Every day our business receives, uses, and stores personal information about our customers, suppliers, colleagues, and partners. This Privacy Notice sets out how we use and protect any information that you give us in the course of your interactions with our business.
We are committed to complying with the requirements of the General Data Protection Regulation and the Data Protection Act 2018, and take our Data Protection duties seriously. Should we ask you to provide information by which you can be identified, then you can be assured that it will only be used in accordance with this Notice.
This Privacy Notice, and other documents referred to within it, lets you know what to expect when we process personal data. It applies to information we collect about:
- Visitors to our website/s and social media pages, and/or information from other communications
- Individuals who use our products or services, or inquire about our products and services
- Individuals who subscribe to our e-newsletter, or request information from us
- Surveys and market research that we may carry out
- Prior and current employees, prospective employees, and sub-contractors
- Business partners, strategic partners, and other such supportive or industry bodies
David Moore, Managing Director, is ultimately responsible for ensuring compliance with relevant Data Protection legislation, with Rachel Doherty, GES Group Compliance Officer, responsible for the implementation of Company Policies and Procedures. Any questions or concerns about the operation of this Policy should, in the first instance, be directed to Rachel Doherty.
“Personal Data” is any information, digital or hard copy, which relates to a living individual that can be used to directly or indirectly identify said individual.
“Processing” is any activity that involves the use of Personal Data, including obtaining, recording, storing, organising, amending, retrieving, disclosing, erasing, or destroying the data.
“Sensitive Personal Data” includes information about a person’s racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetics or bio-metrics, physical or mental health conditions, or sexual orientation. It also includes Personal Data about criminal offences or convictions. Sensitive Personal Data can only be processed under strict conditions.
What Personal Data do we typically process?
We may process the following information:
- Name and contact information, including a telephone number, email address, and postal address.
- Bank details and payment information in relation to customers, suppliers, employees, and sub-contractors.
- Dates of birth, tax details, and health-related information in relation to prospective and current employees.
- Sensitive Personal Data on prospective and current employees in compliance with Equality Legislation.
- Other information relevant to our legitimate business interests, such as customer surveys, anonymous website analytics, and other publicly available information.
This list is not exhaustive, and we may need to collect additional data for the purposes set out in this Notice.
When processing Personal Data, we endeavour to comply with the Data Protection Principles, to ensure it is:
- Processed fairly, lawfully, and in a transparent manner.
- Collected for specified, explicit, and legitimate purposes, and any further processing is completed for a compatible purpose.
- Adequate, relevant, and limited to what is necessary for the intended purposes.
- Accurate, and where necessary, kept up-to-date.
- Kept in a form that permits identification for no longer than necessary for the intended purposes.
- Processed in line with the individual’s rights and in a manner that ensure appropriate security of the Personal Data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
- Not transferred to people or organisations in countries without adequate protection, and without firstly having advised the individual.
Data Protection legislation is not intended to prevent the processing of Personal Data, but to ensure that it is processed fairly and without adversely affecting the rights of the individual.
In accordance with Data Protection legislation, we will only process Personal Data where there is a legitimate business interest to do so, and where such processing is compliant with one of the lawful bases. These include: where the individual has given their consent, where the processing is necessary to fulfill a contract, for compliance with a legal obligation, for the legitimate interest of the business, for vital interests, or in carrying out a public task. When Sensitive Data is being processed, additional conditions must be met.
The lawful basis for processing the majority of the information we hold is “Contract”. Other lawful bases for us processing data includes “Legitimate Interest” and “Consent”.
What do we do with this information?
We require this information for our legitimate business interests, to understand our customer needs, and to provide customers with our products and services, and in particular for the following reasons:
- Internal/business/financial record keeping and administration.
- We may use the information to improve our products and services.
- Where you are a current customer, we may periodically send promotional emails about new products, special offers, or other relevant information that we think you may find interesting, using the email address you have provided. You can request to be removed from our email list at any time.
- Where you are not a current customer, you can provide your consent to subscribe to receive our newsletter. You can request to be removed from our email list at any time.
- From time-to-time we may also use your information to contact you for market research purposes, for example to complete a Customer Satisfaction Survey. We may contact you by email, phone, or by post. We may use the information you provide to make changes to our business processes or website.
We may collect and process Personal Data that we receive directly from you, such as when you complete our contact form on our website or communicate with us directly by email, as well as Personal Data that we receive from other sources, such as our business partners and suppliers in technical, payment, and delivery services.
Personal Data is made available to GES Group employees on the “need to know” principle on the basis of their job role with the company. This is reviewed regularly to ensure compliance, and data protection and security of information form part of our company Disciplinary Procedures.
Where a business partner or supplier has access to our systems, for example web developers, maintenance engineers for our Management Information System, or Human Resource delivery partners, we will ensure an appropriate Data Processor Agreement is in place, and assure ourselves of their compliance with relevant legislation.
