Privacy Policy
CONTENTS OF PRIVACY POLICY
- Important
Information and who we are
- The
Data we collect about you
- How
is your Personal Data collected?
- How
we use your Personal Data
- Disclosures
of Personal Data
- International
Transfers
- Data
Security
- Data
Retention
- Your
Legal Rights
- Contacting
the Regulator
- IMPORTANT
INFORMATION AND WHO WE ARE
This
Privacy Policy has been prepared in accordance with the General Data Protection
Regulations (“GDPR”) which aims to protect and enhance the rights of data subjects.
Star Refining (London) Ltd. recognises the importance of the correct and lawful
treatment of personal information and will only use personal data as set out in
this Privacy Policy. This Privacy Policy explains in detail the types of
personal data collected and how we will store and handle that data.
It is
important that you read this Privacy Policy together with any other guidelines
or terms and conditions we may provide on specific occasions when we are
collecting or processing personal data about you, so that you are fully aware
of how and why we are using your data.
CONTROLLER
This
Privacy Policy is issued on behalf of Star Refining (London) Ltd, referred to
as “we”, “us”, or “our” in this Privacy Policy.
You have
the right to request a copy of any information about you that we hold at any time, and also to have that information corrected if it is
inaccurate. To ask for your information or to have your information adjusted,
please contact DPO, Star Refining (London) Ltd, PO Box 31, London, EC1N 8JR,
or email london@starrefining.co.uk.
It is
important that the personal data we hold about you is accurate and current.
Please keep us informed if your personal data changes. We may change this
Privacy Policy at any time by updating this page so you should therefore check
our website from time to time to ensure you are aware of any changes.
- THE
DATA WE COLLECT ABOUT YOU
Personal
data, or personal information, means any information about an individual from
which that person can be identified.
We may
collect, use, store and transfer different kinds of personal data about you
which we have grouped together as follows:
- Identity
Data -
first name, maiden name, last name, username or similar identifier,
marital status, title, date of birth and gender.
- Contact
Data -
billing address, delivery address, email address and telephone numbers.
- Financial
Data - bank account and payment card details.
- Transaction
Data - details about payments to and from you.
- Technical
Data - IP address, your login data, browser type and
version, time-zone setting and location, browser plug-in types and
versions, operating system and platform and other technology on the
devices you use to access the website.
- Profile
Data - your username and password, purchases or
orders made by you, your interests, preferences, feedback and survey
responses.
- Usage
Data -
information about how you use our website, products and services
- Marketing
and Communications Data - your preferences in receiving marketing from
us and our third parties and your communication preferences.
We also
collect, use and share Aggregated Data such as statistical or
demographic data for any purpose. Aggregated Data may be derived from your
personal data but is not considered personal data in law as this data does not
directly or indirectly reveal your identity.
We do not
collect any Special Categories of Personal Data about you (this includes
details about your race or ethnicity, religious or philosophical beliefs, sex
life, sexual orientation, political opinions, trade union membership,
information about your health and genetic and biometric data). Nor do we
collect any information about criminal convictions and offences.
Where we
need to collect personal data by law, or under the terms of a contract we have
with you and you fail to provide that data when requested, we may not be able
to perform the contract we have or are trying to enter into with you. In this
case, we may have to cancel a product or service you have with us but we will
notify you if this is the case at the time.
- HOW
IS YOUR PERSONAL DATA COLLECTED?
- Direct
interactions. You may give us your Identity, Contact and
Financial Data by filling in forms or by corresponding with us by post,
phone email or otherwise. This includes personal data when you:
- open
an Account with us
- supply
us material to process
- visit
our websites
- engage
with us on Social Media
- ask
us to email or post you information about a service we provide
- contact
us via any means with a query, complaint or quotation request
- choose
to complete any surveys we send you
- fill
in any forms we provide you
- comment
on or review us or our services
- visit
our premises which have CCTV systems operated for the purposes of
security. These systems may record your image during your visit.
- visit
our premises operating electronic sign in systems. These systems will
request and store your personal information in order to manage our
security at these sites.
- Automated
technologies or interactions. As you interact with our
website, we may automatically collect Technical Data about your equipment,
browsing actions and patterns. We collect this personal data by using
cookies and other similar technologies.
- HOW
WE USE YOUR PERSONAL DATA
The law
on data protection sets out the reasons for which a company may collect and
process your personal data, including:
Consent
In specific situations, we can collect and process your data with your
consent.
When
collecting your personal data, we’ll always make clear which data is necessary
in connection with a service.
Contractual obligations
In
certain circumstances, we need your personal data to comply with our
contractual obligations.
For example, if we process /
purchase your material we will need to contact you to advise you of the results
and to supply you with an invoice. Your contact information will be used to
facilitate this requirement.
Legal compliance
If the
law requires us to, we may need to collect and process your data.
For example, we are obliged to
keep records of our transactions in order to comply with HRMC regulations.
