Privacy

Privacy Policy - website Prinovis UK Ltd

The following information shall inform users of our website about how we process personal data. This information serves us to comply with our duties imposed under the General Data Protection Regulation ("GDPR"). Personal data means any information relating to you by which you can be identified, directly or indirectly.

1. Who is accountable for the use of my data?

2. What data do we collect?

3. Which cookies are used?

4. Why do we process your data?

5. Who gets my data?

6. Are my data transferred outside of the EU (Third country transfer)?

7. What are my rights?

8. From where are my data collected?

9. Final information / Version

 

 

1. Who is accountable for the use of my data?

Prinovis UK Ltd

4 Dakota Drive, Liverpool International Business Park, 4 Dakota Drive, Liverpool, L24 8RJ

Email: UKPrint@Prinovis.com

Phone: 0151 494 5200

Attention to: John Morris ("Data Protection Administrator")

 

Prinovis UK Ltd (also referred to within this document as “we”, “us” or “our”) is accountable for the use of personal data on this website. Every processing of personal data on this website is conducted in compliance with the GDPR as well as possibly applicable other legislation.

You can contact us by the means indicated above and by reference of your query. Where you want to contact the responsible Data Protection Administrator directly, add “Attention Data Protection Administrator” to the address. 

 

2. What data do we collect?

If you browse our websites on your PC [mobile phone or tablet] certain technical data is collected. These technical data contain server log files, information about your browser (type, version and information of access status – success or fail), operating system, your internet service provider and your IP address, date and time of the access and from where you accessed the website (prior website or search engine). Other than through the use of your IP address, it will not be possible to identify you from such information. However, where the IP address is used, we comply with the provisions of the GDPR.

If you use features of our website, a pseudonymized user profile will be created. We may also collect certain categories of personal data from you where you provide information through your use of our website (e.g. search words, log in data, ratings, contract details, clicks, etc.).

Some of the services we provide through our website require you to provide personal data. In these situations the respective service requested by you will be the leading purpose of our use of your personal data. Our website offers the following features, where you can request actions from us, where we will need information by you:

Service: Contact form

Required data: Name, Email, Company Name, information of your query.

 

3. Which cookies are used?

This website uses cookies. Cookies are small text files which are stored on your computer when you browse our website. Upon revisit and as well during your stay on our website, the cookie enables us to (re-)identify you. Depending on the nature of the cookie, they can be persistent or non-persistent, what means they are in case of the former deleted as soon as you close your browser or, in case of the latter, remain stored even after closing your browser. All cookies have an expiration date, after which they will stop responding to browser requests and, depending on your settings, will be deleted.

You can also steer how cookies are treated on your computer by adjusting the settings of your internet browser. Please note, however, that if you disable all cookies that way, you might not be able to use all our website features properly. 

You can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under tools.google.com between visits.

In the following, we provide you with information about the cookies we use on our website.

Cookie: Google Analytics (see also the explanation below in [4.3.])

Processed data: IP-addresses (shortened for the last octet)

Legal basis: Legitimate interest (see purpose directly below) Art. 6(1)(f) GDPR

Purpose: Scope measuring and analysis of user groups for our legitimate business purposes.

Third country transfer: Yes

Additional guarantee: n/a

Expiration date: six months 

 

4. Why do we process your data?

We will need to process the personal data we collect from you through your use of our website for a number of reasons, namely:

  • Provision of our website including measures to assure an undisturbed service, prevent fraud and hacking and to ensure the security of our systems.
  • To measure the geographical reach of our website, in order to streamline our technical support and the website operation.
  • For communication and/or customer support.

You can find further information about each used feature as well as the underlying purposes in the following sections.

4.1 Technical provision

4.1.1 Description and extent of the processing

For the provision of our website, including regular performance and security checks, server log files are stored as part of the information when our website is accessed. These log files contain the information and possibly personal data as indicated in section 2 above. Log files are used for the purposes of technical provision only and they are not merged with any other data. Part of the technical provision is a regular reviewing procedure that is designed to detect fraud, hacking and other forms of disruptive behavior.

4.1.2 Purposes and legal basis for the use of personal data

We have a legitimate interest (Art (6)(1)(f) GDPR) in ensuring the undisturbed and resilient performance of our website. Given the minor effect that such processing will have on you as a data subject (due to the limited amount of data used), we believe that our interest prevails.     

4.1.3 Duration of storage

After accessing our website, we store the server log files, including your IP address, for 7 days. We will only analyse this technical data  in case of a disruptive event involving these data.

4.2 Contact form, email or phone contact  

4.2.1 Description and extent of the processing

On our website you are offered different means to get in contact with us. If you use one of them, data affiliated with that means respectively (e.g. your email address where you use the contact form or your phone number if you chose to call us) and of course your request will be recorded, so that we can provide you with a solution.

The same applies where you send us a query using one of the means detailed above. We will store and use that query in a form that is linked to you as long as we need it to process it properly. Where this is necessary, some or all of the data collected by us when dealing with your query can be transmitted by us to other entities, provided we need their support to answer your query. In that situation we ensure that the recipient has implemented a proper level of protection as well.

4.2.2 Legal basis for the use of personal data

Our legal basis for using data in this regard will depend upon the context of the query being made.

For general queries we will have a legitimate interest in processing your personal data in order to attempt to provide you with an adequate answer to your query. Hence, for the time necessary for this endeavor, there is no overriding interest that prevails and excludes the data processing.

Where your query relates to a contract that you have with us, we will process your personal data to the extent necessary to ensure the proper performance of our contract with you (Art (6)(1)(b) GDPR) instead.

4.2.3 Duration of storage

The duration for which we will retain your personal data will depend upon the context of the query being made.

For general queries, after responding to your request and the end of possibly further communication, your information provided for the purpose of the query will be erased.

Where your query relates to a contract you have with us, or where you contacted us in order to exercise one of your data subjects rights, we will keep records of such contact for as long as is necessary for the performance of a contract or as long as we have to demonstrate our compliance with your request to exercise your rights.

For contracts the storage period is usually ten years and for data subject requests under Chapter III of the GDPR three years.

4.3 Web tracking

4.3.1 Description and extent of the processing

Our website uses features to measure and evaluate user behavior and interaction. These features will utilise your access data (see section 2 above) and analyse your interactions with our website by means of tracking cookies (see section 3 above). This kind of analysis does usually not require us to use your personal data personal data. Where we are required to use your IP address we will shorten this to the last eight digits of your IP address so that you cannot be identified from such digits. Identifiable user profiles will only be created if you have consented to it.

Web tracking is usually conducted by involvement of external providers (“Processors”). Where we engage with a Processor to process your personal data, we enter into data processing agreements in order to safeguard your personal data. Where such a Processor is established outside of the EU, there might occur a so-called “third country transfer” (i.e. a transfer of personal data to a country outside of the EEA whose national data protection laws do not provide adequate protection for EU data subjects) . This is lawful if the Processor offers an adequate level of data protection, which can be achieved by different means (additional safeguards). We ensure that every Processor provides at the time of his involvement such a level. Which additional safeguard is applicable respectively, is indicated below.

4.3.2 Google Analytics

This website uses Google Analytics (“GA”). Provider of GA is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. GA is configured by use of the ‘_anonymizeIP’-code in a way that it deletes the last eight digits of your IP address, hence only creating pseudonymous user profiles, which cannot identify you as a person. These non-personal user profiles will be subject to analysis and evaluation. Google is contractually obliged not to merge these profiles with any data they might possibly hold from other instances that could be used to identify you.

Our transfer of personal data to GA is compliant with the GDPR as a result of GA’s certification under the US-EU Privacy Shield, which ensures that Google adheres to European standards of data protection.