Some of the recipients of Personal Data may be located outside of the UK. However, we only transfer Personal Data to countries where the EU Commission has determined that they have an adequate level of data protection.
Personal Data is stored or retained for as long as is necessary for our business purposes, in line with our legitimate business interests, and will be securely erased and/or destroyed when the legitimate business interest is no longer applicable.
Visitors to our website
Our website is securely hosted by Adobe Business Catalyst using Amazon Web Services, and our server is located within the EU. Our website is PCI compliant and has an SSL security certificate. When someone visits www.ges-group.com, we collect standard and anonymous internet log information, such as user activity and page visits, to monitor the effectiveness of our website and help us improve it. We cannot identify website users from the information collected, and we do not attempt to discover the identities of the individuals.
Our website uses Google Analytics (https://www.google.com/analytics/terms/us.html) to monitor user behaviour. This information is stored by Google on servers in the United States. This information is associated to your IP address, and not to you as an individual. Google do not associate your IP address with any other data stored by Google.
Should you use our Contact Us form on our website, you will be required to enter the minimum amount of information for us to deal with your request. This information will be stored in our Customer Relationship Management software to enable us to respond to your request effectively, and to build an on-going relationship with you as a customer.
Cookies do not enable us to identify you as an individual, and in no way do cookies give us access to your computer. You can choose to accept or decline cookies. However, most web browsers accept cookies. You can usually modify your settings to decline cookies, if you prefer, though this may prevent you from taking full advantage of our website.Our E-Newletter
We use a third party provider, MailChimp, to deliver our e-newsletters. We gather statistics about email performance to help us monitor and improve our e-newsletter. Current customers may receive our e-newsletter via “soft opt-in”. This means we may contact customers with information that may interest them on the basis of the products/services they have purchased from us, or inquired about, in the past.
Anyone who wishes to receive our e-newsletter can provide explicit consent to opt-in. This can be in the form of an email to email@example.com asking to be subscribed to our e-newsletter, or by completing our newsletter sign-up form. You can elect to be removed from our e-newsletter by clicking “unsubscribe” in any of our emails, or by sending your request to be removed to the email address provided above.
Links to other websites
Our website or e-newsletter may contain links to other websites of interest. However, once you have used these links to leave our website, you should note that we do not have any control over any other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide while visiting such sites, and such sites are not governed by this Privacy Notice. You should exercise caution and read the Privacy Notice applicable to the website in question.
We have official social media profiles on Facebook, Instagram, YouTube, and LinkedIn. If you send us a private message via social media the message will be stored, but it will not be shared with any other parties. Activity on these websites is controlled by Facebook, Instagram, YouTube, and LinkedIn respectively.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access, accidental or unlawful destruction, damage, loss, alteration, or unauthorised disclosure, we have put in place suitable physical, electronic, technical, and managerial procedures to safeguard and secure the information we collect both on and off-line. We maintain data security by protecting the confidentiality, integrity, and availability of the personal data, defined as follows:
- Confidentiality means that only people who are authorised to use the data can access it.
- Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.
- Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on GES Group’s central computer system.
Our security measures include password protected hardware and software, suitable anti-virus software, malware, adware, and firewalls, encryption where possible, secure and lockable desks, cupboards, and rooms, data minimisation, secure methods of disposal with hard copy documents being shredded and digital storage devices destroyed, and users logging off from their laptop or PC when it is left unattended.
In the case of applications for employment, the application form requires the minimum amount of information necessary to process your application, as well as the information necessary for the short-listing process and to arrange interviews. If you are unsuccessful, you may be asked if we are permitted to retain your information on file for a set period of time so we may contact you in the event of future vacancies becoming available. We are required by the Equality Commission to collect Equal Opportunities Forms as part of our application process. These are not stored by GES Group.
Under Data Protection legislation, you have rights as an individual, which you can exercise in relation to the information we hold about you. For example, you may be able to: limit our use of your Personal Data; find out how long your Personal Data will be held for; check to ensure the Personal Data we hold on you is accurate and ask for it to be rectified where it is found to be inaccurate; ask for your Personal Data to be erased, destroyed, or restricted (dependent upon our legal basis for processing it); withdraw consent regarding the processing of Personal Data (where consent is our legal basis) without affecting the lawfulness of the processing before the consent was withdrawn; lodge a complaint with the Information Commissioner’s Office.
Complaints or queries
We try to meet the highest standards when processing personal information. For this reason, we take any complaints we receive very seriously. We encourage people to bring it to our attention if they think that our processing of information is unfair, misleading, or inappropriate.
This Privacy Notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of our data processing. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
How to contact us
If you want to request information about our Data Protection Policy, or Privacy Notice, you can email us at firstname.lastname@example.org, or write to us at: GES Group Head Office, 18a Pennybridge Industrial Estate, Ballymena, BT42 3HB.
Changes to this privacy notice
We keep our Privacy Notice under regular review. We reserve the right to change this Notice at any time. Where appropriate, we will notify changes by email. This Privacy Notice was last updated on 10/04/2018.