Legitimate interest
In
specific situations, we require your data to pursue our legitimate interests in
a way which might reasonably be expected as part of running our business and
which does not materially impact your rights, freedom or interests.
As a customer we will use your
email address details to send you marketing emails and offers, information on
our services and to supply information useful to your business.
We may use your telephone
contact details to discuss our services and check if you have material
available for collection/ processing.
We may use your address
details to send you direct marketing information by post, telling you about our
services that we think might interest you.
Purpose/Activity |
Type of
Data |
Lawful
basis for processing including basis of legitimate interest |
Contacting
you regarding orders |
Identity,
Contact |
Performance
of contract |
Register
you as a new customer |
Identity,
Contact, Financial |
Necessary
to comply with a legal obligation Performance of a contract with you |
Retain
transactions |
Financial |
Necessary
to comply with a legal obligation |
Record
CCTV images |
Identity |
Legitimate
business interests – safeguarding the business and its assets against crime
and protecting the safety of our staff and customers. |
Signing
in Visitors |
Identity |
Legitimate
business interests – safeguarding the business and its assets against crime
and protecting the safety of our staff and customers. |
Email offers,
service updates and relevant information. |
Identity,
Contact, Marketing and Communications |
Legitimate
business interests – to maintain our relationship with the customers and to
keep them informed of our activities, new equipment, processing capabilities.
Consent (prospective customers). |
Sending
you marketing information by post |
Identity,
Contact, Marketing and Communications |
Legitimate
business interests – promotion of our business in terms of our processing
capabilities and the services we can offer. |
Contacting
you by telephone to discuss our services |
Identity,
Contact, Marketing and Communications |
Legitimate
business interests – promotion of our business in terms of our processing
capabilities and the services we can offer. |
Visit
our websites |
Identity,
Contact |
Legitimate
business interests – general enquiry forms – Google Analytics, cookies and IP
address information to provide guidance on how users use our site. |
MARKETING
We strive
to provide you with choices regarding certain personal data uses, particularly
around marketing and advertising. We have established the following personal
data control mechanisms:
- Within
our CRM system we have preference fields covering email, telephone and
postal communications. If you choose to object to a form of
communication, this will be updated on your record to ensure you are not
contacted via this method ongoing.
PROMOTIONAL OFFERS FROM US
We may
use your Identity, Contact, Technical, Usage and Profile Data to form a view on
what we think you may want or need, or what may be of interest to you. This is
how we decide which products, services and offers may be relevant for you (we
call this marketing).
You will
receive marketing communications from us if you have requested information from
us or have engaged our services, or if you provided us with your details when
you entered a competition or registered for a promotion and, in each case, you
have not opted out of receiving that marketing. There may be occasions where we
contact you using contact information freely available within the public forum;
however, this will not be the case if you have previously opted out of
receiving marketing from us.
OPTING OUT
You can
ask us or third parties to stop sending you marketing messages at any time.
Here are the ways you can stop direct marketing communications from us:
- Respond
to our email communication advising you would like to no longer receive
email contact. We will then stop any further emails from being sent to
you.
- Contact
us directly and we will update your preferences for each communications
channel on our systems.
- Write
to Data Protection Officer, Star Refining (London) Ltd, 85 Hatton
Garden, London, EC1N 8JR.
Please
note that you may continue to receive communications for a short period after
changing your preferences while our systems are fully updated.
Where you
opt out of receiving these marketing messages, this will not apply to personal
data provided to us as a result of any order you make with us.
COOKIES
You can
set your browser to refuse all or some browser cookies, or to alert you when
websites set or access cookies. If you disable or refuse cookies, please note
that some parts of this website may become inaccessible or not function
properly.
CHANGE OF PURPOSE
We will
only use your personal data for the purposes for which we collected it, unless
we reasonably consider that we need to use it for another reason and that
reason is compatible with the original purpose. If you wish to get an
explanation as to how the processing for the new purposes is compatible with
the original purpose, please contact us.
If we
need to use your personal data for an unrelated purpose, we will notify you and
we will explain the legal basis which allows us to do so.
- DISCLOSURES
OF PERSONAL DATA
We
sometimes share your personal data with trusted third parties, only when this
is essential to allow us to fulfil our contractual or legal requirements. (for
example, delivery/ shipping companies/ Police/ HMRC/ payment facilitators)
Here’s the policy we apply to those organisations to keep your data safe
and protect your privacy:
- We
provide only the information they need to perform their specific services.
- They
may only use your data for the exact purposes we specify in our contract
with them.
- We
work closely with them to ensure that your privacy is respected and
protected at all times.
- If
we stop using their services, any of your data held by them will either be
deleted or rendered anonymous.
The third parties we work with are:
- IT
companies who support our website and other business systems.
- Operational
companies such as delivery couriers.
- Direct
marketing companies who help us manage our electronic communications with
you.
- Banks
and financial organisations.
- Government
and legal organisations.
