We have updated our Privacy Policy in line with new GDPR regulations, General Data Protection Regulations (GDPR) (EU 2016/679). This is to ensure you are aware of how we collect, use, store and secure your data. It also includes who to contact if you have any concerns.

General

This notice describes how StortEskens Ltd processes your personal data, as a Data Controller. Our address is Unit 3, Colville Court, Winwick Quay, Warrington, Cheshire, WA2 8QT, United Kingdom. Please see “How do I get in touch with you” below for contact details for specific matters.

You have the right to object to some of the processing which StortEskens carries out. More information about your rights and how to exercise these is set out in the section headed “Your rights” below.

This notice applies to:

  • Suppliers;
  • Customers;
  • Visitors;
  • Callers;
  • Job Seekers;
  • Employees;
  • And anyone contacting, visiting or using our Websites

Summary of the purposes for processing your personal data and the legal basis for doing so:

We process personal data to provide our services upon request or on a contractual basis.

We make, amend and administer service visits, process and store payment details and provide other products and services, such as remote repairs via VPN, spare parts and consumables. We also deal with enquiries and gather customer feedback.
Legal Basis: Article 6(1)(b) (Contract clause)

To perform these duties, we require personal names and work addresses, email addresses and contact phone and mobile numbers. We also collect and use such things as IP addresses of customers’ machinery in order for us to be able to remotely connect to them so that we can uphold our maintenance and support obligations.
Legal Basis: Article 6(1)(b) (Contract clause)

In order to provide our services we do not need to collect sensitive personal data. If you (or an authorised person acting on your behalf) do provide such information to us, please be aware we may need to ask for your explicit consent. In some cases, it may be permissible for us to have such data as it is in your vital interests that we do so.
Article 6(1)(a) (Consent clause)
Article 6(1)(d) (Vital Interests clause)

We use third party marketing and analytical cookies on our websites, as explained as in our Cookie Notice. You can reject and block cookies in your browser settings. We use plus similar technologies in our marketing emails. You have the right to opt out of marketing communications.
Article 6(1)(a) (Consent clause)

If you post on social media about our business, we may use your contact details to respond to any complaints or comments, as we have a right to reply.
Article 6(1)(f) (Legitimate Interest clause)

We may be required to use your data to aid us as we seek to prevent and detect crime as well as protect our business and premises.
Article 6(1)(f) (Legitimate Interest clause)

In order to fulfil the above purposes:

We share and provide your personal data to payment providers, technology providers, insurers, and other specialist professional and technical service providers and advisers, to manage your bookings, arrange payments, and provide services.
Article 6(1)(b) (Contract clause)

We may transfer your personal data outside the European Economic Area, where we do this, we will use safeguards to protect your data.
Article 6(1)(b) (Contract clause)

Data Retention

We keep your data to enable us to fulfil our contract with you or to provide services; where required by law; to respond to a question or complaint; to obey rules about keeping records; to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests.

Where we process personal data based on your consent, we will retain it for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.

Your rights:

  • You have the right to be informed.
  • You have the right to withdraw any consents you may have given us, at any time.
  • You have an absolute right to object to direct marketing (and any profiling for the purposes of direct marketing) at any time.

You also have the qualified right to:

  • Request Access, Rectification, or Erasure of your personal data.
  • You have the right to request that we Restrict Processing of your personal data
  • You have the right to request that we supply or transfer your personal data in a machine readable (portable) format.

Where you exercise any of your rights, we will process your personal data to comply with your request in accordance with our legal obligations.
Article 6(1)(b) (Contract clause)
Article 6(1)(c) (Legal Obligation clause)

You have the right to lodge a complaint with a data protection supervisory authority of the EU Member State in which you are resident, work or in which your complaint arises.

In the UK, the supervisory authority is the Information Commissioners Office. Details of all EU supervisory authorities can be found at http://ec.europa.eu/newsroom/article29/itemdetail.cfm?item_id=612080.

If you require further details of our Privacy Notice please read more below.

Personal information we collect

We collect personal information when you request or use our services. We may also receive personal data about you from another source.

This includes:

  • Business-to-Business Information – for corporate customers and corporate business leads and contacts: job title, business address and business email address
  • Personal Identifiers – title, name and IP addresses
  • Transaction Information – payment, purchase order numbers
  • Customer special requests and feedback including complaints – via call centres, emails and online free text fields

Third parties that we receive personal data from may include:

  • Manufacturers, Suppliers and third-party customers
  • Corporate customers and public information sources such as Companies House
  • Social networks
  • Business Account management operators
  • Government and law enforcement agencies
  • Other licensees in accordance with licensing requirements
  • Eskens Group and other companies in the Eskens Group

How do we use your information, and what is the legal basis for this use?

To fulfil a contract, or take steps linked to a contract. This is relevant when you want to utilise our services; or receive other products and services from us such as consumables, spare parts or machinery:

  • Providing products and services requested by you
  • Verifying your identity
  • Processing payments
  • Communicating with you
  • Providing customer services, including managing complaints
  • Alerting you by text, email or phone in the event of an unplanned circumstance, as a resultof which we have to make alternative arrangements under our contract (or where we believe it is in your vital interests).

