1. Issue/Update Register
Issue 1 – Original Notice – Avanta UK – 25-06-2018
2. Who We Are
Avanta UK Ltd collects uses and is responsible for personal data about you.
The company is regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of those laws.
3. Personal Data We Collect and Use
3.1 Information you provide voluntarily
In the course of using this website you will voluntarily provide data that we collect, store and use. This will be either contact form submissions, via telephone or emails to the sales@ address.
This data may include:
- Personal contact details such as name, title, address, telephone numbers and email addresses.
- Details of your enquiry
3.2 Information we collect automatically
When you browse www.avantauk.com we may collect data about your use of the website.
This data may include:
- Operating System
- IP Address
- Browser ID
- Browsing activity
3.2.1 A1 Webstats
Contained within our website is a piece of tracking code from A1 Webstats. A1 Webstats will track activity on the website and identifies the businesses that visit our website. It does not identify the data subject, and it does not provide the personal data of website visitors within the tool.
A1 Webstats identifies business IP addresses. Any location or visitor data provided is representing a business, not a data subject. For that reason, it does not track or provide any physical, physiological, genetic, mental, economic cultural or social identity data.
More information can be found at https://www.a1webstats.com
3.2.2 Google Analytics
Contained within our website is a piece of tracking code from Google Analytics. Google will track activity on the website and identifies the businesses and / or the IP Addresses that visit our website. It does not identify the data subject, and it does not provide the personal data of website visitors within the tool.
Google Analytics identifies business IP addresses. Any location or visitor data provided is representing a business, not a data subject. For that reason, it does not track or provide any physical, physiological, genetic, mental, economic cultural or social identity data.
4. How We Use your Personal Data
We will only use your personal data in accordance with the legal bases for processing personal data. At present, we have identified that we will process your personal data under the following legal basis:
- Article 6(1)(b) – Contract
- Where we need to perform a contract we have entered into with you
- Article 6(1)(c) – Legal Obligation
- Where we need to comply with legal obligations
- Article 6(1)(f) – Legitimate Interests
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and the fundamental rights do not override those interest. One form of legitimate interest is Direct Marketing.
Where additional processing of your data is required, we will identify a specific legal basis for processing the data and update all relevant documentation accordingly.
4.1 How long we hold the data for
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including the purpose of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk or harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you are no longer a customer of the company, we will retain and securely destroy your personal information in accordance with our privacy standard.
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Furthermore, to carry out our Direct Marketing activities, we do not need your consent.
The ePrivacy Directive was transposed into UK law as the Privacy and Electronic Communications (EC Directive) Regulations 2003 or PECR (Privacy and Electronics Communications Regulations). Currently, the PECR, provides a defined exclusion from opt-in requirements for B2B Communications. The SEC Group communications fall under this category.
The EU is intending to replace the ePrivacy Directive with the Regulation on Privacy and Electronic Communications. Until such time as The Regulation on Privacy and Electronic Communications is enacted, the UK’s PECR remains the de facto legislation that governs consent requirements for marketing communications. Within the UK, B2B telemarketing, direct mail and email marketing need to offer an opt-out, and do not require an opt-in.
6. Transfer of your Data out of the EEA
Your personal data may be stored and processed in any country where we have service providers, and by using this website or by providing consent to us, you agree to the transfer of information to countries outside of your country of residence, including to the United States.
We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Website Privacy Notice and our Stakeholder Privacy Notice.
One example of data transfer is to our email marketing platform (ESP) which may, for example, be hosted in the United States. The data transferred will be limited to the intended purpose, for example name and email address.
7. Data Security
We have put in place measures to protect the security of your data. Details of these measures are available upon request.
Third parties will only process your personal data on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, suppliers and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
8. Your Rights
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your working relationship with us.
Under certain circumstances, by law you have the right to:
- The right to be informed
- The right of access
- You are entitled to know what data is held about you and how it is being processed.
- The right to rectification
- You are entitled to have your personal data corrected if it is inaccurate or incomplete.
- The right to erasure – also known as “the right to be forgotten”:
- You have the right to request the removal of personal data where there is no compelling reason for its continued processing.
- The right to restrict processing:
- You have the right to block or suppress processing of their personal data.
- The right to data portability:
- This allows you to transfer or copy your personal data from one IT environment to another, safely and securely.
- The right to object:
- You have the right to object to the use of your personal information in certain circumstances.
- Rights in relation to automated decision making and profiling: In specific circumstances, you have the right not be the subject of a decision which:
- Has a legal bearing or significant on you; and
- Which is based on automated processing
If you want to review, verify, correct or request erasure of your personal data, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact the Data Protection Representatives in writing.
You are free to opt-out at any time by using the unsubscribe hyperlink found in our email marketing messages, or contacting the Data Protection Representative.
9. Contacting Us
Please contact Avanta UK Ltd, if you have any questions about this Website Privacy Notice, our Stakeholder Privacy Notice or the data we hold about you.
Please write to us at:
Data Protection Representative
Avanta UK Ltd