For the purposes of the Data Protection Act 2018 (‘DPA’) and the EU General Data Protection Regulation (‘GDPR’), J-Flex is the ‘data controller’, which means that we are responsible for, and control the processing of, your personal data.
We have appointed a Data Protection Manager who is responsible for ensuring that we comply with our legal obligations in relation to data protection. Our Data Protection Manager is Sam Kirk. His contact details are listed at the bottom of this policy.
We will obtain personal data about you (such as your name, company name, address, e-mail address and telephone number) whenever you complete an online form by which you consent to us holding that personal data for the purpose specified on that form.
We will use your personal data for a number of purposes.
These purposes include:
We will use the personal data that we hold for the purposes of:
We can process your personal data for those purposes without your knowledge or consent, but we will not use your personal data held on that basis for any other purpose without telling you that we will do so and our legal basis for processing it.
We may also process your personal data for any purpose to which you have expressly consented. You can withdraw that consent at any time. For further information see Your Rights below.
Special categories of personal data are types of personal data consisting of information as to:
We will only hold and process special categories of your personal data in certain situations in accordance with the law. For example, we can do so if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request. You do not need to consent and can withdraw consent later if you choose by contacting the Data Protection Manager.
We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:
We may process your race, ethnic origin, religion, sexual orientation, disabilities, medical condition or gender to monitor and to prevent possible discrimination.
We will not hold or send your personal data outside the European Economic Area.
We may disclose your personal data to:
We will use technical and organisational measures to safeguard your personal data, for example; we store your personal data on secure servers.
Whilst we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data which are transferred from you or to you via the internet.
We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance and training.
To enable us to make credit decisions about you and for fraud prevention and money laundering purposes, we may search the files of credit reference agencies (who will record the search). We may disclose information about how you conduct your account to such agencies and your information may be linked to records relating to other people living at the same address with whom you are financially linked. Other credit grantors may use this information to make credit decisions about you and the people with whom you are financially associated, as well as for fraud prevention, debtor tracing and money laundering purposes.
If you give us information on behalf of someone else, you confirm that the other person has appointed you to act on his or her behalf and has agreed that you can:
We will not retain your personal data for longer than is reasonably necessary for the purpose for which it was obtained, and unless we have agreed otherwise with you we will at the end of the retention period securely destroy or delete it from our records, in accordance with our Data Retention Policy.
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request. We will respond as soon as reasonably practicable and in any event within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by up to a further two months. There is no fee for making a subject access request, but if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
You can correct any inaccuracies in your personal data. To do you should contact the Data Protection Manager as specified below.
You have the right to request that we erase your personal data if we are not legally entitled to process it without your consent or if it is no longer necessary to process it for the purpose for which it was collected. To do so you should contact the Data Protection Manager.
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while that application is made. To do so you should contact the Data Protection Manager.
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop such data processing.
You have the right to object if we process your personal data for the purposes of direct marketing.
You have the right to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
With some exceptions, you have the right not to be subjected to automated decision-making.
You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact the Data Protection Manager.
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). That website has further information on your rights and our obligations.
Should you have any questions or wish to check the information we hold about you, please e-mail;
Sam Kirk – [email protected]
Or write to our Registered Office;
Sam Kirk, c/o J-Flex, Units 1 & 2, London Road Business Park, Retford, DN22 6HG, UK.
We may change this policy from time to time. You should check this policy occasionally to ensure you are aware of the most recent version which will apply each time you access this website.