1. Definitions and Interpretation
In this Policy the following terms shall have the following meanings:
means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 14, below;
means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to Us via Our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”);
“Retail partner and service provider”
means any retail partner and service provider of content, good or services in connection with Our site
2. Information About Us
2.1 We are a limited company registered in England and Wales under company number 3419460 whose registered address is 8 Ash Tree Court Woodsy Close Cardiff Gate Business Park Cardiff CF23 8RW
2.2 iCOM Works Limited is the controller and responsible for your personal data
2.3 Print Works, Healthcare Print Works, Reward Works, Saving Works, Vectis Card, Trace Safe, Cheqsoft, iSend, Print4Safety are trading names of Ours
2.4 Our Site is owned and operated by iCOM Works Limited.
2.5 Our VAT number is GB 701153490
2.7 We are registered under the Data Protection Act (No. Z566699X)
2.8 We are International Organisation for Standardised (ISO) 9001 and 14001 certified
2.9 We are accredited Investors in People Silver
4. Third Party Links
4.1 Our Site may contain links to Our other websites and other third party websites. Clicking on those links or enabling those connections may allow third parties to collect, store, use or share data about you. We do not control these third-party websites and are not responsible for their privacy policies. When you leave Our Site We advise you to check the privacy policies of any such websites before providing any data to them.
4.2 Any retail partner and service providers that feature on this Site have been chosen for their service, product quality, reputation, and commitment to customer satisfaction. Any transaction you make is between you and the retail partner and service provider, and although they meet our required standards, we cannot guarantee the privacy of your information once you leave Our Site. You may be required to register with the retail partner and service providers to enable you to access their website.
5. Your Legal Rights
5.1 As a data subject, you have the following rights under the GDPR, which this Policy and
Our use of personal data have been designed to uphold:
5.1.1 The right to be informed about Our collection and use of personal data;
5.1.2 The right of access to a copy of the personal data We hold about you (see section 13);
5.1.3 The right to request rectification if any personal data We hold about you is inaccurate or incomplete (please contact Us using the details in section 8);
5.1.4 The right to be forgotten – i.e. the right to ask Us to delete or remove any personal data We hold about you where there is no good reason of us continuing to hold it. Note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request(We only hold your personal data for a limited time, as explained in section 8 but if you would like Us to delete it sooner, please contact Us using the details in section 15);
5.1.5 The right to restrict (i.e. prevent) the processing of your personal data in the following scenarios: if you want to establish the data’s accuracy, where Our use of the data is unlawful but you do not want Us to erase it, where you need Us to hold the data even if We no longer require it as you need to establish, exercise or defend legal claims, or, you have objected to Our use of the data but We need to verify whether We have overriding legitimate grounds to use it;
5.1.6 The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for Us to use or where We used the information to perform a contract with you. ;
5.1.7 The right to object to Us using your personal data where We are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You may also have the right to object where We are processing your personal data for direct marketing purposes. In some cases We may demonstrate that We have compelling legitimate grounds to process your information which override your rights and freedoms; and
5.1.8 Rights with respect to automated decision making and profiling.
5.2 If you have any cause for complaint about Our use of your personal data, please contact Us using the details provided in section 15 and We will do Our best to solve the problem for you. If We are unable to help, you also have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office.
5.3 For further information about your rights, please contact the Information Commissioner’s Office or your local Citizens Advice Bureau.
6. How Do We Collect Your Data?
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms, Secure File Transfer Protocol (SFTP) or corresponding to us via email or otherwise. This includes personal data that you provide when you:
request marketing to be sent to you;
subscribe to our service or publications
give us some feedback; and
apply for our products or services.
Automated technologies or interactions. As you interact with Our Site, we may automatically collect data about your browsing actions and patterns. We collect this data by using Cookies, server logs and other similar technologies.
7. What Data do We Collect?
7.1 Identity Data includes first name, last name, title, date of birth and gender
7.2 Contact Data includes billing address, delivery address, email address and phone number.
7.3 Financial Data includes bank details and payment card details
7.4 Profile Data includes your preferences, feedback and survey responses.
7.5 Usage Data includes information about how you use Our Site, products and services.
7.6 Marketing and Communications Data includes your preferences in receiving marketing from us and your communication preferences.
