Privacy and Cookies policy
For the purpose of the General Data Protection Regulation (“GDPR”), which replaces the EU Data Protection Directive of 1995 and the Data Protection Act 1998, Waterline Limited’s Data Protection Policy (the “Policy”) sets out the principles and legal conditions that the Company (“we”, “our”, “us”) will adhere to when obtaining, handling, processing, transporting or storing Personal Data in the course of its operations and activities, including customer, supplier, employee, worker and other third-party data.
The Policy applies to all Personal Data we process regardless of the media on which that data is stored or whether it relates to past or present employees, workers, customers, clients or supplier contacts, shareholders, website users or any other Data Subject.
The Policy outlines:
- How we will adhere to the principles relating to processing of Personal Data set out in the GDPR
- How any data collected or provided by you will be processed lawfully, fairly and in a transparent manner
- On what lawful basis we will rely to process your data, as set out in the GDPR
- Our commitment to ensuring that Personal Data will be kept accurate and stored only for the period which it is required to complete its purpose
- Our commitment that Personal Data will be securely stored and protected
- The rights Data Subjects have when it comes to how we handle their Personal Data
- Our accountabilities and responsibilities, as a Data Controller
Our principles for processing Personal Data
As outlined in the GDPR and the Policy, we will:
- Process data lawfully, fairly and in a transparent manner (Lawfulness, Fairness and Transparency)
- Collect only for specified, explicit and legitimate purposes (Purpose Limitation)
- Collect only adequate, relevant and limited data proportionate to what is necessary for the purposes for which it is Processed (Data Minimisation).
- Keep data accurate and where necessary up to date (Accuracy)
- Not keep data in a form which permits identification of Data Subjects for longer than is necessary for the purposes for which the data is Processed (Storage Limitation)
- Process data in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful Processing and against accidental loss, destruction or damage (Security, Integrity and Confidentiality)
- Not transfer to another country without appropriate safeguards being in place (Transfer Limitation)
- Make data available to Data Subjects and Data Subjects allowed to exercise certain rights in relation to their Personal Data (Data Subject’s Rights and Requests)
- Be responsible for and comply with the data protection principles listed above (Accountability)
What Personal Data do we collect and why do we collect it?
We may collect and process Personal Data about you including information you have:
- Provided by filling in forms on our websites
- Provided by registering user accounts to our websites
- Provided by filling in forms or handing us your details at exhibitions
- Communicated through email or other electronic means
- Communicated during certain calls to and from us, if further engagement is required
- Supplied in postal or hardcopy correspondence
- Provided to us to allow customer or supplier transactions and business relationships
- Supplied to us to allow a non-transactional business activity to be conducted
- Provided to us as part of a job application or student placement application
- Supplied as part of consenting to opt into our marketing communications
- Offered as part of being an investor
- Offered as part of being an employee
We may also collect Personal Data and other information about you in other ways, for example:
- If you are a customer of one of our clients, and we are undertaking a business activity that involves you i.e. we are completing a Site Delivery
- Indirectly, through one of our employees, your colleagues, a client or a third party
- From publicly available sources, for example Companies House, trade media
- From financial parties, for example credit check providers
How we use your Personal Data
The way we process the Personal Data we collect as set out above, varies depending on our relationship with you. In each case the purposes for which we request the information will be clear from the context in which it is acquired.
