The following information shall inform users of our website about how we process personal data. This information serves us to comply with our duties imposed under the General Data Protection Regulation ("GDPR"). Personal data means any information relating to you by which you can be identified, directly or indirectly.
1. Who is accountable for the use of my data?
2. What data do we collect?
3. Which cookies are used?
4. Why do we process your data?
5. Who gets my data?
6. Are my data transferred outside of the EU (Third country transfer)?
7. What are my rights?
8. From where are my data collected?
9. Final information / Version
Prinovis UK Ltd
4 Dakota Drive, Liverpool International Business Park, 4 Dakota Drive, Liverpool, L24 8RJ
Phone: 0151 494 5200
Attention to: John Morris ("Data Protection Administrator")
Prinovis UK Ltd (also referred to within this document as “we”, “us” or “our”) is accountable for the use of personal data on this website. Every processing of personal data on this website is conducted in compliance with the GDPR as well as possibly applicable other legislation.
You can contact us by the means indicated above and by reference of your query. Where you want to contact the responsible Data Protection Administrator directly, add “Attention Data Protection Administrator” to the address.
If you browse our websites on your PC [mobile phone or tablet] certain information are collected simply for technical reasons of data flows (technical data). These technical data contain server log files, information about your browser (type, version and information of access status – success or fail), operating system, your internet service provider and your IP address, date and time of the access and from where you accessed the website (prior website or search engine). Other than through the use of your IP address, it will not be possible to identify you from such information. However, where the IP address is used, we comply with the provisions of the GDPR.
If you use features of our website, a pseudonymized user profile will be created. We may also collect certain categories of personal data from you where you provide information through your use of our website (e.g. search words, log in data, ratings, contract details, clicks, etc.).
Some of the services we provide through our website require you to provide personal data. In these situations the respective service requested by you will be the leading purpose of our use of your personal data. Our website offers the following features, where you can request actions from us, where we will need information by you:
Service: Contact form
Required data: Name, Email, Company Name, information of your query.
In the following, we provide you with information about the cookies we use on our website.
Cookie: Google Analytics (see also the explanation below in [4.3.])
Processed data: IP-addresses (shortened for the last octet)
Legal basis: Legitimate interest (see purpose directly below) Art. 6(1)(f) GDPR
Purpose: Scope measuring and analysis of user groups for our legitimate business purposes.
Third country transfer: Yes
Additional guarantee: n/a
Expiration date: six months
We will need to process the personal data we collect from you through your use of our website for a number of reasons, namely:
You can find further information about each used feature as well as the underlying purposes in the following sections.
4.1 Technical provision
4.1.1 Description and extent of the processing
For the provision of our website, including regular performance and security checks, server log files are stored as part of the information when our website is accessed. These log files contain the information and possibly personal data as indicated in section 2 above. Log files are used for the purposes of technical provision only and they are not merged with any other data. Part of the technical provision is a regular reviewing procedure that is designed to detect fraud, hacking and other forms of disruptive behavior.
4.1.2 Purposes and legal basis for the use of personal data
We have a legitimate interest (Art (6)(1)(f) GDPR) in ensuring the undisturbed and resilient performance of our website. Given the minor effect that such processing will have on you as a data subject (due to the limited amount of data used), we believe that our interest prevails.
4.1.3 Duration of storage
After accessing our website, we store the server log files, including your IP address, for 7 days. We will only analyse this technical data in case of a disruptive event involving these data.
4.2 Contact form, email or phone contact
4.2.1 Description and extent of the processing
On our website you are offered different means to get in contact with us. If you use one of them, data affiliated with that means respectively (e.g. your email address where you use the contact form or your phone number if you chose to call us) and of course your request will be recorded, so that we can provide you with a solution.
The same applies where you send us a query using one of the means detailed above. We will store and use that query in a form that is linked to you as long as we need it to process it properly. Where this is necessary, some or all of the data collected by us when dealing with your query can be transmitted by us to other entities, provided we need their support to answer your query. In that situation we ensure that the recipient has implemented a proper level of protection as well.
4.2.2 Legal basis for the use of personal data
Our legal basis for using data in this regard will depend upon the context of the query being made.
For general queries we will have a legitimate interest in processing your personal data in order to attempt to provide you with an adequate answer to your query. Hence, for the time necessary for this endeavor, there is no overriding interest that prevails and excludes the data processing.
Where your query relates to a contract that you have with us, we will process your personal data to the extent necessary to ensure the proper performance of our contract with you (Art (6)(1)(b) GDPR) instead.
4.2.3 Duration of storage
The duration for which we will retain your personal data will depend upon the context of the query being made.
