Definitions and key terms
Ebac Group whose registered office is at Ketton Way, Aycliffe Business Park, DL5 6SQ and its subsidiary company: Site 1 Ebac Limited; address, which is the same as the “Groups” registered office and site 2, Heighington Lane, Newton Aycliffe, Durham, DL5 6UE are committed to protecting and respecting your privacy. We are the data controller of any personal data we process for our business purposes and are responsible for this personal data.
This policy sets out the basis on which any personal data we collect from you, our customers, clients, suppliers, contractors, shareholders, website visitors, or other third parties whose data we may process, will be processed by us.
Information we collect from you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you such as:
Identity Data includes first name, last name, username or similar identifier.
Contact Data includes billing address, delivery address, email address and telephone numbers.
Financial Data includes bank account and payment card details.
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data Where we need to collect personal data under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services).
Disclosure of your personal data
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the Companies Act 2006.
We may share your information with selected third parties including:
business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
analytics and search engine providers that assist us in the improvement and optimisation of our Site; and
credit reference agencies for the purpose of assessing your credit score where this is a condition of us entering into a contract with you.
We may disclose your personal information to third parties:
in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets; if all, or substantially all, of our assets are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets; and if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or to protect the rights, property, or safety of our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
How is your personal data collected?
We only collect data from and about you that you may give us by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you, for example, apply for our products or services; create an account with us; subscribe to our service or publications; request marketing to be sent to you; enter a competition, promotion or survey; or give us some feedback.
Informing us of changes: It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Monitoring: We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training, fraud prevention and compliance.
Credit checking: To enable us and other companies in our group to make credit decisions about you and for fraud prevention and money laundering purposes, we may search the files of credit reference and fraud prevention agencies (who will record the search). If you provide false or inaccurate information and we suspect fraud, we may record this.
A cookie is a small text file which is placed onto your computer (or other electronic device) when you access our website.
Google Analytics’ cookies store IP addresses but we cannot link those addresses to any individual or path through the website. Google uses the cookies to read information and evaluate visitors’ use of the website in the form of statistical reports that we can access.
The Google Analytics’ code is incorporated into our site’s code so that our site serves the cookies, but Google has access to the cookies. You can stop being tracked by Google Analytics across all websites by going to Google’s site at: https://tools.google.com/dlpage/gaoptout
Google Analytics’ terms require us to reproduce the following wording in this policy:
If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. For further information about cookies and how to disable them please go to: www.aboutcookies.org or www.allaboutcookies.org
Types of Cookies we may use:
Google Ads – holds site wide performance trends for this website used to determine website KPI’s and ROI
Google Remarketing – holds content accessed on this website, used to serve and advert to a particular person who has visited a page on this website
Google Display Network – holds site wide performance trends for this website used determine website KPI’s and ROI
Bing Paid Search – holds site wide performance trends for this website used to to determine KPI’s and ROI
Facebook – holds content accessed on this website. For more information see https://www.facebook.com/about/privacy; used to deliver personalised content through Facebook advertisements
Snapchat – holds content accessed on this website and user email addresses and/or phone numbers for Snapchat to potentially match your browser for both analytics and advertising purposes. For more information see: https://www.snap.com/en-GB/privacy/privacy-policy/
Hotjar – gathers data by recording sessions and polls for this website used to determine website KPI’s and ROI. For more information see https://www.hotjar.com/legal/policies/privacy
Zoho Pagesense – records sessions for this website used to determine website KPI’s and ROI. For more information see https://www.zoho.eu/privacy.html
Email marketing platform:
Mailchimp – holds users preferences; used to track the delivery and monitor the progress of email newsletters and marketing campaigns
We do not in the course of our standard business functions transfer your personal data outside the European Economic Area (EEA).
We may share your personal data within the Ebac Group, and with third party contractors, for example haulage companies, which may involve transferring your data outside the EEA.
We only transfer personal data out of the EEA where we have ensured adequate safeguards are implemented, or where the transfer is necessary for the conclusion or performance of a contract in the interest of the data subject between Ebac and another party
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, and only authorised staff or third parties can access and use personal data. However, the transmission of information via the internet is not completely secure. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We will not keep your personal data in an identifiable form for no longer than is necessary for the purposes for which the data is processed, including for the purpose of satisfying any legal, accounting or reporting requirements. Once your personal data is no longer needed, it is deleted or anonymised in accordance with our data retention guidelines. By law we have to keep basic information about our customers, clients, suppliers and contractors for six years after they cease being customers for tax purposes. In some circumstances we may anonymise your personal data so that it can no longer be associated with you for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Third Party Links
Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”).
Request correction of any inaccurate personal data that we hold about you.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Complain you have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.