Effective: 1 January 2023
We are committed to ensuring your personal data remains protected in accordance with the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018. This policy will inform you about the personal data we may collect about you, how we store and use it, along with your legal rights.
It is important to read this document during times when we may collect your personal data, for example during surveys, phone calls and website visits to ensure you fully understand what we may record, in what capacity we may use it and why.
What information we collect
The information we collect from you depends on the nature of your relationship with us.
Personally Identifiable Information (PII) is any information which may identify a person.
The PII we gather and store is based on what you tell us via forms, phone, web chat, surveys, as well as website interactions. Examples include; name, email address, telephone number, account name and number, delivery and billing addresses, bank account details, transactions including products and services purchased, as well as preferences and areas of interest from third parties such as social media. All card details are processed via 3rd party payment gateways, which we do not collect or store. Third party data is only ever passed to us with your prior consent to share this data with us.
We may also collect digital data relating to website browsing such as your device ID, IP address and operating system, browser type, browser language and location, adverts you click on, products you browse or purchase, and information you download, login activity and cookies. Marketing emails we send you may also automatically detect whether you have received or opened the email or clicked on a link in our marketing materials. We use this information for our own performance measurement and also to help tailor our promotional messages and advertising to you.
Cookies and Similar technologies
How we use your data
In general, we process PII for business contractual purposes; to fulfil orders, respond to queries, communicate any safety issues, update and maintain records and improve your overall customer experience. For these types of activities, we rely on your consent as a lawful basis for processing your personal data. By using our products and services, you expressly provide your consent to the collection, use and disclosure of your personal information. We may also use your data in the detection and prevention of fraud or to fulfil a legal obligation.
We may also use your data for statistical analysis, customer profiling, and marketing activities.
For these purposes we rely on either consent via cookies or via legitimate interest as a lawful basis for consent.
Unless you have opted-out via our online marketing preference centre or cookies manager or added your phone number to the CTPS, we may send emails, call, text, post or present information to you online about products and services which we feel are of particular interest to you. This is based on your browsing behaviour, previous searches and previous purchases.
When you communicate with us, we will store all communications we receive unless otherwise requested by you. If you are submitting information on behalf of another individual, you are responsible for obtaining appropriate consent, including consent to share and transfer any Personal Information across borders.
We may also hold and process the company name and address details of your customers for processing your orders, and from time to time use this information for profiling, to understand more about your business and the products and services relevant to you. We may pass this data to third parties for profiling and to identify lookalike audiences. Please note we will never knowingly directly contact or market to these customers.
By way of example, if you do not consent, and reject cookies from us, and yet have a LinkedIn or Google account with a profile similar to one of our customers, it is possible that you may be selected by LinkedIn or Google as a suitable “lookalike” customer which may result in you receiving advertising from us, even though we have not shared your details with them. By configuring cookies, you are fully in control of how your data is used. In this example accepting cookies would mean that you would not receive advertising from us, as you would be identified as already being a customer and so suppressed from any advertising.
Withdrawing consent from receiving marketing communications.
You have the right to unsubscribe to marketing communications at any point by updating your marketing preferences;
- Click the unsubscribe/opt-out option via the marketing preferences centre (accessible via the footer link found in a recent email).
- Email us at firstname.lastname@example.org
Please note that when unsubscribing from our marketing communications, we will keep a record of your email address to ensure that we do not send you marketing emails in the future.
If you would like more information, you can read more about the lawful grounds for processing personal data on the ICO's website.
Any tailored adverts you see on social media or other websites will have been served based on cookies and how closely you match the demographic profile of our customers. In some cases, this may involve sharing your email address with the social network. If you no longer want to see tailored advertisements you can change your cookie and privacy settings on your browser and these third party websites.
How we store your data
Your information is stored on both cloud-based and regional servers depending on your location and the server locations of the IT companies we hire to provide services to us based on contractual requirements.
We strive to maintain the highest level of security possible and have measures in place intended to protect against the loss, misuse and alteration of your user data under our control including password protected log in processes for all account holders as well as cyber security credentials including SSL certified websites and regular penetration testing to assess the degree of risk to users.
We require that our third-party service providers and partners agree to keep the information we share with them confidential and to use the information only to perform their obligations in the agreements we have in place with them. We have implemented internal policies to ensure that such parties are required under contract to maintain privacy and security protections which are at least as consistent with our own policies and practices.
No website or internet transmission is however completely secure. While we strive to protect your data, we cannot guarantee that unauthorised access, hacking, data loss or a data breach will never occur, and we cannot warrant the security of any information that you provide to us. You are responsible for securing and maintaining the privacy of any password(s) and account registration information uses with us and verifying that the information we maintain about you is accurate and current. This website contains links to other websites that are outside of our control and we are not responsible for the privacy practices of any such websites.
Our policy on sharing data
We may share data with a selected number of third parties as part of day-to-day operations. These service providers are contractually obligated to handle your personal data securely and in accordance with applicable data protection laws. These include;
Sister Companies: Other members of Flowtech Fluidpower plc, for the purpose of providing you with the services that you have requested and to improve our customer insights for service improvement.
Service Providers: Such as logistics partners (for shipping), IT and digital partners (for website optimisation, statistical analysis, business insight, product recommendations) and sometimes professional and legal advisors.
Government Authorities: e.g. customs authorities (for international shipping), law enforcement, governmental authority or credit check companies (to report a fraud or fulfil a lawful request). We do not provide information to these agencies or companies for marketing or commercial purposes.