For general queries, after responding to your request and the end of possibly further communication, your information provided for the purpose of the query will be erased.
Where your query relates to a contract you have with us, or where you contacted us in order to exercise one of your data subjects rights, we will keep records of such contact for as long as is necessary for the performance of a contract or as long as we have to demonstrate our compliance with your request to exercise your rights.
For contracts the storage period is usually ten years and for data subject requests under Chapter III of the GDPR three years.
4.3 Web tracking
4.3.1 Description and extent of the processing
Our website uses features to measure and evaluate user behavior and interaction. These features will utilise your access data (see section 2 above) and analyse your interactions with our website by means of tracking cookies (see section 3 above). This kind of analysis does usually not require us to use your personal data personal data. Where we are required to use your IP address we will shorten this to the last eight digits of your IP address so that you cannot be identified from such digits. Identifiable user profiles will only be created if you have consented to it.
Web tracking is usually conducted by involvement of external providers (“Processors”). Where we engage with a Processor to process your personal data, we enter into data processing agreements in order to safeguard your personal data. Where such a Processor is established outside of the EU, there might occur a so-called “third country transfer” (i.e. a transfer of personal data to a country outside of the EEA whose national data protection laws do not provide adequate protection for EU data subjects) . This is lawful if the Processor offers an adequate level of data protection, which can be achieved by different means (additional safeguards). We ensure that every Processor provides at the time of his involvement such a level. Which additional safeguard is applicable respectively, is indicated below.
4.3.2 Google Analytics
This website uses Google Analytics (“GA”). Provider of GA is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA is configured by use of the ‘_anonymizeIP’-code in a way that it deletes the last eight digits of your IP address, hence only creating pseudonymous user profiles, which cannot identify you as a person. These non-personal user profiles will be subject to analysis and evaluation. Google is contractually obliged not to merge these profiles with any data they might possibly hold from other instances that could be used to identify you.
Our transfer of personal data to GA is compliant with the GDPR as a result of GA’s certification under the US-EU Privacy Shield, which ensures that Google adheres to European standards of data protection.
You can find more information about the data processing by Google, including GA, in Google’s Data Protection Statement: privacy.google.com/intl/en-GB/index.html
4.3.3 Legal basis for the use of personal data:
Our legal basis for the creation and utilisation of pseudonymous user profiles is Art. (6)(1)(f) GDPR – (legitimate interest). Our legitimate interest in creating such profiles is to increase the success of our website, measure its geographical scope and develop a better understanding of our audience. Where user profiles are capable of identifying a natural person, the legal basis is the consent of that person, Art. (6)(1)(a) GDPR, otherwise such profiles will not be created.
4.3.4 Duration of storage:
Data collected by use of web tracking tools will be stored in pseudonymous form. You can object the collection with effect for the future. Where profiles do identify a natural person the duration of storage is determined by the continued existence of a valid consent. After withdrawal the data will be deleted or anonymised.
5.1 Internal Third Parties
Within our company only those departments will have access to your data who need them in order to fulfil the purposes set out at section 4 above.
5.2 External Third Parties
We may also be required to transfer you personal data outside of our company to third parties for the following reasons:
Where any of the third parties indicated in section 5 above are located outside the EEA this might lead to the result that your data are processed in a country that does not maintain a level of data protection similar or equal to the one within the EU. Therefore such a level of data protection must be established by the data exporter (this is us for our website) by means of additional safeguards, which raise the level of data protection of the data importer. Additional safeguards can be an official adequacy decision by the European Commission, additional contractual clauses, also issued by the Commission, or a certification under a mechanism that is approved by the Commission (such as the US-EU Privacy Shield for the USA). You can request a copy of the applied additional safeguards by using our contacts from Sec. 1 above.
The following providers are processing your data outside the EEA under application of the following additional safeguards:
- For the embedment of their social plugin / their analytics cookie, Google has self-certified under the US-EU Privacy Shield. They process your personal data outside the EU or they could access them from outside the EU. We have therefore concluded a Data Processing Agreement with them, without the need to include additional safeguards other than the Certification.
You have all rights under Chapter III of the GDPR. They can be exercised towards every Controller handling your data. These rights are:
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
All personal data processed by us for the purposes indicated above (see section 4) are directly collected by us from you. We hereby provide you with the mandatory information pursuant to Art. 13 GDPR. We do not merge your personal data with any information we might possibly hold from other instances.
This website may be subject to improvement and change. This may affect the herein given information about any processing of personal data. The information given reflects the “as-is” situation on 23 May 2018.