1.1 The Brintons Group (“Brintons”) takes data protection seriously. The use of Brintons internet pages is not possible without the provision of some personal data; however if a Data Subject wishes to use certain services via our website, processing of further personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we will obtain consent from the Data Subject.
1.2 Personal Data processing shall always be in line with the General Data Protection Regulations 2016 (“GDPR”) and in accordance with the country specific legislation applicable to Brintons. By means of this Privacy Notice we would like to inform the general public why we collect and process personal data and the Data Subject’s rights relating to the collection and processing of personal data.
2.1 The data protection notice of Brintons is based on the terms used by the European Union legislator for the adoption of the GDPR but to aid your understanding the definitions apply:
3. Name and address of the Controller
3.1 The Controller is:
Brintons Carpets Limited, Stourport Road, Kidderminster, Worcestershire. DY11 7PZ.
Telephone: 01562 635000.
4. Name and address of the Lead Supervisory Authority
4.1 The Lead Supervisory Authority overseeing the Controller is:
Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF. Telephone: 0303 123 1113. Email: email@example.com. Website: https://ico.org.uk
5.2 Many cookies contain a so-called cookie ID, which is a unique identifier of the cookie. It consists of a character string through which internet pages and servers can be assigned to the specific internet browser in which the cookie is stored.
5.3 This allows a visited internet site and servers to differentiate the individual browser of a Data Subject from other internet browsers that contain other cookies. A specific internet browser can be recognised and identified using the unique cookie ID.
5.5 The Data Subject may, at any time, prevent the setting of cookies by our website, either temporarily or permanently, by amending the settings of their internet browser. Cookies already stored can be removed via their internet browser settings.
5.6 If the Data Subject deactivates the setting of cookies in their internet browser, not all functions of our website may be available or useable.
6. Reasons and purposes for processing information
6.1 The following is a broad description of the way Brintons processes personal information. To understand how your own personal information is processed you may also need to refer to any personal communications you have received. We process personal information to enable us to promote our goods and services, to maintain our own accounts and records, and to manage and support our employees.
6.2 We collect information relating to the above purposes from the following sources:
6.3 We process information relating to the above purposes. This information may include:
6.4 We process personal information about our:
6.5 We sometimes need to share the personal information we process with the individuals themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (“DPA”), Privacy and Electronic Communication Regulations (“PECR”) and the EU General Data Protection Act 2016 (“GDPR”) as it applies. What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
6.6 Where necessary or required we share information with:
7. Rights of the Data Subject
7.1 GDPR affords EU Data Subjects with rights, which are summarised below. In order to assert any of these rights, the Data Subject may contact Brintons at any time.
7.2 The right of confirmation: Each Data Subject shall have the right to obtain from the Controller the confirmation as to whether or not personal data concerning them is being processed.
7.3 The right of access: Each Data Subject shall have the right to obtain from the Controller, free information about their personal data stored at any time and a copy of this information. Furthermore, the Data Subject shall have a right to obtain information as to whether their personal data is transferred to a third country or to an international organisation. Where this is the case, the Data Subject shall have the right to be informed of the appropriate safeguards relating to the transfer.
7.4 Right to rectification: Each Data Subject shall have the right granted by the European Union to obtain from the Controller without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
7.5 Right to erasure (right to be forgotten): Each Data Subject shall have the right to obtain from the Controller the erasure of personal data concerning them without undue delay, and the Controller shall have the obligation to erase personal data without undue delay where one of the statutory grounds applies, as long as the processing is not necessary.
7.6 Right of restriction of processing: Each Data Subject shall have the right granted by the European Union to obtain from the Controller a restriction to the processing of their personal data where a statutory reason applies.
7.7 Right to data portability: Each Data Subject shall have the right granted by the European Union to receive a copy of their personal data, held by the Controller, in a structured commonly used and machine-readable format.
7.8 Right to object: Each Data Subject shall have the right to object, on grounds relating to their specific situation, at any time, to the processing of their personal data.
7.9 Automated individual decision-making, including profiling: Each data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling.
7.10 Right to withdraw consent: Where consent forms the basis for processing, Data Subjects have the right to withdraw their consent at any time. Data Subjects can withdraw consent by sending an email to firstname.lastname@example.org.
7.11 Right to complain to the supervisory authority: Should the Controller not react to a request from a Data Subject within a reasonable period, the Data Subject can contact the Supervisor Authority. Their contact details can be found in clause 4 of this privacy notice.
8. Legal basis for data processing
8.1 The legal basis for data processing shall be where:
9. The legitimate interests pursued by the Controller or by a third party
9.1 Where the processing of personal data is based on our legitimate interest, it is to carry out our business in favour of the well-being of all our employees and shareholders.
10. Security of processing
10.1 As the Controller, Brintons has implemented technical and organisational measures to ensure personal data processed remains secure, however absolute security cannot be guaranteed. Should a Data Subject have a particular concern about a particular method of data transmission, we shall take steps to provide an alternative method.
11.1 It may sometimes be necessary to transfer personal information overseas. When transfers are needed, information may be transferred to countries or territories around the world. Any transfers made will be in full compliance with all aspects of the General Data Protection Regulations and in accordance with the country-specific legislation applicable to Brintons.
12. Personal data retention periods
12.1 The criteria used to determine the retention period of personal data is the respective statutory retention period within the EU Member State. After the expiration of that period, the personal data shall be securely deleted, as long as it is no longer necessary for the fulfillment of a contract, the initiation of a contract, to meet the controller’s statutory obligations or in relation to other legal proceedings.
13. Contractual obligation of the Data Subject to provide the personal data and the possible consequences of failure to provide such data
13.1 For clarity, the provision of personal data is partly required by law (e.g. tax legislation) or can also result from contractual provisions (e.g. a customer name and address). Sometimes it may be necessary to conclude a contract that the Data Subject provides us with personal data, which must subsequently be processed by us. The Data Subject is, for example, obliged to provide us with personal data when our company signs a contract with them. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
14. Automated decision-making and profiling
14.1 We do not process personal data for automatic decision-making or profiling.
15. Data protection for employment and recruitment procedures
15.1 The data Controller shall collect and process the personal data of applicants for the purpose of processing of the job application procedure. The processing may also be carried out electronically. In this case, in particular, if an applicant submits corresponding application documents by e-mail or by means of a web form on our website to the Controller. If the data Controller concludes an employment contract with the applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with legal requirements. If no employment contract is concluded with the applicant by the Controller, the application documents will be automatically erased within two months following notification of the refusal decision, provided that no other legitimate interests of the controller are opposed to the erasure. Other legitimate interests could be, for example, complying with country-specific legislation, such as the UK Equality Act 2010.
16.1 You may not transfer your rights under this privacy notice to any other person. We may transfer our rights under this Privacy Notice where we reasonably believe your rights will not be affected.
16.2 If any court or competent authority finds that any provision of this privacy notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy notice will not be affected.
16.3 Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
16.4 This notice will be governed by and interpreted according to the law of England and Wales. All disputes arising under the notice will be subject to the exclusive jurisdiction of the English and Welsh courts.
17. Changes to this notice
17.1 This notice was last updated on 30 April 2018. We may change this notice by updating this page to reflect changes in the law or our privacy practices. However, we will not use your Personal Data in any new ways without your consent.