Who we are
What is personal data?
The GDPR (General Data Protection Regulation) applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified by that data. This includes corporate email addresses and phone numbers where they are specific to you as an individual.
The lawful bases we rely on for processing your data
The law on data protection sets out several different reasons that a company may have for collecting and processing your personal data. These include:
We may need your personal data to comply with our contractual obligations, for example to deliver an order you have placed with us.
In certain circumstances will use your business contact data to pursue our legitimate interests in a reasonable way as part of the running of our business. We may send you email communications which we think will be of interest to you. We will only process your data provided that it does not materially impact on your rights, freedom or interests. Furthermore, we have conducted the necessary balancing and necessity tests and are unlikely to cause you unwarranted distress or harm.
When we collect your personal data
We may collect information about you when you:
• Register with us on Elfab.com or ElfabTech.com
• Contact us by any means with a query or complaint
• Place an order or enquiry for products or services
• Supply us with goods or services
• Visit our stand at an exhibition
• Provide us with a business card
• Complete an online sign up form
• Request a site visit
• Make your contact details publicly available (e.g. on the internet, or on LinkedIn)
We may also collect your data via cookies when you visit our website.
The cookies we use to deliver the Google Analytics service store information such as the time you visited the website and whether you have visited before. The cookies contain no personally identifiable information but they do use your computer’s IP address to know where in the world you are accessing the internet from.
The data we collect
• We collect information directly from web site users when you voluntarily submit your personal information to us. At certain parts of our web site, we may provide the opportunity for users to register for an event or order goods, join a mailing list or request information. We will collect your full name, email address, telephone and mobile numbers.
• If you have purchased products from us or if you have an ElfabTech account with us, we will collect your full name, email address, telephone and mobile numbers. We may also from time to time review a user’s ElfabTech account activity so that we can understand user interactions.
• For marketing purposes, we will only collect and/or use basic personal data about you such as your name, company name, address, email address and telephone and mobile numbers.
• Unless otherwise agreed with you, we will not collect any special categories of personal information about you (often known as ‘sensitive personal data’).
What we do with your data and why
Processing orders, quotes or enquiries
• We will use your data to process any orders you make by email or telephone.
• We may need to pass your details on to a third party such as a courier service to supply or deliver the product you ordered.
• We may keep your details for a reasonable period afterwards in order to fulfil any contractual obligations such as providing proof of delivery, warranties or technical support.
• We will enter your data into our customer database so that our sales and technical support teams are aware of what you purchased and when, as well as any other contact you have had with us such as raising a query or complaint. They may use your data to provide you with any product support and technical information you require. We do this on the basis of our contractual obligations to you and our legitimate interests in providing you with the best possible services.
• Where you have an existing relationship with us, having in the past purchased or made an enquiry, or where we have obtained your business contact information indirectly (e.g. from publicly available sources) we will enter your data into our CRM so that we can send you communications, details of products, services and news that we believe will be of interest to you. We will make every effort to only contact you where we feel we can offer relevant products and will only contact you using your corporate contact details. We will do this as part of our legitimate business interests. You can opt out of these marketing communications at any by time selecting the unsubscribe link that we include with every marketing email. Additionally, you can request that we remove your contact details by emailing GDPR@elfab.com.
• We will monitor your response to marketing emails and may use this information for future communications with you.
• We may use your data to send you customer survey requests to help improve our services. These survey messages will not include any promotional content.
• Where we have obtained your business contact information and where you have not made a past purchase or enquiry, we will always provide you with full notification that we hold your details and an option to request that we remove your contact details within 30 days of their receipt. You can request that we remove your contact details by emailing GDPR@elfab.com or selecting the unsubscribe link that we include in the initial 30-day notification email.
We will only collect the personal data that we need in order to oversee the products and services we have agreed to provide you with or to send you relevant marketing information.
Please be assured that we will not sell or rent your information to any third parties.
How long we keep your data
Whenever we collect or process your personal data, we’ll only keep it for as long as necessary for the purpose for which it was collected.
At the end of that retention period, your data will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained. When you place an order, we’ll keep the personal data you give us so that we can comply with our legal and contractual obligations in relation to that order.
Who processes your personal data
All the personal data we hold about you will be processed by our own staff based in the United Kingdom or overseas. We may share your data with other trusted third parties such as delivery couriers.
We will always take all reasonable steps to ensure that your personal data is processed securely and only provide the information that the third party requires to perform their specific services. If we stop using their services, any data held by them will either be deleted or rendered anonymous.
Where your personal data may be processed
We may need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. Wherever you are located, your personal data may be stored on servers in the UK.
For individuals geographically located within the European Economic Area (EEA) we may sometimes need to share your personal data with third parties or suppliers outside that area such as our email services provider based in the USA. Where we do this, we always ensure that your data receives the same level of protection as if it were processed within the EEA.
For individuals geographically located outside the European Economic Area (EEA) we will treat your personal data in exactly the same way as if you were located within the EEA and follow the same processes and procedures.
How we protect your personal data
We will treat your personal data with the utmost care and take all reasonable steps to protect it. Access to your personal data is strictly controlled and limited to the most relevant users only.
We regularly monitor our systems for possible vulnerabilities and to ensure that they are completely secure and up to date.
Your rights concerning your personal data
The new GDPR regulations provide you with the right to request:
• Access to the personal data we hold for you. In most cases this will be provided free of charge.
• That we amend your personal data if it is incorrect, out of date or incomplete.
• That we stop any marketing activity such as email marketing after you withdraw your consent or unsubscribe. We will always comply with your request.
• That we stop using your personal data for direct marketing or other purposes where we are contacting you on the basis of our legitimate interests. We will comply with your request unless we believe that we have a legitimate overriding reason to continue with that activity.
• That we erase all the data we hold about you.
You can find out more about your rights on the ICO website.
If you want to exercise these rights, you can contact us by emailing: GDPR@elfab.com or by writing to us at: GDPR Team, Elfab Limited, 12 Alder Road, North Shields Tyne & Wear, NE29 8SD
If you are not satisfied with the way that we are processing your personal data, you may lodge a complaint with the ICO. Visit the ICO website to find out more https://ico.org.uk/concerns or call them on 0303 123 1113.
For individuals based outside the UK you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
How to stop the use of personal data for direct marketing
You can stop receiving direct marketing by email or post at any time.
• To opt out of emails, click the unsubscribe link at the bottom of any marketing email we send you.
• To opt out of direct mail, email GDPR@elfab.com. Write ‘unsubscribe to mail’ in the subject line.
If you need any further information you can write to us at: GDPR@elfab.com, or GDPR Team, Elfab Limited, 12 Alder Road, North Shields Tyne & Wear, NE29 8SD