These may include:
- Processing and fulfilling a business service or transaction
- Keeping a record of the business service, transaction or other related customer service support activity
- Administering customer and supplier records for transactional purposes
- Keeping records of your subscriptions, registrations, queries, complaints and deliveries
- Keeping records of face-to-face appointments, with outcomes
- Verifying your identity through credit checks
- Communicating for business or service reasons by mobile (SMS), telephone, email, fax or post (non-marketing communications)
- Communicating marketing messages to you, based on lawful consent as set out in the GDPR, by mobile (SMS), telephone, email, fax or post
- Communicating tailored marketing messages to you, based on lawful consent as set out in the GDPR, that are relevant to your role and marketing preferences and website behaviours– note your profile on automated decision making from an email is not identifiable to an individual
- Keeping a record of any withdrawn consent to receive marketing communications from us
- For market research
- Activity to meet our legal, regulatory and contractual obligations arising from our relationship with you
- To administer our e-commerce websites and enhance our services
- To administer services provided through our websites
- By informing you of legal or contractual changes that may affect you
Disclosure of your Personal Data
We will only disclose your Personal Data to another person or organisation where we:
- Are required to disclose the information to comply with the law or the requirements of a regulatory authority
- Need to transfer your data between Waterline branches
- Are compelled to share the information to provide a product or service you have requested
- Are obligated to send the information to persons or organisations who conduct legal services on our behalf
- Employ GDPR compliant external contractors to undertake marketing activities on our behalf
Our legal basis for using your Personal Data
Our use of your Personal Data as outlined above is subject to different legal basis for processing, including where necessary for:
- Compliance with our legal and regulatory responsibilities
- The purposes of fulfilling any contract we enter with you
- Carrying out a service request or transaction
- To protect your vital interests
- Pursuing our legitimate interests for purposes where they are not overridden because the Processing prejudices the interests or fundamental rights and freedoms of Data Subjects. In such cases, these include:
- Communicating marketing messages to transactional customers
- Communicating marketing messages to customers we enter a contract with or supply or perform a service for
- Communicating with third-party marketing service providers that are GDPR compliant and annually audited
- Communicating with recipients who have legally consented with a third-party to receive updates relating to their sector or role. Such third-parties will be GDPR compliant and annually audited
- Or where you have given clear consent
We will only use your data for the purposes outlined above and will not store any of your data which is unrelated to our legal basis for processing it.
Withdrawing consent or your right to refuse:
Where we ask for your explicit consent to provide us with your data, you are free to refuse and withdraw your consent at any time by contacting us using the details set out below. If you refuse or withdraw your consent, we will require your email address only to ensure we stop any automated marketing communications. This shall not affect the lawfulness of any processing that was based on your consent before you withdrew it.
If you do not agree to provide your Personal Data to us we may not be able to provide you with the transaction or service you require.
Our principles of using your data for marketing
Where processing your data for marketing purposes in compliance with GDPR, we will adhere to the following principles to ensure our commitment to protecting your data is clear:
- We will not sell your data to any third-party company
- We will safely and securely share data between Waterline companies through a single platform
- If you opt into a Waterline marketing database, you will have the option to confirm how you would like to hear from us. For example, through all mechanisms, or selectively via email, telephone and/or mail.
- We will check our marketing database for accuracy and compliance on an ongoing basis
- If we have not heard from you within 12 months, we will remind you of your option to withdraw from our marketing communications
- Waterline will use a single, secure and trusted platform, for all automated marketing communications
- Within this platform we will keep the email record of anyone opting out of marketing communications, to ensure compliance, on an on-going basis. This will not prevent you from opting-back in at any point
Personal Data we may collect, to ensure our marketing communications are relevant to you:
- Job title
- Job function or role for example Purchaser
- Company name
- Company type
- Work address (unless you specify other)
- Work telephone number (unless you specify other)
- Working mobile number (unless you specify other)
- Work fax number (unless you specify other)
- Work email address (unless you specify other)
- Marketing preferences
- Personal information to identify you as an additional security measure (e.g. Mother’s Maiden Name)
- We may ask you to provide us with information regarding your personal or professional interests, demographics, experiences with products purchased
- Waterline purchase history, by product
- Details of any current/upcoming projects
- If gained through a competition, details relating to said competition
- Date obtained at event if applicable
Storage and transfer of your Personal Data outside of the UK and EU (Economic European Area -EEA)
We will only transfer Personal Data outside the EEA if one of the following conditions applies:
- The European Commission issues a decision confirming that the country to which we may wish to transfer your Personal Data ensures an adequate level of protection of your rights and freedoms, as the Data Subject
- You have provided explicit consent to the proposed transfer after being informed of any potential risks; or
- The transfer is necessary for one of the following reasons set out in the GDPR including:
- The performance of a contract between you and Waterline
- Reasons of public interest, to establish, exercise or defend legal claims
- To protect your vital interests, if you were to be physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest
- Appropriate safeguards are in place such as binding corporate rules (BCR), standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism, a copy of which can be obtained from us
Retention of your Personal Data
We will retain your personal information for as long as is reasonably necessary for the purpose for which it was obtained and in accordance with our legal obligations. We will also ensure that we follow our data retention and destruction policy and processes thereafter.
Links to other websites
This Notice only extends to our websites, which are owned and operated by Waterline Limited and does not therefore extend to your use of, provision of information to the collection of information on any website not connected to Waterline, which you may link to us, by using the hypertext links within our website; or from other websites back-linking to our website.
