01242 703400

ECOMMERCE

SERVICE & SUPPORT

Home 9 Privacy Policy

Privacy
policy

We are committed to protecting and respecting your privacy.

trusted with you data

Introduction

Everyone has rights with regard to the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our customers, suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain confidence in the organisation and will provide for successful business operations.

This policy sets out the basis on which any personal information we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

For the purpose of UK data protection laws, the data controller is Commercial Limited of Commercial House, Old Station Drive, Cheltenham, Gloucestershire, GL53 0DL (collectively referred to as “we” “us” or “our” in this policy).

Data protection principles

When processing your information, we must comply with the six enforceable principles of good practice. These provide that your personal information must be:

  • processed lawfully, fairly and in a transparent manner,
  • processed for specified, explicit and legitimate purposes,
  • adequate, relevant and limited to what is necessary,
  • accurate and kept up-to-date,
  • kept for no longer than is necessary, and
  • processed in a manner than ensures appropriate security.

Information you give to us

We may collect, use, store and transfer different kinds of personal information about you, including:

  • Identity Data, such as your name, marital status, title, date of birth and gender,
  • Contact Data, such as your address, email address and telephone numbers,
  • Third Party Data, such as Identity Data and Contact Details relating to your business colleagues and other contacts,
  • Company Data, such as your job title, information relating to your position and role within your company, and transactions between us and your company,
  • Financial Data such as bank account and payment card details, purchase order numbers and company turnover,
  • Transaction Data, including details about payments to and from you, and details of products and services you purchase from us,
  • Technical Data, including IP addresses, your log-in data, browser type and version, time-zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website,
  • Profile Data, such as your username, password, interests, preferences, feedback and survey responses, and
  • Marketing Data, such as your preferences in receiving marketing from us and our third parties, and your communication preferences.

‘Special category’ data

During the course of dealing with you, we may collect information about you relating to your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, criminal convictions, sex life or sexual orientation, or certain types of genetic or biometric data (such information is known as ‘special category’ data).

This is most likely to occur, for example, if you participate in our DSE Workplace Assessment service, which may require the collection and processing of your health and/or medical data.

Outside of this service, we do not expect to collect any ‘special category’ data about you.

How we collect your personal information

We may obtain personal information by directly interacting with you, such as:

  • meeting with you, or giving us your business card,
  • asking us to provide you or your company with goods or services,
  • creating an account with us, and/or using our dedicated online customer portal
  • requesting a catalogue, sending us a support request or requesting a call back,
  • interacting with our social media pages such as Twitter and LinkedIn,
  • entering a promotion or survey organised by us, or otherwise providing us with feedback,
  • subscribing to our services or publications, or otherwise requesting marketing material to be sent to you, or
  • otherwise corresponding with us by phone, email, letters or otherwise.

We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.

We may also collect personal information about you from third parties or publicly-available sources, such as:

  • your business colleagues and other contacts,
  • business networks with which both you and we are connected,
  • analytics providers (such as Google Analytics),
  • advertising networks,
  • trusted third party suppliers of public data,
  • search information providers,
  • providers of technical, payment and delivery services, and
  • Companies House, LinkedIn and the electoral register.

How we use your personal information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • you have given us consent,
  • we need to perform a contract we are about to enter into, or have entered into, with you,
  • where it is necessary for our or a third party’s legitimate interests, and your interests and rights do not override those interests, or
  • where we need to comply with a legal or regulatory obligation.

We will only use ‘special category’ information:

  • provided we have your explicit consent to use it,
  • where we believe that we need to use that data to protect your vital interests where you are not able to provide us with your explicit consent,
  • where it is necessary for reasons of substantial public interest,
  • where you have previously made that data public knowledge, or
  • if we need to use that data to establish, exercise or defence legal claims.

