Please read the following carefully to understand our views and practices regarding Personal Data and how we will treat it.
For the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Data Controller is Proseal UK Ltd.
Our data protection registration number is Z7729946.
Queries regarding Data Protection and/or Privacy should be directed to:
Data Protection Team
Proseal UK Ltd
Adlington Industrial Estate
Information we process
We will collect and process personal data according to the following:
Visitors to our website
Cookies also allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you should be able to modify your browser settings to decline cookies if you prefer, though this may prevent you from taking full advantage of the website.
Any information provided via our website enquiry form will be used solely to answer the enquiry. Should we wish to use it for any other purpose, including marketing, we will inform the enquirer and gain their consent before doing so.
This website uses Wistia (https://wistia.com) to power its videos. Wistia tracks how you interact with the videos on this site: how much of a video you watch, at what points in a video you pause or rewind, etc. In some videos, we pause the video and request that you provide your email address or name. You are under no obligation to provide this information, but we reserve the right to limit certain videos to identified users. Wistia aggregates the data collected through the videos here, including names and email addresses, and provides it to us. Wistia does not sell or provide the data it collects to third parties.
Customers and prospective clients
Should a company be located outside of the UK, we may use a selected third-party distributor to provide them with a local point of contact through which to conduct their business with us. We will share only the information required to allow this to happen. The distributor will be acting as a Data Controller during any interactions with them and they will have their own policies in place regarding the GDPR.
When a company requests a service from us or places an order with us, we must process the information of the company and their contact to fulfil that request. This data will usually consist of the company name, address, telephone number, order history, and details of the person that made the request. We will, however, only use these details to deliver the service or products requested, and for other closely related purposes. For example, we might contact known customers to inform them of our holiday opening times or to inform them of our presence at a fruit-focused exhibition had they ordered fruit packaging in the past. Customers and prospective clients can opt out of receiving these communications, an easy method of opting out will be supplied via this notice and on every such communication we send.
The company information and a contact name will be stored alongside any orders that they make. After a period of 12 months of inactivity, (i.e. no email communication, no orders placed, no invoices outstanding), a customer account will be marked as inactive, and any contact information will be removed from the customer record.
We will process the company name, address, and telephone number, as well as any contact name we are given to allow us to contact them in relation to enquiries or orders we wish to make, or have already made, with the company. We will also store bank details for payment purposes. The company information and a contact name will be stored alongside any orders that we make. After a period of no more than 12 months from the date of our last account activity with them, the supplier account will be marked as inactive, and any contact information will be removed from the supplier record.
Contractors, other business contacts, site visitors
We will process basic information such as a company name, address, and telephone number, as well as any contact information we are given to fulfil any contractual or legal obligation we have in the relationship. Should a person attend one of our sites, we will process information required to keep them safe whilst on our sites. They will be further notified of this processing at the point of providing us with this information.
Applications for employment / apprenticeships
Any information provided to us in this context will be entered into our system and used solely to process the application. If the application is unsuccessful, we will keep the details securely stored for a period of 2 years, during which time we may contact the data subject should we wish to reconsider their application. This is not mandatory, and they may at any point before, during, or after the application, notify us that they do not want the details to be retained for this purpose. This can be done using the contact details above.
We will collect still pictures and video recordings of you if you are within range of our on-site CCTV systems. Personally Identifiable Information visible within these images may include your face and/or other identifying features such as tattoos, scars, and clothing, as well as your vehicle make/model and registration details.
We use this information to ensure your safety and security whilst on Proseal property, for the prevention and detection of crime, to comply with our Legal Obligations under local laws and regulations, for assisting with any queries or enquiries, to aid in the handling of complaints, and to ensure the safety and security of our staff and business.
The data collected is stored on a secure server which is housed locally within our premises. Access to these recordings is limited to certain trusted employees only.
We may share the data with:
· Local or national law enforcement agencies if requested by them to do so
· Anybody who has legitimate reason to request it, and where we deem the recording is likely to be of assistance, such as:
o Those who have been involved in an accident or crime,
o Had property damaged or stolen,
o Or anybody representing said person such as an insurance agency or provider
· Data may also be passed on to third parties supplying us with advice or services relating to legal, property, or insurance issues.
Under normal circumstances CCTV recordings are kept for a period of no longer than 90 days, after which they are removed. Should a recording be requested, and the request granted, we may retain the data for as long as the request remains valid. In circumstances such as criminal or legal proceedings this could be for several years. Once we are made aware that the information is no longer required, it will be deleted as per our normal operations.
Proseal’s subsidiary companies
We store information on a centralised system available internationally to Proseal UK Ltd, Proseal America Inc, and Proseal Australia Pty Ltd. We have a Binding Corporate Agreement in place with our subsidiaries stipulating that they are required to abide by the same laws and regulations as we are regarding their use of personal data under this regulation.
Transfer of your data outside of the EEA
All information we process is encrypted at rest and stored on an internationally available server, access to which is restricted to Proseal UK Ltd and its subsidiary companies.
As indicated above, we may transfer basic Customer data to an approved local Distributor.
Some of the third-party services we use are based outside of the EEA. Utilising their service will require transfer of your data to them. In all cases where this happens we have ensured the security of your data by various means, including specific contracts, written processor agreements, or applied Model Contract Clauses approved by the European Commission. These aim to give your personal data the same protection it has in Europe.
Rights of the Data Subject
The GDPR grants all Data Subjects rights over their data. The below outlines how we will respond to a valid request under each of those rights.
The right to be informed
We will inform any data subject clearly and concisely of how we intend to use the information we collect. We will endeavour to do this at the point of collection. When this is not possible we will inform the subject at the earliest opportunity afterwards.
The right to access
We will provide information regarding the processing of a subject’s data. Including what personal data is processed, the reasons for that processing, and the results of the processing. We will respond to this request within 30 days, and there will normally be no charge for this.
The right to rectify
We will make every attempt to verify and correct any inaccurate or incomplete personal data. We will log the request within our system, ensuring that during any restoration process the corrected data will remain intact.
The right to erasure
If we are required to retain any information to complete a contract or comply with any laws or regulations, then those obligations will take precedence and we will notify the subject of such. Otherwise, we will remove the personal data from our live systems. When the information is of a particularly sensitive nature, we will also remove it from archives where possible. We will log the request within our system, ensuring that during any restoration process the data will not be reinstated.
The right to restrict processing
We will restrict our processing of a subject’s personal data until we have met the following conditions:
- If they have contested its accuracy; until we have verified or corrected it.
- If they have objected; until we have provided legitimate grounds or stopped processing.
- If it is claimed to be unlawful; until we have proved otherwise or stopped processing.
Further, we will restrict processing if the data subject requires us to retain their data to establish, exercise or defend a legal claim.
The right to object to processing
Where the data subject objects to direct marketing, we will comply immediately. Where the data subject objects to any other processing, or for any other reasons, we will assess our reasons for processing and provide the results to the subject. Should we agree with the data subject’s request, we will stop processing the data for those reasons.
The right to data portability
We will provide all live data pertaining to the data subject, including that from archives, usually in JSON format, which is a structured, commonly used, and machine-readable format as required. If requested, and where reasonably possible, we will provide this data directly to a third-party designated by the data subject. We will respond to this request within 30 days, and there will normally be no charge for this.
The right to restrict Automated Decision Making
We do not make any decisions automatically, nor do we do any profiling of Data Subjects. Should this change in the future, we will update our policy accordingly.
The right to complain
If you have a complaint about our use of your information, or believe that we have not complied with the requirements of the GDPR, you can contact the Information Commissioner’s Office via their website at http://www.ico.org/concerns or write to them at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF