We may collect, use, store and transfer different kinds of personal data about you when you use our site. Examples of when we would collect your personal data, include if you register an online account, subscribe to receive marketing emails from us, fill in an enquiry form on our site or purchase a product through our online store.
Our site is not intended for children and we do not knowingly collect data relating to children.
How to contact us
Our site is operated by Renold Power Transmission Limited. Renold Power Transmission Limited is a limited company registered in England and Wales under company number 182382 and has its registered office at Trident 2, Trident Business Park, Styal Road, Wythenshawe, Manchester M22 5XB.
The data we collect about you
Personal data, or personal information, means any information relating to an identifiable individual. It does not include any data or information which relates to a person that cannot be identified or where the person’s identity has been removed (i.e. anonymous data).
As a visitor to our site and/or user of the online store, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity data – data which identifies you, including your name and username.
- Contact data – your contact details, such as your billing address, delivery address, email address and telephone numbers.
- Financial data – data we collect if you purchase a product from us, such as your bank account and payment card details.
- Transaction data – details about any purchases you have made from us, payments to and from you and correspondence or communications with you in respect of your orders.
- Profile Data – data we store in connection with your registered account for our online store, including your username and password, purchases or orders made by you, reviews of products, preferences, feedback and survey responses.
- Marketing data – data which we capture when you sign up to receive marketing emails from us, including your preferences regarding receiving these types of communications from us.
- Social media data – data we have access to through a social media platform when you connect with us or like or follow our social media accounts, including your social media handle, photograph, date of birth, location, occupation, interests and other information and content you make available via your social media accounts.
- Technical data – electronic information which is automatically logged/stored by processing equipment, including [details of the device(s) you use to access our services, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our site.
- Usage data – information about how you use our site, including how you navigate our site and if you encounter any problems.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
How we collect information
Direct interactions: The majority of the personal data we hold about you is collected when you interact with us or correspond with us directly (via our site, by email, telephone or otherwise). This includes personal data you provide when you:
- fill out an enquiry form on our site;
- subscribe to receive marketing communications;
- create an account on our site;
- place an order for any of our products;
- send us an email or telephone customer services;
- enter a competition, promotion or survey;
- connect with us, follow us or “like” us on social media; or
- provide feedback to us.
Automated technologies or interactions: When you interact with our site, our systems will automatically collect information about your equipment, browsing actions and patterns. We collect this personal data (namely Technical and Usage data) by using cookies, server logs and other similar technologies. We may also receive electronic information about you and your devices (ie Technical and Usage data) if you visit other websites employing our cookies. We do this to find out things such as the number of visitors to the various parts of this site. Please see our Cookies Policy and the section headed "Cookies" below.
Other third parties: We may also receive personal data about you from various third parties as set out below:
- The third party ecommerce platform through which we operate our online store (currently Shopify Inc and its affiliates);
- The third party designated to process and manage our online payments (currently Stripe Inc and its affiliates);
- We will obtain social media data from the operators of social media platforms, including Facebook, Instagram, Twitter and YouTube who are based inside and outside of the EU;
- Analytics providers, such as Google Analytics;
- Advertising networks, such as Google Ads;
- Search information providers such as Google.
How and why we use your personal information
We will only collect and process your personal data where we have a legal basis to do so. This legal basis will vary depending on the manner and purpose for which we are collecting your personal information. We will use your personal information as follows:
- Where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Primarily this will be where you wish to purchase or have purchased products via our online store. In connection with such transactions, we may collect and process your Identity, Contact, Financial, Transaction and Profile data in order to process and perform the contract between us for the supply of products.
- Where it is necessary to comply with a legal or regulatory obligation that we are subject to. For example, we are obliged to comply anti-money laundering legislation in the UK which may require us to collect and process your Identity, Contact, Financial and Transaction We also have obligations under consumer legislation, such as the requirement to offer a refund or repair or replacement for faulty goods. To comply with these requirements, we may collect and process your Identity, Contact, Transaction and Profile data.
In most other cases, we will collect and process your personal data on where it is necessary for us to do so for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, as detailed below.
Our legitimate interests in processing your personal data for our own business purposes include (without limitation):
- Processing Identity, Contact and Profile data to set up and manage access to registered accounts for our online store;
- Processing Identity, Contact, Financial, Transaction and Profile data to process orders for products, including managing payments and collecting and recovering money owed to us;
- Processing Identity, Contact, Profile and Social Media data to respond to enquiries submitted to us via our site or social media accounts or by post or email;
- Processing Technical and Usage data to administer and protect our business, our site and online store (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- Processing Technical and Usage data to use data analytics to improve our site, products and services, marketing, customer relationships and experiences;
- Processing Technical and Usage data to deliver relevant website content and advertisements to you, and to measure or understand the effectiveness of such advertising by monitoring or tracking responses and engagement;
- Processing Identity, Contact and Profile data to create and maintain accurate business records;
- Processing Identity, Contact, Profile, Social Media and Marketing data to promote our services, including sending marketing emails and offering promotions.