Business or Asset Sale: In the event that we sell any business assets, the personal information of our customers may be disclosed to a potential buyer. In this event, we will make reasonable attempts to ensure the buyer will be bound by the terms of this privacy statement.
Flowtech may also disclose personal information in cases where we believe the disclosure is necessary to protect the rights, property or personal safety of our business, our customers, employees or the public, or where we are otherwise legally permitted to do so.
Other than for the purposes outlined above, we will not share personal information with third parties, without your consent unless we are required to do so by law.
How we transfer information across borders
In cases of transfer of personal data within the EU, the GDPR does not impose any additional requirement with regard to the direct applicability of GDPR.
Your Privacy Rights
Under the terms of UK data protection legislation, you have the following rights;
- Your Right to Access. You have the right to ask in writing for a copy of any Personal Information (a “Subject Access Request”) In most cases you can obtain this information at no cost (we would discuss with you in advance if this was not the case). Information will be supplied within 30 days of request. To make a request, please write to us using the email or postal address in section 7.
- Your Right to Rectification. If information we hold about you is inaccurate, please contact us. We will be happy to make corrections promptly (within 30 days of notification).
- Your Right to be Forgotten. You can ask that we erase all personal information that we hold about you. Where it is appropriate that we comply within 30 days.
- Your Right to Restrict Processing. Can unsubscribe at any time should you wish to restrict any use of your data please contact our email/address above.
- Your Right to data Portability. Whilst we respect this right we do not hold any portable data.
- Your Rights related to Automated Decision-Making. Marketing emails we send you may also automatically detect whether you have received or opened the email or clicked on a link in our marketing materials. We use this information for our own performance measurement, but also so that we can tailor our promotional messages and advertising to you. You may opt out at any time.
- Data privacy and security. We have an appropriate data security policy and our sub-processing partners including Microsoft and Google meet high standards of data management. All of our websites are covered with a minimum SSL Standard. Data protection is a key consideration of all IT systems that hold data. Where any risks are identified we conduct assessments to determine any corrective actions.
Updates and how you can contact us
It is important that the personal information we hold about you is accurate, and would appreciate if you could make us aware of any changes to allow us to update our records.
While you have the right to approach the Information Commissioner’s Office (ICO), the UK supervisory authority over data protection concerns (www.ico.org.uk), we would appreciate the opportunity of resolve any concerns before you make this step.
Data Protection Committee
Flowtech Fluidpower plc
Should you still wish to contact the Information Commissioner’s Office (ICO), here are the details;
Helpline: 0303 123 1113
ICO website: www.ico.org.uk
At all times we seek to meet the requirements of the EU General Data Protection Regulations (GDPR) as enacted within the UK and on demand will share any information we have on individuals, with those individuals, and will remove or correct any data in a timely manner where required to do. Specifically, we act as “Data Controller” in respect of the information gathered and processed by this website.
Information on our website
Information on our websites is for the purpose of providing information about our Company and the products and services that we offer. We have taken all reasonable efforts to ensure that information which is provided on our website is accurate at the time of writing, however, we do not warrant its accuracy and there may be inadvertent and occasional errors or omissions for which we disclaim all liability. We reserve the right to make changes and corrections to any information or material provided on this website at any time, without notice. All material accessed or downloaded from this website is obtained at your own risk. It is your responsibility to put information to appropriate use and to use anti-virus software. Links to other websites are provided for your convenience. We are not responsible for and accept no liability for the content of any external websites which may be accessed from this website.
Whilst we make every effort to ensure that the technical drawings, designs and information are accurate, they are for illustrative or information purposes only and there may be inadvertent inaccuracies or errors. We therefore do not represent or warrant (expressly or impliedly) that the technical information, designs, drawings or other material provided through this website are complete, accurate, or current. Your use of the technical information is solely your responsibility and we accept no liability for any direct, special, indirect or consequential loss or damage or any other damages of any kind howsoever arising from the use of the technical information contained on this website.
All intellectual property rights, including copyright, in the site design, text, graphics, the technical drawings, and other content belong to us or our licensors. Reproduction of any part of the material from this website is subject to the following conditions:
- the material may be used only for personal use i.e. for non-commercial purposes;
- the copies must retain any copyright or other intellectual property notices contained in the original material
- the products, technology, designs or processes described in this website may be the subject of other intellectual property rights reserved by Flowtech Fluidpower plc or by other third parties. No licence is granted in respect of such intellectual property rights.
Appendix 1 - Data Retention Policy
Data types and Retention Periods
We hold customer data in a number of software systems to enable us to do business with customers, suppliers and 3rd party service providers. We do not hold data for longer than required and have the following agreements in place;
Data Type held
Customer Data Platform / Analysis platforms
Customer and contact names, addresses and emails, orders and transactions, website visits
Analysis and Marketing
Email Service Provider
Customer and contact names and emails
Email addresses and preferences
Tailored content based on customer profile
Unknown records (via email address) - 90 days
Known records – 2 years
Customer databases and order processing
Customer and contact names, addresses and emails, bank details, orders and transactions
Customer sales information
Websites – cookies
Website monitoring and performance, targeted marketing.
Information will only be retained beyond its retention period in limited circumstances including;
- If the information required to fulfil statutory or regulatory requirements
- If the information relevant to ongoing litigation / subject to a legal hold / public enquiry
- If the information the subject of an information request or relate to information recently disclosed in a response
- If retention is required to evidence events in the case of a dispute
In these circumstances the data retention period will be extended by 2 years.