Footprint Sheffield Ltd is the controller of, and we are responsible for, your personal data. In this policy Footprint Sheffield Ltd is referred to as “we”, “us” and “our”.
We have a separate Data Policy for job applicants, visitors to our premises, current, past and future staff. If you fall into this category then please contact us so we can verify your identity and share the policy with you.
2. Your Legal Rights
We recommend that you visit the UK information commissioners website https://ico.org.uk to understand your rights in more detail.
In summary you have rights in relation to personal data held about you. Your rights include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and (where the lawful ground of processing is consent) to withdraw consent.
If you wish to exercise any of your individual rights then contact us using the contact details below.
If you do contact us we may need to request further information to satisfy ourselves that you are who you say you are, and to understand more about your request.
We will try and fulfil your request within one month, but if it is a complex request then it may take longer.
3. Contact Details
If you would like to contact us with respect to Data privacy then please email, call or write to the below with your enquiry:
Footprint Sheffield Ltd
Call: +44 (0114) 232 7080 (please refer to the “contact us” section of our website for office opening times).
4. What Personal Data do we collect about you, for what purpose and on what grounds?
- Communication Data – Includes any communication that you send us, including our responses, as well as meetings and phone call notes. We process this data for the purpose of communicating with you, record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests to reply to communications, keeps records and to establish, pursue or defend legal claims.
- Customer Data – Includes data relating to any sale of our goods and or services such as your name, title, billing / delivery address, email address, phone number, contact details, sale details and payment details. We process this data to supply the goods / services being purchased and to keep records of transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your / our request to enter into such a contract.
- Supplier Data – Includes data relating to any purchase of your goods and or services such as your name, title, address, email address, phone number, contact details, purchase details and payment details. We process this data to supply the goods / services being purchased and to keep records of transactions. Our lawful ground for this processing is the performance of a contract between you and us and/or taking steps at your / our request to enter into such a contract.
- Customer / Supplier Data For Sales, Marketing and Operational reasons – For customers and suppliers we will collect other data on the following:
- Customer / Supplier service such as, but not limited to, late deliveries, product issues, call logs etc. This is aimed to help us improve customer service and sales activity. This data may contain personal data.
- Personal details of members of staff at customer or supplier organisations that are useful for us to know if certain situations happen for example our normal contact at a supplier / customer is off ill or we need to escalate a complaint.
- Personal Details of staff at customer / suppliers that we believe we need to know about for ongoing sales, marketing and operational activity.
Our lawful ground for this processing is our legitimate interests to hold and process this personal data to provide and improve our operational effectiveness, sales and marketing activity.
- Website Technical Data – May includes data about your use of our website such as your IP address, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content and advertisements to you and to understand the effectiveness of our advertising. Our lawful ground for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.
Currently we do not have any way to identify individuals using our website or social media tracking data. This remains under review.
- Potential and Current End Users of our Products Personal Data – We collect personal data about end users and potential end users of our products. This data will include contact details, what product you may be interested in, what trade you work in and your communication/marketing preferences and any contact you have with us. Our lawful grounds for collecting and processing this data is our legitimate interests which is to grow our business by marketing new products, marketing current products and working to understand how end users use our tools and tools we are looking to develop.
- Potential Customers / Suppliers – We collect data found publicly or given to us by individuals on potential customers and suppliers. This data may include names, contact details, job title and job history. Our lawful ground for processing is our legitimate interests, which in this case are to enable us to grow our business and adjust our sales and marketing approach to potential customers / suppliers requirements.
5. Sensitive Data
In some instances we will collect sensitive data.
We will not proactively ask for sensitive data. We will only collect and process this data if you have told us about it or we observe it and that we see a purpose for us processing this data.
- A customer has a religious holiday – we will note this down so that we do not try to contact them on this holiday or send goods for delivery on this day.
- A supplier’s member of staff, our day to day contact, is taking time off work due to illness. We will note this down so we can adjust our operations and send a message wishing them a speedy recovery, if appropriate.
For the avoidance of doubt we do not collect personal data to sell onto third parties. The only time that personal data would be sold is in the event of us being sold, transferred or merged to/into another business. We do share data with 3rd parties as outlined in section 6 below. These 3rd parties will be working for us.
For further information on what sensitive data is we recommend you visit https://ico.org.uk and read the section on “Special Category Data”.
6. Who is Collecting this data and how is this data collected?
We, Footprint Sheffield Ltd, collect this data.
We collect this data through multiple sources as outlined below:
- Direct data collection from yourself through communication i.e. phone call notes / logs, meetings notes / logs, forms (digital and physical) for the setting up of a business or marketing relationship, emails, texts, faxes.
- Publicly available sources such as websites or publications
7. Disclosures of Personal Data
We may have to share personal data with third parties. These third parties are classified as follows:
- Professional Advisers / Suppliers of Business Services including (but not limited to) lawyers, accountants, bankers, insurers, facilities management firms and auditors
- Service providers who provide IT & system administration services
- Government bodies that require us to report processing activities or regulatory information such as tax details
- Marketing / Advertising companies working on behalf of us to enable us to grow our business
We do not collect personal data to sell onto third parties. The only time that personal data would be sold is in the event of us being sold, transferred or merged to/into another business.
8. International Transfers
All physical records are kept in the United Kingdom.
Most of our IT service providers have servers, where our data is stored, located in the EEA (European Economic Area).
Some of our providers of IT systems have their servers based in the United States of America.
We know of no other providers of services who keep our personal information outside of the EEA or the United States of America.
9. Data Security
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorisation. Access to your personal data is only given to those employees and 3rd parties who have a business need (as outlined in section 6 above) to know such data. They will only process your personal data on our instructions and they must keep it confidential.
We will notify you, and the appropriate regulator, of any personal data breach.
10. Data Retention
If we have an ongoing commercial relationship then all personal data will be retained for as long as that relationship continues.
If we no longer have a commercial relationship then personal data we hold will be retained for a minimum of 10 years. After 10 years it will be reviewed to see whether we still have a business requirement for the data or if it is of historical value to us as a business. If neither of the two requirements are met then the data will be permanently deleted.
For all other personal data, not covered by the above two paragraphs, we hold we will review it every 10 years. If we have no clear business requirement to retain this data or to use this data as matter of historical record then we will delete the personal data or anonymise it.
The above does not affect your right to request personal data be deleted or anonymised.
The above retention schedule is reviewed at least annually.
11. Third Party Links
Our website, social media accounts or marketing material may contain links to third party websites, plug-ins and applications. Clicking on those links or enabling these connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
We use website analytics to monitor the traffic to our website, website performance and improve our marketing for the ongoing business.
We collect no data that we can identify an individual from during this data collection.
Upon your first visit to our website you can select to switch off the analytics cookie. Alternatively you can set your browser to refuse all or some browser cookies, or alert you when websites set or access cookies. Please refer to your web browser on how to refuse all or some browser cookies.