1.3 Molecular Products Ltd is the data controller in respect of all personal data collected on our website (www.molecularproducts.com), via our information request form, Account Application form and any personal data which has been given to us by you through email or any other written correspondence.
1.4 Data controllers are legally responsible for ensuring that all personal data they obtain is processed in full compliance with the General Data Protection Regulation.
2. WHAT IS PERSONAL DATA?
2.1 Personal data means any information that
• directly and clearly identifies a natural living person
• can be used in combination with other information to identify a natural living person
2.2 Personal data includes but is not limited to:
• An individual’s full name
• Email address (if individual can be identified)
• Date of birth
• Home address
3. WHAT PERSONAL DATA DO WE COLLECT?
3.1 Personal data we collect includes the following:
• First name
• Email address
3.2 Other non-personal data we collect:
• Company trading name
• Demographic company information including: address, postcode and country
• Company Registration number
• Company VAT number
• Company telephone number
• Company bank details such as branch name, address, account name, account number and sort code
Other information relevant to the individual such as job title, address and business telephone
4. HOW WE WILL COLLECT THIS INFORMATION?
4.1 We will collect your personal data in the following ways:
• During face to face meetings
• Electronically via our website and any enquiries you have sent to us by email
• By completing our information request, account application and goods return forms and returning these to us by automated and non-automated means (If applicable and relevant to you)
5. HOW WE WILL USE YOUR PERSONAL DATA
5.1 We believe in our products, our practices and our approach to doing business and as such will never use your personal data in a way that you are not aware of and would not expect.
5.3 We will use your personal data for the following purposes (If relevant and applicable to you):
• To action a website enquiry we have received from you
• To action an enquiry we have received from you through our sales mailbox
• To action an enquiry we have received from you using our information request form
• To respond to any technical and general queries you may have
• To process quotation requests received
• To process purchase orders and send order acknowledgements
• To send out invoices to obtain payment
• To retain and maintain a quote and order history for your company
• To retain and maintain visit reports
• To liaise with you regarding the collection/shipment of your order
• To communicate with you in the event your order has been delayed
• To advise you of any price increases across our product list
• To advise you of any changes in ownership
• To advise you of any change in regulation that will affect you, this being related to the products in which you buy from us, for example, ISO 9001 for standard soda lime products or ISO 13485 for medical products
• To advise you of any changes within our Technical and Safety Data Sheets
• To ask you to take part and provide feedback in our customer surveys. These are optional and you will be contacted via telephone, email or during customer visits
• To notify you about upcoming events and exhibitions we are attending
• To notify you of our Christmas closing and opening times
• To notify you of any possible acquisitions that will directly or indirectly affect you and your data
• For auditing purposes (should the auditor want to see the current contracts we have in place)
• For contractual, regulatory or agreement documentation including non-disclosure, distributor, supplier agreements and supplier certification
• For assessment and evaluation documentation including financial reports, performance reports, questionnaires and organisational structures
• Other documentation relating to contractual or agreement documentation including meeting notes
• To retain and maintain any documentation relating to an external service you are providing to us including:
o Quotations and proposals
o Purchase orders
o Reports and assessments (e.g. Maintenance and calibration, testing, lab)
o Certificates (e.g. Certificates of Analysis & Conformity, test certificates, letters of correspondence)
6. THE LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA
6.1 The lawful basis for us collecting and processing your personal data is:
• That it is necessary for us and for you to fulfil the contract that you are going to enter into or have already entered into with Molecular Products in order for us to provide our products and services to you
• That although we do not yet have a contract with you, you have asked for us to do something as a first step (e.g. provide a quotation) and we need to process your personal data to do what you have asked
6.2 You are not obliged to provide your personal data but as part of the contract and/or service you would like us to provide we will require this information in order to effectively provide our products and/or services to you.
Personal data will be captured at the first point of communication. In order for us to reply or action your request, we will need to process and use your data. The ways in which we will use your personal data are listed in section 5 – How we will use your personal data.
7. INFORMATION ABOUT OTHER PEOPLE
7.1 If you provide personal data to us relating to any person other than yourself, under the General Data Protection Regulation, before we can process any request, it is important for you to understand what we will require from you in such an event.
7.2 If you request a quotation from us, or require any other information such as technical support on behalf of an individual at another address or company, you must ensure the following:
• That they understand how we will use their personal data
• That you are authorised by them to provide this personal information to us
• That you have obtained consent by them for you to use their personal information on their behalf
Personal data provided under this event will be retained under your company’s quotation history and will be solely used to provide the information you have requested.
7.3 If you request your order to be delivered to an individual at another address or company, you must ensure the following:
• That they understand how we will use their personal data
• That you are authorised by them to provide this personal information to us
• That you have obtained consent by them for you to use their personal information on their behalf.
Personal data provided under this event will only be used to deliver your order and to contact this person regarding the delivery of the order should there be a need to.
8. SHARING YOUR PERSONAL DATA
8.1 To allow us to deliver your order to you we will liaise with courier companies to assist in either arranging delivery or collection of your order, depending on which shipping method you have chosen at the time of placing your order. We will only disclose the minimum required information when booking transport such as contact name, telephone number and in some cases an email address.
9. SECURITY OF YOUR PERSONAL DATA
9.1 We understand how important it is to keep personal data protected and as such already have security technology including firewalls, encryption, anti-virus and credentials in place to safeguard your data. Your personal data will be held in our databases and in your customer file on a secure drive, which is where all documentation relating to your quotation or order is stored. Your personal data is stored on servers in the UK but also in the US and in Europe, please see section 11 – The use of your personal data outside of the European Union – for an explanation of how your personal data is used outside of the EU. Personal data in our databases can only be accessed by suitably trained staff who have credentials that will allow them to access this information as part of their job role. In addition, staff who will be physically processing your information are tracked and approved individually by our IT Department.
9.2 We recognise the ever-growing risk surrounding personal data and have processes and procedures in place to ensure that paper documents, our computer systems and databases are protected against unauthorised access, disclosure, incorrect use, loss or damage.
10. DATA RETENTION PERIOD
11. CRITERIA FOR DETERMINING RETENTION PERIOD
11.1 We will make every effort to only retain what we require in order to provide our goods and services to you, we will retain your personal data for no longer than necessary, taking into account the following:
• The purpose and use of your personal data both now and in the future (e.g. our obligations under a contract or agreement with you)
• Whether we have any legal obligation to continue to process your personal data (such as any record-keeping obligations imposed by relevant law or regulation)
• Whether we have any legal basis to continue to process your personal data
• If there are any agreed industry practices on how long your personal data should be retained
12. THE USE OF PERSONAL DATA OUTSIDE OF THE EUROPEAN UNION
12.1 We are a global organisation, based in the UK, and are part of a worldwide group – Molecular Products Group – which has a number of locations across the globe. These locations include Asia, Australia, India and the US.
12.2 To streamline our business processes within the Group, one of the databases we use to store your quotation and order history is based in the US. This is a cloud-based service.
12.3 The service we use for our email communications is based in Europe. As such, any email correspondence you have with us and us with you in order to provide our goods or services, will be retained and stored in European cloud-based data centres.
12.4 The transfer of data may or may not include countries where the level of privacy protection and the legal rights of individuals are not considered equal with standards of protection in jurisdictions having comprehensive data protection laws, such as the European Union.
13. YOUR RIGHTS
13.1 Right of access
• You have the right to request and receive a copy of the personal data we hold about you. This right allows you to be aware of and verify the lawfulness of the way we process your personal data. The same right applies to any other person whose personal data you provide to us, please see section 7 – Information about other people – for review. We will provide a copy of this information free of charge. However, in the event of a request being excessive or repetitive, we may charge a reasonable fee thatwill be based on the administrative cost of providing the information.
• We will acknowledge the request upon receiving and information will be provided within 1 month of receipt of a request.
