Privacy Policy

Introduction

We value the trust you place in us when sharing your personal data, and its security is very important to us. This privacy notice/policy explains how we collect and use your personal data during and after your relationship with us, in compliance with data protection laws. It also outlines who we share your data with, your rights regarding your personal data, and how you can exercise those rights.

Who we are – companies and websites within scope

For the purposes of the General Data Protection Regulation (GDPR), Orderworkwear Limited is the Data Controller. This policy applies to personal data collected through our websites, by telephone, through Live Chat, and via related social media applications. As the Data Controller, we determine what data is collected, how it is used, and how it is protected.

It is important that you read this notice along with any other privacy notices we may provide on specific occasions when we are collecting or processing personal data about you so that you are aware of how and why we are using such information.

If you have questions about how we process personal data or would like to exercise your data subject rights, please refer to the Contact Us section below.

The kind of data we hold about you

We may collect, store, and use the following categories of personal data (this list is not exhaustive):

• Personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
• Business contact details such as position, company name, company address, business telephone number, and email addresses
• Age/Date of birth
• Bank account details and tax/VAT status information
• For credit arrangements, other data relating to trading information
• CCTV footage and other information obtained through electronic means such as geolocation data for deliveries
• Cookie information and information about your use of our information and communications systems
  
  

Collection of personal data

We collect personal data from you for one or more of the following purposes:

• To fulfill a contract we have entered into with you or the entity you represent. In these circumstances, it may be your entity that has provided us with your personal data.
• To initiate and complete commercial transactions with you or the entity you represent for the purchase of products and/or services
• To deliver products you have purchased directly or indirectly from us
• To communicate with suppliers of goods and services
• Keeping accounts and other business records
• To carry out marketing, electronic or otherwise, including sharing within the Bunzl group
• Complying with legal or regulatory requirements including health and safety obligations
• Dealing with complaints or queries from our customers and our suppliers
• Generating data analytics to monitor and improve the performance of our website
• To ensure the security and safe operation of our websites and underlying business infrastructure

We may also collect additional information from third parties, including credit reference agencies.

Technical and Cookie information

To ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

• Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet
• Your login information, browser type and version, cookies, time zone setting, browser plug-in types and versions
• Operating system and platform
• Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site

In section 10 below, we identify your rights in respect of the personal data we collect and describe how you can exercise those rights.

Lawful basis for the processing of personal data

We believe it is in our legitimate interests, necessary for the performance of a contract, or we obtain consent to collect and use personal data to operate our business and provide a service you have requested. In some cases, we may be legally required to use or disclose personal data, for example, to comply with a request from an official body. When processing based on legitimate interest, we ensure our interests and fundamental rights do not override your interests.

Sharing your personal data

We may share your personal data on a ‘need to know’ basis where necessary or required by law, with:

• Accountants
• Legal counsel
• Consultants
• Insurers
• Information technology and communications service providers
• Suppliers
• Logistics and transport services

We may also share personal data:

• With competent law enforcement or regulators as required by law
• When we buy or sell businesses or assets

We aim to ensure all personal data we are legally responsible for remains properly protected and is used appropriately when shared with third parties.

International transfer

We are a global organization and use third parties located in other countries to help run our business, including other companies within the Bunzl Group. This includes countries outside the EU that may not have laws providing specific protection for personal data. We take steps to ensure all personal data is adequately protected and all transfers outside the EU are lawful. When transferring personal data outside the EU to a country not deemed by the European Commission as providing adequate protection, the transfers will be under an agreement that covers the EU requirements for data transfer.

We require third parties to respect the security of your data and treat it lawfully. All third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal data.

How long do we keep your personal data?

We retain your data only as long as necessary for our business needs and in compliance with any legal or regulatory duties. However long we retain personal data, we will ensure it is subject to appropriate security measures. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for processing the data, and any applicable legal requirements.

Security measures

We implement measures to protect your data, including appropriate security measures to prevent accidental loss, unauthorized use or access, alteration, or disclosure. We limit access to your personal data to individuals, agents, contractors, and third parties who have a business need to know. However, we do not control what happens between your device and our information infrastructure boundary. You should take appropriate steps to safeguard your information. We accept no liability for breaches beyond our control.

Your rights as a data subject

As a data subject whose personal data we hold, you have certain rights. If you wish to exercise any of these rights, please use the contact information provided below. We will ask you to provide a valid form of identification for verification. Your rights are as follows:

• The right to be informed: We must provide clear and transparent information about our data processing activities.
• The right of access (also known as a ‘data subject access request’): You can request a copy of the personal data we hold about you free of charge.
• The right to rectification: You can ask us to correct inaccurate or incomplete personal data.
• The right to erasure (the ‘right to be forgotten’): You can request that we delete your personal data in certain circumstances.
• The right to restrict processing: You can ask us to stop processing your personal data while retaining it.
• The right to data portability: You can request that your personal data be transferred to another Data Controller or Processor.
• The right to object: You can object to our processing of your personal data based on legitimate interest, direct marketing, or public interest tasks.
• The right to withdraw consent: You can withdraw your consent to the collection, processing, and transfer of your personal data for specific purposes at any time.
• Right to human intervention: If automated decisions are made about you, you can request human intervention to override these decisions.

You are not required to pay any charge for exercising your rights, and we have one month to respond to you.

Do you have to provide your personal data to us?

You are not required to provide personal data, but you may need to do so when entering into a contract for our services or products. We cannot provide services or products without the necessary personal data. Additionally, you must provide personal data if you contact us to exercise your rights under GDPR as outlined in section 10.

Automated decision-making and Cookies

We may carry out automated decision-making when you use our website, involving providing content based on your online behavior obtained using Cookies. If you consent to Cookies beyond those required for essential website use, we can display relevant content. You can adjust Cookies through the cookie preference settings.

Do we use your personal data for marketing?

Yes, we may use your personal data for marketing. We will only contact individuals who have opted in to receive marketing and for our legitimate interests. If you object to marketing, let us know, and we will stop contacting you for marketing purposes. We may still need to contact you for providing services and products.

Cookies consent management

We use cookies, small text files placed on your computer by websites you visit, to make our website work, monitor usage, and display relevant content. If you register with us or continue using our site, we may ask to collect additional data via cookies. You can block cookies through your browser settings, but doing so may prevent access to parts of our site and features.

Contact us

Any comments, questions, or suggestions about this privacy policy or our handling of your personal data should be emailed to marketing@orderworkwear.com. Alternatively, contact us at our registered office: Orderworkwear Limited, Cathedral Park, Belmont Industrial Estate, Durham, DH1 1TF.

Complaints

We have appointed a Data Protection Privacy Champion to oversee compliance with this privacy notice. If you have any questions about this notice or how we handle your personal data, please contact us. If you have concerns about our use of your personal data, we would like to address them. You can make a complaint to us using the contact details above.

You also have the right to contact the Information Commissioner’s Office (ICO) if you are unhappy with our response. The ICO is the independent regulatory office for the Data Protection Act 2018 and the GDPR