data

DATA PRIVACY POLICY

Rellium Ltd (“Rellium”) is aware of its obligations under the General Data Protection Regulations (“GDPR”) and is committed to processing your data in accordance with the GDPR principles. This data privacy policy (“the Policy”) sets out the basis by which we seek to properly protect your data.

GDPR

  1. Rellium may either be a “controller” or “processor” for the purposes of the GDPR. A Controller is the person (including natural and legal persons) who determines the purposes and means of processing personal data. The Processor is the person (including natural and legal persons) who processes personal data on behalf of the controller.

  2. The GDPR sets out seven principles which lie at the heart of the general data protection regime. They are to ensure that personal data is:

(a) processed lawfully, fairly and in a transparent manner in relation to individuals (“lawfulness, fairness and transparency”);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (“purpose limitation”);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);

(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (“accuracy”);

(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (“storage limitation”);

(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (“integrity and confidentiality”).”

In addition, it is provided that “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 (“accountability”).”

3. The GDPR sets out six lawful bases for processing data. They may be accessed here. Rellium must have a valid lawful basis to process personal data.

RELLIUM’S ROLE

  1. Rellium will normally act as the Data Controller for the purposes of the GDPR.

  2. Rellium has assessed the grounds for processing information and considers that the most likely ground for processing your data is either contractual or for a legitimate interest, namely for Rellium’s commercial interests. Where data is being controlled or processed for a legitimate interest:

    • We will only process data where no other less invasive method can be used.

    • We will not process data in a way which you might reasonably expect, or which has any more than a minimal impact upon your privacy.

    • We do not continue to hold data where that legitimate interest has passed.

  3. Rellium understand and acknowledge our role and responsibility in protecting your data.

  4. Rellium will keep reasonable records of any data held.

THE TYPES OF DATA RELLIUM CONTROL OR PROCESS

The types of data we hold about you may include the following:

  • Your personal details including your name, address, email address, phone numbers and IP address.

  • Financial information.

  • Information about any orders for products, or data arising as a result of that order.

  • Information about your clients, such as their requirements for how cables are to be placed within their places of business.

  • Information about the network processes of your clients which may arise as a result of any service we undertake.

  • It is noted that this list is non-exhaustive. Rellium is conscious of the need to continuously assess whether any data which it controls or processes falls within the remit of the GDPR.

  • Our website uses of cookies. Our cookie policy can be found on the website.

SHARING YOUR DATA

  1. Your data may be shared with colleagues, employees or officers from Rellium where it is necessary for them to undertake their duties. It may also be shared with suppliers, agents or subcontractors insofar as it is reasonably necessary for the purposes set out in this Policy.

  2. We may also disclosure personal information as follows:

  • To the extent that we are required to by law.

  • In connection with any legal proceedings or prospective legal proceedings. This includes to any person who we reasonably believe may apply to the Court or other competent authority for disclosure of information and where we reasonably believe that the Court or competent authority might order disclosure of that information.

  • To the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling.

  • We do not share data outside the European Economic Area.

HOW RELLIUM CONTROLS OR PROCESSES YOUR DATA

  1. Other than the exceptions set out in paragraph 5.2 above, Rellium do no share your personal data.

  2. Rellium will take all reasonable technological and organisational precautions to prevent the loss, misuse or alteration of your data. This includes ensuring that data is secured safely. Where data is secured with a third party, we will ensure that the third party’s data protection regime is at least as stringent as this regime.

  3. We will only retain any data for so long as is necessary to achieve the legitimate aims under the GDPR, including the need to comply with any legal obligations or requirements. Once the need to retain any data has ended, we will delete your data as soon as is reasonably practicable.

  4. The principle of least privilege is understood and applied. This means that the people dealing with the data are given the minimum amount of access to any data as is required to undertake their task.

  5. Our data protection officer is Michael Millington who can be contacted at michael@rellium.com.

  6. This policy is regularly reviewed and updated. If there are any changes then they will be made on this page. You should check it from time to time to check for any updates.

YOUR RIGHTS IN RELATION TO YOUR DATA

  1. The GDPR gives you rights in relation to your data. These are summarised here. They include the right to get copies of the data that we hold on your, the right to make corrections and the right to object.

  2. Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data when permitted to or required to by law, or where we have a legitimate reason for doing so.

  3. The Information Commissioner’s Office (“ICO”) is the supervisory authority for data protection matters in the UK. If you think your rights have been breached by ourselves then you can make a complaint to the ICO.