Sharing your data with third parties for their own purposes:
We will
only do this in very specific circumstances, for example:
- For
fraud management, we may share information about fraudulent or potentially
fraudulent activity in our premises or systems. This may include sharing
data about individuals with law enforcement bodies.
- We
may also be required to disclose your personal data to the police or other
enforcement, regulatory or Government body, in your country of origin or
elsewhere, upon a valid request to do so. These requests are assessed on a
case-by-case basis and take the privacy of our customers into
consideration.
- DATA
SECURITY
We know
how much data security matters to all our customers; therefore, we will treat
your data with the utmost care and take all appropriate steps to protect it.
- Access
to your personal data within all our systems is password-protected and
access levels granted based on job role.
- We
regularly monitor our network and systems for possible vulnerabilities
- DATA
RETENTION
We will only retain your personal data for as long as necessary to
fulfil the purposes we collected it for, including for the purposes of
satisfying any legal, accounting, or reporting requirements.
To
determine the appropriate retention period for personal data, we consider the
amount, nature, and sensitivity of the personal data, the potential risk of
harm from unauthorised use or disclosure of your personal data, the purposes
for which your personal data is required and whether we can achieve those purposes
through other means, and the applicable legal requirements.
- YOUR
LEGAL RIGHTS
An overview of your different rights
You have
the right to:
- Request
access to your personal data (commonly known as a
“data subject access request”). This enables you to receive a copy of the
personal data we hold about you and to check that we are lawfully
processing it.
- Request
correction of the personal data that we hold about you.
This enables you to have any incomplete or inaccurate data we hold about
you corrected, though we may need to verify the accuracy of the new data
you provide to us.
- Withdraw
consent at any time where we are relying on consent to process
your personal data. However, this will not affect the lawfulness of any
processing carried out before you withdraw your consent. If you withdraw
your consent, we may not be able to provide certain products or services
to you. We will advise you if this is the case at the time you withdraw
your consent.
- Object
to processing of your personal data where we are relying on
a legitimate interest (or those of a third party) and there is something
about your particular situation which makes you want to object to
processing on this ground as you feel it impacts on your fundamental
rights and freedoms. You also have the right to object where we are
processing your personal data for direct marketing purposes. In some
cases, we may demonstrate that we have compelling legitimate grounds to
process your information which override your rights and freedoms.
- Request
erasure of your personal data. This enables you to ask
us to delete or remove personal data where there is no good reason for us
continuing to process it. You also have the right to ask us to delete or
remove your personal data where you have successfully exercised your right
to object to processing (see above), where we may have processed your
information unlawfully or where we are required to erase your personal
data to comply with local law. Note, however, that we may not always be
able to comply with your request of erasure for specific legal reasons
which will be notified to you, at the time of your request.
- Request
restriction of processing of your personal data. This enables you to ask
us to suspend the processing of your personal data in the following
scenarios: (a) if you want us to establish the data’s accuracy; (b) where
our use of the data is unlawful but you do not want us to erase it; (c)
where you need us to hold the data even if we no longer require it as you
need it to establish, exercise or defend legal claims; or (d) you have
objected to our use of your data but we need to verify whether we have
overriding legitimate grounds to use it.
- Request
the transfer of your personal data to you or to a third
party. We will provide to you, or a third party you have chosen, your
personal data in a structured, commonly used, machine-readable format.
Note that this right only applies to automated information which you initially
provided consent for us to use or where we used the information to perform
a contract with you.
If you
wish to exercise any of the rights set out above, please contact Data
Protection Officer, Star Refining (London) Ltd, 85 Hatton Garden, London, EC1N
8HP, or email london@starrefining.co.uk. To ask
for your information to be amended, please contact us directly.
If we
choose not to action your request, we will explain to you the reasons for our
refusal.
NO FEE USUALLY REQUIRED
You will
not have to pay a fee to access your personal data (or to exercise any of the
other rights). However, we may charge a reasonable fee if your request is
clearly unfounded, repetitive or excessive. Alternatively, we may refuse to
comply with your request in these circumstances.
WHAT WE MAY NEED FROM YOU
We may
need to request specific information from you to help us confirm your identity
and ensure your right to access your personal data (or to exercise any of your
other rights). This is a security measure to ensure that personal data is not
disclosed to any person who has no right to receive it. We may also contact you
to ask you for further information in relation to your request to speed up our
response.
TIME LIMIT TO RESPOND
We try to
respond to all legitimate requests within one month. Occasionally it may take
us longer than a month if your request is particularly complex or you have made
several requests. In this case, we will notify you and keep you updated.
- CONTACTING
THE REGULATOR
If you
feel that your data has not been handled correctly, or you are unhappy with our
response to any requests you have made to us regarding the use of your personal
data, you have the right to lodge a complaint with the Information
Commissioner’s Office.
You can
contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns (opens in
a new window; please note we are not responsible for the content of external
websites)
If you
are based outside the UK, you have the right to lodge your complaint with the
relevant data protection regulator in your country of residence.