• For a Data Subject Access Request (DSAR), we will require your application in writing, proof of identity and instructions of what information you are requesting. For example, would you like a copy of all of your data or just specific data with set criteria? You may request the data in printed or electronic format, but we will check your preference with you upon receiving the request.
• Requests for access should be addressed to the DPO, please see section 17 – How to contact us.
13.2 Right to rectification
• If you find your personal data is inaccurate or incomplete, you can contact us verbally or in writing to correct it for you; please see section 17 – How to contact us.
13.3 Right to erasure (also known as the ‘Right to be forgotten’)
• You have the right for your personal data to be erased in the following circumstances:
o We no longer have a lawful basis for processing your personal data
o You have objected to us processing your personal data and there are no legitimate overriding grounds for us to continue in processing
o Processing of data is no longer necessary for the purpose for which it was gathered
o To comply with legal obligations
• It is important to note that, under certain circumstances, we can refuse to comply with your request for erasure of your personal data where processing is required by law or in connection with a legal proceeding.
13.4 Right to restrict processing
• You have the right for your personal data to be restricted in the following circumstances:
o If you consider what we hold is inaccurate, processing will be restricted until we have verified the accuracy of the data
o If you consider our processing to be unlawful and you oppose erasure and request restriction of processing instead
o If processing is no longer necessary but you require the data to establish, exercise or defend a legal claim
In the event of us lifting a restriction on processing, we will informa you of this.
13.5 Right to data portability
• You have the right to receive your personal data from us in a structured and machine-readable format (Microsoft Excel or Word) and transmit that data to another controller in the following circumstances:
o If you have already supplied this other controller with your personal data
o Where the processing is based on your consent or for the performance of a contract
o When processing is carried out by automated means
• Please note as per our Confidentiality statement in our company terms, conditions and credits we will only provide your personal data relating to you as an individual, we will not provide any data relating to our company including, and not limited to, product information and pricing. Our Company terms, conditions and credits can be found at http://www.molecularproducts.com/terms-conditions or you may request a copy of this to be sent to you; please see section 17 – How to contact us.
13.6 Right to object
• We will not carry out market research directly or indirectly with you unless consent is obtained in advance. In the event we do contact you for market research, you have the right to object and will be informed of your right to object at the first point of contact. If you make the decision to object this type of processing and do not consent, please be assured this will not have a negative affect and will not affect the lawfulness of any processing we undertake for other personal data we hold about you in order to provide our goods and services.
• As soon as we receive objection from you we will halt any potential plans of processing.
14. UPDATING AND CORRECTING PERSONAL DATA
14.1 Due to the nature of our business, it is our goal to build and/or continue our relationship with you, as well as provide our products and services to you in a timely and efficient manner. It is important that we take all necessary steps with you to ensure that the information that we currently hold for you and your company is both up to date and correct.
14.2 You can update or correct your personal and company data by contacting and asking us to do this for you, please see section 17 – How to contact us for how to do this. We ask that you include your name, address and/or email address in the request as this will help us to ensure that we only accept amendment requests from the correct individual/organisation.
16. ACCOUNTABILITY AND ENQUIRIES
16.1 If you have any queries, concerns or complaints about any of the data we hold for you and how we process your personal data, please do not hesitate to contact us and we work with you to resolve any potential issues. Please see section 17 – How to contact us.
16.2 Additionally, you do have the right to launch a complaint with a supervisory authority. You can do this by contacting the Information Commissioner’s Office (ICO) and can find information on how to do this at www.ico.org.uk.
17. HOW TO CONTACT US
17.1 For all queries and requests relating to your personal data, please contact our Data Protection Officer by using any of the following methods:
Website – www.molecularproducts.com
Email – DataProtectionOfficer@molprod.com
Mail – FAO: Data Protection Officer, Molecular Products Ltd, Parkway, Harlow Business Park, Harlow, Essex, CM19 5FR, UK
Phone – +44 (0)1279 445111