HPAS are a trading name of Scantech Group Ltd, this privacy policy sets out what information Scantech Group Ltd (“Scantech”, “we”, “our”, “us”) collect about people, why we collect it, and how we access, disclose and secure this personal data, in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, and with our legal and contractual obligations.
This notice applies to data that we collect through: -
This notice also applies to any other services or content that link to or reference this document.
Certain of our websites may publish their own service-specific privacy notices, which may extend or refine, but do not override, the terms of this policy.
1. The Information we collect
The type of data we collect depends on the nature of the persons relationship and interactions with Scantech.
Online service users
For users of our online services, we will collect only such personal data as I necessary to validate their identity and fulfil their orders. This will usually consist of name, address, email address and telephone number. For security purposes, we may also store digital information such as the IP address, device, software and geographic location from which they have accessed the website or service. We do not store credit card details – see item 15.
Customers and prospective customers
For prospective customers who have made an enquiry via telephone, email, in writing or in person, we will collect only such information as is necessary to enable general communications and to produce estimates for work.
For customers we may collect further information for the purposes of accounting, due diligence, credit checks etc., and all such data as may be necessary for the processing and fulfilment of orders.
For customers and prospective customers, except in cases where consent is explicitly sought and freely given on an opt-in basis, the basis on which we collect their data is the legitimate interest of providing business services.
Customers of Third Parties
We may also collect and process personal data on behalf of a third party when providing commercial services such as personalised printing and mailing/distribution. In this relationship, Scantech is the Data Processor, and the third party is the Data Controller. The person will not necessarily be aware the Scantech holds their data, and all their enquiries should be made in the first instance through the Data Controller. In this situation, we will only collect such information as is necessary for the purposes of completing the job. This will normally consist of the person’s name, a mailing address, and any details necessary to personalise the communication.
Special Category data
Scantech does not usually collect or process Special Category personal information, as defined by Article 9 of the UK GDPR. This incudes data revealing a living persons racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life, sexual orientation, genetic data, personally identifiable biometric data, or health data. Any exceptions, which can occur with explicit consent only, will be handled in strict compliance with the requirements of Article 9 of the UK GDPR.
2. How we use personal information
For customers or prospective customers of Scantech, we may use their personal information:
Where we process personal information on the basis of legitimate interest, we must first weigh this against the persons own rights, freedoms and interest, in accordance with Article 6 of the UK GDPR.
If their information has been supplied to us by a Third Party that has contracted us to provide personalised printing and/or mailing services, we will use their personal information only for the purposes of carrying out the work specified in the contract. This will usually consist of producing personalised printed materials and facilitating their delivery by post or courier.
Automated decision making
We will not use people’s personal information for the purposes of automated decision making.
3. Sharing Personal Information
Scantech will not share peoples personal information with any third parties, with the following exceptions:
4. International Transfers of Personal Information
We will not transfer personal information to countries where data protection laws are inconsistent with GDPR/UK GDPR, except where it is necessary to provide names and mailing address to facilitate overseas deliveries.
5. How we keep Personal Information secure
Scantech applies appropriate practices, processes, training, technical measures and physical security to protect the confidentiality, integrity and availability of personal information, whether it be in digital or printed form.
We retain personal information for only as long as necessary to fulfil the processing purpose, except where we are required to retain it for longer by law or regulation, or for the purposes of legal or regulatory investigations.
6. Personal Rights: Access Requests
People have the right to request a copy of all their personal data held on our systems, free of charge, in accordance wit Article 12 of the UK GDPR. Scantech must respond within 1 month, and must provide data in a concise, intelligible, easily accessible and portable form, in accordance with article 20 of the UK GDPR.
7. Personal Rights: Rectification
People have the right to request that we correct their data at any time, free of charge, in accordance with Article 16 of the GDPR. If we alter personal data for any reason, the data subject has the right to be informed.
8. Personal Rights: Erasure
People have the right to request that we remove their data at any time, free of charge, in accordance with Article 17 of the GDPR (commonly known as “the right to be forgotten”). Their right to erasure may be overridden by other requirements, for example where we have a legal obligation to retain the data. If we remove personal data for any reason, the data subject has the right to be informed.
9. Personal Rights: Restriction and Objection
People have the right to restrict or object to the way we use their personal information.
10. Personal Rights: Withdrawal of Consent
People have the right to withdraw their consent for the processing of their personal information at any time.
11. Making a Complaint or contacting us
If people have any concerns about our use of their personal information, they can make a complaint to us directly:
Data Protection Officer
Scantech Group Ltd
17 Burgess Road
Hastings
TN35 4NR
Tel: 01424 722733
e-mail: dpo@scan-tech.co.uk
They can also make a complaint to the Information Commissioners Office:
Whycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
12. Accuracy
People should ensure any personal data suppled to us is accurate and up to date. If they have set up an account on our website, they will be able to access and update their personal information via the website. If their personal details, business details, or any other relevant details such as address should change, they should notify our accounts department via the usual channels.
13. Mailings and Marketing Communications
We may contact existing customers via email, telephone or direct mail to inform them of new products, services or of any special offers which we believe may be of interest to them, in accordance with the principle of legitimate interest as set out in the GDPR. However, they have the right to be removed from our marketing lists immediately upon request and to be excluded from any future communications.
We may also contact prospective customers via email, telephone or direct mail to inform the of new products, services, promotions or other news, if they have freely ticked the relevant opt-in consent box on our website or marketing platform. By ticking these boxes, they are considered to have given consent under Article 12 of the GDPR.
14. IP Addresses and Cookies
When people visit our websites, we may collect information about their computer, including their IP address, operating system and browser, for security and system administration purposes, and to help improve the browsing experience, This is statistical data about their browsing behaviour, and cannot identify them as individuals.
Users may refuse to accept cookies by activating the setting on their browser which allos them to refuse the setting of cookies. However, if they select this setting they may be unable to access certain areas and functionality of the website.
15. Credit Card Information
Scantech is compliant to the Payment Card Industry Data Security Standard (PCI-DSS) as a Level 4 Organisation. All credit card transactions between customers and Scantech are managed in accordance with this standard.
Credit card transactions via our websites are handled by our online payment service provider, Stripe. We do not process or store credit card details on our servers.
Credit card payments taken in person or over the phone are handled by our offline payment service providers, TakePayments (in associations with Barclaycard). We must not write down, store or otherwise record credit card details, and call recording must be switched off for all telephone conversations featuring card details.