We may also process personal data to fulfil our legal, regulatory and risk management obligations, including for the purpose of establishing, exercising or defending legal claims.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you require further detail about the specific legal ground we are relying on to process your personal data.
Marketing communications from us: We may send you marketing communications by email if you:
- have subscribed to receiving marketing communications from us on our site; or
- have otherwise consented to receive marketing communications from us.
Opting out: You can ask us to stop sending you marketing communications at any time, by:
- clicking on the unsubscribe button in the footer of any marketing emails from us; or
- contacting us at firstname.lastname@example.org.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we wish to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
If you fail to provide personal data
Where we need to collect personal data from you in order to comply with our legal obligations or to perform a contract we have with you and you fail to provide that data when requested, we may not be able to perform the relevant contract (for example, to supply products to you). In this case, we may have to cancel the relevant contract.
Sharing your personal information with third parties
We require third parties to respect the security of your data, keep it confidential, and to treat it in accordance with the law.
We may share your personal data with the following third parties in order to perform a contract with you, comply with a legal obligation or in our legitimate interests of conducting our business:
- Third parties who provide services to us, including our ecommerce platform provider (currently Shopify), our payment provider (currently Stripe), our IT providers (who provide hosted systems and software and host data for us, including our site) and marketing and advertising providers. These third party service providers are only permitted to process personal data for specified purposes and, where they are processing data on our behalf, in accordance with our instructions.
- Within the Renold group of companies, including for the purposes of our regular reporting activities on company performance, operating our business, for system maintenance support and hosting of data, to manufacture and distribute our products and, from time to time, in the context of a business reorganisation or group restructuring exercise.
- We may share personal data to confirm your identity with organisations involved in fraud prevention and detection and credit risk reduction (including law enforcement agencies).
We may also disclose personal data to:
- Professional advisers, including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accountancy services.
- HM Revenue & Customs who require reporting of processing activities in certain circumstances.
- Other organisations where we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce any agreements, or to protect the rights, property or safety of our business, our customers or others.
We require all our data processors to respect the security of your personal data and to treat it in accordance with the law. We do not allow our data processors to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions as set out in our data sharing agreements.
We use Shopify and Google Analytics to help analyse use of our site. These analytical tools use “Cookies” which are small data files placed on your computer (or other device) to collect standard internet log information and visitor behaviour information. You can find out more about the way cookies work on www.cookiecentral.com and www.allaboutcookies.org. You can find out more about the Shopify cookies here and Google Analytics cookies here.
For more information about the cookies we use and the reasons why we use them, please see our Cookies Policy.
Links to third party websites
How we protect your personal data
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Unfortunately, however, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
In addition, the personal information you provide to us is only available to our authorised personnel who need access to the information in order to fulfil their duties. They will only process your personal information on our instructions and they shall be subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Once we no longer require your personal information, we will take reasonable steps to destroy it in a secure manner.
How long we hold your personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) in order to develop our business methods and strategy or for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We shall not have any liability whatsoever to you for the deletion of personal data in accordance with our data retention policy.
The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA).
Whenever we transfer your personal data out of the EEA, we shall ensure a similar degree of protection is afforded to your personal data by ensuring at least one of the following safeguards is implemented:
- Where we need to transfer your personal data intra-group transfers, we may put in place binding corporate rules which shall ensure that your personal data is afforded the same level of protection as it has within the EEA. For further details, see European Commission: Binding Corporate Rules.
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- In some instances, we may use specific contracts approved by the European Commission which give personal data the same protection it has in the EEA. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the EEA and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside of the EEA.
You have the following rights in respect of the personal data that we process about you (where we determine the purpose and means for which that personal data shall be processed):
- the right to request access to your personal data that we hold and to receive certain information relating to that data (commonly known as a “data subject access request”);
- the right to ask us to rectify inaccurate data or to complete incomplete data (though we may need to verify the accuracy of the new data you provide to us);
- a right to receive or ask for your personal data to be transferred to a third party in a structured, commonly used and machine-readable format (note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you);
- the right to request the erasure of personal data if it is no longer necessary in relation to the purposes for which it was collected or processed or if you have successfully objected to processing (note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request);
- the right to object to how we process your personal data in certain circumstances, including: the right to ask us not to process your personal data for marketing purposes;
- the right to restrict processing of your personal data, for example if you want us to establish the accuracy of the data or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it; and
- where we are processing personal data relating to you on the basis that we have your consent to do so, you may withdraw your consent at any time (this will not affect the lawfulness of any processing carried out before you withdraw your consent). If you withdraw your consent, we may not be able to provide certain products or services to you.
If you wish to exercise any of the rights set out above in respect of your personal data, please contact us at email@example.com.
We may ask you to verify your identity if you make a request to us to exercise any of the rights set out above. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We will try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
How to complain
Please let us know if you are unhappy with how we have used your personal information. You may contact us at firstname.lastname@example.org.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please do contact us in the first instance and we shall endeavour to resolve your complaint.
Changes to your data
Please let us know if you change your contact details. You have the right to question any information we hold about you that you think is wrong or incomplete. Please contact us if you want to do this.
1 November 2018