Promega Systems Privacy Notice
Promega Systems Ltd are committed to complying with the General Data Protection Regulation and the Data Protection Act 2018, once enacted. Looking after the personal information you share with us is very important, and we want you to be confident that your personal data is kept safely and securely and to understand how we use it to offer you a better support experience.
We have published this notice to help you understand
- how and why Promega collect information from you;
- who we share your information with, why and on what basis; and
- what your rights are.
If we make changes to this notice we will notify you by email. Promega will be what is known as the ‘Data Controller’ of personal data you provide to us
By Data Controller, this means Promega determines the purposes and way in which any personal data is, or will be, processed.
Should you need to contact us please write to:
Data Protection Enquiries, Promega Systems Limited, 100 Kings Chase, Brentwood Essex, CM14 4LB
or via email@example.com
This privacy notice was last updated on 15th May 2018.
What information we collect when you register and why?
When you buy services or goods from us, you are entering into a contract with us. In order for us to process orders we may ask you to provide;
- full name
- contact numbers, and
- email address.
As an existing customer if you have traded with us using debit card, we will securely collect bank details from you.
How do we use your information?
Data Protection says that we are allowed to use and share your personal data only where we have a proper reason to do so. The law says we must have one or more of these reasons and these are:
- Contract – your personal information is processed in order to fulfil a contractual arrangement e.g. in order to send you goods.
- Consent – where you agree to us using your information in this way e.g. for storing your bank details.
- Legitimate Interests – this means the interests of Promega in managing our business to allow us to provide you with the best products and services in the most secure and appropriate way e.g. to transfer your data to certain Third Party’s such as backup partners.
- Legal Obligation – where there is statutory or other legal requirement to share the information e.g. when we have to share your information for law enforcement purposes.
Here is a list of the ways that we may use your personal information, and which of the reasons described above we rely on to do so. Where we list legitimate interests as a reason, we also describe below what we believe these legitimate interests are.
|What we use your personal information for||Our reasons (legal basis)||Our explanation of Promega’s legitimate interests|
|Storing bank details||• Consent||N/A|
|Process your orders||• Fulfilling a contract||N/A|
|Notify you of your order or job status.||• Legitimate interests||Process efficiency and to make improvements to our services.|
|Manage your account and provide customer services to you. This may include: services communications, customer complaints and works queries||• Legal obligation/ Legitimate interests (depending on nature of services)||Keeping our records up to date, handling our customer contact efficiently and effectively, working out which of our products and services may interest you and telling you about them.|
|To detect, investigate and report financial crime (e.g. Fraud)||• Legal Obligation / legitimate interests||Developing and improving how we deal with financial crime. Complying with any legal obligation placed on us by regulators such as the FCA. Complying with any regulations that apply to us. Process efficiency in dealing with such activity, and to make service and process improvements.|
|Marketing communications to inform you of special offers, promotions, new lines and Sales. Provide you with online advertising.||• Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction and relationships.|
|Notifying you about enhancements to our services, such as changes to existing solutions and new services that may be of interest to you.||• Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction and relationships.|
|Contact you to undertake customer satisfaction surveys, invite you to provide product reviews or for market research.||• Legitimate interests||Developing products, services, applications and designs that attract and retain customers. Improving customer interaction and relationships.|
|Maintaining network and data security||• Legitimate interests||To maintain the security of our network this in turns helps us to maintain the safety and confidentiality of your information.|
Who we share your information with and why
Promega works with a number of trusted suppliers, agencies and businesses in order to provide you the high quality goods and services you expect from us such as cloud service providers, credit reference agencies, and fraud prevention agencies amongst others.
Some examples of the categories of third parties with whom we share your data are:
Promega works with a number of trusted partners who supply products and services on our behalf. All partners are subject to thorough security checks, and will only hold the minimum amount of personal information needed in order to fulfil the orders you place or provide a service on our behalf.
In order for you to receive your goods, Promega works with a number of delivery partners. Again, we only pass limited information to them in order to ensure delivery of your items.
We work with marketing companies who help us manage our electronic communications with you or carry out surveys and product reviews on our behalf.
Promega works with trusted third party payment processing providers in order to securely take and manage payments.
Credit Reference Agencies
When you apply for credit with us we will make searches about you with credit reference agencies. We do this to make sure customers who apply for credit accounts are able to manage the level of credit offered and not committing fraud by providing false or inaccurate information.
In order to process your application we will supply your personal information to credit reference agencies (CRA’s) and they will give us information about you, such as your financial history. We do this to assess your creditworthiness and product suitability, check your identity, manage your account, trace, recover debts, and prevent criminal activity.
We will also continue to exchange information about you with the CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. Your data will be linked to the data of your spouse, any joint applicants or other financial associates.
The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at:
Experian Credit Reference Agency Information Notice
CallCredit Credit Reference Agency Information Notice
Equifax Credit Reference Agency Information Notice
We will use automated credit-scoring methods to assess your application and to confirm your identity. We will automatically check your credit history against our lending criteria and if you don’t meet our requirements you will be declined for credit. For more information see the CRAIN notices above. There is also an automated decision section below with further detail. Should you wish to object to the use of automated credit scoring, please contact the person responsible for Data Protection.
