The purpose of this privacy notice is to set out how we will lawfully process your personal data for the purposes of applicable data protection laws and practice. We respect your rights as a data subject and so it is crucial that we keep you informed on how we intend to use your data.
1. WHO ARE WE?
Haynes Group Limited (Company reg. 00659701) carries out the processing of personal data for customers and prospective customers under the lawful processing bases of Contract, Legitimate interest, Complying with a Lawful and Regulatory obligation and Consent. We are registered with the Information Commissioner’s Office as a Data Controller under the registration number ZA421219.
2. WHO IS THE DATA PROTECTION OFFICER?
We have appointed a Data Protection Officer, who is the point of contact for enquiries relating to how your personal data is processed. The Data Protection Officer can be contacted at our registered address:
Group Company Secretary
Haynes
Sparkford
Yeovil
Somerset
BA22 7JJ
Email: dpo@haynes.co.uk
3. WHY IS DATA PROCESSING NECESSARY?
We need to store customer personal data to enable us to run our business effectively and meet our contractual obligations to customers who place orders with us. Storing customer names, addresses, email addresses, telephone numbers and payment details including bank details; ensures that we can meet our contractual obligations to process customer orders for print and online subscription products, take payment and ensure delivery of the product(s) to you. Where you have ordered a subscription product, we will also need to communicate with you to determine whether you wish to renew that subscription. We may also need to communicate with you about your product order for a variety of possible reasons such as delays, cancellations or low stock as well as responding or investigating any queries or complaints that you may have, so have a legitimate interest as a business in processing your personal data to allow us to do this. We also need to store personal data to comply with legal and regulatory compliance activities such as accounting and audit procedures.
Meaning of Legitimate Interest, Performance of a Contract, Compliance with Legal & Regulatory obligations and Consent.
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract. Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to. Consent is where you as an individual have expressly consented to receive information from us.
4. WHAT PERSONAL DATA DO YOU COLLECT?
Information you give us:
This may arise from you filling in order forms or marketing information on our websites: www.haynesallaccess.com; www.haynes.com; www.clymer.co.uk; www.bluffers.com or by entering competitions, completing marketing research surveys, sending information via post or corresponding with our employees by phone, email, electronically, in person or otherwise. It is likely to include your name, address, email, telephone number, delivery address, billing address, credit card or bank details for orders. It may also include your birthday and subject topics of interest for marketing purposes.
Information we collect about you from our websites:
With regard to each of your visits to our websites, we may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information. This is statistical data about our users' browsing actions and patterns and does not identify any individual.
A cookie is a small amount of data sent from our server and stored on your browser or your computer's hard drive if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use cookies and other such devices to compile anonymous, aggregated statistics that allow us to understand how users use our sites and to help us improve the structure of our sites (we cannot identify you personally in this way). We use cookies and other such devices to allow us to understand who has seen which pages on our sites, to determine how frequently particular pages are visited, to determine the most popular areas of our sites and generally in order to monitor usage of our sites. This helps us to provide you with a good experience when you browse our sites and also allows us to improve it.
Some of the cookies we use are essential for parts of our sites to operate and are already set. These are strictly necessary for the services that we offer and without them the website cannot operate as intended. You can find more information about the individual cookies we use and the purposes for which we use them in the link at the end of this document.
We will only send marketing and promotional emails to individuals who have either expressly consented to receive this information or to customers who have previously purchased products from us in the prior twelve months and we believe would be interested in receiving information about new products, services and special offers. You will be able to stop receiving this information at any time by either selecting the unsubscribe link in the email sent to you; by changing your preferences in your account on our website or by contacting us through our contact details on our websites.
5. WILL WE TRANSFER YOUR DATA TO THIRD PARTIES?
We partner with a third-party distribution company to process customer print orders, despatch print products and invoice these orders, so we will need to share some personal information with them to allow them to carry out these functions on our behalf. There may also be some occasions when orders are shipped directly from printers to customers, in which case we will need to supply them with customer details, so they can make their delivery.
We use a range of third party companies who provide hosting, web design, content management, email commerce platforms and credit card processing companies to bill users for goods and services ordered from our websites. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order. For Digital subscription products, your personal information may be stored, so we can contact you to see if you wish to renew your subscription product.
