Privacy Statement

Our commitment to privacy
This privacy statement explains how we collect information from you via the website or in any manner expressly described in the privacy statement and how this information is then used. When you provide us with your personal data in the manner described, you consent to the processing of all such personal data as set out in the privacy statement. Please read this privacy statement carefully and revisit this page from time to time to review any changes that we may have made. If you have any questions or comments about how we handle your personal information, please ring us on 01992 584955 or email us. You may also use these contacts to tell us about any concerns you may have about our privacy statement.

The Information we collect
To receive free downloads from STEPHEN AUSTIN & SONS we ask you to provide us with simple communication information about you and your company/institution including :

  • Title;
  • Contact Email Address;

When requesting a quotation or completing an Enquiry form from STEPHEN AUSTIN & SONS, we ask you to provide us with more complete information about you and your company/institution including :

  • Title;
  • Contact Email Address;
  • Full address and contact details;
  • The nature of your enquiry or quotation request;
  • Where you heard about us.

You can also decide to give us your mobile telephone number and your personal email address but you only need to do this if you want us and/or our approved partners to contact you about your submitted enquiry.
You may also provide personal/company data through:

  • Calls to our offices;
  • Letters and e-mails;
  • Customer feedback forms;

In general, if you contact us, we may keep a record of your query or complaint for a reasonable time in case you contact us again.

The information we collect when you access the Client Area
We collect information about you so that the secure service can determine what rights and privileges you have to work within the STEPHEN AUSTIN & SONS Client Area.

The information we collect when you enter competitions
From time to time we may run competitions and promotions on the website. If you enter these, we may ask for your name, address, e-mail address and username so that we can administer and control the competition and, of course, notify the winners.

Sensitive personal data
When you register with STEPHEN AUSTIN & SONS on this site, in the Client Area or via contacting the office, you do not have to provide us with sensitive personal information. If you are being asked to provide personal information this may be fraudulent so please check with a Director of STEPHEN AUSTIN & SONS Ltd. before giving any information.

How we use the information we collect
We use your company/personal information :

  • To answer your queries or complaints;
  • To deliver our services, for example digital asset management
  • To support your business;
  • To provide printed materials or services;
  • To carry out administration;
  • For obtaining any relevant professional advice;
  • As may be required by law or in connection with legal proceedings (including where we intend to take legal proceedings), or as may be necessary to establish, exercise or defend our legal rights;

Third parties
To achieve the purposes set out in this privacy statement we may need to give your information to our service providers (including our approved manufacturing partners), agents, professional advisors and auditors. When you submit an enquiry, we will tell you which of our approved partners will be delivering the appropriate service. Following receipt of an official order, our selected approved partner (or partners) will have access to your name and contact details to help us deliver our services to you.
We will not give your information to any other third parties not associated with your enquiry, approved or unapproved, without your express permission, usually conducted in writing.

Communications between you and STEPHEN AUSTIN & SONS may be monitored by STEPHEN AUSTIN & SONS staff to check the quality of our support.

Keeping you informed
We will use your information to send you regular updates about :

  • Our services and materials;
  • Additions to the website; and
  • Specific activities such as customer feedback surveys and competitions.

If you wish to utilize the STEPHEN AUSTIN & SONS services but do not wish to receive this information, please contact us with a request to removed from our mailing list (both electronic and paper based).
We will never use your sensitive data for marketing purposes or to target you for customer feedback purposes without your express consent.

Protecting your personal information
As part of a Group of companies we are required to take appropriate technical measures to protect your personal/company information including making a regular backup of our system and data. We have security measures in place to make sure any company/personal information we collect is secure. Your Client Area account is password protected and all information including your password is on a secure server, which only a limited number of employees and sub-contractors can access. All parties with access to your information are subject to confidentiality obligations. If you think someone else knows your password, or is using it, tell us immediately and change your password using the “change my password” option under “your details” on your Client Area home page.

Even though we take appropriate technical steps to protect your security, you should remember that data transmission over the internet cannot always be guaranteed as 100% secure so you use the website at your own risk.

Keeping your personal data
We keep company/personal data :

  • For as long as is necessary to fulfil the purposes we collected it for;
  • As required by law; or
  • To enforce or defend legal claims.

We will keep this information for a reasonable time.

Cookies
Cookies are small text files which are sent to your browser by a web server and stored on your personal computer’s hard disk. We use cookies on our site to :

  • Cut down the number of times you have to type in data;
  • Record the success of advertising, to target advertising and to track visitor usage; and
  • Track responses to regular customer surveys and to make sure you don’t see the same survey more than once.

