For the purposes of the Data Protection Act 2018 (‘DPA’) and the EU General Data Protection Regulation (‘GDPR’), J-Flex is the ‘data controller’, which means that we are responsible for, and control the processing of, your personal data.
We have appointed a Data Protection Manager who is responsible for ensuring that we comply with our legal obligations in relation to data protection. Our Data Protection Manager is Sam Kirk. His contact details are listed at the bottom of this policy.
Personal data we may collect about you
We will obtain personal data about you (such as your name, address, e-mail address and telephone number) whenever you complete an online form by which you consent to us holding that personal data for the purpose specified on that form.
How we use Your Personal Data
We will use your personal data for the purposes described in the data protection notice that was given to you at the time your data was obtained. These purposes include:
- to help us identify you and any accounts you hold with us
- research, statistical analysis and behavioural analysis
- customer profiling and analysing your purchasing preferences
- marketing—see ‘Marketing and opting out’ below
- fraud prevention and detection
- billing and order fulfilment
- credit scoring and credit checking—see Credit Checking below
- customising this website and its content to your particular preferences to notify you of any changes to this website or to our services which may affect you
- security vetting
- improving our services
Lawful Basis for the Processing of Your Personal Data
We will use the personal data that we hold for the purposes of:
- performing any contractual or other obligations that we may have to you,
- complying with our legal obligations, and
- protecting our legitimate interests or those of others but only if it is necessary to do so and those interest are not overridden by your own interests or rights. You have the right to challenge those interests and to request that we stop processing your personal data on this basis. For further information see Your Rights below.
We can process your personal data for those purposes without your knowledge or consent, but we will not use your personal data held on that basis for any other purpose without telling you that we will do so and our legal basis for processing it.
We may also process your personal data for any purpose to which you have expressly consented. You can withdraw that consent at any time. For further information see Your Rights below.
Special Categories of Personal Data
Special categories of personal data are types of personal data consisting of information as to:
- your racial or ethnic origin;
- your political opinions;
- your religious or philosophical beliefs;
- your trade union membership;
- your genetic or biometric data;
- your health;
- your sex life and sexual orientation; and
- any criminal convictions and offences
We will only hold and process special categories of your personal data in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the Data Protection Manager.
We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
- where it is necessary for carrying out legal rights and obligations;
- where it is necessary to protect your vital interests or those of another person where you or they are physically or legally incapable of giving consent;
- where you have made the data public;
- where processing is necessary for the establishment, exercise or defence of legal claims; and
- where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity
We may process your race, ethnic origin, religion, sexual orientation, disabilities, medical condition or gender to monitor and to prevent possible discrimination.
Where Your Personal Data will be Processed
We will not hold or send your personal data outside the European Economic Area.
We will contact you by e-mail about our products, services and/or news relating to J-Flex, only if you have asked us to do so. If you have changed your mind and would prefer us not to contact you, then you can opt out at any time. For further information see Your Rights below.
E-mail marketing messages may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data.
Disclosure of Your Personal Data
We may disclose your personal data to:
- other companies within our group
- credit reference agents—see ‘Credit Checking’ below
- law enforcement agencies in connection with any investigation to help prevent unlawful activity
Keeping Your Data Secure
We will use technical and organisational measures to safeguard your personal data, for example; we store your personal data on secure servers.
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance and training.
To enable us to make credit decisions about you and for fraud prevention and money laundering purposes, we may search the files of credit reference agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes.
Information about Other Individuals
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his or her behalf and has agreed that you can:
- give consent on his or her behalf to the processing of his or her personal data; and
- receive on his or her behalf any data protection notices
Retention of Your Personal Data
We will not retain your personal data for longer than is reasonably necessary for the purpose for which it was obtained, and unless we have agreed otherwise with you we will at the end of the retention period securely destroy or delete it from our records, in accordance with our Data Retention Policy.
Your Rights in Respect of Personal Data
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request. We will respond as soon as reasonably practicable and in any event within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to a further two months. There is no fee for making a subject access request, but if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
You can correct any inaccuracies in your personal data. To do you should contact the Data Protection Manager as specified below.
You have the right to request that we erase your personal data if we are not legally entitled to process it without your consent or if it is no longer necessary to process it for the purpose for which it was collected. To do so you should contact the Data Protection Manager.
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while that application is made. To do so you should contact the Data Protection Manager.
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop such data processing.
You have the right to object if we process your personal data for the purposes of direct marketing.
You have the right to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
With some exceptions, you have the right not to be subjected to automated decision-making.
You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact the Data Protection Manager.
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). That website has further information on your rights and our obligations.
Should you have any questions or wish to check the information we hold about you, please e-mail;
Sam Kirk – firstname.lastname@example.org
Or write to our Registered Office;
Sam Kirk, C/O J-Flex, Units 1 & 2, London Road Business Park, Retford, DN22 6HG, UK.
We may change this policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access this website.