With effect from 25th May 2018, the EU General Data Protection Regulation (GDPR) comes into effect across all 28 countries of the European Union. Even following Brexit, it is widely accepted that the UK will closely adhere to the requirements of GDPR. It is important to us to have a well-structured data protection policy, which addresses all the key requirements of GDPR.
Data Protection Framework
Zinco UK has completed applicable Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) for activities related to this website, and these are available upon request from the Company’s Data Protection Officer (see Section 11).
1. Customer and Citizen Data
You may decide to send us your personal information via this website if you are seeking more information, requesting to attend one of our events, or for business administration and service purposes. Your decision to disclose your personal data is entirely voluntary, and by doing so, you are taking an affirmative action by providing us with specific consent to use your personal data only for the purposes for which you have disclosed it to us.
Zinco UK may access and use your personal data only for the purposes for which you have submitted it to us to (a) provide information to you, (b) make contact with you, (c) provide services to you, or (d) maintain the operations and security of the website and services we provide to you. We will not use your personal information for any other purposes, for example for the communication of marketing materials, unless we have your specific consent that permits us to do so.
We will at all times handle and store your personal data in accordance with industry best practice. This includes the activities and procedures undertaken by our own personnel and authorised third parties (see Section 5), and the technical controls which we have implemented to prevent unauthorised access, compromise or theft of information from our applications, supporting computer systems and premises.
2. Sensitive Personal Data
GDPR specifies a set of personal data categories which are “sensitive”, and which require special consideration by Data Controllers. This website, and any services available from this website, do not knowingly collect or process any sensitive personal data, and supporting Privacy Impact Assessments (also known as Data Protection Impact Assessments under GDPR) are available upon request from the Company’s Data Protection Officer (see Section 9).
3. Children’s Personal Data
This website, and any services available from this website, are not directed to children under the age of 13. If you learn that a child under the age of 13 has provided us with their personal information without having parental consent, please contact the Company’s Data Protection Officer (see Section 11) immediately so that we can take appropriate action.
4. Customer and Citizen Data Rights
As prescribed within data protection regulations, you have specific rights connected to the provision of your personal data to Zinco UK using this website. These include your rights to request we:
- confirm to you what personal data we may hold about you, if any, and for what purposes
- change the consent which you have provided to us in relation to your personal data
- correct any inaccurate or incomplete personal data which we may hold about you
- provide you with a complete copy of your personal data for you to move elsewhere
- stop the processing of your personal data, whilst an objection from you is being resolved
- permanently erase all your personal data promptly, and confirm to you that this has been done
(there may be reasons why we may be unable to do this)
To contact Zinco UK, please see Section 11 below.
If Zinco UK does not address your request, or fails to provide you with a valid reason why we have been unable to do so, you have the right to contact the Information Commissioner’s Office to make a compliant. They can be contacted via their website (www.ico.org.uk) or by telephone 0303 123 1113.
5. Declaration of Sub-Processing
To make an informed decision on whether to provide your personal data to Zinco UK using this website, we need to make you aware of the following organisations who act as Data Processors for us in the provision of our services to you:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland has a validated entry under the EU-US Privacy Shield Agreement.
- Sage Group plc, North Park, Newcastle upon Tyne, NE13 9AA for business administration purposes.
- ZinCo GmbH, Lise-Meitner-Strasse 2, 72622 Nuertingen, Germany, where your personal information may be maintained, processed and stored. Germany falls under the requirements of the EU General Data Protection Regulation
We confirm that we have undertaken applicable due diligence and validation on each of the declared sub processors to ensure that they are aware of and able to deliver their applicable requirements under the EU General Data Protection Regulation.
The activities within which each of these Data Processors participates have been recorded within the applicable Company Privacy Impact Assessment records (also known as Data Protection Impact Assessments under GDPR) and these are available upon request from the Company’s Data Protection Officer (see Section 11).
6. Website Cookies
Cookies are small text files sent by us to your computer, and from your computer or mobile device to us each time you visit our website. They are unique to you or your web browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser session. Persistent cookies last until you or your browser delete them, or until they expire.
7. Google Analytics
Google Ireland Limited has a validated entry under the EU-US Privacy Shield Agreement.
8. Social Media presence and social media features
We maintain online presences on social media platforms such as LinkedIn, to provide information about ZinCo and its portfolio for active users on such platforms. Our Website can include social media features.
9. External Links
The Zinco UK website may include relevant hyperlinks to external websites not controlled by us. Whilst all reasonable care has been exercised in selecting and providing any such links, you are advised to exercise caution before clicking any external links. We cannot guarantee the ongoing suitability of external links, nor do we continually verify the safety or security of the contents which may be subsequently provided to you. You are advised, therefore, that your use of external links is at your own risk and we cannot be responsible for any damages or consequences from your use of them.
10. Transferring Data outside the UK
ZinCo UK is based in the UK but sometimes your personal information may be transferred outside the European Economic Area. If we do so we’ll make sure that relevant safeguards are in place.
11. Contacting Zinco UK
The Data Protection Officer
2 Rivers Industrial Estate
Witney, OX28 4BH
12. Description of the data processing
The Personal Data Processed concern the following categories of Data Subjects:
- Customers, Sales Leads, Suppliers, interested persons, relevant stakeholders
Categories of data
The Personal Data transferred concern the following categories of data:
- Name, address, contact data (e.g. email, telephone nr.), content data (e.g. text input), contract data, usage data (e.g. visited web sites, access time), meta data (e.g. IP address)
Special categories of data
The Personal Data transferred concern the following special categories of data:
No sensitive personal data is processed.
Purpose of Processing
The purpose of the Processing is:
- Based on your consent, we process information for the following purposes: to operate the online services, online contents and its functionality, to provide goods and services, maintain a healthy customer relationship. For some relevant stakeholders, the data you provide is also required to fulfil contractual services. We cannot fulfil our obligations to you without this information.
13. Duration of personal data storage
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance