Privacy Policy
Group SCS are committed to respecting your privacy and protecting your personal information. This policy tells you the types of information we collect about you when you visit our website or which we otherwise obtain directly from you or from a third party, how we use that information, and the instances in which we share your information. This policy may be subject to future change.
The Group SCS website and our products and services are not intended for children. We do not knowingly collect data relating to anyone under the age of 18.
For the purposes of this policy, the term “personal data” means any information which identifies you or which allows you to be identified when combined with other information. It’s important that any personal data we hold about you is current and accurate. If your personal data changes during your relationship with us, then please let us know.
What information do we collect about you?
In order to operate our business, we may collect, use, store and transfer different kinds of personal data about you. This personal data can be grouped into the following categories:
Personal data; Includes name, username or similar identifier, job title, date of birth, gender.
Contact data; includes email address, billing address, delivery address, telephone numbers, how to contact you or other information given to us for the purpose of a communication or meeting.
Transactional data; includes details about payments from and to you, products and services purchased from us including how a purchase was made and the payment method used, bank account details, changes you make to your account.
Technical data; includes information on how you access and use and interact with our website and email such as devices use, time and date accessed, your internet protocol (IP) address, browser and location settings, pages visited, interactions with our social media channels.
Profile data; includes employer details, purchases made by you or your employer, your interests, preferences, industry.
Marketing data; includes your communication preferences, preference on which marketing material you receive from us.
Employment data; includes your current and past employment details, qualifications, skills, driving licence and passport information, interests and any other information disclosed by you in relation to an application for a role within Group SCS.
Open data; includes other information that is openly available on the internet.
We also collect, use and share Aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate data to calculate interest in a product or service. However, if we combine or connect aggregated data with your personal data so you can be directly or indirectly identified, we treat the combined data as personal data which will be used in accordance with this policy.
Information we DON’T collect about you
We don’t collect any Special category (sensitive) data about you (this includes information about your health and genetic and biometric data, racial or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership). Nor do we collect any Criminal conviction data.
How we collect personal data about you
We use a variety of methods to collect data from and about you including;
Directly from you; Information you give us when you fill out forms, correspond or interact with us via our website, phone, e-mail, social media channels or post.
Automated technologies or interactions; Information you provide to us as you interact with us electronically through our website or emails. We may automatically collect technical data about your browsing actions and patterns and equipment used. This data is collected by using cookies and other similar technologies. Please refer to our cookie policy for more information on our use of cookies.
Publicly available sources or third parties; We may receive personal, contact and employment data about you from various third parties or publicly available sources. These include analytic providers, advertising networks, data brokers or aggregators, employment / recruitment agencies, social media platforms and Companies House.
How we use your personal data
Before we use your personal data, the law requires that we meet certain criteria. We take this responsibility seriously and as such we’ve set out below how we use the personal data we hold about you, as well as telling you the legal basis for processing it.
| Purpose / Activity | Lawful basis for processing |
|---|---|
| Managing our relationship with you and your business. This includes processing and delivering orders; managing payments, fees and charges; dealing with your enquiries; telling you about changes to our products and services; notifying you of any changes to our terms and conditions or policies. | Legitimate interests – we use your personal data in order to deliver performance of a contract with you, provide you with our products and services and to meet any legal obligation we’re subject to. |
| Sending you information about our products and services which we believe may be of interest to you. | Legitimate interests – we use your personal data to communicate with you as it is necessary for us to develop our business and the products and services we offer. |
| Administration and protection of our business and website. This includes testing our systems; support; planning; reporting; communications; corporate governance and auditing business capability; troubleshooting. | Legitimate interests – it is necessary for us to run our business in an efficient and proper way and ensures compliance with any legal obligations. |
| Delivery of relevant website content and advertisements and measurement of the effectiveness of this. | Legitimate interests – we use your personal data to develop our business; understand interest in the products and services we offer; inform our marketing strategy; helping us understand the effectiveness of our content and marketing. |
| Using website analytics to improve our customer experience; customer relationship; marketing; products and services. | Legitimate interests – we use website analytic data to ensure our website is up to date and relevant and to develop our marketing strategy in order to grow our business. |
| To meet any applicable legal, regulatory and compliance requirements including, allowing us to monitor and analyse the use of any account to prevent, investigate and/or report fraud, misrepresentation, security incidents or crime. | Legitimate interests – it is necessary for us to run our business in an efficient and proper way and ensure compliance with any legal obligations. |
| To process your application for a job role with us. | Legitimate interests – we use your personal data in order to consider your application and to comply with any legal obligations. |
How long do we keep your personal data for?
