For the purposes of the GDPR legislation 2018, the data controller is Acopia Group
Acopia Group is committed to ensuring that your privacy is protected. The following document sets out our policy regarding our use of any personal data that we may collect from you or that you provide to us. Please check this page from time to time in case we have made any changes that may affect you.
This site has security measures in place to protect from loss, misuse and alteration of the information unde our control. We will hold and transmit your information in a safe, confidential and secure environment. We will not sell your personal information to third parties.
The information we provide to people about how we process their personal data will be: concise, transparent and easily accessible; written in clear and plain language and be free of charge. We will only collect adequate data for our trading purposes and will keep it under our control. Notices to this effect will be displayed clearly and prominently and we ask individuals to positively opt-in and we provide sufficient information to enable informed choices.
The purpose of processing any information is set out in Article 6 of the GDPR and is also purely to enable our business operations which can be summarised as supplying Goods Not for Resale and the legal basis for the processing is the Legitimate Interest Provisions as set out in the new General Data Protection Regulation (GDPR) of 2018.
Categories of data that we collect
We may collect and process personal data as defined in the new regulation as any information relating to an identified or identifiable natural person, including
- Name and job title
- Contact information including email addresses
- Invoice and delivery addresses
- Demographic information
- Transactions between us and fulfilment
- History and detail of visits to our website
- We may occasionally request you to fill in optional surveys. We may carry links that will yield anonymous statistical data about our users’ browsing action and patterns.
The purpose of processing any information is purely to enable our business operations which can be summarised as supplying Goods Not for Resale. We have checked that the processing of data is necessary our purposes, and are satisfied that there is no other reasonable way to achieve these purposes.
Other sources of information are set out more fully in our Data Flow Chart and may include buying data bases, registrations, business acquisitions, prospecting, social media and other publicly accessible sources.
The legitimate interests of the Data Controlling Officer and any third parties in handling the data extends only as far as purely business needs requires it.
We are relying on Legitimate Interest as our lawful basis under GDPR, and may refresh or review this from time to time.
Our lawful basis for collecting information is Legitimate Interest; i.e. we process data purely for purposes of creating and efficiently running a medium sized successful commercial operation offering goods not for resale to both end users and re-sellers. We are transparent in the way we go about contacting persons.
We do however also have customer consent based on long term trust. Acopia Group will use these bases amongst others for direct marketing and other business operations and this is also backed up by privacy notices.
The reasons above document why we meet the criteria of the Legitimate Interest basis; and we do not consider Consent to be a suitable basis for our company to operate on. We do not process sensitive biometric, criminal or special category information.
Recipients and users of any information are strictly limited to within the company and any commercial operations as set out above and are committed to using only adequate data to what is necessary to fulfil their purposes.
We may use independent companies eg IT support, sales processing and CRM systems and the like in the normal course of our duties. This processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. The companies we work closely with as needed are not normally involved in data processing but may come into contact with it in the course of system servicing, breakdowns, updates and invoicing.
No data is transferred to any third countries. While we have support companies in the UK for electronic back up and servicing etc, and suppliers in some third countries no data is transferred to them. Any support companies we use who have a third party contractor in a third country have processing agreements between themselves and form no part of this policy. We may perform profiling (automated processing of personal data to evaluate certain things practice about an individual), which can be part of an automated decision-making process and we document this in our data protection policy.
We are aware of the rights of the data subjects according to principal 6 of the Regulation being:
a right to prevent processing for direct marketing
a right to object to decisions being taken by automated means
a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
and a right to claim compensation for damages caused by a breach of the Act
They enable us to keep track of your shopping basket as you select items and navigate around our online shop. They allow you to participate in interactive features of our service when you choose to do so. A cookie will not give us access to your computer or information about you, other than the data you choose to share with us.
If you follow a link to any third party websites whilst accessing our site, please note that these websites will have their own privacy policies. We cannot accept any responsibility or liabilities for their operation.
Your right to access to information we hold about you can be exercised in accordance with the General Data Protection Regulation (GDPR) of 2018.
We are pleased to announce that we have been awarded the Cyber Essentials accreditation which demonstrates our on-going commitment to all data integrity and the systems we have in place to ensure IT security.
Acopia Group uses CCTV for building security. This will capture images of both staff and public, and this position is more fully set out in our document CCTV system—Controls under GDPR.
Our Data Controlling Officer (DCO) is Mr Tim Lynes, firstname.lastname@example.org, and his deputy is Wayne Lynes email@example.com located at Acopia Group Ltd, Global Point, Steyning Way, Bognor Regis, West Sussex, PO22 9SB
Tel 0845 075 6111