2.4. Legal grounds for collection
The purposes for which we use your Personal Data and the legal basis under data protection laws on which we rely to do this are explained below.
• Performance of the contract with you or to take steps to enter into it. We may use and process your Personal Data where we have supplied you (or continue to supply you) with any Services or orders, or where you are in discussions with us about any new Services or orders. We will use this information in connection with the contract for the supply of Services or orders when it is needed to carry out that contract with you or for you to enter into it, and to manage your account with us.
Legitimate interests or that of a third party for the following purposes:
- Responding to and managing your queries and complaints;
- Providing marketing content (other than where we rely on your consent to do this);
- Providing the Services and/or information to you;
- Transmitting Personal Data for internal administrative purposes;
- Hosting and maintaining our sites;
- Providing technical support to you;
- Preventing and detecting fraud and other criminal offences;
- To assess and improve our service through recordings of any calls with our contact centres;
- Ensuring network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
- To comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
- For assessing the quality of our Service and to provide staff training within the business;
- For the management of queries, complaints, or claims; and
- For the establishment and defence of our legal rights.
• Compliance with a legal obligation. We will use your Personal Data to comply with our legal obligations: (i) to assist any public authority or criminal investigation body; (ii) to identify you when you contact us; and/or (iii) to verify the accuracy of data we hold about you.
• Consent. We will ask for your consent to send you direct marketing communications. Please see item 7 below for more information.
2.6. Data anonymisation and use of aggregated information
3. USE AND RETENTION OF PERSONAL DATA
Provision, improvement and support of our Services: This includes data analyses, the identification of usage trends, as well as calculations and statistics on user access patterns.
Marketing: Where you have provided Personal Data by signing up to receive marketing information, it will only be used for marketing purposes, such as surveys, promotions, events, incentives or other advertising campaigns, in accordance with your marketing preferences. In this case, we will store your Personal Data for as long as you are subscribed to our email marketing list. Your consent to use your Personal Data for marketing purposes can be withdrawn at any time. If you withdraw your consent, we will keep your email address on our suppression list to ensure that we do not send you marketing emails.
Mailing of communications: If you register for our email communications, we exclusively use the Personal Data provided by you to verify that you are the owner of the email address indicated and wish to receive the content, to compile a mailing list, and to analyse the usage of our communications. In this case, your Personal Data will be stored for the duration of 2 years after the last interaction.
Ordering of documents, reports or other materials: If you order reports or other materials from us, the personal information provided by you is used for processing your order and will subsequently be stored for a maximum period of 2 year after the last consignment.
Use of contact forms: If you use a contact form for enquiries or complaints, the Personal Data provided by you in the contact form is used to process the enquiry and stored for as long as it reasonably required to resolve your enquiry or complaints. Your Personal Data will be stored for the duration of processing the enquiry and a maximum period of 2 years after completion of processing.
Job exchange: Job applications contain Personal Data (e.g. curriculum vitae, contact data, etc.). We may use such Personal Data within the Wienerberger Group (see item 4) to decide on whether to offer the applicant a position or to reply to the letter of application. Only if you explicitly agree, we will keep the data on record for a maximum period of 2 years after the last contact (unless longer storage is legally permissible for other reasons) for possible consideration at a later point in time.
Cleansing and consolidation of data: From time to time, the Personal Data provided by you can be cross-checked against or consolidated with (i) data from our existing registers (online and offline), (ii) data taken over from a legal predecessor, or (iii) data from other sources.
The exceptions to the above are where:
- we need your Personal Data to establish, bring or defend legal claims or to comply with a legal or regulatory requirement;
- the law requires us to hold your Personal Data for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law or you exercise your right to require us to retain your Personal Data for a period longer than our stated retention period (see “Your Rights” at item 7 below); or
- in limited cases, the law permits us to keep your Personal Data indefinitely provided we put certain protections in place.
