Jack Sealey Ltd (Sealey) treat the privacy of your personal data with great importance. This policy describes how we ensure that your use of this website is protected by us and describes the data that we collect, how we use it, and what your rights are in respect of the General Data Protection Regulations (GDPR). It also includes clauses on our use of telephone Call Logging and Closed-Circuit Television (CCTV) on our premises.
1. Who Are We?
1.1. Jack Sealey Ltd (‘Sealey’ or ‘Us’) are a UK registered company (No 01329173) with registered offices at 820 The Crescent, Colchester Business Park, Colchester, Essex, CO4 9YQ and trading from Kempson Way, Bury St Edmunds, Suffolk, IP32 7AR.
2.1. What is GDPR?
2.1.1. GDPR is the abbreviation for the General Data Protection Regulation. It is Directive 95/46/EC and relates to the collection, storage, processing and movement of personal data.
2.2. What is Personal Data?
2.2.1. Personal Data is any information relating to an identifiable person who can be directly or indirectly identified.
2.3. What is Processing?
2.3.1. Processing can be one or more of the following activities; collection, recording, organising, structuring, storage, adaption, retrieval, consultation/use, disclosure by transmission, dissemination or otherwise by making available, alignment or combination, restriction, erasure or destruction.
2.4. What is a Data Breach?
2.4.1. A data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data i.e. when the data has been lost, destroyed, corrupted, disclosed or if the data has been rendered unavailable by being accidentally lost or destroyed or encrypted by ransomware.
2.5. What is a Cookie?
A Cookie is a small piece of data which is sent from a website that you are browsing and stored on your computer by the web browser while you are browsing. Depending on what Cookies the web application finds on your computer, your browsing experience may become customised, appearing to remember what products you have viewed before or what searches you have previously performed. Further information about cookies can be found at www.allaboutcookies.org
3. Data Controller
3.1. The data is under the control of the Data Protection Officer (DPO). He/she can be reached for the purposes of privacy and data security at firstname.lastname@example.org or contacted at the trading address above.
4. Cookies and Analytics
|APSESSIONIDSCQRBSBS||A session cookie, this does not store any user information||Cleared on browser exit|
|FH2008||This Cookie is used to track the number of times a safety popup has appeared to you where a product is part of a safety recall. The cookie is renamed according to subject.||Deleted after 3 Months|
|debugxml||We use this cookie to indicate whether xml (coding) of the page will be visible or not.||Cleared on browser exit|
|sessionkey||This cookie records the current session key.||Cleared on browser exit|
4.2.1. We may also use Google Analytics (GA) on our website to collect information about your online activity on our websites, such as the web pages you visit, the links you click, and the searches you conduct on our websites. We may use the information to compile reports and to help us improve the website. The Cookies we use are as follows:
|_utma||This cookie stores the number of visits, the time of your first visit, your previous visit and your current visit||2 Years|
|These cookies work together to record information about what happened during your visit and how long your visit lasts.||_utmb - Cleared on browser close
_utmc – 30 minutes
|_utmz||This Cookie keeps track of how you arrived on the page i.e. what search engine you used, what link you clicked and/or what keyword you used in your search.||6 Months|
The cookies collect information in an anonymous form. The information generated by these Cookies and your current IP-address will be transmitted by your browser and will be stored by Google on servers in the United States and other countries. Google will use this information on our behalf for evaluating your use of our website as described above. The IP address collected through Google Analytics will not be associated with any other data held by Google. For more information about the information gathered using Google Analytics please visit www.google.com/intl/en/analytics/privacyoverview.html
You can prevent these cookies by selecting the appropriate settings on your browser. If you do this, you may not be able to use the full functionality of our website. You may also choose to download and install the Google Analytics Opt-out Browser Add-on here: http://tools.google.com/dlpage/gaoptout
5. Purpose of processing data
5.1. With your consent, Sealey may hold your personal data for the purposes of marketing our own range of products to you and to assist in the process of providing a warranty to you – although the availability of a warranty is not conditional on your consent.
5.2. Key data collected includes your Name, Business Type (Garage, Bodyshop etc), Business Name, Address and Post Code together with your E-mail Address and Contact Telephone Number(s). We also collect information about the specific equipment you have purchased and the serial numbers (if any) of that equipment. Information relating to the magazines and periodicals that you read is also retained.
5.3. Data collected includes information relating to;
5.3.1. Where you purchased your product from, so we can review our dealer coverage.
5.3.2. What you would expect to spend on tools every year, so we can understand the economic scale of the market for our products.
5.3.3. Who else you might buy tools from so that we can identify our key competitors.
5.3.4. Our performance in delivering our services to you so we can assess how we measure up to your expectations and focus in on areas where we need to improve.
5.3.5. What other items you might want to see in our program.
5.4. The data collected in 5.3. above is anonymised at the point of collection and is used for reporting processes.
5.5. We have no provision for holding data belonging to persons under the age of 18. If we learn that a person under the age of 18 has an account on our databases, it will be removed.
5.6. If you should contact our business via the telephone you should be aware that calls are recorded for the purposes of training and dispute resolution.
5.6.1. Call data includes; the telephone number making the call, the recipient’s number, the transfer number (if the call was transferred), the date, the call duration and the voice file.