Purposes for which we will use your personal information

We may use your personal information for a number of different purposes. For each purpose, we are required to confirm the ‘legal basis’ that allows us to use your information, as follows:

Purposes for which we will use the information you give to us Legal basis
To register you as a new customer It will be necessary for the performance of the contract between you and us
To process your order and, if accepted, to deliver the products and/or services to you (including managing payments, fees and charges) It will be necessary for the performance of the contract between you and us
Where you are acting as a representative of a company, to register that company as a new customer and to process, deliver and manage that company’s orders It will be necessary for our legitimate interests, namely with a view to performing our obligations under the terms of that contract
To investigate and resolve hardware and software incidents and service requests. Scheduling implementation requests and contractual visits. It will be necessary for the performance of the contract between you and us
To provide case studies and references to potential clients, and to assist us in responding to whatever query or interest you have expressed in our services. It will be necessary for our legitimate business interests to satisfy your queries and concerns and ensuring that we provide a complete service.
To collect and recover money owed to us It will be necessary for our legitimate interests, namely to ensure we receive payment for products that you or your company has ordered from us
To notify you about changes to our terms of sale or this privacy policy It will be necessary for our legitimate interests, namely to ensure you are aware of our current terms and conditions
To notify you about changes to our services It will be necessary for our legitimate business interests to ensure you are aware of the latest updates to the products and services we provide, or may provide, to you.
To prevent customers from trading with us who have been fraudulent and to pass their details on to the relevant regulatory authority It will be necessary for our legitimate interests, namely to prevent fraudulent or dishonest behaviour
To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, to allow you to participate in interactive features of our service, when you choose to do so, to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you and to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them It will be necessary for our legitimate interests to ensure you receive the best experience possible when accessing and using our website. We will comply with our cookie policy when processing this information
To enable you to complete a survey It will be necessary for our legitimate interests, namely to study how customers use our products, to develop them and help grow our business
To provide you with information about special offers and other products we sell that are similar to those that you have already received from us Where you are acting in a business capacity, then it will be necessary for our legitimate interests, namely to ensure you receive communications that we consider are relevant to you or your company

In all other cases, we will only do this if you give us your consent

To invite you to corporate events, such as seminars, workshops, CSR days and corporate hospitality It will be necessary for our legitimate interests, namely to ensure you are aware of the latest developments in our industry, or otherwise to develop our relationship with you outside of the working environment

Where you would not normally have a reasonable expectation of receiving such invites from us, we will only send you invites if you give us your consent

We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

What if you cannot or will not provide us with your personal information

It may be a contractual requirement for you to provide us with certain information; this will be set out within your service agreement. If you do not provide us with that information, we will be unable to accept and process your order and deliver the products and/or services to you. You may also be liable to pay additional costs, as explained in the ‘Request for services not covered under this support agreement’ section of our Support Agreement and also detailed in section 7 of the Standard Terms and Conditions of Supply and section 9 of the Call-off Agreement for the Purchase of Products or as otherwise notified to you.

Cookie policy

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website.  A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Purpose More information
Universal Analytics These cookies identify user sessions, passing information back to Google Analytics. With this information, we can improve the website experience. https://policies.google.com/privacy
Facebook Pixel This cookie identifies user sessions, passing information back to Facebook’s advertising platform. This allows us to communicate the latest offers and events via Facebook and Instagram ads. https://www.facebook.com/
Doubleclick These cookies identify user sessions, passing information back to Google Analytics. With this information, we can improve the website experience. https://www.doubleclickbygoogle.com/
Google Tag Manager These cookies identify user sessions, passing information back to Google Analytics. With this information, we can improve the website experience. Google.com
Facebook This cookie identifies user sessions, passing information back to Facebook’s advertising platform. This allows us to communicate the latest offers and events via Facebook and Instagram ads. Facebook.com
Omniconvert Session cookies to provide specific web content to relevant users https://www.omniconvert.com/
Sprint Online Ordering – ASP.NET_SessionId This is used during the log in process and whilst the session is active on a browser.
Web2Print – Session ID This is used during the log in process and whilst the session is active on a browser. This times out after a default period of 20 minutes unless specified otherwise by the system administrator.
Web2Print – Time Zone This is used during the session to display the correct timezone and date format.
Web2Print – Basket Cookie This is used only in the circumstance of having a single log in for multiple users and stores the users basket on the computer until the point of checkout. Expires a week after it was created
Web2Print – Bulk orders This is only used during the session if the module is enabled for bulk ordering. It stores information about the products selected until the point of putting them into the basket to checkout.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Except for essential cookies, all cookies will expire after the browser session ends or as stated within the above information/links.