The cookies used on the website do not collect your personal information.

You can disable cookies but if you do, you may not be able to use certain features on our site and you may need to enter your password more frequently. If you want to know how to remove cookies from your browser, go to the ‘All About Cookies’ website.

Transparent gif files
Some of our webpages may contain invisible electronic tags that allow us to count users that have visited certain pages. These files are only used to identify which advertisements bring customers to our website and you cannot be identified by them. They are not issued by us but by the relevant advertising provider. You can find out more about cookie type devices issued by third party advertisers by clicking through to the website operated by the relevant advertiser.

In any event, you can find out more information about electronic tags, if you go to the ‘All About Cookies’ website.

Our policy for children
Our website is not designed for or directed at children under the age of 16. We recommend that you put parental controls on your internet browser and supervise your children when they are online.

Although anyone can take part in competitions and promotions, we will send notice of a win or prize directly to the parent or guardian identified during registration. Where a winner is under 18, we will not publish his or her personal details unless we have obtained the consent of the parent or guardian during registration.

Your rights
You have the right to ask for a copy of all the information we hold about you and to correct any inaccuracies. To obtain a copy of this information, please ring us on 01992 584955 or email us.

Links
Our website contains links to other websites. We are not responsible for the privacy policies of other sites and we advise you to read the privacy statement of every website that collects personal information from you.

Data Protection and Privacy Policy

Stephen Austin is committed to being transparent about how it collects and uses the personal data of its clients, suppliers and that of all third parties and to meeting its data protection obligations under the requirements of applicable data protection regulations, encompassing the General Data Protection Regulation (GDPR). This policy sets out Stephen Austin’s commitment to data protection, and individual rights and obligations in relation to personal data.
This policy applies to the personal data of clients or other personal data processed for business purposes.
Data Protection Officer
The organisation has appointed a Data Protection Officer with responsibility for data protection compliance within the organisation, this role sits with our Systems and Compliance Manager. They can be contacted at dpo@stephenaustin.co.uk; or by direct line on: +44(0)1992 585857.
Questions about this policy, or requests for further information, should be directed to the Data Protection Officer.
Definitions
“Personal data” is any information that relates to an individual who can be identified from that information. Processing is any use that is made of data, including collecting, storing, amending, disclosing or destroying it.
“Special categories of personal data” means information about an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation and biometric data.
“Criminal records data” means information about an individual’s criminal convictions and offences, and information relating to criminal allegations and proceedings.
Data protection principles
Stephen Austin (data controller) processes personal data in accordance with the following data protection principles, alongside Stephen Austin (data processor):
• Stephen Austin processes personal data lawfully, fairly and in a transparent manner.
• Stephen Austin collects personal data only for specified, explicit and legitimate purposes.
• Stephen Austin processes personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing.
• Stephen Austin keeps accurate personal data and takes all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
• Stephen Austin keeps personal data only for the period necessary for processing.
• Stephen Austin adopts appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.

Stephen Austin informs individuals the reasons for processing their personal data, how it uses such data and the legal basis for processing it. It will not process personal data of individuals for other reasons.
Stephen Austin does not process special categories of personal data or criminal records data to perform obligations or to exercise rights in regard to service provision and communication.
Stephen Austin will update relevant personal data promptly if an individual advises that his/her information has changed or is inaccurate.
Personal data is gathered for the purposes of service provision and communication (in hard copy or electronic format, or both).
The periods for which Stephen Austin holds personal data are contained in our ‘control of records’ procedure, available upon request.
Stephen Austin keeps a record of its processing activities in respect of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR).
Individual rights
As a data subject, individuals have a number of rights in relation to their personal data.
Subject access requests
Individuals have the right to make a subject access request. If an individual makes a subject access request, Stephen Austin will tell him/her:
• whether or not his/her data is processed and if so why, the categories of personal data concerned and the source of the data if it is not collected from the individual;
• to whom his/her data is or may be disclosed, including to recipients located outside the European Economic Area (EEA) and the safeguards that apply to such transfers;
• for how long his/her personal data is stored (or how that period is decided);
• his/her rights to rectification or erasure of data, or to restrict or object to processing;
• his/her right to complain to the Information Commissioner if he/she thinks Stephen Austin has failed to comply with his/her data protection rights; and
• whether or not Stephen Austin carries out automated decision-making and the logic involved in any such decision-making.

Stephen Austin will also provide the individual with a copy of the personal data undergoing processing. This will normally be in electronic form unless agreed otherwise.

