Privacy Policy

Privacy notice

Our commitment to you

Here’s our Privacy Notice, to let you know what we plan to do with any personal information you give us. This covers information provided to us by you through our website, or by direct contact (by mail, telephone, text message or email). There are separate sections covering our data usage based on your relationship with us. There is also a section detailing your rights, and a section about us and how to contact us for data protection issues. 

CLIENTS AND CUSTOMERS 

We need personal information from you so we can give you the best possible service when providing you with print and marketing services. We normally only need to store your basic details such as your name, work address and your phone number and email address at work. Sometimes you may want us to call your mobile phone, in which case we need to store the number. We are aware that some of this will be confidential in nature, and will treat it accordingly, keeping it as safe and secure as possible. This forms part of our contract with you, and our commitment to you as a valued client. We will not ask for information from you that is not relevant to our provision of services to you. We normally retain your information on an on-going basis after the completion of our contract with you, as we often get repeat business; you have the right to ask us to delete this at any time. The lawful basis for this processing under the Data Protection Act 2018 is Execution of Contract

We will also send you letters or emails from time to time to let you know about any new services or facilities we are offering, or to suggest additional services that we feel may benefit you. We regard this as part of our service to you, to keep you informed about our activities, but you can opt out of this if you wish – just tell us. We will not send you more than 24 such messages in any calendar year. The lawful basis for this processing under the Data Protection Act 2018 is Legitimate Interests.

Where we are contracted by our clients (you) to perform emailing or direct mail services, you out of necessity will be passing on personal data owned by yourselves. We ask that all such data is passed to us securely and is password protected. As part of our contract with you, we stipulate that we will be and remain compliant with data protection legislation, will take the same degree of care with the data as we do, and will not use the data for any other purposes. Any such data will be securely destroyed no more than 60 days after it’s use.

STAFF 

We need to retain records on our staff so we can review your performance and pay, record your annual leave entitlement, process the payroll so you are paid the right amount on time, and make payments into your pension. We will retain these records throughout your employment with us, and for 7 years after you leave, when they will be securely destroyed. The lawful basis for this processing under the Data Protection Act 2018 is Legal Obligation. Please also be aware that as staff members, you have a contractual responsibility to protect the personal data of our clients, customers, suppliers and other contacts, to ensure the company as a whole is respecting their rights. 

SUPPLIERS 

As part of our commercial relationship with you, we may well need to store and use basic contact information for individuals in your organisation. This helps both parties to ensure that the relationship works smoothly and that the right goods and services are supplied in a timely and efficient manner. We will only hold work-based contact details, unless we have been provided personal details such as a mobile phone number. We will retain these records on an on-going basis, as we may well need to order from you again after any period of time. The lawful basis for this processing under the Data Protection Act 2018 is Legitimate Interests

Where we are contracting your services to perform emailing or direct mail services on behalf of our clients, we of necessity will be passing on personal data given us by our clients. As part of our contract with you, we stipulate that you will be and remain compliant with data protection legislation, will take the same degree of care with the data as we do, and will not use the data for any other purposes. Any such data must be securely destroyed no more than 60 days after its use. 

YOUR RIGHTS 

You have rights in respect of your personal data. We will need to confirm your identity before we can consider your request so, if you wish to exercise any of these rights, we will need to see a copy of your passport.  

The right to be informed – you have the right to be told about the collection and use of the personal data you provide. This privacy policy sets out the purpose for which we process your personal data, how long we will keep your data, who we will share your data with. If you have any questions on how and why we process your data please contact the DPO. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

Right of access – you have the right to know whether we are processing your personal data, and to a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/

Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request.  If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/

Right to erasure – this right, often referred to as the right to be forgotten allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request.  If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request.  If you want to exercise this right, please contact the DP at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/

Right to data portability – you have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/

Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics. 

Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.

Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.

Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.

If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/

Rights relating to automated decision making including profiling – you have the right in respect of automated decision making, including profiling. Where we carry out solely automated decision making, including profiling, which has legal or similarly significant effects on you, we can only do this if it is in connection with a contract with you, we have a right under law or you have provided your explicit consent. We will tell you if this happens and tell you how you can request human intervention or challenge the decision. If you want to exercise this right, please contact the DPO at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/rights-related-to-automated-decision-making-including-profiling/

Processing based on consent

Where we process your personal data based on your consent you have the right to withdraw that consent at any time without reason. You can opt-out by using the unsubscribe/opt-out in any marketing we send you and you can contact the DPO at the contact details above.

The right to lodge a complaint to the supervisory authority

If you are unhappy with any aspect of our handling of your data you can make a complaint to the Information Commissioner’s Office – https://ico.org.uk/concerns/

COOKIES

When you are using this site, cookies may be used to improve your experience. This may occur without any prior warning and could include the collection of your IP address.

A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser.  Find out more about cookies on http://www.allaboutcookies.org/   

We use cookies to identify you when you visit this website and to keep track of your browsing patterns and build up a demographic profile.

RETHINK Print & Marketing Services Limited uses cookies in order to identify visitors to the site, to acquire information about demographics as well as to identify browsing patterns.

Most browsers will allow you to turn off cookies.  If you want to know how to do this please look at the menu on your browser, or look at the instruction on http://www.allaboutcookies.org/

What sort of cookies do we use?

1. Session cookies – we use cookies to keep track of what you are doing whilst you navigate the website. These cookies expire when you leave the website or close your browser. 

2. Persistent cookies – We use persistent cookies to recognise you when you return to our site. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date. 

3. Third party cookies – we use Google Analytics to collect information about how visitors use our site. We use the information to compile reports and to help us to improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.

4. _ga, _gid, _gat_UA-28874470-1, NID, IDE, DSID: These are cookies used by Google to make notes of what you’re doing on the website.  They are totally anonymous and don’t save or send any personally identifiable information at all.  For more information please see
https://policies.google.com/privacy?hl=en

It is not compulsory to agree to the use of cookies and you can configure your browser to do so. However, you should be aware that if you opt to decline the use of cookies, the site may not work to its optimum level and you may not be able to access all the features.

 
Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.

In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us will not be transferred to countries outside the European Union (“EU”). However, If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in July 2020

OWNER AND DATA CONTROLLER 

RETHINK Print and Marketing Services Ltd 

Registered in England and Wales No: 09342678
VAT No: 201 7789 12 

Registered with UK Information Commissioner’s Office as a Data Controller No: ZA607855

Owner contact email: justin@wearerethink.uk