When it is no longer necessary to retain your data, we will delete the Personal Data that we hold about you from our systems. After that time, we may aggregate the data (from which you cannot be identified) and retain it for analytical purposes. If we collect your Personal Data, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain Personal Data in an identifiable format for longer than is necessary.
4. OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL DATA
Depending on the type of interaction you requested (e.g. call to be returned, placement of an order, request for services, information, etc.), your Personal Data may be exchanged with third parties involved in order execution (e.g. mail order companies, banks, hauliers, stockists, contractors, etc.) or other companies of the Wienerberger Group. We may also be required to disclose Personal Data in order to meet legal requirements or to enforce rights and agreements.
Third parties: For the execution of certain orders and for the provision of certain services, we may disclose your Personal Data to our external third party service providers, agents, subcontractors and other organisations (e.g. forwarding agents). Such third parties may include cloud service providers (such as hosting and email management), events and marketing management, software providers, courier services, advertising agencies and administrative services. Our third party service providers are allowed to use or transmit the data collected and processed by us for no other purpose but execution of the order placed by the Company. When we use third party service providers, we only disclose to them any Personal Data that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
For a complete list of the companies of our Group, please visit https://www.wienerberger.com/contact or https://www.wienerberger.com/thecompany/company-sites.
Compliance with laws and similar obligations: We will transfer your Personal Data if we are under a duty to disclose it in order to (i) enforce or comply with a law, a regulation, an order issued by a public authority or compulsory measures, (ii) detect and prevent security threats, fraud or other malicious activities, (iii) protect and/or enforce the rights and the property of the Company or of third parties, and (iv) protect the rights and the personal security of our employees and of third persons.
Business restructuring or reorganisation: We may transfer your Personal Data to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation.
5. WHERE WE STORE YOUR PERSONAL DATA
All Personal Data you provide to us is stored on our secure servers which are located within the European Economic Area (EEA).
If at any time we transfer your Personal Data to, or store it in, countries located outside of the EEA (for example, if our hosting services provider changes) we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. This is because some countries outside of the EEA do not have adequate data protection laws equivalent to those in the EEA.
If you use our Services whilst you are outside the EEA, your Personal Data may be transferred outside the EEA in order to provide you with those Services.
We may collect your preferences to receive marketing information directly from us by email, SMS, telephone and post in the following ways:
- when you sign up online or through the mobile app and indicate that you would like to receive such marketing from us;
- if you place an order and/or engage our Services and indicate (by opting in) you would like to receive marketing information;
- when you meet us at an event or exhibition and indicate (by opting in) you would like to receive marketing information; or
- when you update your marketing preferences via email, SMS, telephone or post, or when responding to a request from us to do so.
You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see “Your Rights” at item 7 below for further details on how you can do this.
7. YOUR RIGHTS
You have a number of rights in relation to your Personal Data under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your Personal Data. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.
- Personal Data where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings. In these situations, we may only process your Personal Data whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
- Transferring your Personal Data in a structured data file (“data portability”). Where we rely on your consent as the legal basis for processing your Personal Data or need to process it in connection with your contract, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file. You can ask us to send your Personal Data directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your Personal Data if this concerns other individuals or we have another lawful reason to withhold that information.
- Complaining to the UK data protection regulator. You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your Personal Data. Please visit the ICO’s website https://ico.org.uk/ for further details.
8. DATA SECURITY
The Company employs a large variety of data security measures to ensure the confidentiality and integrity of your Personal Data. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your information transmitted to our website and any transmission is at your own risk. Once we have received your Personal Data, we put in place reasonable and appropriate controls to ensure that it remains secure against accidental or unlawful destruction, loss, alteration, or unauthorised access.
Where we have given (or where you have chosen) a password which enables you to access an account, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Further details on technical and organisational security measures are available on request, enquiries should be directed to the contact information indicated under item 9.
Cheadle Royal Business Park
If you would prefer to speak to us by phone, please call: 0161 491 8200
Our email address for data protection queries is: firstname.lastname@example.org
10. CHANGES TO THIS POLICY
(Last updated 31/01/2020)