▪ Processing of personal data: the processing of ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). The term ‘processing’ is broad and covers, among other things, data collecting, recording, organizing, storing, updating, modifying, retrieving, consulting, using, distributing or making available in any way, merging, combining, archiving, erasing or eventually destroying the data.
▪ Controller: a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
▪ Processor: the controller can appoint an external subcontractor to process personal data. In such a case, the subcontractor is the ‘processor’. This can be a natural or legal person, a public authority, agency or another body that processes personal data on behalf of the controller.
Sabur Digital / Sabur ink systems Ltd, with its registered office at Unit 2 Middlewoods Way, Carlton, Barnsley, South Yorkshire S71 3HR under company registration number 8970146 & 3500681, is the controller of the personal data (hereinafter ‘SABUR’).
SABUR processes the following categories of personal data of its customers:
▪ Personal identification data: data that enables us to identify and contact our customers such as surname, first names, address, telephone number and email address.
▪ Physical description: data that enables us to offer the most suitable products and services such as machinery used eg: printer-Roland.
▪ Financial data: invoicing and payment details, including data relating to the assessment of the creditworthiness of customers.
▪ Electronic identification data: IP addresses and cookies are processed to improve the usability of our online environments.
▪ Images or videos: SABUR may process images and/or videos of customers or customer machinery for promotional purposes.
More than one of the above data categories can be combined. SABUR does not process special categories of personal data that are prohibited in terms of Article 9 of the GDPR which reveal racial or ethnic origin, membership in interest groups, political opinions, ideological or religious views, health status, or data concerning a natural person’s sex life or sexual orientation. SABUR does not process genetic or biometric data with the aim of uniquely identifying a natural person.
SABUR processes personal data for various purposes and will always try to process only data that is necessary in order to achieve specific objectives. The use of personal data is necessary in the following cases:
▪ In the preparation and execution of a placed order or implementation of a service (agreement).
▪ To comply with the legal obligations to which SABUR is subject.
▪ To represent our legitimate interests, always striving to ensure that these interests do not outweigh the respect for the privacy of personal data, especially when it concerns children.
If the processing of personal data is not needed for any of the above three purposes, we will always request explicit permission from the data subject to process the personal data.
If SABUR is aware that it is collecting personal data from children under the age of 16, permission must be obtained from a parent or guardian, as required by law.
SABUR collects personal data for the following specific purposes:
▪ To process a request for SABUR products or services people who are interested in the products and services of SABUR and contact SABUR(by telephone, email, or through its website) are asked to leave their personal details so that we can contact them in order to make an appointment.
▪ In order to provide personalised information and advice regarding our products and services, together with other companies within SABUR.
SABUR uses data in order to provide personal, specific advice about its products and services. This explicitly relates to presenting machinery & consumables that matches the needs of our (potential) customers with regard to model, design, technical characteristics and dimensions. This personal data is recorded for the purpose of customer management (preparation of quotations, (re)orders, invoices, follow-up payments) production follow-ups and after-service care, as well as the handling of complaints.
▪ To announce new products and services
SABUR may use personal data to inform its customers (either electronically, in writing or by telephone) of new products, competitions, discounts, special promotions, or new services that have been added to the range. SABUR may also approach individuals &companies by mail or newsletter even if they are no longer a SABUR customer. This can be cancelled by unsubscribing to these services (opting-out).
▪ To retain statistics for internal use
SABUR may use personal data to generate internal reports and analysis in order to evaluate our own procedures and operational processes, allowing us to improve our products and service offerings, or to adapt them in accordance with the evolution of the market (trend analysis).
SABUR does not use automated decision making which may result in legal consequences, or which may similarly significantly affect those involved.
RECIPIENTS AND DATA TRANSFERS
SABUR does not sell personal data to third parties without permission and does not share personal data with third parties except in the following instances:
▪ Where necessary, and for the processing purposes as described above, personal data may be shared with other companies within the SABUR group within the European Union, which are directly or indirectly affiliated with SABUR or with a SABUR partner.
▪ Where necessary for the delivery of our products and services. SABUR may use third parties for the delivery of products and services, and as a result make its databases available for this purpose. These may include, for example, third party producers commissioned by us or
independent commercial entities that market our products. This data will solely be shared for the same purpose as which SABUR processed it and is limited only to the data needed for carrying out their instructions. SABUR guarantees that these third parties shall take the appropriate technical and organizational measures needed in order to protect the personal data which they are privy to.
▪ Subject to legal obligation. SABUR will share personal data with government authorities, legal services or police services when required to do so by law.
▪ When SABUR or a third party has a legitimate interest. SABUR will only share personal data with a third party if the right to privacy does not outweigh the purpose. For example, in terms of collection agencies, or partners when it comes to competitions offering prizes.
▪ Permission given. In all other cases, when SABUR shares personal data with third parties, the data subject will be notified in advance, with an explanation regarding the third party and the purpose. Where required by law, permission will naturally be requested first.
When personal data is processed outside of the European Union, SABUR will take appropriate contractual or other measures to ensure that this personal data is subject to the same or comparable level of protection as if it were protected within the European Union and in accordance with the GDRP legislation.
