Please read the following carefully to understand our practices regarding your Personal Data and how we will treat it in respect of your use of our services.
We hope that the following sections will answer any questions that you may have, but if not, please do get in touch with us.
We would kindly request that you are at least 18 years old for you to give us any personal data. We do not knowingly collect or process data for anyone aged under 18 years old.
2. Who is Yamato Scale Dataweigh (UK) Ltd?
Yamato Scale Dataweigh (UK) Ltd which we shall refer to as ‘we’, ‘us’, ‘our’ and ‘Yamato’ in this document trades under the brand names of Yamato Scale Dataweigh (UK) Ltd and Dataweigh. Yamato Scale Dataweigh (UK) Ltd is a company registered in England and Wales under company number: 02919226.
3. What personal data do we collect?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed which is often known as anonymous data.
You can visit our website and find information about our products without telling us who you are and without providing any personal data other than Technical Information (as described below). Please note, however, that if you do not provide the minimum necessary data requested then we may not be able to provide you with certain services and information, for example if you do not provide us with a valid email address to respond to a query then we will be unable to respond to you.
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Your name, work email address, work telephone number and company name.
We sometimes collect other business data and administrative information to enable us to provide our products and services to you, this includes billing and delivery address, and bank details.
Key Business Contacts
This includes key employee’s name, salutation, work address, work telephone number, work email, department, role type, job title, notes (e.g. when last contact was made) and business industry. This does not include an individual’s hobbies or interests.
We may collect notes or write contact reports from our conversations and meetings with you. We sometimes collect details of any complaints, testimonials or other comments you make. We collect details provided by you when completing a form or submitting an enquiry through our website, in addition to files downloaded, web pages you visit and how and when you contact us. We may also collect your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
These are documents to prove your identity or your company’s credit worthiness, this includes credit reports, our internal credit check forms, credit and trade references and copies of passports and driving licences for sole traders, partners and directors.
This includes detail about transactions made, including customer name, date of order and delivery, product details, delivery address, price of product ordered including VAT and amount of any discounts applied, payment date / outstanding, order source, card authorisation number, transaction reference, invoices and notes for delivery (i.e. instructions for delivery).
This includes your marketing preferences, which of our website pages you visited, information you have downloaded, and what services you have used in the past.
4. How do we collect your personal data?
There are many ways in which we may collect your data, and this depends on how you engage with us.
Information you give us:
- When you provide us with your personal data to request a product or service from us.
- When you request and receive customer support or enquire about our products or services on the telephone, via a web enquiry, by email or in person with one of our sales people.
- When you engage with us on social media.
- When you register for a prize draw or competition.
- When you register for, or visit us at an event.
- When you subscribe to our newsletter or marketing materials.
- When you comment on or review our services.
Information we collect:
- When you visit our website using automated technologies or interactions.
- When we collect Identity Data from publicly available sources such as credit check providers to carry out due diligence checks.
- We collect Key Business Contacts from publicly available sources such as a business websites to enable us to make initial contact with you where we think our products may be of interest to your organisation. We do not add these details to our internal CRM system unless you confirm you are interested in our products and services.
- We receive Key Business Contacts from our industry contacts. Again, we will contact you before adding your details to our internal CRM system.
5. Why we collect your personal data and the legal basis we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data. We set out below the activities which involve the use of personal data and the legal basis we rely on in each situation:
a) Ordering a Product and/or Service
We use Essential Data, Additional Data and Order Information to enable us to perform our contract with you. Where our contract is with a company we may hold Essential Data and Key Business Contacts relating to employees of that company. This is in our legitimate interests in fulfilling the order.
We also hold some Essential Data, Additional Data, Order Information and Identity Documents to comply with our legal obligations such as anti-money laundering checks and tax purposes.
b) Due Diligence Checks
We carry out due diligence checks which are necessary for our legitimate interests to make business decisions such as deciding credit limits for our customers. The personal data used for this purpose is includes Essential Data, Additional Data and Identity Documents and may include personal data relating to individuals involved in that business.
We sometimes carry out direct marketing activities to business customers. Some of this marketing does not involve the use of personal data (for example sending marketing by post to the registered office of a company, or email marketing to an email address which is not associated with a specific individual such as “email@example.com”. We may also carry our more personalised marketing using personal data such as Essential Data, Key Business Contacts, Interactions Details and Marketing Information as appropriate.
We carry out marketing activities for our legitimate interests to grow and promote our business to existing business customers and prospective business customers. We may also carry out direct marketing activities to you where you have provided your specific consent for us to do this, for example by signing up to our newsletter online or by providing your contact details to us at an exhibition or show.
When we send marketing by email we always include an unsubscribe link.
As mentioned above we sometimes collect and use Key Business Contacts from publicly available sources such as a business websites to enable us to make initial contact with you where we think our products may be of interest to your organisation. We only ever do this in a business to business context and do so in our legitimate business interests to market and grow our business. We do not add these details to our internal CRM system unless you confirm you are interested in our products and services.
We sometimes receive Key Business Contacts from our industry contacts. We use these Key Business Contacts to get in touch with you to discuss the products you are interested in. We only ever do this in a business to business context and do so in our legitimate business interests to market and grow our business and to enable us to create a contract with you. We do not add these details to our internal CRM system unless you confirm you are interested in our products and services.