You can find more information about the data processing by Google, including GA, in Google’s Data Protection Statement: privacy.google.com/intl/en-GB/index.html

4.3.3 Legal basis for the use of personal data:

Our legal basis for the creation and utilisation of pseudonymous user profiles is Art. (6)(1)(f) GDPR – (legitimate interest). Our legitimate interest in creating such profiles is to increase the success of our website, measure its geographical scope and develop a better understanding of our audience. Where user profiles are capable of identifying a natural person, the legal basis is the consent of that person, Art. (6)(1)(a) GDPR, otherwise such profiles will not be created.

4.3.4 Duration of storage:

Data collected by use of web tracking tools will be stored in pseudonymous form. You can object the collection with effect for the future. Where profiles do identify a natural person the duration of storage is determined by the continued existence of a valid consent. After withdrawal the data will be deleted or anonymised.

5. Who gets my data?

5.1 Internal Third Parties

Within our company only those departments will have access to your data who need them in order to fulfil the purposes set out at section 4 above.

5.2 External Third Parties

We may also be required to transfer you personal data outside of our company to third parties for the following reasons:

  • Service providers who may be acting as Processors who provide [hosting and IT operations services and mail delivery service providers];
  • Professional advisors including lawyers, bankers, auditors and insurers.
  • Providers of web analysis tools, who process data for their own purposes and are not bound to our instructions as a Processor;
  • Public institutions, such as public prosecutor, police or other authorities who can demonstrate a legal entitlement to receive your personal data.

6. Are my data transferred outside of the EU (Third country transfer)?

Where any of the third parties indicated in section 5 above are located outside the EEA this might lead to the result that your data are processed in a country that does not maintain a level of data protection similar or equal to the one within the EU. Therefore such a level of data protection must be established by the data exporter (this is us for our website) by means of additional safeguards, which raise the level of data protection of the data importer. Additional safeguards can be an official adequacy decision by the European Commission, additional contractual clauses, also issued by the Commission, or a certification under a mechanism that is approved by the Commission (such as the US-EU Privacy Shield for the USA). You can request a copy of the applied additional safeguards by using our contacts from Sec. 1 above.

The following providers are processing your data outside the EEA under application of the following additional safeguards:

- For the embedment of their social plugin / their analytics cookie, Google has self-certified under the US-EU Privacy Shield. They process your personal data outside the EU or they could access them from outside the EU.  We have therefore concluded a Data Processing Agreement with them, without the need to include additional safeguards other than the Certification.

 

7. What are my rights?

You have all rights under Chapter III of the GDPR. They can be exercised towards every Controller handling your data. These rights are:

  • Right to access: You can request information about all data stored about you and how they are processed by the accountable Controller.
  • Rectification: You can request rectification, where data concerning you are wrong or outdated.
  • Erasure: You can request that the Controller deletes your data. Where a deletion is conducted, the Controller shall inform any recipient about that to whom the data have been disclosed (Right to be forgotten).
  • Restriction: You can request a restriction of the data for the reasons set out by GDPR.
  • Data Portability: Where the conditions of the law are met, you can request to receive a copy of your data in a structured, machine readable and commonly used format.
  • Object: You can object the processing of your data for reasons that relate to your particular situation, if the processing is based on Art. (6)(1)(f) GDPR.
  • If you have given us your consent for the processing of your data, you can at any time withdraw this consent with effect for the future. Please address your withdrawal to the attention of our Data Protection Administrator indicated in section 1 above.
  • Your rights also apply to the above indicated cookies (see sec. 4)

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

8. From where are my data collected?

All personal data processed by us for the purposes indicated above (see section 4) are directly collected by us from you. We hereby provide you with the mandatory information pursuant to Art. 13 GDPR. We do not merge your personal data with any information we might possibly hold from other instances.

 

9. Final information / Version

This website may be subject to improvement and change. This may affect the herein given information about any processing of personal data. The information given reflects the “as-is” situation on 23 May 2018.