▪ Performance cookies: these cookies collect data about the use of the website, such as the number of visitors, from which countries these visitors originate, which pages are popular, how much time is spent on the pages and so on.
▪ Social media cookies: these cookies enable the functionalities of social media such as Facebook, Instagram, Twitter and LinkedIn. For example, this could be a ‘like’ button on the website.
▪ Advertising cookies: these cookies enable more efficient and personalised advertisements and advertising messages, tailored to the surfing behaviour and demographic data of the user of the website.
SABUR can also invoke third-party cookies such as from Google Analytics. Users of the website and online store can switch off or remove all installed cookies from their computer or mobile device at any time in their browser.
In order to protect the collected personal data used by SABUR , and to safeguard the privacy rights of data subjects, SABUR has implemented a number of technical and organisational measures:
▪ SABUR employees are informed how they should handle confidential personal data through periodic awareness campaigns.
▪ When new projects are started within SABUR, whereby personal data is processed, one of the assessment criteria is the security and protection of personal data. Privacy concerns are always taken into account.
▪ In the field of information technology, we work together with specialised parties that ensure the safety of our information systems, IT infrastructure and web environment.
SABUR employs various technical measures to protect personal data against unauthorised access, unauthorised use and loss or theft of data, including:
▪ Securing our systems and databases with a username and password.
▪ The use of firewalls to shield our systems from external attacks.
▪ The use of anti-virus and anti-spam software to protect our systems and data against viruses, spyware, spam and the like.
▪ Shielding data through profiles and rights management so that only specific data is visible to employees who need it to carry out their tasks.
▪ Keeping all software up-to-date with the latest security updates.
▪ The use of VPN connections and rights to secure the access to files on our servers.
In the event of a data breach, which may hold adverse consequences for data subjects, SABUR will go through the legally prescribed procedures and personally inform the data subjects about this within the legally required period.
DATA RETENTION PERIOD
In accordance with the GDPR regulations, SABUR is not allowed to keep personal data longer than is necessary in order to achieve the predetermined purpose for which the data was collected. This means that the storage period can differ considerably for each purpose.
Personal data processed for customer management are retained for the period necessary to comply with legal requirements. For example, in order to meet accounting and tax obligations, is SABUR obliged to keep the invoicing data for a maximum of 7 years. Due to legal necessity, certain data such as invoices, complaints and correspondence must be kept for a maximum period of 10 years.
After the applicable storage period(s) have expired, personal data will be deleted or anonymised.
EXERCISING PRIVACY RIGHTS
Individuals whose personal data is processed by SABUR have a number of rights as set out in the latest regulations in the GDRP.
▪ Right to review
The data subject shall have the right to obtain from SABUR confirmation as to whether or not personal data concerning him or her are being processed and in those cases, have access to the personal data and the information regarding its processing purposes, including the categories of personal data concerned, the recipients or categories of recipient to whom the personal data have been or will be disclosed, the expected period for which the personal data will be stored, their privacy rights, the right to file a complaint and the existence of automated decision-making. SABUR shall be obliged to provide a free copy of the personal data undergoing processing in a commonly used electronic form.
▪ Right to rectification
The data subject shall have the right to obtain from SABUR, without undue delay, the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. Where data has been provided to third parties, this will be disclosed to the data subject and the necessary changes will also be communicated to said third parties.
▪ Right to erasure (‘right to be forgotten’)
In a number of specific cases, the data subject shall have the right to obtain from SABUR the deletion of personal data concerning him or her and SABUR shall have the obligation to delete such personal data where one of the following grounds apply:
▪ The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
▪ The data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;
▪ The data subject objects to the processing and there are no overriding legitimate grounds for the processing;
▪ The personal data has been processed unlawfully;
▪ The personal data must be deleted for compliance with a legal obligation or law to which is subject;
▪ The personal data was collected when the person was still underage.
SABUR is not always obliged to delete personal data, for example, when the data is necessary in respect of instituting legal proceedings.
▪ Right to restriction of processing
Data subjects for whom SABUR stores data have the right to limit the scope of their processed personal data in the following cases:
▪ The accuracy of the personal data is contested by the data subject.
▪ The data subject has objected to the processing of their data and pending the verification whether the legitimate grounds of SABUR override those of the data subject, the data subject may request that the use of their data be restricted.
▪ The processing is unlawful, and the data subject opposes the deletion of the personal data and requests the restriction of their use instead.
– SABUR no longer needs the data, but the data subject requires it for him or herself.
▪ Right to transferability
Data subjects whose data is held by SABUR have the right to have their personal data that they provided transferred to another processor. This is only possible if the information was provided based on an agreement, or subject to the consent of the person concerned.
▪ Right to object
The persons from whom SABUR has collected data have the right to object to the processing of their data based on legitimate and justified grounds. SABUR will stop the processing of the data unless compelling or legal grounds can be shown to the contrary.
▪ Direct marketing
Data subjects have the right to oppose, free of charge, any processing of their personal data in terms of direct marketing (opt-out). This can be done without giving any reason and by contacting Customer Services, or by using the contact details below.
Data subjects have the right to file a complaint with the Commission for the Protection of Privacy.