It is important for us to process and use your data only in accordance with the General Data Protection Regulation (“GDPR”, from the GDPR implementation date) or, until GDPR implementation date, the Data Protection Act 1998, (collectively the “Data Protection Laws”) and your expectations, and to be transparent with you in how we process and use your data.
- Who we are
We are a European supplier providing services, as set out on our website, to the retail and captive asset funding industries for the management of stock and business processes owned by our clients.
With over fifty years’ experience and a Europe-wide capability, we are an industry- partner committed to building the sort of long-term relationships and deep understanding required to deliver an end-to-end solution.
Innovative and proactive in our approach to product development and service delivery, we engage, listen and work with our customers in a way they appreciate and can rely on, often operating as an extension of their own teams to deliver tangible business benefit and value add in what are often highly competitive and KPI-driven environments.
This means we have strong relationships with our clients and longevity in the services we provide to them. We are all about supporting our clients’ long-term vision and objectives. We work at the heart of our clients’ businesses, and our sector expertise means we can design sustainable service solutions that align with their business strategies.
- What data we collect
In connection with the different ways we may interact with you and the various services that we provide, we collect the following categories of data:
- C1: Contact information, including name, address, telephone number and e-mail address.
- C2: Identity data, including gender and date of birth.
- C3: Communication data between you and us, including recordings of calls to our service centres, e-mail communication, online chats, comments and reviews collected through surveys or posted on our channels and on social media platforms.
- C4: Digital information data collected when you visit our websites, applications or other digital platforms, including IP-addresses, browser data, traffic data, social media behaviour, and user patterns. If you subscribe to our newsletters, we may collect data regarding which newsletters you open, your location when opening them and whether you access any links inserted in the newsletters.
- Where we collect your data from
Most of the data that we have about you are provided by you. We collect C3 and C4 data from our websites, applications and similar digital platforms.
- Use of your information
Description: We use C1, C2 and C3 data to ensure that we can supply the goods or services you have requested. We may provide such information by electronic or other means.
Legal basis: We use such data as part of our business relationship. Further, we use such data to provide you with other information necessary to fulfil our legitimate interests, including to ensure that we process invoices and to contact you, where necessary, concerning any orders you may place with Retail & Asset Solutions Limited.
Disclosure: We may disclose C1 and C2 data to our corporate partners, as they may need this information to communicate with you and to provide support and assistance.
Description: We use C1, C2 and C4 data to provide you with newsletters from us about our products and services.
Legal basis: Our use of such data is based on our legitimate interests in providing you with relevant information to promote our products and services. You may at any time opt out of receiving such information.
Disclosure: We may process your data to enable us to send you relevant information to promote our products services.
Description: We may use and compile C1, C2, C3 and C4 data for profiling purposes. Profiling is an automated processing of personal data where your personal data is used to evaluate, analyse and predict your preferences, interests and behaviour (profiling). We use this data to provide you with customised information about services and offers that you may appreciate.
Legal basis: We carry out profiling to fulfil a legitimate interest, which is to customise our services for your benefit. You may at any time object to our use of your personal data for profiling purposes.
Disclosure: We will not disclose the profiles we have generated based on your data to third parties’ other than any member of our group.
Description: We may carry out video surveillance on premises and store C4 data to prevent crime and ensure your safety.
Legal basis: We carry out video surveillance that is necessary to fulfil a legitimate interest which is to prevent crime and ensure your safety while you are on our premises.
Disclosure: We will not disclose video surveillance footage to third parties unless required by law or on request from authorities.
- How long we store your data for
We will only store your data for as long as it is necessary to fulfil the purpose of the processing of your data.
We will store your C1, C2, C3, C4 data from the point for the duration of our contractual relationship and up to a period of three years after our contractual relationship has ended, if we believe this is necessary to handle potential complaints or claims. We may store your data longer if you wish for us to keep your data and you have consented to this.
We will store C4 data as required by applicable law.
We will store your C1, C2 C3 & C4 data for as long as you wish to receive information and marketing communications from us.
We store video surveillance footage for a period of 48 hours. If we deem it necessary to deliver video surveillance footage to the police due to a criminal incident or similar, we may store the video surveillance footage for 30 days.
- International transfer of data
RAS provides services across Europe.
We have affiliates, branch offices, agents and corporate partners that are established throughout Europe to which we may transfer data, as described in section 5 above. We will ensure that your data is adequately protected by the receiving parties in such countries. Adequate protection may typically be to impose on the receiving party contractual obligations that ensure that it maintains the same level of privacy and data security as practised by us. You may ask for further information or a copy of the safeguards that we have in place to ensure lawful transfer of your data.
- Disclosure of your information
Where you have provided us with your details for marketing purposes, we may also allow other companies in our group, to contact you occasionally about related products and services which may be of interest to you. They may contact you by post and telephone, as well as by email. If you change your mind about being contacted by these companies in the future, please let us know.
If we pass your information to non-EEA/International organisations for processing on our behalf, we will ensure the appropriate level of protection is offered to your information, to ensure its protection as per the Data Protection Laws, while taking into account that the non-EEA country may not have equivalent data protection and privacy laws to the EEA.
Finally, if our business or part of it enters into a joint venture with or is sold to or merged with another business entity, your information may be disclosed to our new business partners or owners.
Unless required to do so by law, we will not otherwise share, sell or distribute any of the information you provide to us without your consent.
We take appropriate measures to ensure that any personal data is kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
- How you can access, rectify or erase your data and file complaints
Under the General Data Protection Regulation, you have a number of important rights. In summary, those include rights to:
- require us to correct any mistakes in your information which we hold;
- require the erasure of personal data concerning you in certain situations;
- receive the personal data concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit the data to third parties in certain situations;
- object at any time to processing of personal data concerning you for direct marketing;
- object in certain other situations to our continued processing of your personal data;
- otherwise restrict our processing of your personal data in certain circumstances;
- claim compensation for damages caused by our breach of any data protection laws.
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please contact us via the details below.
If you wish to make a complaint about how your personal data is being processed by Retail & Asset Solutions Limited (or third parties), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our group’s data protection representatives. Please see the relevant contact details below.
- Retail & Asset Solutions Limited contact details
Retail & Asset Solutions, Osprey House, Crayfields Business Park, New Mill Road, Orpington, BR5 3QJ, United Kingdom. Tel +44 (0) 1689 879 444
Supervisory authority contact details: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF, United Kingdom. Tel: +44 (0) 303 123 1113