Red Arch Manufacturing Ltd is committed to ensuring that your privacy is protected and will treat all information held about you in accordance with this policy which is in line with current UK legislation. For these purposes Red Arch Manufacturing Ltd is a ‘data controller’ meaning that we decide how and why the personal data that we collect is used.
Any reference to ‘we’, ‘us’, ‘our’, ‘the company’ shall mean Red Arch Manufacturing Ltd.
- How we collect personal information
- How we use the information we collect
- Your rights and how you can manage the use of your personal information
- Procedures that we have in place to safeguard your privacy
- How you can make a complaint or contact us
The information we collect
We only gather the personal information we need for business purposes in order to provide you with the services you have requested or to comply with our regulatory obligations, as well as appropriate news and information.
The personal data we collect will be the information that you provide and will include your name, (billing and delivery) address, phone numbers and email address and may also include information about you from the e-mails, letters and other communications you send and documents you provide to us.
We may also collect information about your usage of our website (please refer to our Cookies Policy).
Red Arch Manufacturing Ltd collects this information in a variety of ways. We obtain personal data about you, for example, when:
- You request a quote/proposal from us in respect of the (automotive component and accessory parts) services we provide;
- You or your employer or our clients engage us to provide our services and also during the provision of those services;
- You contact us by email, telephone, post etc. (For example when you have a query about our services);
- We meet with you.
We also collect personal data about you from third parties and/or publicly available resources, (for example, internet searches). Data is stored in a range of different places, including in relevant files, and within email and IT systems.
How we will use your personal data
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you
- Where we need to comply with a legal obligation
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
We may also use your personal information in the following situations, which are likely to be rare:
- Where we need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest (or for official purposes).
We need all the categories of information in the list above primarily to allow us to perform our contract with you and to enable us to comply with legal obligations. In some cases we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests. The situations in which we will process your personal information are listed below.
- Administering the contract we have entered into with you
- Business management and planning, including accounting, auditing, network and IT security
- Managing and conducting performance
- Dealing with legal disputes involving you
- To prevent fraud
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
What if you do not provide personal data?
If you refuse to provide us with certain information when requested, we may not be able to perform the contract we have entered into with you or we may be unable to comply with our legal obligations.
Do any third parties have access to my data?
We will share your personal information with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
We will share your personal information within Red Arch Manufacturing Ltd in the context of system maintenance support and hosting of data.
“Third parties” includes third-party service providers (including contractors and designated agents). These “third parties” are other companies employed to provide services for us who will have access to the personal information needed to perform their functions and not for any other purpose. The following activities are carried out by third-party service providers: IT (and cloud services), professional support services, administration services (including Occupational Health & Safety), (website) marketing services, distribution/delivery services and banking services.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
How secure is my information with third-party service providers?
All our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We will put in place appropriate security measures to protect your data proportionate to the size of our operation, the resources available to us and the nature of the data we store on you.
How does Red Arch Manufacturing Ltd protect data?
Our business operates in compliance with ISO/TS 16949, the internationally recognised Quality Management System specification for the automotive industry, and ISO 14001 Environmental Management System standards. We take our high standards seriously, which involves us making efficient use of resources, reducing waste and showing due diligence to protect the security of your data as part of our focus on delivering customer satisfaction and high performance.
We have internal policies and controls in place in respect of security that are regularly reviewed to ensure that they are commercially reasonable and appropriate, to prevent data from being accidentally lost or destroyed, used or accessed in an unauthorised way, altered or disclosed. Our policies and controls are designed to limit access to those employees, agents, contractors and other third parties who have a business need to know.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Where Red Arch Manufacturing Ltd engages third parties to process personal data on its behalf, they do so on the basis of written instructions and are obliged to implement appropriate measures to ensure the security of data.
How long does Red Arch Manufacturing Ltd keep data?
In respect of client data, we will typically hold data relating to your instructions no longer than seven years after all completed business activity. We will only retain your personal data for as long as the law requires or as long as it is necessary to fulfil the purposes for which it is collected, taking into account the nature of the information and purpose for which it has been obtained and is used or held.
Your personal information will only be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Under certain circumstances individuals have certain rights over their personal data. These include:
- requesting access to and thereby receiving details of personal data held;
- requesting correction of personal data, where appropriate;
- requesting erasure of personal data, where appropriate;
- objecting to the processing of your personal data where Red Arch Manufacturing Ltd is relying on its legitimate interests as the legal ground for processing; and
- requesting the restriction of processing of your personal data for a period if data is inaccurate or there is a dispute about whether or not your interests override Red Arch Manufacturing Ltd’s legitimate grounds for processing;
- Requesting the transfer or your personal data where processing is based on consent, is carried out by automated means and is technically feasible.
If you want to review, verify, correct, request erasure, request that we transfer a copy of your personal data to a third party or object to the processing of your personal data, please contact us in writing at our registered office or by emailing : firstname.lastname@example.org
Please note that where you ask us to erase, correct, object to process, or seek to restrict our processing of data we may refuse your request where we have a legal obligation, contractual or other legitimate business interest to refuse your request. If we refuse your request then we will notify you of this refusal and you will have the right to appeal.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
Changes to how we protect your privacy
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting other sites even if you access them using links to or from our website. You should exercise caution and look at the privacy statement applicable to the website in question.
Red Arch Manufacturing Ltd tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention and welcome any suggestions for improving our procedures.
If you believe that we have not complied with your data protection rights please contact us accordingly. We will look into any complaint carefully and promptly and do all we can to explain the position to you.
You also have the right to complain to the Information Commissioner’s office (https://ico.org.uk/)
How to contact us
We always want to hear from our customers. If you:
- Have any questions or feedback
- Would like us to stop using your information
- Want to exercise any of your rights as set out above, or have a complaint.
Please don’t hesitate to contact us and we will be happy to answer any questions you may have.
You can contact us at email address: email@example.com or else through the Red Arch Manufacturing Ltd website. Or if you’d like to, you can write to us at: Red Arch Manufacturing Ltd, March House, Long March, Daventry, Northamptonshire, NN11 4NR.
Review of this Policy
We keep this Policy under regular review. This Policy was last updated on 31 July 2018.