What is Euroffice's privacy policy?

OUR PRIVACY POLICY

At Euroffice we are fully committed to ensuring that your data is protected and your privacy is respected.

Euroffice Limited ("Euroffice", "we" or "us") is responsible for the personal data collected on this site www.euroffice.co.uk ("site") and is the controller of that data. We are registered in England and Wales with company number 03877111 and a registered office at Unit 4, Perrywood Business Park,Honeycrock Lane,Redhill, RH1 5DZ. We have a Data Protection Officer, who you can contact using the details set out at the end of this policy.

WHAT IS THIS POLICY FOR?

This policy will inform you about what personal data we collect through this site as well as your other interactions with us. It will tell you why we collect your data, how we use it, who we share it with and what rights you have in relation to it. Nothing in this privacy policy shall limit your legal rights in relation to your personal data.

It is important that you read this policy together with any other privacy notice or fair processing notice we may provide at the point of collecting or processing your personal data. This policy supplements those notices and is not intended to override them. However, it does supersede earlier versions of this policy.

This site includes links to websites which may allow third parties to collect or share your personal data. We cannot control their use of your data and are not responsible for it. Those third parties will have their own privacy policies and we encourage you to read them before sharing any of your personal data with them.

Please note this site is not intended for children. We do not knowingly collect any personal data relating to children.

WHAT DATA DO WE COLLECT ABOUT YOU?

Personal data includes any information about an individual from which that person can be identified. This does not include data where the individual's identity has been removed, such as statistical data about the use of our site. We may collect, use, store and transfer the following types of personal data:

Contact	Name, email addresses, postal addresses, billing address, and contact telephone numbers.
Profile	Your preferences (including details about the products/services you are interested in), gender, lifestyle information, age, interests, requests, feedback, and survey responses.
Transactional	Details about your transactions with us and fulfilment of your orders (including payments to and from you, details of goods or services you have purchased from us).
Financial	Bank account details, payment card details, and any other information provided in any credit application form you complete, and the results of any credit searches (including your credit limits).
Technical	IP address, operating system and platform, browser type and version, time zone setting, location data, device cookie and identification, and other identifying information required for your device to communicate with our site.
Marketing and Communications	Your preferences in receiving marketing from us as well as your communication preferences.

We do not intend to collect any 'special categories of personal data' (i.e. information about your race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You can ask us to update or rectify your personal data at any time by contacting us using the details outlined in the 'How can you contact us?' section at the end of this policy.

HOW IS YOUR PERSONAL DATA COLLECTED?

We collect your personal data through a number of sources. For example:

You may give us your personal data directly when you: submit information to us through our site (e.g. by filling in forms); when you order for goods or services from us; when you correspond with us by post, phone, email or otherwise; contact us by social media; request information from us; subscribe to any publications that we offer; request marketing to be sent to you; enter a competition, promotion, or survey or provide feedback.
We may also get the following data about you from third parties: information from providers of payment services, or credit reference agencies (if you apply for a credit facility).
We may get the following data about you from publicly available sources: such as Companies House, the Electoral Register, and the Bankruptcy or Insolvency Register.
We may automatically collect data from or about you or your device: including Technical data about your device and browsing; Profile data collected using cookies, online identifiers or other similar technologies. Please see our cookie policy for more information and details about how to opt-out.

HOW DO WE USE YOUR PERSONAL DATA?

We will only use your information where we have a lawful basis to do so. Below we have set out how we plan to use the personal data we hold about you and explained the lawful basis for each:

What's the purpose?	Which types of data are processed?	What's the lawful basis?
Communicating with you (other than for direct marketing purposes).	Contact, Transactional, and Marketing and Communications data.	It is necessary for the performance of a contract (or potential contract) with you. It is necessary to comply with a legal obligation (e.g. consumer rights legislation if you are a consumer). It is necessary for our legitimate interest of operating our business, resolving issues if they arise, and recovering debts owed to us.
Processing and fulfilling your order(s) and/or returns.	Contact, Transactional and Financial data.	It is necessary for the performance of a contract with you. It is necessary for our legitimate interest of operating our business effectively.
Performing credit checks (or requesting third parties to do so).	Contact, Profile, Transactional and Financial data.	It is necessary for the performance of a contract (or potential contract) with you (i.e. the credit agreement). It is necessary for our legitimate interest of only lending money to those who will be able to repay it.
Verifying your identity, preventing fraud or any other processing required to comply with requirements imposed by law or a court order.	Contact, Technical, Transactional, Financial and Marketing and Communications data.	It is necessary to comply with our legal obligations.
Managing our relationship with you.	Contact, Financial and Transactional data.	It is necessary for the performance of a contract (or potential contract) with you. It is necessary for our legitimate interests of running our business effectively.
Providing you with support, resolving complaints and monitoring feedback.	Contact, Financial and Transactional data.	It is necessary for our legitimate interests of running our business effectively. It is necessary for the performance of a contract with you (e.g. where there is a warranty or guarantee)
Delivering relevant advertisements and providing information about goods or services that you may be interested in.	Contact, Profile, Technical and Marketing and Communications data.	It is necessary for our legitimate interests (to study how customers use our site, goods or services, to develop them, to grow our business and to inform our marketing strategy).
Administering and protecting our site (e.g. troubleshooting, testing, data analysis, system maintenance)	Contact, Technical and Transactional data.	It is necessary for our legitimate interests of operating our site well, protecting us from cyberattacks and preventing fraud etc.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. If you need details about the specific legal ground we are relying on to process your personal data then please contact us. If we need to process your personal data for a different purpose that is not compatible with the original purpose, then we will let you know.

Please note that we may also process your personal data for a different purpose than listed above and without your consent where it is necessary for us to comply with our legal obligations.

HOW CAN YOU OPT OUT OF MARKETING?

We only directly market to you by SMS and email where it is legally allowed, for example where you have consented, where you have purchased (or negotiated to purchase) from us and did not chose to opt out, or if you have provided us with a business email address. When directly marketing to you we may use a combination of the data we hold about you to form a view on what we think you would be interested in.

We only want to market to users who actually want to hear from us. You can ask us to stop sending you marketing messages at any time by:

Selecting the opt-out link on any marketing message sent to you;
Contacting us using any of the methods in the 'How to contact us?' section at the end of this policy.

If you do opt-out of marketing from us, please note that we may still need to contact you for reasons other than direct marketing (for example to update you regarding your order or to update you with changes to our terms).

We will get your consent before we share your personal data with any third parties for their own marketing purposes.

HOW DO WE KEEP YOUR DATA SECURE?

We understand the importance of keeping your data secure. We take all reasonably necessary steps to ensure that your data is treated securely, in accordance with this policy, in order to prevent your data being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example, we limit the access to our customer's data and place confidentiality obligations on those who have access to it. If we become aware of a data breach we will notify the Information Commissioner's Office in a timely manner. We may also notify you in accordance with our legal requirements if we believe the breach is serious.

HOW LONG DO WE KEEP YOUR DATA FOR?

We only hold your personal data for as long as is necessary in order to comply with the purposes for which we collected it.

When we are determining the appropriate retention periods for your personal data, we take into consideration a number of factors including what personal data we are processing, the risk of harm from any unauthorised disclosure, why we are processing your personal data and whether we can achieve this outcome by other means without having to process it.

Occasionally we may anonymise data which means that it is no longer associated with you. We do this for statistical or research purposes so we can improve the services we offer to you. We can use anonymous data indefinitely without further notice to you.

Please contact us if you would like more information about our data retention policy.

WHO DO WE SHARE YOUR PERSONAL DATA WITH?

We may share your personal data with the following third parties for the purposes set out in the table above:

Suppliers so that they can fulfil any order or request you make with us;
Financial or payment processors where you are trying to arrange a payment to or from us;
Service providers who provide database, IT and system administration services (such as Salesforce which is based in the USA);
Credit reference agencies and banks that perform credit checks in order to determine your credit worthiness when you apply to open a credit facility with us;
Courts, regulatory bodies or law enforcement agencies if required;
If we refer any dispute between us to the ODR Platform, and/or we agree to engage in any alternative dispute resolution (ADR) procedure with you through the Platform, then to the extent that your personal data is relevant to the dispute we may disclose it to the European Commission, as operator of the ODR Platform, and to any ADR provider appointed to deal with the dispute; and
Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice. These parties may be based outside of the EEA.