Disclosure of your information

We may share your personal information with the parties set out below:

  • other companies within our group, including Commercial Foundation, Commercial Creative and In2Print,
  • providers of IT and system administration services to our business, including Office 365, Proposify, CorePrint, and other online cloud providers,
  • our professional advisers (including solicitors, bankers, auditors and insurers),
  • HM Revenue & Customs, the Information Commissioner’s Office, regulators and other authorities who require reporting of processing activities in certain circumstances,
  • credit search and reference agencies, and fraud prevention agencies,
  • business networks with which we are connected,
  • analytics and search engine providers that assist us in the improvement and optimisation of our website,
  • business partners, suppliers and sub-contractors to the extent we consider it reasonably necessary for us to provide our goods and services to you, and
  • third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Where we store your personal information

All information you provide to us is stored on our secure servers in the United Kingdom.

We will take all steps reasonably necessary to ensure that your data is treated securely, including taking the following safeguards:

  • Building entry controls. All site locations employ comprehensive physical security practices and technology.
  • Secure lockable desks and cupboards. Desks and cupboards are kept locked when not in use if they hold confidential information of any kind.
  • Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
  • Firewalls and encryption. We apply industry-standard firewall protection and encryption technology (including antivirus, VPN connections, SSL certificates, data at rest encryption, disk encryption and virtualised environments).
  • Equipment. Our internal policies require that individual monitors do not show confidential information to passers-by and that users lock or log-off from their computers when it is unattended.
  • Electronic access. All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone. Use of passwords is governed by a strict access control policy.
  • Training. We ensure our employees are trained in the importance of data security.
  • Overseas transfers. If we transfer your personal information outside the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring that we apply appropriate safeguards (either by transferring data only to recipients in the European Union, to recipients in countries approved by the European Commission, to recipients that are party to the EU-US Privacy Shield, or by using specific contracts approved by the European Commission).

If you are concerned about the levels of data security in any of those countries, please let us know and we will endeavour to advise what steps will be taken to protect your data when stored overseas.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

How long we will store your personal information

The length of time that we will store your data will depend on the ‘legal basis’ for why we are using that data, as follows:

Legal basis Length of time
Where we use/store your data because it is necessary for the performance of the contract between you and us We will use/store your data for as long as it is necessary for the performance of the contract between you and us
Where we use/store your data because it is necessary for us to comply with a legal obligation to which we are subject We will use/store your data for as long as it is necessary for us to comply with our legal obligations
Where we use/store your data because it is necessary for our legitimate interests We will use/store your data for as long as it is necessary for our legitimate interests, or such earlier time as you ask us to stop. However, if we can demonstrate the reason why we are using/storing your data is more important than your interests, then we will be allowed to continue to use/store your data for as long as it is necessary for our legitimate interests
Where we use/store your data because you have given us your specific, informed and unambiguous consent We will use/store your data until you ask us to stop

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitive of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

Your rights

You have various legal rights in relation to the information you give us, or which we collect about you, as follows:

  • You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the information and for how long we will use your information.
  • You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
  • You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
  • You have the right to ask us to stop using your information where: (i) the information we hold about you is inaccurate; (ii) we are unlawfully using your information; (iii) we no longer need to use the information; or (iv) we do not have a legitimate reason to use the information. Please note that we may continue to store your information, or use your information for the purpose of legal proceedings or for protecting the rights of any other person.
  • You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you ask us to transmit your information and we are unable to do so, we will explain why not.
  • Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which overrides your interests, rights and freedoms.
  • Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
  • You have the right to object to us using/storing your information for direct marketing purposes.

If you wish to exercise any of your legal rights, please contact us by writing to the address at the top of this policy, or by emailing us at dpo@commercial.co.uk.

You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.

Opting out of receiving marketing communications

You can ask us to stop sending you marketing communications at any time by contacting our customer services team by writing to the address at the top of this policy, or by emailing us at privacy@commercial.co.uk.

Direct mail and mail campaigns contain dedicated opt out functionality built in which allows users to opt out electronically.

Automated decision-making

We do not use automated decision-making processes.

Third party links

Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Changes to our policy

Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email. Please check our website frequently to see any updates or changes to our policy.

Contact

Questions, comments and requests regarding this policy are welcomed and should be addressed to the Data Protection Officer by writing to the address at the top of this policy, or by emailing us at dpo@commercial.co.uk.