Your personal information is protected under GDPR and you have several rights, as listed below, which you can seek to implement. Please contact us in writing, by email or telephone using the details shown under the ‘Contact and Complaints’ section below if you wish to do so, or if you have any queries in relation to your rights. Please note these rights do not apply in all circumstances.
- Right of access – subject to certain exceptions, you have the right of access to your Personal Data that we hold
- Right to rectify your personal information – if you identify that the information we hold about you is inaccurate or incomplete, you have the right to have this information rectified (i.e. corrected)
- Right to withdraw consent – you may ask us to delete information we hold about you in certain circumstances. This right is not absolute and it may not be possible for us to delete the information we hold about you, for example, if we have an ongoing contractual relationship or are required to retain information to comply with our legal obligations
- Right to restriction of processing i.e. for marketing purposes or automated profiling – in some cases you may have the right to have the processing of your personal information restricted. For example, where you contest the accuracy of your personal information, its use may be restricted until the accuracy is verified
- Right to object to processing – you may object to the processing of your personal information (including profiling) when it is based upon our legitimate interests. You may also object to the processing of your personal information for the purposes of direct marketing and for the purposes of analysis
- Right to data portability – you have the right to receive, move, copy or transfer your personal information to another controller when we are processing your personal information based on consent or on a contract and the processing is carried out by automated means
- Right to know how we process your data – the right to be told how we process your data
- Right to challenge - the ability to challenge the processing of your data
- Right to request EEA agreements – you can request a copy of our agreement under which Personal Data may be transferred outside of the EEA
- Right to prevent damage or distress - the choice to stop data processing that is likely to cause damage or distress to the Data Subject or anyone else
- Right to be notified of a breach – we have the obligation and you have the right to be notified of a Personal Data Breach which is likely to result in high risk to your rights and freedoms
- Right to make a complaint – you can make a complaint to the supervisory authority and in limited circumstances, receive or ask for your Personal Data to be transferred to a third party in a structured, commonly used and machine-readable format
We may collect information about your device, including where available, your IP address, operating system and browser type, for system administration and to collect aggregate information for us to use to improve our websites. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
What are cookies and why do we use them?
Cookies are small text files that are created and stored on your browser or the hard drive of your device by websites that you visit to enable the website to proactively operate and ‘remember’ who you are. They are also used to monitor website traffic. Cookies are generally only visible to the website that serves them and not to other websites.
Our cookies are used on our website to ‘remember’ information so that it can be passed from page to page and to collect website statistics. This statistical data may be used to help improve our websites, offers and the services that we offer to you. Some of our cookies will also recognise you as a previous visitor the next time you visit our websites to improve your experience – if you have consented to be remembered.
Cookie types explained
There are two types of Cookie:
- Session Cookies - These cookie files are erased when you close your browser. This cookie stores your browsing information and will be active until you leave a site and close your browser.
- Persistent Cookies - These files stay in one of a browser's subfolder until they are deleted manually or your browser deletes them based on the duration period contained within the persistent cookie's file. You can set your browser to automatically remove these cookies on logging off.
- Social Sharing - Enabling you to share Waterline stories and page content via social media components, like Facebook and Twitter.
- Analytics - We like to anonymously keep track of user behaviour to help us keep our website content relevant and up to date. It's also useful to identify trends of how people navigate through our websites.
How to manage cookies
Most internet browsers accept cookies automatically however, you can accept, delete or disable cookies if you wish; the process for which can usually be found in your internet browser’s ‘Help’ menu.
If you don’t want these cookies to be used when visiting a Waterline website, you can remove them by following these simple steps:
1. Click Tools & select Internet Options
2. Click the Privacy tab, and select Advanced
3. Click Override automatic cookie handling
4. Specify how you wish to handle cookies from first-party Websites and third-party Websites
Waterline Limited takes great care to ensure the security of our platforms, including websites and your personal information is kept secure and safe. Only authorised personnel have access to your information. We will keep your information secure by taking appropriate technical and organisational measures against unauthorised or unlawful processing, accidental loss, destruction and damage.
To help us keep this information confidential you should:
- Keep any passwords secret
- When using the Waterline web site, never distribute the URLs for pages that you have looked at while logged in as a registered customer
If you have any questions about how we treat your Personal Data and protect your privacy, or if you have any comments or wish to seek to exercise any of your rights as outlined above, to opt-out of receiving marketing communications from us or to complain about our use of your Personal Data, please contact us at firstname.lastname@example.org.
Last updated: 20th May 2018