1 ABOUT THIS POLICY
1.1 Your privacy is important to us and we want you to feel comfortable with how we use and share your personal information.
1.2 This policy sets out how Griffin Publishing Solutions handles your personal information, including when and why it is collected, used and disclosed and how it is kept secure.
1.3 You will find our contact details at the end of this policy which you can use if you have any questions, including how to update or access your personal information or to make a complaint.
1.4 This policy may change, so please check this page from time to time to ensure that you’re happy with any changes. Please see further changes to this policy in Section 11.
1.5 This policy was last updated on 20th May 2018.
2 WHO WE ARE
2.1 Griffin Publishing Solutions is a publisher and a business to business service provider; the ‘controller’. A ‘controller’ is a company that decides why and how your personal information is processed.
2.2 Where this policy refers to “we”, “our” or “us” below, unless it mentions otherwise, it’s referring to Griffin Publishing Solutions.
3 HOW AND WHAT PERSONAL INFORMATION WE COLLECT
3.1 We may collect and process the following personal information about you:
Personal information you give to us: This is information about you that you give to us by entering information via our websites or our social media pages or by corresponding with us by phone, email or otherwise and is provided entirely voluntarily. The information you give to us includes your name, contact details (such as phone number, email address and address), enquiry details and your opinion of our services or payment details in relation to a specific or multiple transactions.
Personal information we collect about you: We may automatically collect the following personal information: our web servers store as standard details of your browser and operating system, the website from which you visit our website, the pages that you visit on our website, the date of your visit, and, for security reasons, e.g. to identify attacks on our website, the Internet protocol (IP) address assigned to you by your internet service. We collect some of this information using cookies – please see Cookies in Section 9.2 for further information. Personal information we may receive from other sources: We obtain certain personal information about you from sources outside our business which may include other third party companies; the personal information received is as described in the two paragraphs above.
Surveys & Contests: From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as post code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site.
To withdraw information in any of these ways at any time. Please see Withdrawing your consent in Section 8.4 for further details.
3.2 Please see further How we use your personal information in Section 4 for details of the purposes for which we use the personal information we obtain from these sources and the legal basis on which we rely to process that information. The remaining provisions of this policy also apply to any personal information we obtain from these sources.
4 HOW WE — USE YOUR PERSONAL INFORMATION
4.1 Where you have provided CONSENT
We may use and process your personal information where you have consented for us to do so for the following purposes:
to share your personal information with services providers we work with in section 10.6 where you have requested us to do so;
to supply brochures and other material you have specifically requested from us;
to contact you via email or telephone with marketing information about other services (see Marketing section below for further details);
to share your personal information with other our partners who provide ancillary services to our own such as but not limited to; printers, mailing houses, postal providers, advertising agencies. Please see section 10.6 for further details of the types of companies we work with.
4.2 You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent in Section 8.4 for further details.
4.3 Where required to perform a CONTRACT with you or your company
We may use and process your personal/company information where it is necessary for the performance of a contract with Griffin Publishing Solutions of any of our associated companies/service providers.
4.4 Where it is in your VITAL INTEREST
We may use your personal information to contact you if there are any urgent safety notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.
4.5 Where required to comply with our LEGAL OBLIGATIONS
We will use your personal information to comply with our legal obligations including: (i) to assist HMRC, the Police or any other public authority or criminal investigation body; (ii) to identify you when you contact us; and (iii) to verify the accuracy of data that we hold about you.
4.6 Where there is a LEGITIMATE INTEREST
We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business for the following purposes:
for record keeping and processing of employees personal information in order to comply with employment law;
for the prevention of fraud and other criminal activities;
to undertake credit checks for finance credit insurance taken out against your company;
to transfer your customer data where necessary to fulfil a contract;
to clean a customer database where necessary to fulfil a contract;
to carry out due diligence for compliance where necessary to fulfil a contract;
to correspond and communicate with you in regards to our marketing services;
for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
for analysis, and profiling to inform our marketing strategy;
to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
and for general administration including managing your queries or complaints, and to send messages to you.