We’ll keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We’ll only keep your personal information after this period if there’s a legitimate and provable business reason to do so. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
You can request details of our retention periods by contacting us. In some circumstances we may anonymise personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you. In some circumstances you can ask us to delete your personal data as detailed under your rights.
Who do we share your personal data with?
We may have to disclose and share your personal data with the following parties for the purposes listed under how do we use your information.
Other companies within Group SCS, third-party suppliers, contractors and service providers who perform functions on our behalf in connection with the operation of our business. This may include IT service providers and system administrators as well as third parties who host and manage data.
Third parties if we are required to do so by law, or if we believe that such action is necessary. This includes fulfilling a government, or regulatory authority request; conforming with the requirements of the law, or protecting or defending our legal rights or property, our websites or customers.
Professional advisers including solicitors, bankers, auditors and who provide consultancy, banking, legal, insurance and accounting services.
Third party analytics partners to analyse website traffic and understand customer needs and trends.
Third party advertising partners to advertise products to you on third party sites which are tailored to meet your preferences and likely interests.
If we choose to sell, buy, transfer or merge any parts of our business or our assets we’ll disclose your personal data to the prospective seller or buyer of such business or assets. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this Privacy Policy.
How we keep your personal data secure
We have appropriate measures in place to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We use Secure Socket Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and subject to a duty of confidentiality.
Additionally, we have procedures in place to monitor for and deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Transferring your personal data outside of the EU
Your personal data may be transferred and stored outside the European Economic Area (EEA). We’ll take all reasonably necessary steps to make sure that your data is treated securely and in accordance with this privacy policy.
We’ll only transfer your personal data to countries outside of the EEA; where the country has been deemed to provide an adequate level of protection for personal data by the European Commission, or where the transfer is based on standard data protection clauses adopted or approved by the European Commission, or where the recipient is subject to an approved certification mechanism and the personal information is subject to appropriate safeguards.
Vendors
Your rights
Under data protection law you have the right to;
Request access to the personal data we hold about you commonly known as a subject access request (SAR).
Make us correct any inaccurate personal data we hold about you.
Make us remove any personal data we hold about you where there is no business or legitimate interest for us to hold it. You also have the right to ask us to remove personal data where you have successfully exercised your right to object to processing or where we may have processed your information unlawfully.
Restrict us processing personal data we hold about you when; you dispute the accuracy of the information we hold about you, where you require that your personal data is removed but it is required in order to stop processing.
Object to us processing personal data we hold about you where you feel it is impacting on your fundamental rights and freedoms. You also have a right to object where we are processing your personal data for marketing purposes.
Request transfer of your personal data to yourself or a nominated third party in a structured, commonly used, machine readable format.
Withdraw your consent at any time, where we are relying on consent to process it, for example providing you with information on our products and services.
If you wish to exercise any of the above rights, please contact us. You will not have to pay a fee to access your personal data or to exercise any of your rights. However, a reasonable fee may be charged should your request be clearly unfounded, repetitive or excessive, or we may choose to refuse to comply in these circumstances.
We aim to respond to all requests within one month and should we anticipate it taking longer than this due to complexity or the number of requests you have made we will notify you accordingly.
Contacts and complaints
If you have any questions about our privacy policy or wish to exercise any of your rights, including changing your marketing preferences, please contact our appointed Data Protection Officer:
Name: Macarena Machado
E-mail address: m.machado@groupscs.co.uk
Postal address: T2 Capital Business Park, Parkway, Cardiff, CF3 2PZ
You have the right to make a complaint to the Information Commissioner’s Office, at any time if you have any concerns about the way we process your personal data, or aren’t happy with the way we’ve handled a request by you in relation to your rights. We would however appreciate the chance to deal with any concerns, so please contact us in the first instance.
Last updated: November 2021