We collect and share some of your personal information with a select few third parties who create personalised ads on our behalf. By agreeing to this privacy policy, you consent to us collecting, sharing and using your personal information for this purpose.
For individuals who consent to receive marketing information and newsletters from us, we will never share your information with third parties with the exception of our own business suppliers that we may use for the operation of our IT systems such as ecommerce marketing software for managing email marketing.
6. HOW LONG WILL MY PERSONAL DATA BE STORED?
Your personal data will be stored for as long as is required for the purposes for which we process it. Our Data Protection Policy requires us as an organisation to regularly review personal data and look to delete it, once it is no longer required. Your rights around requesting the deletion of personal data are outlined in Section 9.
Where we are processing data based on your consent, you have the right to withdraw that consent at any time.
In the event of customer orders, even if you ask us to delete our records, we may still need to retain some information such as copies of sales invoices for the statutory time limits to meet our regulatory and compliance requirements.
7. WHAT WILL YOU DO TO KEEP MY DATA SAFE?
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We are the sole owners of personal information collected on our websites. We only have access to information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone. However, if you use a link on our website that takes you to a third-party website, please be aware that that website is outside of our control and we recommend that you review their privacy policy to understand what personal information they may store about you.
8. TRANSFER OF DATA OUTSIDE OF THE EUROPE ECONOMIC AREA (EEA)
We will not transfer your data outside of the EEA unless you purchase a print or digital product and we need to either deliver and invoice the print product to you and you are located outside the UK; or in order to enable your access to a subscription product we need to share your details with another company within the Haynes Group.
9. YOUR RIGHTS
Under the General Data Protection Regulation (GDPR) you have a number of rights with regard to your personal data. These include (but are not limited to)
Right of Subject Access
You can request details of all data we hold about you by submitting a subject access request to the Data Protection Officer, at the address provided above.
We aim to comply with such a request from you within one month of the request being made. Where we cannot provide you with this information within one month; we shall inform you of this and provide the reasons why this cannot be achieved, at which point, we shall have a total of 3 months to comply with this request.
In the normal course of business, we shall not charge a fee for a subject access request. However, in the event that you make a subject access request that is of a manifestly unfounded, repetitive or excessive nature, we reserve the right to charge a fee of £10 per request.
Right of Rectification
In the event that your data is incorrect or incomplete; you have the right to have this rectified by us. In the event that any of your data is incorrect, please contact the Data Protection Officer at the address provided above. We shall not charge a fee for your data to be rectified.
Right of Objection
You have the right to object to our processing of your data. Please note, that where we require to continue to process your data for reasons such as the defence of claims, we shall not be required to cease processing your data. In the event that you wish to object to us processing your data, please contact the Data Protection Officer at the address provided above.
Right of Restriction of Processing
If certain conditions apply, you have a right to restrict the processing of your information. This means that we can store your data but not use it. This includes when you contest it as being inaccurate (until the accuracy is proved); if you have objected to the processing (when it was necessary for legitimate interests) and We are considering whether its legitimate interests override your own; if you consider that the processing is unlawful (and if this is true) so that you can oppose erasure and request restriction instead; or we no longer need the personal data for the purposes they held it but you require one or both of them to continue to hold it to establish, make or defend legal claims.
Right of Erasure
You have the right to request that we delete your data provided that; we no longer require your data; or there is no legitimate legal basis for us to process your data; or we have unlawfully processed your data; or the data must be erased in order to comply with the law. If you have grounds to request that we delete your data (and you wish to do so) please contact the Data Protection Officer at the address provided above, however please bear in mind that erasure may not be possible if your data is needed for compliance reasons. We shall not charge a fee for your data to be deleted from our databases.
If you have any queries with regard to the processing of your data; would like us to transfer your data to another service provider or would like more details about your rights, please contact the Data Protection Officer at the address provided above in section 2.
10. CAN A COMPLAINT BE MADE?
If you have any complaints about how we process your data, please contact the Data Protection Officer; at the address provided above in section 2. In the event that we are unable to resolve your complaint; you have the right to make a complaint to the Information Commissioner’s Office, if you believe that your information has been mishandled by us.
The Information Commissioner’s Office can be contacted as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Tel: 0303 123 1113
11.CHANGES TO OUR PRIVACY POLICY
This policy was last updated on January 24th 2024. Any changes to this policy will be posted on our websites.