We sometimes use Interactional Details such as comments and testimonials for marketing purposes. When we process this data internally we do so for our legitimate interests to grow and promote our business. Where such comments and testimonials are published externally this will either be as anonymised data as it will no longer be information from an individual person can be identified or, where this is not anonymised data, we will only publish this with your consent.
Where we rely on consent, you may withdraw your consent at any time, see “What are your rights” at section 12 below.
d) Requests and Queries
We use personal data to respond to requests and queries received from customers and prospective customers, the data we use to do this includes Interactions Details, Key Business Contacts and Essential Data. We do this as it is necessary for us to take these steps prior to entering into a contract with you, in performance of a contract we already have with you or for our legitimate interests to provide our customers or prospective customers the best possible service and improve overall customer experience with us.
We use Technical Information to administer and protect our business and our website (including data analysis, testing, system maintenance, support, reporting and hosting of data). This is necessary for our legitimate interests for running our business, provision of administration and IT services, network security and to prevent fraud.
f) Warranty Administration
We use Essential Data and Order Information where you wish to rely on a warranty for one of our products. Where we sell a third party product to you we may share your Essential Data and Order Information with that third party where you request us to do so to enable you to rely on a product warranty administered by that third party. This data is used for the purposes of the contract of sale.
g) Key Account Management
We use Key Business Contacts and Interaction Details to manage our key accounts. Where appropriate for customers operating in multiple jurisdictions we sometimes share this data within the Yamato Group to make sure these accounts are managed by the right group entity. More detail about our international transfers of personal data can be found at section 9 below.
As mentioned above, if you choose not to share your data with us, then we might not be able to provide some services to you, or to the level of service that you would come to expect from us.
6. What about social media?
We occasionally use a variety of new technologies and social media options to communicate and interact with you. These sites and applications include popular social networking and media sites. To better engage the public in ongoing dialog, we use certain third-party platforms including, but not limited to, Facebook and Twitter. These third-party websites and applications are web-based technologies that are not exclusively operated or controlled by us. When interacting on those websites, you may reveal certain personal information to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share, or retain your personal information.
8. Personal data we disclose to third parties
There may be occasions whereby we disclose your data to a third-party organisation for the purposes set out in “Why we collect your personal data and the legal basis we rely on” at section 5 above. We follow strict guidelines in the storage and disclosure of information that you have given us, to prevent unauthorised access. Third parties to whom your data may be disclosed are:
- Professional advisers including lawyers, bankers, auditors and who provide consultancy, banking, legal, insurance and accounting services to us.
- HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances, including where there is a legal obligation to do so, for example, a court order.
- Our third party service providers and business partners who assist with the running of our website, services and products. This includes hosting providers, payment processing partners, software service providers, backup and support services providers, printing service providers, confidential waste providers, logistics providers or any associated consultants or experts providing advice and information to you on our behalf. Our third party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.
- Third party companies where you request us to do so to enable you to rely on a product warranty for a third party product we have sold to you.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
9. International Transfers
We share some of your personal data with our parent company, Yamato Scale Co Limited and within the Yamato Group. This involves transferring your data outside the European Economic Area (EEA).
We sometimes share Key Business Contacts and Interaction Details within the Yamato Group. This is to provide our customers with quotes and information regarding products and to enable key account management for our multinational customers.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers or transfer personal data to our parent company (in the absence of an adequacy decision mentioned above), we use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
10. How do we protect your personal data?
The security of your personal data is extremely important to us but please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. We use appropriate security measures to help us protect your personal data, but we cannot guarantee its absolute security. To help us to protect your data we:
- Ensure that the collection and processing of such personal data is done in accordance with the EU General Data Protection Regulation (GDPR).
- We secure all transactional areas of our website using ‘https’ technology.
- Limit the access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and require that they only process your personal data on our instructions and they are subject to a duty of confidentiality.
- Use necessary security layers such as password protection.
- Regularly monitor our systems and processes for any vulnerabilities or attacks and identify ways to enhance our security.
11. How long will we keep your personal data?
Whenever we collect or process your personal data, we shall only keep it for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
At the end of the relevant retention period, your data will either be deleted completely or anonymised, so that it can no longer be associated with you, this anonymous data is then used for statistical analysis and business planning purposes.
If you are an active ‘client’, and we provide a regular service to you and your business, then we would expect to store and maintain your personal data for the purpose for which it was provided, (along with all relevant work files) for the duration of your service contract with us.
Upon the termination of your contract with us, the types of data that we hold, will determine the period for which we will be required to keep it.
- We keep data such as accounts and VAT records for a period of 7 years as required by HMRC before delete it.
- We keep our sales files for a period of up to 25 years, this allows us to administer our product warranties and provide ongoing support to our customers.
- Where we interact with you but do not go on to conclude a sale with you we keep these Interaction Details on file for a maximum of two years or until such time as you advise us to delete it. This enables us to refer to these if you want to pick back up where you left off with us.
12. What are your rights?
In certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest to process your data and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data (without deleting it) in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided to us and where you gave consent for us to use it or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.If you would like to unsubscribe from a marketing email sent to you, follow the ‘unsubscribe’ link and/or instructions placed (typically) at the bottom of the mail.
If you wish to exercise any of the rights set out above, please contact us using the details in “Contact us” at section 13 below.
13. Contact us
In writing to:
Yamato Scale Dataweigh (UK) Ltd
Unit 6B Millennium Way
By email to:
Yamato Scale Dataweigh (UK) Limited is not required to appoint a data protection officer.
14. Information Commissioner’s Office