Our Terms and Conditions
NEWMAN THOMSON LTD
PRIVACY NOTICE FOR CUSTOMERS
Newman Thomson Ltd understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
1. Information About Us
Newman Thomson Ltd.
Limited Company registered in England under company number 01285426.
Registered address: 1 Jubilee Road, Victoria Industrial Estate, Burgess Hill, West Sussex RH15 9TL.
Main trading address: As for registered address.
VAT number: 315 6079 64
Data Protection Officer: Chris Payne.
Email address: firstname.lastname@example.org.
Telephone number: 01444 480700.
Postal Address: As for registered address.
We are regulated by the ICO (Information Commissions Office).
We are a member of the British Printing Industry Federation (BPIF).
2. What Does This Notice Cover?
This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
4. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
b) The right to access the personal data we hold about you. Part 10 will tell you how to do this.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 11 to find out more.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us] using the details in Part 11 to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that you can ask us for a copy of your personal data held by us to re-use with another service or business in many cases.
h) Rights relating to automated decision-making and profiling. We do not use automated decision-making in this way. However, the Company uses personal data for profiling purposes (see 7 for details). For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 11.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).
5. What Personal Data Do You Collect?
We may collect some or all of the following personal data from the website and/or direct from our customers and/or third parties as indicated below (this may vary according to your relationship with us):
• [Customer business name;]
• [Customer contact names;]
• [Postal address and Postcodes;]
• [Email addresses;]
• [Telephone numbers;]
• [Job Title;]
• [Customer credit limit and financial information;]
• [Date customer opened account;]
• [Customer sales order/email order;]
• [Customer production specifications/schedule and instruction;]
• [Customer estimates/quotes;]
• [Customer Invoices/prices;]
• [Payment Information e.g. credit card details;]
• [Delivery addresses;]
• [Information about your preferences and interests;]
• [IP Addresses;]
• [Cookie identifiers;]
Your personal data may be obtained from the following third parties,:
• Credit agencies
• Legal authorities.
• Companies House.
• Social Media.
6. Security caution using website.
External Links regarding our website
Although our website only looks to include quality, safe and relevant external links, users are advised adopt a policy of caution before clicking any external web links mentioned throughout this website. (External links are clickable text / banner / image links to other websites)
The owners of this website cannot guarantee or verify the contents of any externally linked website despite their best efforts. Users should therefore note they click on external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned.
Social Media Platforms
Communication, engagement and actions taken through external social media platforms that this website and its owners participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
Users are advised to use social media platforms wisely and communicate / engage upon them with due care and caution in regard to their own privacy and personal details. This website nor its owners will ever ask for personal or sensitive information through social media platforms and encourage users wishing to discuss sensitive details to contact them through primary communication channels such as by telephone or email.
This website may use social sharing buttons which help share web content directly from web pages to the social media platform in question. Users are advised before using such social sharing buttons that they do so at their own discretion and note that the social media platform may track and save your request to share a web page respectively through your social media platform account.
Shortened Links in Social Media
Our website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: https://bit.ly/2KKJ1iE ).Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
7. How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you and/or because it is in our legitimate business interests to use it. Your personal data will be used for one of the following purposes:
• [Providing and managing your account with us.]
• [Supplying our products and/or services to you. Your personal details are required in order for us to enter into a contract/agreement with you.]
• [Personalising and tailoring our products and/or services for you.]
• [Communicating with you. This may include responding to emails or calls from you.]
• [Supplying you with information by email and/or post that you have opted-in to (you may unsubscribe or opt-out at any time by emailing email@example.com or by post addressed to the Data Protection Officer at the business address.]
With your permission and/or where permitted by law, we may also use your personal data for marketing purposes, which may include contacting you by email AND/OR telephone AND/OR text message AND/OR post with information, newsletters, and offers on our products AND/OR services. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
We use the following automated system for carrying out certain kinds of profiling. If at any point you wish to query any action that we take on the basis of this or wish to request ‘human intervention’ (i.e. have someone review the action themselves, rather than relying only on the automated method), the GDPR gives you the right to do so. Please contact us to find out more using the details in Part 11.
• The following automated profiling may take place:
o Analytics – To try and give you the best experience on our website and let us learn how people use our website, we use various analytics programmes from our authorised service providers. The data used by these programmes is kept securely in pass worded accounts, and is only visible to authorised personnel at Newman Thomson. No personally identifiable details are disclosed in these programmes. Each user is given a random user number and location details are limited to Town/City as the closest detail. Subscriber’s postcodes may be used to geographically split our mailing list for the purpose of localised offers or events:-
o When personal data is used for profiling purposes, the following shall apply:
o Clear information explaining the profiling shall be provided to data subjects, including the significance and likely consequences of the profiling;
o Appropriate mathematical or statistical procedures shall be used;
o Technical and organisational measures shall be implemented to minimise the risk of errors. If errors occur, such measures must enable them to be easily corrected; and
o All personal data processed for profiling purposes shall be secured in order to prevent discriminatory effects arising out of profiling (see Parts 22 to 26 of this Policy for more details on data security).
8. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
Data Retention period
[Customer business name;] 6 years after last job
[Customer contact names;] 6 years after last job
[Gender;] 6 years after last job
[Postal address and Postcodes;] 6 years after last job
[Email addresses;] 6 years after last job
[Telephone numbers;] 6 years after last job
[Job title;] 6 years after last job
[Customer credit limit and financial information;] Reviewed annually
[Date customer opened account;] 6 years after last job
[Customer sales order/email order;] 6 years
[Customer production specifications/ schedule and instruction; ] 6 years
[Customer estimates/quotes;] 6 years
[Customer Invoices/prices;] 6 years
[Payment Information e.g. credit card details;] 6 years
[Delivery addresses;] 6 years after last job
[Information about your preferences and interests;] 6 years after last job
[IP Addresses;] 6 years after last job
[Location;] 6 years after last job
[Cookie identifiers;] 6 years after last job
9. How and Where Do You Store or Transfer My Personal Data?
We will mainly store your personal data in the UK. This means that it will be fully protected under the GDPR. However, some digital data is stored in the United States, where both Google and Mailchimp are based. In this instance the EU Privacy shield applies – see www.privacyshield.gov/welcome, where your data is protected as it would be if in the EU.
10. Do You Share My Personal Data?
We may sometimes contract with the following third parties to supply services to you on our behalf. These may include payment processing, additional work processing, delivery, and marketing. In some cases, those third parties may require access to some or all of your personal data that we hold.
• Lloyds Bank and Lloyds Cardnet – for customer refunds and customer card payments respectively.
• Mailing Houses – for mailing fulfilment and postage for onward delivery of our products and/or services to your customers or subscribers to names and addresses you have provided.
• Outwork companies – sometimes work needs to be fulfilled by sub-contractors.
• Courier organisations – for delivery of our products and/or services to names and addresses you have provided.
• Richard Place Dobson – for auditing purposes
In some limited circumstances, we may also be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, or the instructions of a government authority, such as HMRC.
If any of your personal data is required by a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law.
Your Rights As A User
The GDPR provides the following rights for individuals:
10. The right to be informed
By providing you with this privacy statement we are informing you of what data we
collect, how we use that data, how long we keep that data, how we protect that data and
who we share that data with. In the unlikely event of a data breach, we would inform you
as soon as reasonably possible, and we would inform you of what data had been
exposed to the breach.
11. The right of access
You have the right to know we process your data, exactly what data we hold on you, and we have an obligation to provide that data in a usable format, without delay and for free, unless the request is unfounded, excessive or repetitive (in which case there will be a reasonable charge). If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
12. The right to rectification
If any information we have is incomplete or inaccurate, you have the right to ask for this to be corrected.
13. The right to erasure
Also known as the right to be forgotten. This is your right to have all the personal data we hold you to be removed without reason. If you wish to have all data we hold on you to be erased please contact the data protection office firstname.lastname@example.org.
14. The right to restrict processing
Your right to block or suppress processing of your personal data by us. (Processing is anything we do with your data)
15. The right to data portability
This allows you to retain and reuse your personal data for your own purpose, i.e. if you want to ask for the data we hold so you can transfer it to another supplier. If you wish to transfer your data please contact the data protection office email@example.com
16. The right to object
In certain circumstances, you are entitled to object to your personal data being used. These include objecting to your data being used for the purpose of direct marketing, scientific and historical research or the performance of a task in the public interest. If you wish to make an objection, please contact the data protection office firstname.lastname@example.org.
17. Rights in relation to automated decision making and profiling.
The GDPR has put in place safeguards to protect you against the risk that a potentially damaging decision is made without human intervention. For example, you can choose not to be the subject of a decision where the consequence has a legal bearing on you, or is based on automated processing. Note: To the best of our knowledge, there is no instance of where this may be the case on our website.
18. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
Email address: email@example.com.
Telephone number: 01444 480700.
Postal Address: 1 Jubilee Road, Victoria Industrial Estate, Burgess Hill, West Sussex. RH15 9TL.
19. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available by the Data Protection Officer and emailed to office staff and hard copies given to production staff.
Shortened Links in Social Media
This website and its owners through their social media platform accounts may share web links to relevant web pages. By default some social media platforms shorten lengthy urls [web addresses] (this is an example: http://goo.gl/l98tCR).
Users are advised to take caution and good judgement before clicking any shortened urls published on social media platforms by this website and its owners. Despite the best efforts to ensure only genuine urls are published many social media platforms are prone to spam and hacking and therefore this website and its owners cannot be held liable for any damages or implications caused by visiting any shortened links.
Resources & Further Information
● Data Protection Act 1998
● Privacy and Electronic Communications Regulations 2003
● Privacy and Electronic Communications Regulations 2003 – The Guide
Updated 24th May 2018 by: Newman Thomson Ltd, 1 Jubilee Road, Victoria Industrial Estate, Burgess Hill, West Sussex, RH15 9TL.