Privacy Notice – ENSE UK Limited
Who we are
ENSE UK Limited (company number 08370158) ("we", "us", "our") collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
Information collected by us
In the course of dealing with your enquiries about our buying group or managing our buying group when you become a member we collect the following personal information when you provide it to us:
- your name, job title, phone number, address and email address and any other contact details you give us when you make an enquiry or provide details about your business when you participate in our buying group
- payment details (if you are a sole trader)
information your organisation provides to us including:
- your personal business details (name, job title, email address, contact details)
How we use your personal information
We will use this information to:
- inform you about the benefits of membership of our group
- as part of our application process to become a member
- provide services to you or your organisation as part of our buying group
- collect and process payments
- inform you about changes and improvements to our services
Who we share your personal information with
We share your personal data with members of our buying group so that they can contact you or your organisation in the course of their membership of our buying group. These members are primarily in the UK and Ireland but may also be elsewhere (e.g. the USA). We also share your information with our IT providers in order to be in communication with you and to maintain our website and database. These providers are also in the USA. We will share personal information with law enforcement or other authorities if required by applicable law. Where we need to enforce our rights to payment or other rights we may share your details with enforcement officers or agents, the court and our professional advisers.
Whether information has to be provided by you, and if so why
The provision of your contact details and other personal data is required from you in order to deal with your enquiry and arrange and manage your membership of our buying group. If you do not provide us this information we will not be able to deal with your enquiry and provide the benefits of our buying group to you. We will inform you at the point of collecting information from you (including via this Privacy Notice), whether you are required to provide the information to us.
How long your personal information will be kept
When submitting enquiry forms or information we will keep your data for up to two years if no further contact has been made. Where you become a member, we will keep your data for the duration of your membership and up to six years after that (the limitation period for legal claims) and longer if we are required to do so by law.
Reasons we can collect and use your personal information
We rely on the following lawful reasons to collect and use your personal data and on occasion more than one lawful basis may apply to the processing:
- to perform or enter into any contract with you
- our legitimate interests in running and marketing our buying group to both our benefit
- to comply with our legal obligations
- to protect your vital interests or that of another person (e.g. in an emergency)
- where you consent to the processing where we ask you to (e.g. for certain sorts of marketing or other processing where the law requires this)
Transfer of your information out of the EEA
As noted earlier the database of contact information we make available through our site is accessible by members of our buying group located outside of the UK & Ireland. In addition, we may transfer your personal information to our IT providers located in the USA, which is outside the European Economic Area (EEA). Other countries do not have the same data protection laws as the United Kingdom and EEA. We will ensure that any transfer of your personal information where the GDPR applies to such transfer will be subject to the appropriate or suitable relevant safeguards (e.g. European Commission approved contract) as may be required under the General Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. In general, we and our third-party suppliers use contract clauses for such transfers (Article 46.2 GDPR) unless the country in question is judged adequate under Article 45 GDPR (including in the case of the USA Privacy Shield). If you would like further information, please contact us (see ‘How to contact us’ below).
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information that this Privacy Notice is already designed to address
- access to your personal information and to certain other supplementary information
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- where the processing is based on your consent you may withdraw your consent at any time
- otherwise restrict our processing of your personal information in certain circumstances
- email, call or write to us (contact details below let us have enough information to identify you [(eg. account number, user name, registration details)],
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any account or reference numbers, if you have them
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses. Please be aware that sending information over the internet is generally not typically secure so any data you send is sent at your own risk.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner (ICO) who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113. ICO also has regional offices in Wales, Scotland and Northern Ireland ( https://ico.org.uk/global/contact-us/postal-addresses/) The Irish supervisory authority is the Data Protection Commissioner - https://www.dataprotection.ie/docs/Home/4.htm.
Changes to this privacy notice
This privacy notice was published on 24 May 2018. We may change this privacy notice from time to time, when we do we will inform you via email or by posting the updated notice on our website.
How to contact us
Please contact us if you have any questions about this privacy notice or the information we hold about you. If you wish to contact us please send an email to firstname.lastname@example.org, or write to ENSE UK LTD, Seven Stars House, 1 Wheler Road, Coventry, CV3 4LB.