ACV UK, with registered offices at St David's Business Park, Dalgety Bay, Fife, KY11 9PF, acting as data controller, processes and uses personal data pertaining to personnel employed by its customers or prospective customers (hereinafter collectively referred to as “Customers”), in compliance with the applicable data protection laws, in particular the European Regulation 2016/679 of 27 April 2016 called the General Data Protection Regulation (hereinafter referred to as “GDPR”).
This privacy notice sets out why and how ACV UK collects personal information about individuals of its Customers (hereinafter referred to as “Customer Data”), how ACV UK protects it and for how long this information is retained. This without prejudice to specific provisions set out in any contract entered into between ACV UK and a Customer.
1. Why ACV UK processes Customer Data?
ACV UK keeps and processes Customer Data, whether or not in electronic form, for administrative, marketing and customer management purposes, including for the following non-exhaustive activities: responding to any communication, inquiry or request which a Customer submits to ACV UK (including via the website), processing information relating to the purchase (actual or potential) of ACV ACV's products and/or services, sending statements and invoices, providing Customers with newsletters and marketing communications, conducting surveys and market research, improving ACV UK’s products and/or services and dispute resolution.
2. Legal grounds for processing the Customer Data
Customer Data is processed on one or more of the following legal grounds:
- Contract: To enter into and managing the performance of a sales related contract with a Customer
- Legal Obligation: To comply with ACV UK’s legal obligations or requirements
- Legitimate Interest: Processing is necessary for the legitimate interests of ACV UK and/or a third party
- Consent: The individual concerned has provided consent to allow ACV UK to process their Customer Data
The nature in which ACV UK and/or a third party processes Customer Data for legitimate interests is in communicating with the Customers from time to time about products, services, events offered by ACV UK, and other communications such as research and insights, that may be of interest to the Customers. ACV UK will never process Customer Data for legitimate interest unless the processing is necessary and appropriate balanced against the individuals own interest.
3. Categories of personal data processed as Customer Data?
Customer Data is all personal information relating to an identified or identifiable natural person who is associated with or related to a Customer. For the above mentioned purposes, the processing of Customer Data may include the following categories:
- personal identification data, such as name and address;
- electronic identification data, such as email address and phone number;
- employment related data, such as job title and related employer;
- personal details, such as language and gender; and
- Survey data.
4. Where Customer Data comes from?
When an individual of a Customer contacts ACV UK, the initial data is likely to come from the individual concerned. ACV UK may also contact an individual of a Customer for prospective purposes if initial data has not been obtained from such individual directly (e.g. re-sellers who pass on personal data to ACV UK for a contact at a prospective customer). During the course of the Customer relationship, the individual concerned or another representative of the Customer will provide ACV UK with further information (e.g. information needed for the purchase order). If the Customer does not provide ACV UK with information that is required by law or contract, ACV UK may decide not to enter into the contract or end the sales relationship. For instance, if a Customer contact does not wish to share with ACV UK their email address, they will not receive any of the ACV UK’s electronic newsletters.
ACV UK may also receive or generate data relating to the Customer contacts from other customers, suppliers or those to whom the Customer contact communicates by email or other systems.
5. Who has access to the Customer Data?
For the abovementioned purposes, Customer Data may be disclosed to, and possibly even processed by:
- the individuals themselves or other individuals employed by or representing the Customer;
- ACV UK’s personnel who have a need-to-know about the Customer Data at stake;
- the personnel of affiliates of ACV UK and who have a need-to-know about the Customer Data at stake;
- the public authorities in accordance with the applicable laws and regulations;
- ACV UK’s service providers who have a need-to-know about the Customer Data at stake, such as IT and logistics providers; and
- other professional advisors of ACV UK who have a need-to-know about the Customer Data at stake.
6. Customer Data transferred Internationally
ACV UK may transfer information about Customers, including Customer Data, to affiliates of ACV UK for purposes connected with the management of the ACV UK’s business. It may also be necessary in limited circumstances to transfer Customer Data abroad or to an international organisation to process and/or store this information to comply with our legal or contractual requirements. For transfers of data internationally, ACV UK has implemented appropriate safeguards in line with GDPR requirements.
7. Retention of Customer Data
Customer Data will be retained no longer than necessary for the purposes described above. Customer Data provided in respect of a contact of a prospective Customer is retained no longer than a normal sales cycle length, with a maximum period of 1 year after the end of the prospecting procedure. Typically, and unless otherwise stated in other related documents for specific categories of data, Customer Data will be retained during the term of the contract as well as following the expiration or termination of the applicable contract for as long as ACV UK may have legal liability for which the use of Customer Data may be relevant, taking into account the applicable statutory periods of limitation and legal retention obligations.
8. How Customer Data is protected
ACV UK keeps the Customer Data as safe and secure as reasonably possible, protecting it against loss and unauthorised disclosure or access.
9. What are the individuals’ rights and who can they contact?
Subject to the requirement of GDPR, the individuals who have personal information collected and processed as Customer Data have the right at any time to contact ACV UK to:
- access, rectify or erase their Customer Data;
- restrict or object to the processing of their Customer Data;
- data portability, allowing the individual to copy or transfer their Customer Data;
- where an individual has provided consent to process their Customer Data, to withdraw that consent at any time (which will not affect the lawfulness of the processing before consent was withdrawn); and
- receive more information about the safeguards in case of international data transfers.
Individuals also have a right to lodge a complaint with the UK Data Protection Authority or another EU supervisory authority if the individual thinks ACV UK has not acted in line with any applicable data protection laws in respect of dealing with their Customer Data.
The contact at ACV UK for any further information about these rights is:
Customer Service Manager
+44 1383 820100 Etxn: 204
ACV INTERNATIONAL may amend this privacy notice from time to time as needed, notably to comply with changes in any applicable laws, regulations or requirements introduced by data protection authorities.