If the information we request is not provided, we may not be able to enter into or comply with a contract or our legal obligations.

In our legitimate interests regarding the conduct of our business, in particular:

  • Ensuring customer satisfaction, maintaining goodwill and dispute resolution
  • We provide technical support and investigate and process any complaints about our website or our products or services, and to maintain appropriate records for internal administrative purposes. We reserve the right to request evidence to support any claims or complaints.
  • To protect our business and prevent fraud
  • monitor, test and control the performance and security of our systems, networks, processes and premises to prevent and detect fraud and protect our business; and
  • If you provide a credit or debit card as payment, we use third parties to check the validity of your bank account or card details in order to prevent fraud.

For business performance and improvement:

  • Call centre communications, including incoming and outgoing calls and emails for staff training, quality improvement purposes and establishing facts
  • analyse transactions to enable us to improve our services and products and plan for our business

Safety and Security of our Visitors and Employees:

  • To protect premises and for security purposes including information recorded from CCTV
  • To obtain statements from witnesses to accidents and other incidents
  • For the detection and prevention of crime.

Developing and Marketing Products and Services:

  • For raising brand awareness
  • To understand you better as a customer by analysing our services provided to you and other information you provide to us or which we learn through your interactions with us
  • We may use your data to provide personalised promotional offers to you. For example, we may transfer information about you to such providers so that they may recognise your devices and deliver interest-based content and advertisements to you. The information may include your name, email, device ID, or other identifier in encrypted form. The providers may process the information in hashed form. These providers may collect additional information from you, such as your IP address and information about your browser or operating system; may combine information about you with information from other companies in data sharing cooperatives in which we participate; and may place or recognize their own unique cookie on your browser. These cookies may contain demographic or other data in de-identified form;
  • for monitoring the use of our website in order to improve their performance and optimise our media spend
  • For developing corporate business and applying rates
  • Responding to a Data Subject Right request under data protection legislation

Legal and Regulatory purposes

  • In connection with legal claims, compliance, regulatory and investigative purposes as necessary (including disclosure of such information in connection with claims, legal process or litigation)
  • To comply with health and safety legislation, including accounting for the number of individuals on our premises and logging accidents
  • To prevent, investigate and/or report suspected fraud, terrorism, security incidents or other crime, in accordance with applicable law
  • To anonymise personal data when we no longer need to process it
  • When you use our website, we place cookies and use similar technologies on your computer, mobile or other device and we use such technologies such as pixel tags and web beacons in marketing emails and communications (also see our Cookie Notice)
  • We may use credit checks if you apply for a Business Account
  • We will process health information, such as accessibility, that you or a party on your behalf provides to us (we may also be able to do this where it is in your vital interests)
  • On other occasions where we ask you for consent, we will use the personal data for the purpose which we explain at that time.

You have the right to withdraw consent at any time.

For purposes which are required by law:

  • To record details of guests not resident in the UK
  • In response to requests by government, law enforcement authorities, or intelligence services and court orders
  • If required to comply with health and safety legislation to which we are subject
  • Responding to a rights request under data protection legislation

To protect your vital interests or those of another person:

  • Disclosing your personal data to the emergency services where we believe it is necessary to protect your vital interests or the vital interest of another person
  • Other recipients that we disclose, transfer or share your personal data with

Group companies

We will share your personal data with Eskens Group and other companies in the Eskens Group for administering services & products. Details of the Eskens group can be found on our corporate website at www.storteskens.com . The group includes StortEskens, Eskens B.V and Central S.A.T. StortEskens shares data within the Eskens group for purposes such as business support, advisory, IT, safety and security, including CCTV, and other services.

Service Providers

For some activities StortEskens uses third party service providers. Your personal data will be shared with such organisations where this is necessary to provide a service to you, or where it is in our legitimate interests. For example, we use third parties to:

  • Record call information
  • Provide Wi-Fi, IT development, support, maintenance and hosting, including the provision of applications and website hosting
  • Provide analytics
  • Provide insurance
  • Provide credit checks and fraud checks

Other parties

  • Personal data may be shared with regulators, government authorities and/or law enforcement officials for the prevention or detection of crime, if required by law or if required for a legal or contractual claim or regulatory purposes.
  • We disclose your personal data to payment providers, technology providers, insurers, and other specialist professional and technical advisers, to manage your bookings, arrange payments, and provide services.
  • With your consent, we will also disclose your personal data to Ombudsman services and Citizens’ Advice.

Restructure and sale

We may restructure our internal group of companies so that different group companies run our related services. So, for example, in the future Eskens Group (or another group company) may take over responsibility for the running and operation of business and services from StortEskens Ltd. If this happens we will let you know that your data may be shared with such a company and processed as set out in this notice.