5 OTHERS WHO MAY RECEIVE OR HAVE ACCESS TO YOUR PERSONAL INFORMATION
5.1 Other companies
We may share your information with other companies who we work with in order to provide you with the relevant services you have requested. They may use your personal information in the ways set out in How we use your personal information in Section 4, in connection with the services that complement our own, for example relevant service offers.
Please see section 10.6 for the details of the companies with whom we may share your personal/company information.
5.2 Our suppliers and service providers
We may disclose your information to our third party service providers, agents, subcontractors and other organisations for the purposes of providing services to us or directly to you on our behalf. Such third parties may include cloud services providers (such as hosting and email management) or advertising agencies, administrative services or other third parties who provide services to us.
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.
5.3 Third parties who provide products and services
We work closely with various third parties to bring you a range of services which are complimentary to ours.
When you enquire about or one or more of our services through us (e.g. via our websites, by telephone, email or verbally), the relevant third party may use your details to provide you with information and carry out their obligations arising from any contracts you have entered into with us/them.
5.5 Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation (e.g. by sharing your personal information with the authorities), to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our customers.
We also work with Epsilon Abacus (registered as Epsilon International UK Ltd), a company that manages the Abacus Alliance on behalf of UK retailers. The participating retailers are active in the following product categories: clothing, collectables, food & wine, gardening, gadgets & entertainment, health & beauty, household goods, and home interiors. They share information on what their customers buy. Epsilon Abacus analyses this pooled information to help retailers understand consumers’ wider buying patterns. From this information, retailers can tailor their communications, sending people suitable offers that should be of interest to them, based on what they like to buy.
However, we will always take steps with the aim of ensuring that your privacy rights continue to be protected.
6 WHERE WE STORE YOUR PERSONAL INFORMATION OUTSIDE THE EEA
6.1 All information you provide to us will be stored within the EEA.
6.2 If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy. These steps include imposing contractual obligations on the recipient of your personal information or ensuring that the recipients are subscribed to ‘international frameworks’ that aim to ensure adequate protection. Please contact us using the details at the end of this policy for more information about the protections that we put in place and to obtain a copy of the relevant documents.
6.3 If you use our services whilst you are outside the EEA, your information may be transferred outside the EEA in order to provide you with those services.
7 HOW LONG WE KEEP YOUR PERSONAL INFORMATION FOR
7.1 If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
7.2 We do not retain personal information in an identifiable format for longer than is necessary.
7.3 We may need your personal information to establish, bring or defend legal claims, in which case we will retain your personal information for 7 years after the last occasion on which we have used your personal information in one of the ways specified in How we use your personal information in Section 4.
7.4 The only exceptions to this are where:
the law requires us to hold your personal information for a longer period, or delete it sooner;
you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted in this section 7, or because we are required under the law (see further Erasing your personal information or restricting its processing in Section 8.6);
and in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
8 YOUR RIGHTS
8.1 Your ‘data subject’ rights:
You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no such information is required, after we have received your request.
8.2 Accessing your personal information
You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
8.3 Correcting and updating your personal information
The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.
In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy.
8.4 Withdrawing your consent
Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information in Section 4, you may withdraw your consent at any time by contacting us using the details at the end of this policy. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.
8.5 Objecting to our use of your personal information and automated decisions made about you.
Where we rely on our legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information in Section 4, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.
You may object to us using your personal information for marketing purposes and we will automatically comply with your request.
8.6 Erasing your personal information or restricting its processing
In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
You may also ask us to restrict processing your personal information in the following situations:
where you believe it is unlawful for us to do so
you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
8.7 Transferring your personal information in a structured data file
Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under Section 4 How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.
