+44 (0) 1344 636200 firstname.lastname@example.org
WHO WE ARE
AEI are registered with the UK Information Commissioner’s Office (“ICO”) (registration number pending).
AEI Systems Ltd (Privacy)
1 Kings Ride Park, Ascot, Berks. SL5 8AP
By telephone: + 44 (0) 1344 636200
By email: email@example.com
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
DATA PROTECTION PRINCIPLES
AEI Systems adheres to the following GDPR principles when processing your personal data:
What are your rights and how can you exercise them?
You may exercise the following rights under the conditions and within the limits set forth in the law:
RESPONSIBILITY OF THE CONTROLLER
AEI being a data controller and taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, we shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the General Data Protection regulation (GDPR). Those measures shall be reviewed and updated where necessary.
Transparency – We will always tell you what data we’re collecting about you and how we use it. We only share your data with trusted partners and will never sell your data.
Secure – We are committed to always follow industry best practices to ensure your data is stored safely and securely. We protect the confidentiality, accuracy and availability of the information we collect about you.
Control – We will always give you control over the marketing you receive from us. You can choose the types of messages you receive and whether you want to stop receiving any marketing communications.
Legal basis for the processing
If any legal basis for processing needs to be changed or updated over time, or if we have a new purpose which we did not originally anticipate, we will update this section as long as new purpose is compatible with the original purpose.
The lawful bases for processing are set out in Article 6 of the GDPR.
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
We will not process your personal data if we do not have a proper justification foreseen in the law for that purpose. Therefore, we will only process your personal data if:
Please note that, when processing your personal data on this last basis, we always seek to maintain a balance between our legitimate interests and your privacy. Examples of such ‘legitimate interests’ are data processing activities performed:
Purposes of the processing of data
We always process your personal data for a specific purpose and only process the personal data which is relevant to achieve that purpose. In particular, we process your personal data for the following purposes:
Who has access to your personal data and who are they transferred to?
AEI hold your data and we will not sell, share, or otherwise transfer your personal data to any other third parties other than those indicated in this Privacy Notice without your prior consent to do so.
In the course of our activities and for the same purposes as those listed in this Privacy Notice, your personal data can be accessed by or transferred to the following categories of recipients on a need to know basis to achieve such purposes:
The above third parties are contractually obliged to protect the confidentiality and security of your personal data, in compliance with applicable law.
Your personal data can also be accessed by or transferred to any national and/or international regulatory, enforcement, public body or court, where we are required to do so by applicable law or regulation or at their request.
The personal data we collect from you may also be processed, accessed or stored in a country outside the UK, which may not offer the same level of protection of personal data.
If in the case we are required to transfer any of your personal data to external companies, legal entities in other jurisdictions, we will make sure to protect your personal data by applying the level of protection that is required under the local data protection/privacy laws applicable to the UK, acting in accordance with our policies and standards and, for entities located in the European Economic Area (i.e. the EU Member States plus Iceland, Liechtenstein and Norway, the “EEA“), unless otherwise specified, only transferring your personal data on the basis of standard contractual clauses approved by the European Commission. You may request additional information in relation to international transfers of personal data and obtain a copy of the adequate safeguard put in place by exercising your rights.
We collect and process the following personal data from you:
Under the GDPR, an employee, client, supplier or third-party provider has a right to be informed of:
HOW LONG WE KEEP YOUR PERSONAL DATA
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you may be entitled to ask us to delete your data: see your rights below for further information.
The criteria we use for retaining different types of personal data, includes the following:
Our website and business operations is not intended for or directed at children under the age of 16 years and we do not knowingly collect data relating to children under this age.
For email marketing to an individual subscriber (that is, a non-corporate email address) with whom we have not previously engaged as a client, we need your consent to send you any unsolicited email marketing.
Where you do provide consent, you can withdraw your consent at any time, but without affecting the lawfulness of processing based on consent before its withdrawal.
You have the right to opt out of receiving email marketing communications from us at any time by:
We transfer only non-personal data outside the UK or the European Economic Area (EEA).
SECURITY OF YOUR PERSONAL DATA
We have implemented appropriate technical and organisational controls to protect your personal data against unauthorised processing and against accidental loss, damage or destruction. You are responsible for choosing a secure password when we ask you to set up a password to access parts of our sites or apps. You should keep this password confidential and you should choose a password that you do not use on any other site. You should not share your password with anyone else, including anyone who works for us. Unfortunately, sending information via the internet is not completely secure. Although we will do our best to protect your personal data once with us, we cannot guarantee the security of any personal data sent to our site while still in transit and so you provide it at your own risk.
We use industry standard physical and procedural security measures via our third-party provider to protect information from the point of collection to the point of destruction. This includes encryption, firewalls, access controls, policies and other procedures to protect information from unauthorised access.
Where data processing is carried out on our behalf by a third party provider, we take steps to ensure that appropriate security measures are in place to prevent unauthorised disclosure of personal data.
Despite these precautions, however, AEI cannot guarantee the security of information transmitted over the Internet or that unauthorized persons will not obtain access to personal data.
In order to improve our website, we may use small files commonly known as “cookies”. A cookie is a small amount of data which often includes a unique identifier that is sent to your computer or mobile phone (your “device”) from our website and is stored on your device’s browser or hard drive. The cookies we use on our website won’t collect personally identifiable information about you and we won’t disclose information stored in cookies that we place on your device to third parties.
You can find more information about how to do manage cookies for all the commonly used internet browsers by visiting www.allaboutcookies.org. This website will also explain how you can delete cookies which are already stored on your device.
Our website may, from time to time, contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and AEI does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
In the event of a data breach, AEI have put in place and recorded procedures within the scope of the GDPR to deal with any suspected breach and will notify you and any applicable regulator of a breach where required to do so.
The Privacy and Electronic Communications Regulations (PECR)
The Privacy and Electronic Communications Regulations (PECR) sit alongside the previous Data Protection Act and the GDPR. They give people specific privacy rights in relation to electronic communications.
There are specific rules on: marketing calls, emails, texts and faxes; cookies (and similar technologies); keeping communications services secure; and customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.
We will, under the GDPR, abide under these rules to insure compliance is met.
EMAIL & MONITORING
Whilst every member of the AEI team has a personal private email address, email which you send to us or which we send to you may be monitored to ensure compliance with professional standards and our internal compliance policies. Monitoring is not continuous or routine, but under the GDPR, this may be undertaken to insure the usage of company emailing is in line with compliance. Occasional spot checks or audits may also be undertaken to insure ongoing compliance.
You have the right to make a complaint at any time with a supervisory authority, in particular in the EU (or EEA) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is ICO who can be contacted at https://ico.org.uk or telephone on 0303 123 1113.
This Private Policy has been updated and effective as of
May 24, 2018.