Privacy and Cookie Policy
1- IMPORTANT NOTICE
1.1 This is the Privacy Notice of Target Specialty Products in contract or otherwise engaged with you (“we”, “us” or “our”).
This Notice sets out how we collect and process your personal data and also provides certain information that is legally required and lists your rights in relation to your personal data.
1.2 This Privacy Notice relates to personal information that identifies “you” where you are a customer or potential customer, an individual who browses our website or an individual outside our organisation with whom we interact. If you are a shareholder, an employee, supplier or otherwise engaged in work for us or applying to work for us, a separate privacy notice or data processing agreement applies to you instead.
1.3 We refer to this information throughout this Privacy Notice as “personal data” and section 3 sets out further detail of what this includes.
1.4 Please read this Privacy Notice to understand how we may use your personal data.
1.5 This Privacy Notice may vary from time to time so please check it regularly.
2 - HOW TO CONTACT US
2.1.1 For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller we use the personal data we hold about you in accordance with this Privacy Notice. See section 10 for further details about the data protection legislation that may apply to you.
2.1.2 If you need to contact us in connection with our processing of your personal data, you can contact us via your local customer services center or account manager, details of which you will find on your contract with us or on our website.
3 - CATEGORIES & TYPES OF PERSONAL DATA WE COLLECT IT FROM
3.1 Personal data is any data which enables us to identify you, either directly or indirectly, such as your name, address, telephone number, email address or the IP address of your computer.
3.2 The categories and types of personal data about you that we may collect are:
3.2.1 when you make an enquiry with us, visit our premises or visit our website:
(a) personal data, such as your name, address and telephone number, you provide or that is recorded when you write to us, visit us, email or call us;
(b) personal data that you enter via our website or portal, including the contact details you supply when establishing a profile on our website;
(c) personal data gathered using cookies;
(d) details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data; and
(e) CCTV or other equivalent technology may capture images of you and/or your vehicle when visiting our premises.
3.2.2 in relation to the services we provide:
(a) personal data that you provide in the course of instructing us to carry out the services requested from us, such as your name, address, telephone number and email details;
(b) personal data that, in the case of a business relationship, your employer provides about you in the course of instructing us to carry out the services requested from us, such as your name and contact details as a representative of the business;
(c) personal data, such as your name and financial position, from credit reference agencies;
(d) personal data from tracing agents in the event you fail to pay any invoice by the due date and we are unable to locate you using the contact details you have provided us with;
(e) personal data in the form of images or video footage that is taken at one of our locations or at your location if required for us to effectively carry out or assess and report on the services you have requested from us;
(f) personal data you provide if you complete customer care surveys from us.
3.2.3 in order to develop, personalize or promote our products and services:
(a) personal data obtained directly from you, such as your name and contact details and preferences relating to particular services and / or products;
(b) personal data, such as contact details, your interests and preferences and professional activity obtained from public or social media sources, such as LinkedIn, Facebook and Twitter;
(c) personal data gathered from data brokers who have sought your consent to share your personal data with us for the purposes of direct marketing, such as your name, postal and / or email address and professional activity;
(d) personal data you provide such as your name and email address, if you enter into a competition, promotion or prize draw;
(e) personal data gathered using cookies;
(f) details of your visits to our websites including but not limited to traffic data, location data, weblogs and other communication data.
3.3 We may also create personal data about you if you, for example, contact us by telephone to make a complaint about our services or goods, then we may record key details of the conversation so that we can take steps to address the complaint. This may include obtaining data concerning health. Data concerning health is considered a “Special Category of Data” and this Privacy Notice specifically sets out how we may process these types of personal data at paragraph 4.1.2.
4 - HOW WE USE YOUR PERSONAL DATA & OUR BASIS FOR USING IT
4.1 Where we are relying on a basis other than consent
4.1.1 We will only process your personal data using one or more of the following lawful bases permitted under applicable data protection legislation. The table below also sets out the linked purposes for which we may use your personal information.
Purposes for which we process your personal data |
The basis on which we can do this (this is what the law allows) |
In order to perform our contractual obligations to you. This would include our fulfilling orders you have placed for goods or services. |
The processing is necessary in connection with any contract that you may enter into with us. |
In order to comply with our own legal obligations, e.g. health and safety or tax legislation. |
The processing is necessary for us to comply with the law. |
In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident and we have to give your personal details to medical personnel). |
The processing is necessary in order to protect the vital interests of an individual. |
In order to operate our business, but otherwise than in performing our contractual obligations to you, for example:
|
We have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights or freedoms. This includes our legitimate interest in:
|
4.1.2 In addition, in a limited number of circumstances we may lawfully process Special Categories of Data in certain ways. We set these out below along with the legal bases on which we process these Special Categories of Data:
Purposes for which we process your personal data |
The bases on which we can do this (this is what the law allows) |
|
In order for us to respond to any claim or potential claim by you involving personal injury or a health issue.
|
We have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights or freedoms. Our legitimate interest is:
|
The processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
|
4.2 Where we rely on consent
4.2.1 We would like to use your personal data for a variety of different purposes. For some of these purposes it may be appropriate for us to obtain your prior consent. These circumstances are as follows:
(a) where, in the handling of a complaint, we collect Special Categories of Data relating to health;
(b) where we may process a child’s personal data, we will ask for evidence of the consent;
(c) where we would like to use photos or images taken of you in promotional materials;
(d) where we or our carefully selected third parties have new products and services which we think you will be interested in.