5.7. Sealey’s business premises are protected by Closed Circuit Television (CCTV). If you should visit the premises in person, your image may be captured on our security systems. We use this data only in the event of security issue or to assist in queries relating to deliveries/collection dispute resolution.
5.7.1. CCTV data includes, the date and time of feed, the location of the recording device and the image file.
6. Legal basis for processing
6.1. The legal basis for processing your Personal Data is one of consent, where you have at the time of contacting us, consented to us processing this data.
6.2. The processing of data associated with CCTV and Call data logging is based on a legitimate and lawful requirement to maintain the security of the premises and to assist with dispute resolution and provide a training feedback where necessary.
6.3. The legal basis for processing of your Personal Data for Product Safety Recalls is one of legal obligation to your safety.
7. Recipients of your personal data
7.1. Sealey do not trade or exchange data with third parties other than those that provide delivery mechanisms for our services. Data is used for marketing products sold and distributed by Sealey only. If we feel that there is a compelling business reason why we should trade or exchange data with a 3rd party (other than to provide delivery mechanisms for our services), we will contact you, using the methods you have indicated and ask for your permission.
7.2. We may release information relating to your account to relevant authorities if it is deemed that the request meets the GDPR’s Vital Interest clause.
8. Storage and Transfer of data
8.1. Your data is primarily held on servers hosted in the UK under GDPR regulations. Sealey have processing agreements in place for the safe storage of this data.
8.2. Sealey take reasonable precautions to ensure the security of any data processed on our local infrastructure including but not limited to;
8.2.1. Cyber Essential Plus level of accreditation across network and processing facilities – with Roadmap to IASME accreditation.
8.2.2. Password protected access to storage of data and limited accessibility of areas used for processing data.
8.2.3. Ongoing program of education and familiarity around our responsibilities to protect our clients’ data
8.2.4. A safe-by-design approach to the creation of data bases and systems that process our clients’ data.
8.3. Where we have arrangements for the transfer of data e.g. for mailing services, we have data processing agreements in place.
9.1. Data is stored according to our data retention policies but broadly;
9.1.1. Name, Business Type, Business Name, Address, Email and Contact Telephone Number(s); for a maximum of 3 years before we will ask you if you wish to continue to receive information.
9.1.2. Warranty Information; for a maximum of 3 years before we ask you to review and remove/continue.
9.1.3. Telephone Calls; for a maximum of 12 months before being deleted.
9.1.4. CCTV; for a maximum of 90 Days before being deleted.
10. How we use and profile your data
10.1. Where we have your permission, we profile your data to ensure that we keep you up to date with the latest developments in our product ranges and promotions. We may profile products you have purchased and make automated associations with other products from within our program. We may profile the magazines and periodicals that you read and associate possible interest in products for the relevant genre. We also use anonymised data from magazines and periodicals to direct our marketing/advertising strategy. We may profile the request for promotional literature and associate possible interest in products from other similar promotions. We may profile your purchasing history (where available) and/or your geographical location to establish the effectivity of product(s) or to lead Distributor promotions in your area.
10.2. In the event of a Product Safety Recall we may process your Personal Data to inform you of a safety issue. We will use whatever means is appropriate to contact you in this case.
10.3. We do not actively profile telephone calls or CCTV Images unless we consider the content may resolve a specific issue or incident. This data is not routinely or automatically combined with any other personal data we hold about you.
10.4. If we are not permitted to profile your data, we may not keep you fully updated with new product and promotion releases.
11. Your Rights
11.1. The General Data Protection Regulations (GDPR) provide individuals with rights over the data that we hold where you can be identified by that data. More information can be viewed at the Information Commissioner’s Office (ICO) at www.ico.org.uk . Broadly these rights relate to the data that Sealey hold as follows:
11.1.1. You can object to Sealey processing your data by visiting your area and deleting your consent and data at any time – processing of your data is not conditional to the provision of service i.e. you can request that we send a catalogue to you without allowing us to keep your details for re-use.
11.1.2. You have full access to your data and are free to amend or erase it at any time. You may also amend the way in which we contact you via our Account Management area on www.sealey.co.uk.The data retention periods are automated. Sealey will mail you a reminder at the point that your data is about to be removed from its data bases – if you do not respond within a period, usually 2 weeks, we will send a reminder of the request. If after a further 2 weeks we have not had a response, the personal data we hold will automatically be deleted.
11.1.3. You may also request a portable data file of your data by mailing email@example.com.
11.1.4. Sealey work hard to keep our clients happy. If the experience of dealing with Sealey does not meet your expectations, please let us know so we may investigate and respond. You can raise issues relating to data by mailing firstname.lastname@example.org or calling our Call Centre team on 01284 757500.
11.1.5. If you are still unhappy with our response, then you may contact the ICO using the above website and quote our Data protection Registration Number (Z7643537).
12. Data Breach
12.1. If we become aware of a data breach, Sealey will advise you as soon as possible and within 72 hours of becoming aware. Depending on the severity and nature of the breach, Sealey may also be required to inform the ICO – if we decide not to, a written account of our process in considering this action will be made.
13.1. We apply appropriate technical, physical and organizational measures that are reasonably designed to protect personal information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against other unlawful forms of processing. Access to personal information is restricted to authorized recipients on a need-to-know basis. We maintain an information security program that is proportionate to the risks associated with the processing.
14. Linked Websites