In the event that the business is sold or integrated with another business, your details may be shared with our advisers and any prospective purchaser’s adviser and will be passed to the new owners of the business.

International transfers

Sometimes we may need to send or store your data outside of the European Economic Area to follow your instructions, comply with a legal duty or to work with, or receive, services from our service providers who we use to help run your accounts and our services.

If we do transfer information outside of the EEA, we will make sure that it is protected by using one of these safeguards:

  • Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA. Some countries have been deemed adequate by the EU
  • Put in place a contract with the recipient that means they must protect it to the same standards as the EEA or use other mechanisms and measures to achieve adequate protection. We also may use the Standard Contractual Clauses published by the EU
  • Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between EU countries and the US. It makes sure those standards are similar to what is in place within the EEA
  • Binding corporate rules. These are internal rules adopted by group companies to allow international transfers of personal data to entities within the same corporate group located in countries which do not provide an adequate level of protection

We rely on Privacy Shield to deal with some of our service providers in the US. For example, the party who helps us with our customer feedback surveys. We rely on contractual measures for a small number of our suppliers who have or use offices outside the EEA (and who have restricted access to some data) to provide us with IT services including development, testing, support and maintenance.

What rights do I have?

  • Withdrawing consent or otherwise objecting to direct marketing

Wherever we rely on your consent, you will always be able to withdraw that consent. We may continue to process your personal data for other purposes on a different lawful basis (other than consent) where that applies. For example, a customer may withdraw consent for marketing communications, but we will have to continue to process their personal data in order to continue to fulfil our contract with them.

In some cases, we can send you direct marketing without your consent, where we rely on Article 6(1)(b) (Contract clause). Whether the initiation of the direct marketing required consent or not, you have an absolute right to opt-out of direct marketing, and out of any profiling we carry out for direct marketing, at any time. You can do this by e-mailing us at compliance@storteskens.com

Other qualified rights

  • You have the right to know whether or not we process information about you and to access that information, if we do
  • You have the right to update, correct and complete any information we hold about you which is inaccurate or incomplete
  • You have the right to obtain the personal data you provide to us, for a contract or with your consent, in a commonly used, structured, and machine-readable format, and to ask us to share (port) this personal data to another controller
  • You have the right to ask that we erase or restrict (stop active) processing of your personal data
  • In addition, where we use Article 6(1)(f) (Legitimate Interest clause) as the legal basis for processing your personal data, you can object to (challenge) those legitimate interests.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or you ask us to erase information which we are required by law to keep. Where you object to us processing personal information, we may have a compelling justification for processing it. Relevant exemptions are also included within the data protection laws that apply in the UK. We will inform you of relevant exemptions we rely upon when responding to any request you make.

To exercise any of these rights, contact us using the details set out below. If you have concerns, you have the right to complain to the data protection supervisory authority of the EU Member State in which you are resident, work or in which your complaint arises. In the UK, the supervisory authority is the Information Commissioners Office. Details of all EU supervisory authorities can be found at: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

How long will you retain my personal data?

We keep your data to enable us to fulfil our contract with you or to provide services; where required by law; to respond to a question or complaint; to obey rules about keeping records; to uphold or protect contractual or legal rights or where it is in your or another party’s vital interests or our legitimate interests.

Where we process personal data on the basis of your consent, we will retain it only for as long as required for the specified purpose. We also keep your data in line with any statutory limitation periods and for tax, legal or regulatory purposes.

The period for which we will retain your personal data depends on the purposes for which we are processing it and where the same personal data is processed for two or more purposes, we will retain it for the longest period.

For example, we retain:

  • For up to 1 year: Incoming and outgoing voice recordings (although we will keep a record of any consent you give us during a call for as long as we rely on it as the lawful basis for processing)
  • Until a period of 3 years has elapsed since your last interaction with us: Personal data we process for marketing (including profiling) purposes (unless you ask us to stop sending electronic direct marketing, in which case we will act on your request, and then keep a record of your opt-out request indefinitely)
  • Accident report forms for 3 years (or for accidents relating to a child, for 3 years after the child’s 18th birthday)
  • Financial information for a period of 7 years, for accounting, business reporting, analysis and audit purposes.

In any of the cases mentioned above, we may retain the personal data for longer, if it is required for the purposes of any internal or external investigation or litigation. In these cases, it may be retained until the matter is resolved. We may keep your data for longer in line with any limitation periods, or if we cannot delete it, e.g. for tax, legal or regulatory reasons.

You have the qualified right to request deletion of your personal data at any time, or we may choose or be obliged to erase your personal data earlier, for example, if we no longer need to process it.

Cookies and other similar technologies we use

Information about the first and third party cookies and other technologies we use is available in our Cookie Notice.

How do I get in touch with you?

General data protection queries:

If you have any queries about the way we process your personal data, please contact us at compliance@storteskens.com.

This Privacy Notice was last updated on 11th September 2018. Any changes to this Privacy Notice will be communicated on our website.

Download as a PDF