We want you to know that when you use our organization you can trust us with your information. We are determined to do nothing that would infringe your rights or undermine your trust. This Privacy Notice describes the information we collect about you, how it is used and shared, and your rights regarding it.
We are a Data Controller for some of the personal data that we hold and process. Our registered address is 3308 Peachtree Industrial Boulevard, Duluth, GA, 30096 and our Data Protection Lead (DPL) can be contacted at firstname.lastname@example.org
All the information that we hold about you is provided to us by yourself when you seek to use our services. We will tell you why we need the information and how we will use it.
Our Lawful Basis for processing your information
The General Data Protection Regulation (GDPR) requires all organizations that process personal data to have a Lawful Basis for doing so. The Lawful Bases identified in the GDPR are:
- Consent of the data subject
- Performance of a contract with the data subject or to take steps to enter into a contract
- Compliance with a legal obligation
- To protect the vital interests of a data subject or another person
- Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
Examples of legitimate interests include:
- Where the data subject is a client or in the service of the controller;
- Transmission within a group of undertakings for internal administrative purposes;
- Processing necessary to ensure network and information security, including preventing unauthorized access;
- Processing for direct marketing purposes, or to prevent fraud; and
- Reporting possible criminal acts or threats to public security.
- Our Lawful Basis is:
Performance of a contract with the data subject or to take steps to enter into a contract;
- Compliance with a legal obligation;
- The legitimate interests of ourselves, or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject and our Legitimate Interest is Business continuity & delivery of services; Business development; direct marketing & management of service
We use your information to:
- Provide services, quotations, and information, for example, newsletters;
- Process or support payments for goods and services;
- Conduct data analysis, testing, and research (including for product development), and to monitor and analyze usage and activity trends;
- Maintain the safety, security, and integrity of our services;
- Direct your inquiries to the appropriate customer support staff;
- Investigate and address your concerns;
- Communicate with you about products, services, promotions, studies, surveys, news, updates, and events;
- Investigate or address legal proceedings relating to your use of our services/products, or as otherwise allowed by applicable law;
We do not use automated decision-making in the processing of your personal data.
We collect and process both personal data and special categories of personal data as defined in the GDPR. This includes:
- Phone number;
- Phone number;
- Payment or bank details;
- Date of birth;
- Family & next-of-kin details
We may share your personal data with:
- Delivery partners,
- Our business partners;
- With outsourced Human Resources and Payroll service providers
- Our legal advisors in the event of a dispute or other legal matter;
- Law enforcement officials, government authorities, or other third parties to meet our legal obligations;
- In connection with, or during negotiations of, any merger, sale of company [assets, consolidation or restructuring, financing, refinancing, or acquisition of some or all of our business by another company;
- Any other party where we ask you and you consent to the sharing.
Transfers to third countries and international organizations
Under GDPR, transfers of EU personal data outside of the European Economic Area can only be made if specific safeguards exist.
No employee is authorized to transfer EU personal data internationally until the DPL has confirmed in writing that we have appropriate safeguards in place.
We retain your personal datawhile you remain a customer OR employee unless you ask us to delete it. Our Retention and Disposal Policy (copy available on request) details how long we hold data for and how we dispose of it when it no longer needs to be held. We will delete or anonymize your information at your request unless:
- There is an unresolved issue, such as claim or dispute;
- We are legally required to; or
- There are overriding legitimate business interests, including but not limited to fraud prevention and protecting customers’ safety and security.
The General Data Protection Regulation gives you specific rights around your personal data. For example, you have to be informed about the information we hold and what we use it for, you can ask for a copy of the personal information we hold about you, you can ask us to correct any inaccuracies with the personal data we hold, you can ask us to stop sending you direct mail, or emails, or in some circumstances ask us to stop processing your details.
You may opt out of receiving emails and other messages from our organization by following the instructions in those messages.
Questions and Contact Information