You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
8.8 Complaining to the UK data protection regulator
You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
9 SECURITY / COOKIES / LINKS / SOCIAL PLUGINS
9.1 Security measures we put in place to protect your personal information
We use technical and organisational security measures to protect the personal information supplied by you and managed by us against manipulation, loss, destruction, and access by third parties. Our security measures are continually improved in line with technological developments.
Unfortunately, the transmission of information via the internet is not completely secure. However we will use secure data transfer methods and will encrypt data files where necessary.
9.2 Use of ‘cookies’ and IP Addresses
Similar to other commercial websites, our website utilizes a standard technology called “cookies” and web server log files to collect information about how our website is used. Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our website, and the websites visited just before and just after our website.
IP Addresses: IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (such as the web pages you request) can be sent to you.
9.3 Links to other websites
In addition, if you linked to our website from a third party website, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party website and recommend that you check the policy of that third party website.
9.4 Social plugins
We may use so-called social plugins (buttons) of social networks such as Facebook, Google+ and Twitter.
We have no influence on the scope of data that is collected by the social networks through their buttons. The data use policies of the social networks provide information on the purpose and extent of the data that they collect, how this data is processed and used, the rights available to you and the settings that you can use to protect your privacy.
10 MARKETING by email/SMS
10.1 We may collect your preferences to send you marketing information directly from us by email/SMS (where applicable) including:
if you or your company open a business account with us, or contact regarding our services by telephone, post, email or in a face-to-face meeting We will only do so if you have consented to receiving such marketing information directly from us or there is a legitimate interest in order to fulfil your request.
10.2 We may contact you with targeted advertising by email, by email newsletters, by telephone or by post by using your personal or companies information, or use your personal or companies information to tailor marketing to improve its relevance to you, unless you object.
10.4 If you opt-in to receiving marketing from our recommended third parties, you will receive marketing from the third parties listed in the table below via your preferred communication methods indicated by you:
10.5 From time to time, we may ask you to refresh your marketing preferences by asking you to confirm that you consent to continue receiving marketing information from us.
10.6 Third Party
We work closely with a number of business to business providers whose services complement our own. These are, but not limited to companies who offer the following services.
IT Support – CHS Networks, 88 Judd Road, Tonbridge, Kent TN9 2NJ
Publishers and Newspapers – Varies depending on services requested.
Advertising Agencies – Varies depending on services requested.
Mail Order Companies – Varies depending on services requested.
Financial Services – Varies depending on services requested.
Database Cleansing, both business and consumer data – Varies depending on services requested.
Database processing services – Varies depending on services requested.
Mailing House – Varies depending on services requested.
Email Broadcast Services – Mailchimp, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA
Credit Insurance – Nexus CIFS Limited, 52-56 Leadenhall Street, London EC3A 2EB
Insurance Broker – Directors and Professionals Ltd, 4 St Johns Rd, Tunbridge Wells, Kent TN4 9NP
10.7 You have the right to opt-out of our use of your personal information to provide marketing to you in any of the ways mentioned above. Please see Withdrawing your Consent in Section 8.4 and Objecting to our use of your personal information and automated decisions made about you in Section 8.5 above for further details on how you can do this.
11 ACQUISION OR CHANGES IN OWNERSHIP
In the event that the website (or a substantial portion of its assets) is acquired, your information would be considered part of those assets, and may be part of those assets that are transferred.
12 CHANGES TO THIS POLICY
We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website and/or by contacting you by email. Any changes will take effect 7 days after the date of our email or the date on which we post the modified terms on our website, whichever is the earlier. We recommend you regularly check for changes and review this policy when you visit our website. If you do not agree with any aspect of the updated policy, you must promptly notify us and cease using our services.
13 CONTACT US
If you have any questions, suggestions or complaints about the processing of your personal information or wish to contact us to amend/update your marketing preferences, please contact the Data Protection Officer.
Griffin Publishing Solutions Limited
3 Calverley Street
Kent TN1 2BZ
Telephone: 01892 354 087