top of page
  • Facebook
  • Twitter

Privacy Policy

Customer Care
Data Controller

Data Protection Laws define Personal Data as information which directly or indirectly identifies an individual. Examples of Personal Data include name, address, membership number, National Insurance number, date of birth, photo, video or voice recording.

​

Gems Hygiene processes Personal Data belonging to customers, suppliers, employees and prospective employees.

​

Gems Hygiene (under our parent name, Debonair (Northern) Ltd, is registered with the Information Commissioner’s Office (ICO) as a Data Controller for the processing of Personal Data (ZA306255).

​

As a Data Controller we recognise our responsibility in responding to individuals’ Rights. We manage this process by executing procedures in line with GDPR requirements for Data Subject Access Requests and prevention of data breaches in discharging our obligations during this process.

​

We coordinate Data Subject Access Requests through our Data Manager, who is contacted by:

  • Post: Data Manager, Gems Hygiene, 251 Sharrowvale Road, Sheffield, S11 8ZE

  • Email: info@ghdirect.co.uk

  • Phone: 0114 261 8187

​

How We Protect Your Personal Data

In order to protect your privacy, we train our staff to understand their responsibilities in helping Gems Hygiene maintain GDPR compliance. We specifically focus on the following areas:

  • Notifying end users of their Rights through Privacy Statements

  • Handling end users’ Data Subject Access Requests

  • Working with our Data Processors

  • And, what to do in the event of a personal data breach.

​

We review annually our staff awareness of data privacy and protection.

We also apply appropriate technical measures in order to protect data. We comply with the highest levels of cybersecurity under the cyber essentials scheme.

If you would like to know more about our approaches to GDPR, please contact the Data Manager using the contact details above.

​

Your Rights

As a Data Controller we recognise our responsibility in responding to individuals’ Rights. We manage this process by executing procedures in line with GDPR requirements for Data Subject Access Requests and prevention of data breaches in discharging our obligations during this process.

​

The right to be informed 

We will inform individuals of their right to object “at the point of first communication” and clearly lay this out in our privacy notices (see links below.)

​

The right to access

Should you wish to receive a record of the personal data that we hold about you, then we require you to contact us at the above Data Manager.

​

The right to rectification

We have implemented processes that ensure your personal data remains accurate and up to date. In the event data is deemed not accurate and you wish this data to be amended, you must contact us. You must specify which records you wish to be updated.

​

The right to erasure

At any time you may request that your personal data is erased from our records. We will erase all records in accordance with our storage and retention policy. You must provide details of the record you wish to be erased.

​

The right to restrict processing

You have the right to block or restrict the processing of your personal data. This means that we will store your personal data, but will not process it for further use in our marketing services. We will restrict processing under the following circumstances:

​

Where you contest the accuracy of the personal data, we will restrict processing until we have verified the accuracy of the personal data with you.

​

Where you object to the processing we will consider whether our businesses lawful basis override those of you as the individual. We will store the data, but will not undertake any further processing until both parties have agreed that our business use is within our lawful basis.

​

When processing is unlawful and the individual opposes erasure and requests restriction instead. We will store the data and will not undertake further processing. We refer you to the right to erasure policy, and will implement our erasure policy upon receiving your request.

​

Where we no longer need the personal data but you require the data to be retained to establish, exercise or defend a legal claim. You must state details of the record you wish to be retained. We will automatically delete personal data records in accordance with the consent policy. However, should you wish this data to be retained in order to establish, exercise or defend a legal claim, then we will store and retain this data until the legal claim has been resolved. We will inform you when we decide to lift a restriction on processing.

​

The right to data portability*

You have the right to obtain and reuse your personal data for your own purpose. We will provide you with your personal data or move, copy or transfer that data to another business in a safe and secure way.

​

The right to data portability only applies:

* to personal data you have provided us;

* where the processing is based on your consent or for the performance of a contract.

​

We will provide this data to you or the business to which you require your personal data to be transferred, within one month of receiving instruction from you. However, if we decide that the data request is complex, then we will extend this time period for a further two months. Where this is the case, we will provide an explanation.

​

We will provide the personal data in a structured, commonly used and machine readable format. Examples of appropriate formats include CSV and XML files.

​

Where we are unable to transfer the data to another business due to technicalities or restrictions, then we will send the personal data to you for you to complete the transfer. This service will be provided free of charge.

​

The right to object

You have the right to object to any processing undertaken for the purposes of direct marketing (including profiling). We will stop processing for direct marketing as soon as we receive your objection. We will stop processing from the date of receipt of your objection.

​

The right not to be subject to automated decision-making including profiling.

We do not perform automated decision-making using your personal data to profile, nor do we supply the information we hold to third parties for use in analysis or prediction.

 

Complaints

The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow Cheshire, SK9 5AF. You can also contact them by telephone on 01625 545 745 or via their website at www.ico.org.uk.

Policy Documents

​

Gems Hygiene GDPR Strategy Policy

​

Customer Privacy Statement

​

Employee/ Prospective Employee Privacy Statement

​

​

bottom of page