Where we need to collect personal data by law, or under the terms of Our contract we have with Our Client and you fail to provide that data as requested, we may not be able to perform the contract that we have.
8. How Do We Use Your Data?
8.1 All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with Our obligations and safeguard your rights under the GDPR at all times. For more details on security see section 9, below.
8.2 Our use of your personal data will always have a lawful basis, either because it is necessary for Our performance of a contract, because you have consented to Our use of your personal data (e.g. by subscribing to emails), or because it is in legitimate interests. Specifically, We may use your data for the following purposes:
8.2.1 Personalising and tailoring your experience on Our Site;
8.2.2 Supplying Our product to you (please note that We require your personal data in order to provide our product to you);
8.2.3 Personalising and tailoring Our product for you;
8.2.4 Replying to emails from you;
8.2.5 Supplying you with emails that you have opted into (for opt out please see section 16 below);
8.2.6 Supplying you with important service emails on Site maintenance, downtime and closure
8.2.7 Providing events such as competitions or free prize draws. Participation in these events is entirely voluntary; full details of the information requested and potential uses and disclosures of that information will be given with the notice of the event.
8.3 With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email with information, news and offers on Our products. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
8.4 We will get your express opt-in consent before we share your personal data with any third-party company for marketing purposes.
8.5 You have the right to withdraw your consent to Us using your personal data at any time, and to request that We delete it.
8.6 We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Data will therefore be retained for the following periods (or its retention will be determined on the following bases):
8.6.1 For the duration of our contract or agreement with the Client.
8.6.2 Once our contract or agreement with the Client ceases or is terminated, your personal data will be deleted within 30 days.
8.6.3 Should dialogue cease, your personal data will be deleted after 5 years.
8.7 We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact Us.
8.8 If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
8.9 Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
9. How and Where Do We Store Your Data?
9.1 We only keep your personal data for as long as We need to in order to use it as described above in section 8, and/or for as long as We have your permission to keep it.
9.2 Your data will only be stored and processed in the UK
9.3 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. Data security is very important to Us, and to protect your data
9.4 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
10. Do We Share Your Data?
10.1 We may sometimes contract with third parties to supply products and services to you on Our behalf. These may include payment processing and delivery of goods. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, We will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, Our obligations, and the obligations of the third party under the law.
10.2 We expect these third parties to have the same level of information protection that we have
10.3 We use third parties to supply the following products and services and share personal data with:
10.3.1 Provision of Employee and Member Benefit Schemes
10.3.2 Provision of Reward and Incentives Provision of print related products
10.3.3 Provision of Online Solutions
10.3.4 Provision of Logistics
10.3.5 Provision of Print related products and electronic solutions
10.3.6 Provision of warehousing and pallet/courier service
10.4 We may need to share your personal details with a retail partner and service provider where it is part of providing a service for you, such delivery of an item or resolution of an enquiry. When required we will only share the information which is essential to providing that service and any third parties that we use will never use your personal information for their own emails unless you've given your express consent.
10.5 We may compile statistics about the use of Our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. We may from time to time share such data with our Client and third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.
10.6 In certain circumstances, We may be legally required to share certain data held by Us, which may include your personal data, for example, where We are involved in legal proceedings, where We are complying with legal requirements, a court order, or a governmental authority.
11. What Happens If Our Business Changes Hands?
11.2 In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will be given the choice to have your data deleted or withheld from the new owner or controller.
12. How Can You Control Your Data?
12.1 In addition to your rights under the GDPR, set out in section 5, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details and by managing your Account.
12.2 You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.
13. How Can You Access Your Data?
13.1 You have the right to ask for a copy of any of your personal data held by Us (where such data is held) Under the GDPR, No fee is payable under normal circumstances. We reserve the right to charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive. Such charges will be based only on the administrative cost that we will incur in order to respond. Alternatively, We may refuse to comply with your request in these circumstances.
13.2 We may need to request specific information from you to help us confirm your identity and to ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
13.3 Please contact Us using the contact details below in section 15. Alternatively, please refer to Our Data Protection Policy.
13.4 We try to respond to all legitimate requests within one month. Occasionally it may take longer if your request is particularly complex or you have made a number of requests. In this case, We will notify you and keep you updated.
15. Contacting Us