Debt recovery and fraud prevention services
Before we provide services, goods or financing to you, we may undertake checks for the purposes of preventing fraud and money laundering, and to verify your identity. These checks require us to process personal data about you.
The personal data you have provided, we have collected from you, or we have received from third parties can be used to prevent fraud and money laundering, and to verify your identity.
Details of the personal information that will be processed may include, for example: name, address, date of birth, contact details, financial information, employment details and device identifiers including IP address.
We and fraud prevention agencies may also enable law enforcement agencies to access and use your personal data to detect, investigate and prevent crime.
We process your personal data on the basis that we have a legitimate interest in preventing fraud and money laundering, and to verify identity, in order to protect our business and to comply with laws that apply to us. Such processing is also a contractual requirement of the services or financing you have requested.
We process your personal data on the basis that it is necessary in the public interest or in exercising official authority for us to prevent fraud and money laundering, and to verify identity, in order to protect ourselves and to comply with laws that apply to us.
Fraud prevention agencies can hold your personal data for different periods of time, and if you are considered to pose a fraud or money laundering risk, your data can be held for up to six years.
As part of the processing of your personal data, decisions may be made by automated means. This means we may automatically decide that you pose a fraud or money laundering risk if our processing reveals your behaviour to be consistent with money laundering or known fraudulent conduct, or is inconsistent with your previous submissions, or you appear to have deliberately hidden your true identity. You have rights in relation to automated decision-making: if you want to know more please contact us using the details above.
Consequences of Processing
If we, or a fraud prevention agency, determine that you pose a fraud or money laundering risk, we may refuse to provide the services or financing you have requested, or to employ you, or we may stop providing existing services to you.
A record of any fraud or money laundering risk will be retained by the fraud prevention agencies, and may result in others refusing to provide services, financing or employment to you. If you have any questions about this, please contact us on the details above.
Whenever fraud prevention agencies transfer your personal data outside of the European Economic Area, they impose contractual obligations on the recipients of that data to protect your personal data to the standard required in the European Economic Area. They may also require the recipient to subscribe to ‘international frameworks’ intended to enable secure data sharing.
Your personal data is protected by legal rights, which include your rights to object to our processing of your personal data; request that your personal data is erased or corrected; request access to your personal data.
For more information or to exercise your data protection rights, please contact us using the contact details above. You also have a right to complain to the Information Commissioner’s Office, which regulates the processing of personal data.
Transfers to third countries
Some of the information you provide to us may be transferred outside the European Economic Area to countries such as the US. This is a transfer to a “third country”. For example Promega has a business relationship with Datto who provide us with backup services. Although the data is held in UK data centres colleagues in the US may access it to undertake the activities described above.
Promega also works with suppliers and partners who may make use of cloud and/or hosted technologies. We undertake data security due diligence on our partners and ensure that that these partners conform to appropriate accreditations.
To find out more please contact us at firstname.lastname@example.org.
Keeping in touch with you
We want to keep you up to date with information about special offers and improvements to our services. When you first start trading with us, we will ask you if you want to receive this type of marketing information.
Promega will not share your information with companies outside of Promega Systems Ltd for their marketing purposes.
If you decide you do not want to receive this marketing information you can request that we stop by writing to the designated person for Data Protection at the address provided above, emailing email@example.com, or by calling us on 01277 205484.
You may continue to receive mailings for a short period while your request is dealt with.
How long we keep your information
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your information above. The only exceptions to this are where:
- the law requires us to hold your personal information for a longer period, or delete it sooner;
- you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law;
- we bring or defend a legal claim or other proceedings during the period we retain your personal information, in which case we will retain your personal information until those proceedings have concluded and no further appeals are possible; or
- in limited cases, existing or future law or a court or regulator requires us to keep your personal information for a longer or shorter period.
What are your rights
You are entitled to request the following from Promega, these are called your Data Subject Rights and there is more information on these on the Information Commissioners website www.ico.org.uk
- Right of access –to request access to your personal information and information about how we process it
- Right to rectification –to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- Right to erasure (also known as the Right to be Forgotten) – to have your personal information erased.
- Right to restriction of processing – to restrict processing of your personal information
- Right to data portability – to electronically move, copy or transfer your personal information in a standard form
- Right to object – to object to processing of your personal information
- Rights with regards to automated individual decision making, including profiling –rights relating to automated decision making, including profiling
If you have any general questions about your rights or want to exercise your rights please contact firstname.lastname@example.org.
You have the right to lodge a complaint with a data protection regulator in Europe, in particular in a country you work or live or where your legal rights have been infringed. The contact details for the Information Commissioner’s Office (ICO), the data protection regulator in the UK, are available on the ICO website www.ico.org.uk where your personal information has or is being used in a way that you believe does not comply with data, however, we encourage you to contact us before making any complaint and we will seek to resolve any issues or concerns you may have.