PRIVACY NOTICE
The Business Supplies Group Ltd
Privacy Notice
We are committed to protecting the privacy and security of personal data. This notice tells you how we will collect and use your personal data, and what you should expect in respect of the personal information about you that we have collected.
We are The Business Supplies Group Limited (Registered in England no: 13624537). Our registered office is at 107 Longmead Road, Emerald Park East, Emersons Green, Bristol BS16 7FG.
We are the data controller of the personal data that we keep and use, and we are therefore responsible for making sure that our systems, processes and people comply with the relevant data protection laws in respect of that personal data.
We will act in respect of personal data to comply with the six principles of the UK General Data Protection Regulation (UK GDPR), which are:
Lawfulness, fairness and transparency;
Purpose limitation;
Data minimisation;
Accuracy;
Storage limitation;
Integrity and confidentiality.
You have rights in respect of how your personal data can be processed; these include the right to request:
a copy of your personal data;
that inaccurate data is rectified; and
that your personal data is, in certain circumstances, erased or restricted.
You have the right to complain to the Information Commissioner, which you can do by contacting the Information Commissioner’s Office (ICO) directly. Full contact details, including a helpline number, can be found on the ICO website (www.ico.org.uk). This website also has useful information on your rights and our obligations. However, please raise any concerns or issues with us first so that we may deal with this as quickly as possible for you.
COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA
We collect and process data for the following reasons:
personal data collected and created in relation to our providing services; and
personal data relating to people who have asked to attend events run by us, receive our newsletters and other information services or marketing materials; and
personal data relating to our people (which means those people working for our business, or providing services to us, or potentially working or providing services to us, including employees, consultants, temporary or casual workers and contractors).
Personal data processed for the purposes of managed print services and hybrid mail solutions provided to our clients.
1. Providing our services
This includes the provision of technology and infrastructure to support managed print services and hybrid mail on behalf of our customers.
COLLECTION:
What data we collect
tracking information about your visit to our website and emails that we send out
Google analytics information
information that you provide to us enquiring about our services
information such as usernames, document names, print queue data, document metadata, and log activity related to print and mail management systems (and in some support cases where it is strictly necessary, the document content itself)
We do not collect sensitive or special categories of data.
How we collect it
We collect personal and business data in a number of ways
written correspondence
email
phone calls
web forms
meetings
social media
encrypted integration with print and mail systems configured for or on behalf of our customers
We also use software and automated ways of collecting information through the use of cookies, google analytics and the Hubspot marketing platform.
USE:
We will use the personal data in the provision of services, including for the necessary administration of the relationship with our client, and to comply with requirements that we are required to undertake.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
analyse website data and visitor interactions
in performance of a contract (the agreement to provide services); and/or
compliance with a legal obligation; and/or
vital interests of the data subject; and/or
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
to enable and support the functionality of managed print services and hybrid mail workflow for our clients.
We may also use your personal data in the following situations, which are likely to be less common:
where we need to protect your interests (or someone else’s interests);
where it is needed in the public interest or for official purposes.
Where we keep it:
Hubspot data centres (which could be outside the UK);
Google data centres (which could be outside the UK);
Microsoft data centres (which could be outside the UK);
Squarespace data centres (which could be outside the UK)
ECI data centres (which could be outside the UK);
Other third-party processors as used for managed print and hybrid mail systems as specified in contractual agreements with our customers (which could be outside the UK).
and our offices.
DISCLOSURE:
We may share personal data with third parties as is necessary in the provision of our services, including to third party providers who deliver services to support the operation of our company.
In respect of all disclosures of personal data, we will only share the personal information which is necessary for the particular purpose for which it is provided, or where we have another legitimate interest in doing so, and we will ensure that the personal data is appropriately protected.
RETENTION PERIOD:
We will keep personal data only for as long as is necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting or reporting requirements. Normally, our retention period for personal data collected for this purpose is a minimum of 6 years after the end of the period that we are providing services.
For print and mail metadata, data is typically retained only for operational or audit purposes and for a limited time period defined in agreement with our customers.
2. Our events, newsletters, other information services & marketing materials (“our Information”)
COLLECTION:
We will collect information such as name, email address, IP address (or similar unique identifiers), job title and the business that you work for together with the additional information that you provide to us, for example when you let us know those areas of our business that you are interested in receiving information about. In respect of events that we offer, this information may include details of any access or dietary requirements that you have, which may reveal information about the health or religious beliefs of a data subject.
We may collect this information from you (whether directly or via automated means such as our website) or from third parties (such as our client),
We will collect personal data in our contact relationship management system when you tell us that you wish to receive all or part of our Information, or otherwise give us your personal details. You may at any time tell us that you wish to stop receiving our Information.
USE:
Personal data will be used to provide you with our Information that you ask for, or that we think are relevant to the preferences that you may have given to us. We may analyse what areas of information are of interest to you so that we can better target the Information that we provide.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
with your consent; and/or
in performance of a contract (the agreement to provide services); and/or
where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
UNSUBSCRIBE:
From time to time we send emails containing offers and services that we think will be of interest to you. If you would prefer not to receive such emails, please contact us directly or click on the Unsubscribe link at the foot of any marketing email, from where you can update your preferences.
DISCLOSURE:
We may share personal data with third parties in respect of the provision of our Information, including to third parties who provide services to us, including IT, website hosting, email delivery and other services. In respect of all disclosures of personal data, we will only share the personal information which is necessary for the particular purpose for which it is provided, or where we have another legitimate interest in doing so, and we will ensure that the personal data is appropriately protected.
RETENTION PERIOD:
We will keep personal data only for as long as is necessary to fulfil the purposes for which we collected it. Any personal data that we have from you solely for the purposes of your receiving our Information will not be used once you have asked us to stop providing these to you (except to the extent that it is necessary to stop you receiving the Information).
3. Changes to your personal data
It is very important that the personal information that we hold about you is accurate and current. Please tell us if your personal information changes during your relationship with us.
4. Data Security
We have put in place measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those of our people and other third parties who have a business need to know. They will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place procedures to deal with any suspected data security breach and will notify you and the ICO of a suspected breach where we are legally required to do so.
5. Where we store your personal data
We principally store data, both electronically and on file, at our offices, with archive storage for files locally.
Personal data may be transferred outside of the UK by processors acting on our behalf. For transfers to countries not considered adequate by the UK, we will ensure that personal data is adequately protected, as required by the UK GDPR. This would include the use of mechanisms to ensure the same level of data protection, namely processors complying with the EU-US DPF certification (including UK Extenstion), EU Standard Contractual Clauses (plus UK Addendum), or International Data Transfer Agreements (IDTA).
6. Your rights
Under certain circumstances, you have the right by law to request:
access to your personal data. This enables you to ask to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.
correction of the personal data that we hold about you.
erasure of your personal data.
object to processing of your personal data where we are relying on our legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
restriction of processing of your personal data.
transfer of your personal data to another party.
Please note that where we act as a processor on behalf of our customers (such as in relation to managed print services), your rights may need to be exercised through the data controller who engaged us. We will assist that controller in facilitating your rights request.
7. Links from our website
Our website may, from time to time, contain links to and from the websites of third parties that we permit to make such links. If you follow a link to any of these websites, please note that these websites have their own privacy notices and that we do not accept any responsibility or liability for these notices. We recommend that you check these before you submit any personal data to these websites.
CHANGES TO THIS PRIVACY NOTICE
Any changes we may make to our privacy notice in the future will be posted on our website, so please ensure that you are viewing the correct version.
Please contact us on dataprivacy@tbsg.co.uk if you have any questions, comments or requests regarding this Privacy Notice.