Last Updated: 08/03/18
Data protection is of a particularly high priority for all of us at McCormack Benson. The use of our internet pages is possible without any indication of personal data; however, if a Data Subject wants to use special Company services via our website, processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the Data Subject.
The processing of personal data, such as the name, address, e-mail address, or telephone number of a Data Subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the UK data protection regulations applicable. By means of this data protection declaration, our Company would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, Data Subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the Controller, we have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website.
1. Name and Address of the Data Protection Representative
The Data Protection Representative of the controller is:
Name: Paul Johnson
McCormack Benson Health and Safety
Unit 1, Hedley Avenue,
Phone: 01375 398998
Any Data Subject may, at any time, contact our Data Protection Representative directly with all questions and suggestions concerning data protection.
2. How we collect your data
We collect your information when you complete our online contact form. We might also acquire information about you from third-party marketing companies. We also collect data that we obtain using cookies on our website. In addition, we record data that is submitted in the enquires contact form via the website. The information we collect includes Name, email address, telephone number, IP address, browser version and visitor operating system.
3. What we do with your data
4. Collection of Cookies and similar Technologies
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer's hard drive. Like many sites, we use "cookies" to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
4.2 Website Tracking
Our website collects a series of cookies and similar technologies when a Data Subject accesses the website. This information is stored in the server log files. Collected may be; the browser types and versions used, the operating system used by the accessing system, date and time of access to the Internet site along with IP addresses.
When using this information, we do not draw any conclusions about the Data Subject. Rather, this information is needed to deliver the content of our website correctly, optimize the content of our website, ensure the security of the website technology, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
5. Contact via the website
Our Website contains information that enables a quick electronic contact with our Company, as well as direct communication with us via e-mail. If a Data Subject contacts us by e-mail or via a contact form, the personal data transmitted by the Data Subject is automatically stored. Such personal data transmitted on a voluntary basis by a Data Subject to us is stored for the purpose of processing or contacting the Data Subject.
6. Retention of personal data
McCormack Benson shall process and store the personal data of the Data Subject only for the period of one day in relation to Cookies and similar Technologies. Contact via the website will be stored until the initial enquiry has been completed, or there is a contractual obligation to keep.
If the storage purpose is not applicable, and no further contact within one month, the personal data is routinely erased in accordance with legal requirements.
7. Rights of the Data Subject
7.1 Right of confirmation
Each Data Subject shall have the right to obtain from the Controller the confirmation as to whether or not personal data concerning him or her is being processed. They can do so by contacting our Data Protection Representative
7.2 Right of access
Each Data Subject shall have the right to obtain information about his or her personal data stored at any time, along with a copy of this information. Information held on a Data Subject will be provided free of charge, however a £10 admin fee if there are subsequent excessive requests for further information; This information must be provided within one month of verifying the identity of the Data Subject. This can be extended by up to 2 months for complex or numerous requests.
If a Data Subject wishes to avail himself of this right of access, he or she may at any time contact our Data Protection Representative.
7.3 Right to rectification
Each Data Subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
If a Data Subject wishes to exercise this right to rectification, he or she may, at any time, contact our Data Protection Representative.
7.4 Right to erasure (Right to be forgotten)
Each Data Subject shall have the right to the erasure of personal data concerning him or her without undue delay, and we shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.
- The Data Subject withdraws consent to which the processing is based and where there is no other legal ground for the processing.
- The Data Subject objects to the processing and there are no overriding legitimate grounds for the processing.
- The personal data has been unlawfully processed.
- The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject.
If one of the above reasons applies, and a Data Subject wishes to request the erasure of personal data stored by us, he or she may at any time contact our Data Protection Representative. They will promptly ensure that the erasure request is completed immediately.
7.5 Right of restriction of processing
Each Data Subject shall have the right to obtain restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by the Data Subject, for a period enabling the Controller to verify the accuracy of the personal data.
- The processing is unlawful and the Data Subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
- We no longer need the personal data for the purposes of the processing, but it is required by the Data Subject for the establishment, exercise or defence of legal claims.
- The Data Subject has objected to processing pending the verification whether the legitimate grounds of the Company override those of the Data Subject.
If one of the aforementioned conditions is met, and a Data Subject wishes to request the restriction of the processing of personal data stored by the Company, he or she may at any time contact our Data Protection Representative. They will arrange the restriction of the processing.
7.6 Right to data portability
Each Data Subject shall have the right to receive the personal data concerning him or her, provided in a structured, commonly used and machine-readable format. He or she shall have the right to transmit that data to another controller without delay to which the personal data has been provided, as long as the processing is based on consent, or on a contract, and the processing is carried out by automated means.
Furthermore, in exercising his or her right to data portability, the Data Subject shall have the right to have personal data transmitted directly from one Controller to another.
In order to assert the right to data portability, the Data Subject may at any time contact the Data Protection Representative.
7.7 Right to object
Each Data Subject shall have the right to object to processing of personal data concerning him or her. We shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defence of legal claims.
If we process personal data for direct marketing purposes, the Data Subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. If the Data Subject objects to the processing for direct marketing purposes, we will no longer process the personal data for these purposes.
In order to exercise the right to object, the Data Subject may directly contact the Data Protection Representative.
7.8 Right to withdraw data protection consent
Each Data Subject shall have the right to withdraw his or her consent to processing of his or her personal data at any time.
If the Data Subject wishes to exercise the right to withdraw the consent, he or she may at any time directly contact our Data Protection Representative.
8. Processing of personal data as statutory or contractual requirement
We clarify that the processing of personal data is a result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the Data Subject provides us with personal data, which must subsequently be processed by us. The Data Subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the Data Subject could not be concluded. Before personal data is provided by the Data Subject, they must contact our Data Protection Representative. Our Data Protection Representative clarifies to the Data Subject whether the processing of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and the consequences of non-processing of the personal data.
9. Lodging a complaint
Every Data Subject has the right to launch a complaint with the Supervisory authority. The supervisory authority can be selected based on;
- Member state of habitual residence of Data Subject
- Place of Work of the Data Subject
- Place of alleged infringement
Supervisory authority shall inform the complainant of progress, including the possibility of judicial remedy. McCormack Benson resides with the United Kingdom and therefore the lead authority is the Information Commissioners Office (ICO).
Information Commissioner's Office
Tel. 01625 545 745