the speculative CV and enquiry process on
our careers website page.
7.3.
Through usage of our websites, social media
profiles and Cocktail Bar App
7.4.
Upon entry of a competition, either through
social media, our websites or other entry mechanics set out in the
competition T&Cs.
7.5.
Through online orders of our products e.g. through
Amazon.com.
7.6.
Through sales orders, enquiries or complaints
through any means of verbal, online or written contact.
7.7.
By monitoring reviews on retail and review
websites.
7.8.
Through events, trade shows and exhibitions when
enquiring about the Company’s products and services.
How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your information
in the following circumstances;
To process enquiries, sales and complaints
To understand who uses our websites and Cocktail Bar App and monitor the way users navigate and use them.
To allow us to send marketing emails to you with regards our latest news and product information.
To tailor the online marketing content that we share with you, such as social media adverts and online adverts.
To remarket our products to you through other online websites when you have visited them on our website.
To announce winners of competitions and contact them to send prizes.
To send samples and gifts as required.
To contact you with regards recruitment opportunities.
We monitor reviews on retail and review websites to assess quality control and the feedback of our products.
Mailing List
We ask for your explicit consent when signing up to our
mailing list, whether this is online or written. We will send a maximum of 2
emails per month informing you of business news and product updates. There will
be an option to unsubscribe on the bottom of each email. We use Mailchimp to send
emails and this is where our mailing lists are also stored.
Competitions
We run a number of competitions on our website, through
social media and on our packaging. When entering we will collect your personal
details to announce and notify the winners and send prizes, in some instances
we may need proof of age if the prize contains alcohol. We may share your
details with the competition agency and digital agency who are assisting with
running the competition. Please see terms and conditions of the individual
competition for full details of these.
We will only store entrants’ details for a reasonable time
after the competition has closed, to inform of winners and to reselect a winner
should a prize not be redeemed. The usual retention period for this is a
maximum of 6 months.
Competition entries are stored through third party service
providers such as on Wordpress, Mailchimp and social media.
Google Analytics
This website uses software to monitor how visitors navigate and use
the site. This software is provided by Google Analytics which uses cookies (see
point 16) to track visitor usage. For
example, we can see;
Which country and region the visitor is from
Which pages are visited and for how long
The journey through the website
Which device is being used to browse
Although we would not use this information to personally identify you,
we can use this to improve the performance of the website and, in some cases,
retarget marketing adverts to you that we think you will be interested in from
visiting our website. You can read Google’s Privacy Policy here for more
information: www.google.com/privacy.html
Careers, CVS and Speculative Emails
If you contact us via our careers page, your CV and
associated details sent with this will be held on our internal system. Our HR
department will contact you should your application be successful or if a
suitable job arises. We will only hold the details we need, and will retain
them for a period which we believe is reasonable for the application sent. If
you do not want us to hold your details, please make this clear when sending
your speculative CV or applying. We will not share your details unless you are
then employed by the Company, at which point you will be referred to our
Employee Privacy Notice.
Lead Forensics
Some of our websites use Lead Forensics to monitor which
businesses visit our website and their usage whilst on our site. A businesses
IP address and business details are collected, but no personal information. As
the processor of information, the data is stored on Lead Forensics cloud
software which we can access. The data is stored with Lead Forensics until we
terminate our contract with them.
Adimo
On The Ice Co website and social media pages, Adimo allows
visitors to‘add to basket’ our products to their chosen retailer basket (where
the product is available), for example, a visitor to The Ice Co website could
add Party Ice to their Tesco online shop. To do this, the individual needs to
enter their login details for that online retailer. Although The Ice Co does
not store this information, the functionality is available through the website.
Automated Decision Making and Profiling
Automated decision making takes place when an electronic system uses
personal information to make a decision without human intervention. We do not
envisage that any decisions will be taken about you using automated means,
however we will notify you in writing if this position changes.
Cookies
Cookies are small text files that can be used by websites to
improve a user’s experience. Our websites uses cookies to analyse our traffic,
personalise content and ads and to provide social media features. We also share
information about your use of our site with our social media, advertising and
analytics partners who may combine it with other information that you’ve
provided to them or that they’ve collected from your use of their services.
The law states that we can store cookies on your device if
they are strictly necessary for the operation of this site. For all other types
of cookies we need your permission.
Where applicable, our websites use a cookie control system
allowing the user on their first visit to allow or disallow the use of cookies
on their computer/device. This complies with recent legislation requirements. Users
can at any time change or withdraw thier consent from the Cookie Declaration on
our website or they can take necessary steps within their web browser settings
to block all cookies from our website and its external vendors.
See our websites for the Cookies currently being used on
that site.
Links to other websites
Throughout our websites we may link to other websites for
example, on our blog on The Ice Co website we often work with partners and link
to their websites in our blogs. Although we endeavour to put links only to
trusted brands and companies, we are not responsible for the way they handle
your data once on a third-party website, please refer to the individual privacy
policies of the third-party websites when visiting.
If you fail to provide personal information
If you fail to provide certain information when requested, we may not
be able to perform the activity we have entered into with you (such as sending
you a competition prize), or we may be prevented from complying with our legal
obligations (such as obtaining ID for the sale or giving of alcohol).