(e) where we sell your personal data to a third party or derive a ‘financial benefit’.
4.2.2 The legal basis of consent is only used by us in relation to processing that is entirely voluntary – it is not used for processing that is necessary or obligatory in any way.
4.2.3 You may at any time withdraw the specific consent you give to process your personal data where we are relying on your consent. Please contact us using the contact details set out in section 2. Please note even if you withdraw consent for us to use your personal data for a particular purpose we may continue to rely on other bases to process your personal data for other purposes. We will tell you if this is the case.
5 - WHO RECEIVES YOUR PERSONAL DATA
5.1 We may disclose your personal data to:
5.1.1 our group companies and affiliates who may process data on our behalf to enable us to carry out or improve our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
5.1.2 third party data processors to enable us to carry out or improve our usual business practices. You can find out more details about the third party processors we use in section 12. We have contracts in place with our data processors, which means that they cannot do anything with your personal information unless we have instructed them to do it and they must hold your data securely and retain it only for the period we instruct. Occasionally a third party data processor will still need your permission to process your personal data, such as certain types of third party cookies. See our Cookie Policy for more details.
5.1.3 legal and regulatory authorities who request your personal data or to report any potential or actual breach of applicable law or regulation;
5.1.4 external professional advisers such as accountants, auditors and lawyers, provided that they are under duties of confidentiality;
5.1.5 law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
5.1.6 third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties;
5.1.7 third parties which are considering or have decided to buy some or all of our assets or shares (including in the event of a reorganisation, dissolution or liquidation); and
5.1.8 third party data controllers operating plugins or content (such as Facebook, Twitter, Instagram, Demandbase) on our website or providing services which you choose to interact with. In relation to these products and services you should familiarise yourself with the Privacy Notice of the relevant data controller for information about the scope of their data processing and implementation of your rights.
6 - HOW LONG WILL WE STORE YOUR PERSONAL DATA & HOW WE LOOK AFTER IT
6.1 We will store your personal data for the time period which is appropriate in accordance with our data retention policy and using appropriate security measures. Please see section 12 to find our data retention periods that apply to you. The length of time set out in our retention policy is determined by one or more of the following criteria:.
6.1.1 we are required to retain your personal data in order to comply with any legal requirements, such as under trade law, tax law or competition law;
6.1.2 where retention of your personal data is necessary to facilitate and support the original purpose for processing your personal data;
6.1.3 protection against any potential claims arising from the original purpose of processing; or
6.1.4 where we rely upon your consent to process your personal data and you continue to consent to the processing.
6.2 If you would like details about how long we hold your data, please contact us using the contact details set out in section 2.
6.3 We keep the length of time that we hold your personal data for under review. These reviews take place annually.
6.4 We endeavor to take technical and organizational security measures to protect your personal data against unintentional or unlawful deletion, alteration or loss, and against unauthorized disclosure or unauthorized access. Our employees are accordingly committed to secrecy and privacy.
6.5 Please note that data protection and security safeguards are not always observed by other persons or organizations outside our area of responsibility. We have no technical influence on this. You are advised to always be vigilant and take the necessary measures to safeguard your own personal data where we have no influence.
7 - CONTRACTUAL OR STATUTORY REQUIREMENTS ON YOU TO PROVIDE PERSONAL DATA
7.1 In certain circumstances the provision of personal data by you is a requirement:
7.1.1 to comply with the law or a contract; or
7.1.2 necessary to enter into a contract.
7.2 It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If however you do not provide your personal data then we may be unable to perform all or some of the services you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you because we rely on the personal data you provide in order to do so. Please see our terms and conditions for further details.
8 - YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
8.1 Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see section 4.2.3), you may have a number of rights in connection with the processing of your personal data, including:
8.1.1 the right to request access to your personal data that we process or control;
8.1.2 the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
8.1.3 the right to request, on legitimate grounds as specified in law:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
8.1.4 the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
8.1.5 the right to receive your personal data in a structured, commonly used, machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
8.1.6 the right to lodge complaints regarding the processing of your personal data with the Information Commissioner’s Office or other relevant supervisory body.
8.1.7 - the right to opt out of the sale of your personal information.
If you would like to exercise any of the rights set out above, please contact us using the contact details set out in section 2.
9 - LINKS TO OTHER WEBSITES
9.1 This Notice only sets out how we will collect and use your personal data. If you link to another website from our website, you should remember to read and understand that website’s Privacy Notice as well. We are not responsible for any use of your personal data that is made by unconnected third party websites.
10 - REFERENCES
10.1 This Notice sets out our global approach to data protection. We cannot list all applicable data protection legislation globally as it is changing constantly. The Notice is primarily based on the requirements of the General Data Protection Regulation ‘GDPR’.
10.2 If you believe that we are not addressing your privacy rights, then please contact us using the contact details set out in section 2.