These third parties are required to respect the security of your personal data and treat it in accordance with the law. We do not allow them to use your personal data for their own purposes unless it is incidental to the services they are providing to you on our request.

Transfers outside of the European Economic Area (EEA)

When we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded, for example by ensuring that country has been deemed to provide an adequate level of protection for personal data by the European Commission, using specific contracts approved by the European Commission, or where appropriate ensuring that they are part of the Privacy Shield (in the USA).

We outsource our technical development to a global technology services company. We allow their employees and contractors located in and out of the EEA have access to the personal data we hold so they can provide technical support services to us. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Credit checks

If you apply for a credit facility with us, we will usually instruct a credit reference agency to conduct a search to determine your creditworthiness. We provide your personal data to them so that they can carry out these checks and they provide the results directly to us. We use the results of the credit check to determine whether or not to grant you a credit facility.

We may use Equifax Limited, Experian Limited and Callcredit Limited to conduct the credit checks. You can find out more about each of them by visiting their websites. For information about how they share personal data they receive about you and/or your business here: https://www.callcredit.co.uk/crain. Please note that when credit reference agencies perform a credit check, a footprint may be left on your credit file which may be seen by other people viewing your file, such as other lenders. More information about each of the companies can be found here:

We also use Creditsafe Business Solutions Limited to perform credit checks. A link to their GDPR compliance can be found here: https://www.creditsafe.com/gb/en/more/about/gdpr.html.

Credit searches are a form of automated decision-making. Individuals have the right to ask that we do not make decisions that have a legal or significant effect on them using solely automated means, and object to an automated decision and ask that a person reviews the decision. If you would like to exercise these rights, please contact us using the details in the 'How can you contact us?' section. You can read more about your rights below.

WHAT LEGAL RIGHTS DO YOU HAVE?

Subject to certain legal conditions, individuals have the right to:

Request details of the personal data we hold and process about you (this is usually called a subject access request);
Request that any inaccurate information we hold about you is corrected;
Request that we delete the personal data we hold about you in certain situations;
Request that we stop using your personal data for certain purposes;
Request that we do not make decisions about you that produces legal or other significant effects on you using completely automated means;
Request that personal data we hold about you is given to you, or a third party chosen by you (where technically feasible), in a commonly used, machine-readable format;
Prevent the use of your personal data for marketing purposes by using any of the steps at the 'How do I opt-out?' section; and/or
Withdraw your consent where you have provided it.

To exercise any of the rights set out above, please contact us using the details at the end of this policy. If you do so, please provide us with as much information as you can about the request you want to make in order to help us respond as soon as we can. You might need to provide us with proof of identity (for example a passport or driving licence) before we can fully respond, as we need to be sure we are giving the correct personal data to the correct individual.

We will usually respond to a request from you to exercise your rights within 1 month of receipt, but it might take longer if your request is particularly complex or if you have made a number of requests. Please note that the rights listed above may not apply in certain circumstances or specific exemptions may apply, and so we may not always be able or required to comply with your request to exercise these rights. You will not usually have to pay a fee to exercise these rights, but we reserve the right to if your request is clearly unfounded, repetitive or excessive, alternatively we may refuse to comply with your request.

For more information on these rights please see: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/. Please be aware that we may need to process your personal data and/or request specific information from you to help us comply with your request.

You also have the right to complain to the Information Commissioner's Office, the UK supervisory authority for data protection issues. Before exercising this right, we encourage you to contact us first to resolve any complaint you may have, although this is not legally required. More details can be found here: www.ico.org.uk. You can write to them at Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or call them on 0303 123 1113.

WHAT ABOUT CHANGES TO THIS POLICY?

This policy was last amended on 2nd August 2018 and supersedes any earlier versions.

We reserve the right to update this policy to reflect any changes to the way in which we collect, process or share your personal data, or to reflect any legal requirements. When we make any changes, we will upload the new version to our site. The new version will take effect as soon as it is uploaded.

HOW CAN YOU CONTACT US?

If you have any questions about this policy or would like to exercise any of the rights mentioned, you can either:

Email us: dpo@euroffice.co.uk;
Write to us: at Data Protection Officer, Euroffice Limited, Unit 4, Perrywood Business Park,Honeycrock Lane,Redhill, RH1 5DZ; or
Contact us: using the options included in this link: https://www.euroffice.co.uk/contact_us.