Change of Purpose
We will only use your personal information for the purposes for which
we collected it, unless we reasonably consider that we need to use it for
another reason and that reason is compatible with the original purpose. If we need to use your personal information
for an unrelated purpose, we will notify you and we will explain the legal
basis which allows us to do so. Please
note that we may process your personal information without your knowledge or
consent, in compliance with the above rules, where this is permitted or
required by law.
Data Security and Storage
The Company, third-party service providers and other
entities within the group are required to take appropriate security measures to
protect your personal information in line with our policies. We do not allow
third-party service providers to use your personal data for their own purposes.
We only permit them to process your personal data for specified purposes and in
accordance with our instructions. We will put in place appropriate security
measures to protect your data proportionate to the size of our operation, the
resources available to us and the nature of the data we store. The third-party
and cloud based companies we use can be seen in Point 22.
Data sharing
When we require third parties to handle and store your data, we
request that they respect the security of your data and to treat it in
accordance with the law. Examples of who
we share your data with:
Competition agencies for the successful running of promotions, including collecting data of entries, notifying winners and sending prizes. Please see terms and conditions of individual competitions for more information
Digital agencies to help with monitoring our website usage, competition implementation, retargeting campaigns and social media activity.
Our delivery partners such as APC and My Parcel Delivery for sending samples, prizes, gifts and orders.
Cloud based software such as Mailchimp and Amazon that stores your details to allow us to run activity such as marketing campaigns and send parcels.
See point 22 for a full list of third party service providers who
might handle your data.
We may share your personal information with other third parties, for
example in the context of the possible sale or restructure of the
business. We may also need to share your
personal information with a regulator or to otherwise comply with law.
J Marr & Son Limited and its subsidiary
companies will never sell your personal information to a third party.
Which third party service providers process my personal information
“Third parties” includes third party service providers (including
designated agents) and other entities within our group. Please see the privacy terms for each
provider via their website for more information.
The following third party
service providers may handle your data;
22.1.
Mailchimp (mailing list storage and software)
22.2.
Lead Forensics (business tracking software on
websites)
22.3.
Amazon (online sales)
22.4.
Adimo (add to basket feature on The Ice Co
website)
22.5.
Google Analytics (to monitor website usage)
22.6.
CMS Software(content management software for our websites)
22.7.
iConnect (to monitor app usage)
22.8.
Social Media (to advertise products to
individuals who have visited out website).
22.9.
Delivery partners – i.e. APC, My Parcel Delivery,
DPD, Royal Mail.
Data retention – how long will you use my information for?
We will only retain your personal information for as long as is
necessary to fulfil the purposes we collected it for, including the purposes of
satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we
consider the amount, nature, sensitivity of the personal data, the potential
risk of harm from unauthorised use or disclosure of your personal data, the
purposes for which we process your personal data and whether we can achieve
those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so
that it can no longer be associated with you, in which case we may use such
information without further notice to you.
If you need to know how long we retain your information for with
regards to a specific activity, please contact the GDPR Committee.
Your duty to inform us of changes
It is important that the personal information we hold about you is
accurate and current. Please keep us
informed if your personal information changes.
Your rights in connection with personal information (Data Subject Access Request)
Under certain circumstances,
by law, you have the right to;
25.1. Request Access to your
personal information (commonly known as a “data subject access request”
DSAR). This enables you to receive a
copy of the personal information we hold about you and to check that we are
lawfully processing it
25.2. Request Correction of the
personal information that we hold about you.
This enables you to have any incomplete or inaccurate information we
hold about you corrected.
25.3. Request Erasure of your
personal information. This enables you
to ask us to delete or remove personal information where there is no good
reason for us continuing to process it. You also have the right to ask us to
delete or remove your personal information where you have exercised your
right to object to processing (see below point 25.4).
25.4. Object to Processing of
your personal information where we are relying on a legitimate interest (or
those of a third party) and there is something about your particular
situation which makes you want to object to processing on this ground. You also have the right to object where we
are processing your personal information for direct marketing purposes.
25.5. Request the restriction of
processing of your personal information.
This enables you to ask us to suspend the processing of personal
information about you, for example if you want us to establish its accuracy
or the reason for processing it.
25.6. Request the transfer of
your personal information to another party (also known as portability).
25.7. Right to Withdraw Consent where you may have provided your consent to the collection, processing and
transfer of your personal information for a specific purpose (in limited
circumstances). You have the right to
withdraw your consent for that specific processing at any time. Once we have received notification that
you have withdrawn your consent, we will no longer process your information
for the purpose or purposes you originally agreed to, unless we have another
legitimate interest for doing so in law.
If you want to
review, verify, correct or request erasure of your personal information, object
to the processing of your personal information, withdraw consent for specific
processing, or request that we transfer a copy of your personal data to another
party, please contact the GDPR Committee as explained in point 3.
You will not have
to pay a fee to access your personal data, (or to exercise any of the other
rights). However, we may charge a reasonable fee if your request for access is
clearly unfounded or excessive. Alternatively,
we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us
confirm your identity and ensure your right to access the information (or to
exercise any of the other rights). This
is another appropriate security measure to ensure that personal data is not
disclosed to any person who has no right to receive it.
If you have any questions about this Privacy
Notice or how we handle your personal information, please contact the Data Protection
Officer by emailing GDPR.Committee@j-marr.co.uk.