If the individual wants additional copies, Stephen Austin may charge a fee, which will be based on the administrative cost to Stephen Austin of providing the additional copies.
To make a subject access request, the most appropriate way is to make the request using the Data Subject Access Request Form, which is available from the Stephen Austin Data Protection Officer via email on dpo@stephenaustin.co.uk; or via any member of the Stephen Austin team. The completed form is likewise returned to the Data Protection officer, or any member of the Stephen Austin team.
Stephen Austin will require proof of identification before the request can be processed. Stephen Austin will inform the individual of the documentation it requires.
Stephen Austin will respond to a request within a period of one calendar month from the later of:
• The date the request is received, or
• The date which documentation for the purposes of ID verification have been received,

If a subject access request is manifestly unfounded or excessive, Stephen Austin is not obliged to comply with it. Alternatively, Stephen Austin can agree to respond but will charge a fee, which will be based on the administrative cost of responding to the request. A subject access request is likely to be manifestly unfounded or excessive where it repeats a request to which Stephen Austin has already responded. If an individual submits a request that is unfounded or excessive, Stephen Austin will notify him/her that this is the case and whether or not it will respond to it.
Other rights
Individuals have a number of other rights in relation to their personal data. They can require Stephen Austin to:
• rectify inaccurate data;
• stop processing or erase data that is no longer necessary for the purposes of processing;
• stop processing or erase data if the individual’s interests override Stephen Austin’s legitimate grounds for processing data (where Stephen Austin relies on its legitimate interests as a reason for processing data);
• stop processing or erase data if processing is unlawful; and
• stop processing data for a period if data is inaccurate or if there is a dispute about whether or not the individual’s interests override Stephen Austin’s legitimate grounds for processing data
• The right to receive a copy of the data in a format which is portable (e.g. electronic format), please refer to ‘subject access requests’ above for further information on how to request this;
• Individuals have the right to be informed about any automated decision making, or profiling in relation to their data and have the right to request this to be restricted, or to decline this.

To ask Stephen Austin to take any of these steps, the individual should send the request to the Data Protection Officer (dpo@stephenaustin.co.uk).
Data security
Stephen Austin takes the security of personal data seriously. Stephen Austin has internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by certain employees in the proper performance of their duties. These policies and procedures have been independently assessed by a UKAS accredited certification body to be compliant with the requirements of the ISO 27001:2013, the internationally recognised standard for information security management.
Wherever Stephen Austin engages third parties to process personal data on its behalf, such parties do so on the basis of written agreements and instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Data breaches
If Stephen Austin discovers that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, it will report it to the Information Commissioner within 72 hours of discovery. Stephen Austin will record all data breaches regardless of their effect.
If the breach is likely to result in a high risk to the rights and freedoms of individuals, it will tell affected individuals that there has been a breach and provide them with information about its likely consequences and the mitigation measures it has taken.
International data transfers
Stephen Austin will not transfer personal data to a ‘Third Country’ without notifying the client, supplier or other third party for whom we hold personal data in advance of the fact and with their explicit consent to do so.
Individual responsibilities
Individuals are responsible for helping Stephen Austin keep their personal data up to date. Individuals should let Stephen Austin know if data provided to Stephen Austin changes.
Individuals who have access to personal data are required:
• to access only data that they have authority to access and only for authorised purposes.
• not to disclose data except to individuals (whether inside or outside Stephen Austin) who have appropriate authorisation.
• to keep data secure (for example by complying with rules on access to premises, computer access, including password protection, and secure file storage and destruction).
• not to remove personal data, or devices containing or that can be used to access personal data, from Stephen Austin’s premises without adopting appropriate security measures (such as encryption or password protection) to secure the data and the device; and
• not to store personal data on local drives or on personal devices that are used for work purposes.

Training
Individuals whose roles require regular access to personal data, or who are responsible for implementing this policy or responding to subject access requests under this policy, will receive additional training to help them understand their duties and how to comply with them.
Complaints
Should you wish to discuss a complaint regarding the handling of personal data, you can do so via email by addressing this to: dpo@stephenaustin.co.uk, or alternatively by writing to:
The Systems and Compliance Manager
Stephen Austin
Caxton Hill
Hertford
SG13 7LU
If you feel unsatisfied about the handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the United Kingdom, this is the Information Commissioner’s Office (ICO), who is also our lead supervisory authority. Its contact information can be found at: https://ico.org.uk/global/contact-us/     Updated May 2018