This policy explains:
- who we are
- why we collect personal data about you
- what kinds of personal data we collect
- where we get it from
- how we use it;
- direct marketing;
- who we might share it with;
- how we store and secure it;
- how long we keep it;
- your rights; and
- how to complain about our use of personal data.
WHO WE ARE
Saturn FE Limited is a company limited by shares, registered in Scotland as company number SC611526. Our registered office address is Stannergate House, 41 Dundee Road West, Broughty Ferry, Dundee, DD5 1NB.
Saturn FE Limited acts as a ‘controller’ of the personal data that you give to us. We are registered with the UK’s Information Commissioner’s Office, registration number ZA778979.
WHY WE COLLECT PERSONAL DATA
Our customers are generally other companies. We collect names and contact details as necessary to serve those customers, and whenever someone submits the contact form on our website or sends us an email enquiry.
Also, we may collect the names and contact details of potential customers so that we can market our services directly to them.
We never sell personal data to anyone for any purpose. We will not give your data to others for their own use without your permission.
KINDS OF PERSONAL DATA WE COLLECT
We do everything possible to minimise the amount of personal data we collect.
Personal data we always collect:
- Names and contact details, such as telephone numbers and email addresses
- Details about why you or your organisation are seeking our help
Personal data we sometimes collect, depending on the circumstances:
- Information to enable us to undertake a credit or other financial checks on our customers (we will inform you before doing any credit check)
WHERE WE GET YOUR PERSONAL DATA FROM
Most of the time, we collect personal data about you directly from you. Sometimes we get the information from others in your organisation. Occasionally, we collect information from third parties, including:
- publicly accessible sources such as Companies House or Registers of Scotland; and
- organisations you have previously dealt with.
HOW WE USE YOUR PERSONAL DATA
Under the law, we must process your data lawfully, fairly, and transparently. Depending on our purposes for using data, we rely on one of four legal bases:
- our legitimate interest or the legitimate interest of a third party;
- to comply with the law; or
- your consent
In greater detail:
Why we process your personal data
Our legal basis
|To provide goods and services to our customers, and to administer their accounts||Our legitimate interests|
|Providing information for audits, enquiries or investigations by regulatory bodies||To comply with the law|
|Ensuring business policies are adhered to, such as policies covering security and internet use||Our legitimate interests|
|Operational reasons, such as improving efficiency, training, and quality control||Our legitimate interests|
|Ensuring the confidentiality of commercially sensitive information||Our legitimate interests|
|Statistical analysis to help us manage our business, such as relating to productivity, types of work, or types of customers||Our legitimate interests|
|Preventing unauthorised access and modifications to systems and data under our control||Our legitimate interests|
To comply with the law
|Maintaining accurate customer records||To comply with the law (in particular GDPR and DPA 2018)|
Our legitimate interests
|Ensuring safe working practices, staff administration and assessments||To comply with the law|
Our legitimate interests
|Marketing our services to:|
—existing and former customers;
—third parties who have previously expressed an interest in our services;
—third parties with whom we have had no previous dealings.
|Our legitimate interests|
|Marketing our services to those who have consented to receive marketing materials and information circulars.||Consent|
|External audits and quality checks, such as for ISO accreditation and the audit of our accounts||Our legitimate interests|
We may send you marketing materials or news articles to your business email if you are an existing or previous customer, or if you are a potential business customer. You have the right to opt out of receiving marketing from us at any time by:
- contacting us by email at email@example.com; or
- using the ‘unsubscribe’ link at the bottom of the email.
We will only send marketing materials and news items to your personal email if we have your permission in advance.
We never sell personal data to anyone for any purpose. Also, we will not give your data to others for their own use without your permission.
WHO WE SHARE PERSONAL DATA WITH
We sometimes share personal data with third parties as part of providing our services or to comply with our legal duties. These third parties can include:
- suppliers we use in providing our services, such as postal and courier services, document storage, IT, and data storage;
- banks, debt collectors, credit reference agencies;
- our own auditors, legal advisors, insurers, and insurance brokers;
- government agencies, regulators and other authorities, such as the Information Commissioner’s Office; and
- law enforcement agencies and regulatory bodies.
We only allow service providers to handle personal data if we are satisfied that they take appropriate measures to protect it. All service providers’ contracts require them not to use your personal data except as instructed by us.
HOW WE STORE AND SECURE PERSONAL DATA
We hold personal data at our office in Scotland, and on Microsoft Sharepoint servers located in the UK.
We have appropriate security measures to protect your personal data against misuse. Only those with a genuine business need have access to your data, and all are under a legal duty of confidentiality.
Transferring your personal data out of the EEA
We store and process data only in the UK. However, sometimes we need to send personal data outside the European Economic Area (EEA), such as:
- if one of our service providers is located outside the EEA;
- if you are located outside the EEA; or
- if you have asked us to provide goods or services outwith the EEA
These transfers are subject to special rules under European and UK data protection law.
If we need to send data to a non-EEA country that the EC has not assessed as having adequate data protection laws, we will only send the data after agreeing with the recipient the standard data protection contract clauses approved by the European Commission. You can see a copy of these standard clauses on the EC website here: https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF
If you would like further information about data transfers to other countries please contact us.
HOW LONG WE KEEP PERSONAL DATA
We will keep your personal data after we have finished supplying your organisation.
We will do so for one of these reasons:
- to respond to any questions, complaints or claims made by our customers or on their behalf; and
- to keep records required by law
When it is no longer necessary to retain your personal data, we will delete or irreversibly anonymise it.
If you have any questions in this regard, or any concerns about how long we keep your information for, please contact us using the details below.
You can exercise any of your rights in this section free of charge by contacting us by email at firstname.lastname@example.org or by phone on +44 (0)1382 581777.
You can ask us to:
- provide you with a copy of your personal data;
- correct mistakes in the data we hold about you;
- delete your personal data from our records (subject to the GDPR and DPA 2018);
- restrict the processing of your personal data in some circumstances, such as where you contest the accuracy of the data; and
- in certain situations, provide you with a copy of the personal data you provided to us in an easily portable format.
You can object:
- at any time to your personal data being processed for direct marketing;
- in certain other situations to our continued processing of your personal data, such as where we carry out processing on the basis of our legitimate interests.
If we are relying on your consent (permission) to use your personal data, you can withdraw your consent any time. However, in some cases we may still process your personal data without your consent as required or permitted by law, for example to defend our legal rights or meet our regulatory obligations.
In some cases, if you object or withdraw your consent we can no longer provide you with goods or services. We will advise you where this would be the case.
For further information on your rights, please contact us. You can also review the Information Commissioner’s Office webpage on Individual Rights by clicking here: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
You can complain about our use of personal data to the Information Commissioner on their website (www.ico.org.uk/concerns) or by calling +44 303 123 1113. However, we would appreciate the chance to deal with your concerns before you approach the Information Commissioner so please contact us in the first instance.
The GDPR also gives you right to lodge a complaint with the data protection regulator in the EU/EEA member state where you are located.
HOW TO CONTACT US
Please contact us by post, email, or telephone if you have any questions about either this policy or the information that we hold about you:
Saturn FE Limited
2 Water’s Edge