The EU General Data Protection Regulation (GDPR) is the most significant piece of European privacy legislation in the last twenty years. It replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.
Its purpose is to protect the ‘’rights and freedoms’’ of natural persons (ie living individuals) and to ensure that their personal data is not processed without their knowledge, and where possible, it is not processed without their consent.
What information we collect
We collect and process personal data about you when you interact with us and our products and when you purchase goods and services from us. The personal data we process includes:
If you are customer or a supplier of goods and services;
- your name
- your home or work address, email address and/or phone number
- your job title
- your payment details, including billing, delivery addresses and credit card details, where you make purchases from us
- information related to the browser or device you use to access our website
- recordings of calls you make to our customer service team
- and/or any other information you provide
If you are an employee;
- your name
- your personal email address
- your personal contact numbers
- your next of kin Details (emergency contact)
- your date of birth
- your home address
- your bank details
- your job history & other information contained in your CV
- your medical history
- your educational history
- your details of unspent convictions; if any
- Information to confirm your identity eg passport
- Information relevant to the selection process; if any
Purpose of processing personal data
We process the personal data listed above for the following purposes:
- as required to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to provide or receive services. This may include verifying your identity, taking payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services. We require this information in order to enter into a contract with you and are unable to do so without it;
- to comply with applicable law and regulation;
- to make recruitment decisions
- in accordance with our legitimate interests in protecting Box Technologies legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);
- with your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our products or services;
- we may monitor any customer account and associated data, such as payment card details to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;
- in circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and
We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.
Sharing personal data
We may share your personal data with our subsidiaries to process it for the purposes of inter-group administration and to deliver products or services where elements of these are provided by companies other than those with which you have directly contracted.
We may also share your personal data with the below third parties:
- our suppliers, business partners and sub-contractors; and/or
- search engine and web analytics.
- our professional advisors such as our auditors and external legal and financial advisors;
- marketing agencies where they have agreed to process your personal data in line with this Privacy Notice;
Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws.
Personal data may also be shared with third party service providers who will process it on behalf of Box Technologies for the purposes above. Such third parties include, but are not limited to, providers of product maintenance & repair services, and identity checking.
How long we shall keep your personal data
We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.
Where you are a customer or a supplier, we will keep your information for the length of any contractual relationship you have with us and after that for a period no longer than required in accordance with legal requirements.
Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (i) until you unsubscribe from our communications; or, if you have not unsubscribed, (ii) while you interact with us and our content.
Where is my personal data stored
All personal information collected by Box Technologies will be stored in secure facilities and hosting servers in databases relevant to the products/services you have permitted us to hold your personal data for processing.
If you have agreed to be added to our database to receive further product and marketing information, your data will be stored securely in our SuperOffice CRM database.
The personal data that we collect from you may be transferred to, and stored outside the European Economic Area (“EEA”). It may also be processed by staff working for Box Technologies or Flytech Technologies, Taiwan or an approved supplier operating outside the EEA, in which case the other country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards, or agreed model clause for contractual cross-border transfer shall be in place.
What are your personal data rights
You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you or by contacting us.
Where you have consented to us using your personal data, you can withdraw that consent at any time.
If the information we hold about you is inaccurate or incomplete, you can notify us and ask us to correct or supplement it.
You also have the right to request we provide a copy of any personal data we hold about you.
If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don’t have a good reason to continue to use it; or (d) if we haven’t handled your personal data in accordance with our obligations.
If you wish to discuss our handling of your personal data, please send your contact details to: Box Technologies, Unit 19-20 Thame Park Industrial Estate, Wenman Road, Thame, Oxfordshire, ENGLAND OX9 3XA; or email at firstname.lastname@example.org
If you wish to make a complaint about the way we have handled your personal data or in any event where we have not upheld our policy on Privacy of your data, you have a right to contact our lead supervisory authority with the details of your complaint at the Information Commissioners Office https://ico.org.uk/your-data-matters/
Stay informed: Stay abreast of updated regulatory guidance. We recommend regular review of the Information Commissioner’s website, which is the UK representative within the EU working group: Article 29.