11 - THIRD PARTY DATA PROCESSORS
11.1 Your personal data will be shared with third party processors we use to help us with our business operations. We only use third party processors who comply with data protection standards and who implement appropriate security and privacy controls. Examples of the categories of third party data processors we use include but are not limited to the following:
(a) Credit Reference Agencies
(b) Marketing Systems;
(c) Payment Processing Systems;
(d) Health and Safety Management Systems;
(e) Route Management Systems;
(f) Customer Communication Systems;
(g) Debt Management;
(h) Analytics and APIs (Application Programming Interfaces) tools provided by various companies (such as Google) to help with service delivery technology and functionality of websites.
12 - DATA RETENTION POLICIES
12.1 See the below table to view the retention periods for documents that contain information that applies to customers, suppliers, prospective customers, prospective employees, visitors to our premises and/or websites.
Data Type |
Period Retained |
Notes |
Transactional records - customers & suppliers
|
||
Customer records such as contact details and service activity.
|
6 years |
Following the termination of a customer contract or as specified in a contract.
|
Supplier records such as contact details and service activity.
|
6 years |
Following the termination of a supplier contract.
|
Payment records - customers and suppliers
|
7 years |
Following the end of a contract.
|
|
|
|
Enquiries - customers,
suppliers, potential
employees and other
interested parties
|
||
General enquiry data that is submitted via an enquiry form on our website
|
Up to 3 years |
From the date of inquiry.
|
Curriculum Vitaes from interested candidates
|
6 months |
From receipt of CV.
|
Marketing leads/prospects
|
3 years |
From consent and aim to refresh every 3 years or earlier as required.
|
Customer survey data
|
3 years |
From the survey date.
|
Customer complaints
|
Up to 7 years |
From the date complaint received and/or longer subject to any formal action via courts or equivalent.
|
General correspondence data including due diligence assessments (excluding financial documents)
|
Up to 3 years |
From the date of final correspondence record.
|
Visitors to our premises, websites or those in contact with our representatives via telephone, meetings or other interactions.
|
|
|
Cookie data (IP and browsing data)
|
Duration of consent |
Cookie data is only retained for duration of consent, which is refreshed annually. Note we keep a record on consent status.
|
CCTV Recordings
|
Up to 1 month |
Unless held for evidential purposes.
|
Voice recordings
|
Up to 3 years |
Depends on the purpose of the recording.
|
Visitor entry access records to facilities
|
Up to 2 years |
|
Health and safety records - accident or safety logs
|
40 years |
From the date of the last entry made in the record.
|
12.2 We use reasonable endeavors to ensure business operations do not retain documents for longer than the stated retention period, unless there are justifiable reasons for extending such as legal disputes.
12.3 Note that periods may vary in regions to reflect any country specific data retention requirements.
13 - MARKETING PERMISSIONS & PREFERENCES
13.1 We will automatically contact you with regard to your services, products or bill payments. We will contact you for feedback about our products and services; if you do not want to give us feedback then please let us know by opting out via your local customer service representative or using our Contact Us form.
13.2 With your permission we will use your contact details to share with you information about other services, products, offers or other news that may be of interest to you.
13.3 Where we have permission to market to you, then from time to time, we may contact you by mail, telephone, email, and other electronic messaging services (such as text, voice, sound or image messages) with information about our products and services.
13.4 Managing your Marketing Preferences
13.4.1 If you would like to change your marketing preferences at any time you can do this in the following ways:
(a) Locate any email sent from us and click “Update Email Preferences" located at the footer of the email (you may still receive vital service emails that are related to your contract);
(b) Alternatively please contact your local branch and ask for the marketing team who can help you and provide information on what the different subscription types mean.
14 - PRIVACY BY DESIGN
14.1 We apply Privacy by Design principles throughout our processing lifecycle. Controls are implemented to ensure that personal data processed is necessary for each specific purpose, subject to storage limitations and only made available to those who need it. We operate in accordance with a Privacy by Design and Default Policy based on the following principles:
- Being proactive and not just reactive by identifying and mitigating risks before they become an issue.
- The highest level of data protection should be the default setting.
- Privacy must be considered as early as the design stage and embedded into any associated processes.
- Use of privacy controls should not sacrifice usability, functionality or security.
- Personal information must be kept adequately protected at every stage - from design to deletion/anonymisation.
- The business seeks to be transparent about how personal data is used.
- The business wants users to trust our approach to managing personal data.
COOKIE POLICY
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The information below explains the cookies we use and why.
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.
All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
Functional Cookies
These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages.
If you do not allow these cookies then some or all of these services may not function properly.
Targeting Cookies
These will collect information about your browsing habits and allow us to deliver content and functionality that best suits you and your interests while you are browsing our site and other sites on the internet.
Social Media Cookies
These cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit.
If you do not allow these cookies you may not be able to use or see these sharing tools.
Manage your preferences:
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
For further information on how Google uses your information, please click here. We are planning to enhance our cookie tool to allow users to more easily change their cookie settings after their initial choice.
For information about how we look after personal information through our websites please refer to our Privacy Policy.
Last Updated: May 14, 2024.