Privacy Policy

Your privacy and trust are important to us and this Privacy Policy (“Policy”) provides important information about how Westbase Group Limited (CRN: 10349073), Westbase Technology Limited (CRN 02328219), Control Ltd (CRN 06904202), MS (Distribution) UK Ltd (CRN 04455490), Westbase Technology Solutions Ltd (CRN 6597528), Westbase B.V. (KvK number: 75238969) and Control USA Inc (Reg Delaware USA SR 20205566229) (together referred to as “Group” “we” or “us”) handle personal information.

This Policy applies to personal information which we process in the course of doing business including information processed through the Group’s websites and the goods and/or services we provide. Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.

It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on our website and/or contacting you using other methods such as email.

You can download and read our full GDPR-compliant privacy policy by following this link.

Purpose, legal basis and duration of the processing

We may process personal information about you in different ways depending on our relationship with you.

Please click on the link below which most closely identifies your relationship with us:

1. You are a Customer.
2. You are a Supplier.
3. You are a third party with whom we are in contact during the delivery of services to our customer or the possible delivery of services to prospective customers.
4. You are a prospective customer or a prospective supplier.
5. You are an employee or a relative of an employee.
6. You are a prospective employee.
7. We have received your information from a third party.
8. Your relationship with us is not covered by any of the above.

1. Customers

We will collect and store personal information including contact details of our customers, so that we can provide our goods and services in accordance with our contract with you. We will retain your personal information and any information relating to the contract between us in accordance with our retention policy following completion of the contract(s) between us so that we can review our performance if any complaints or issues arise after completion of the contract. The length of time that we keep your personal information will be in accordance with our Data Retention Policy.

We may use your information for analysis, where it is in our legitimate interests, to improve or develop our goods and services.
We may from time to time send you information which we think might be of interest to you. This contact may be made by telephone, e-mail, post or text. We will contact you in this way where it is in our legitimate interests to market our goods and services to you and we will only do this if we believe that you would reasonably expect us to contact you in this way.

2. Suppliers

We will collect and store personal information including contact details of our suppliers and sub-contractors and those employees of the supplier and sub-contractor who are involved in the delivery of the contract so that we can receive your goods or services in accordance with our contract with you. We will also retain that information and any information relating to the contract between us for a period of [seven] years following completion of the contract(s) between us so that we can review your performance if any complaints or issues arise after completion of the contract.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will do this where it is in our legitimate interests to develop our business and we will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

3. You are a third party with whom we are in contact during the delivery of goods and/or services to our customers or the possible delivery of goods and/or services to prospective customers.

We will collect and store personal information including contact details of third parties with whom we are in contact during the delivery of goods and/or services to our customers or discussions relating to goods and/or services to prospective customers. We process that information because it is in our legitimate interests to do so in order for us to be able to perform our contracts for our customers or pursuing business development opportunities with prospective customers. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not impact on you in a way that would make this processing unfair.

Where your personal information is kept because it relates to the performance of a contract with one of our customers, we will also retain that information and any information relating to that contract in accordance with our file retention policy following completion of that contract(s) so that we can review the file if any complaints or issues arise after completion of the contract.

Where your information is stored in our contacts database but is not kept in a customer or supplier file, we carry out a review of our contacts database in accordance with our Data Retention Policy when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.

We may also contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We will do this where it is in our legitimate interest to develop our business and we will only do this if we believe that you would reasonably expect us to contact you in this way and that such processing does not have an impact on you in a way that would make this processing unfair.

4. You are a prospective customer or an employee of a prospective customer. You are a prospective supplier or an employee of a prospective supplier.

We will collect and store personal information including contact details of people with whom we might do business as a supplier or a customer. We may collect this information from you, when you contact us (including through this website) or from a mutual contact. We will only collect contact information from your website or another third party website if we have identified you specifically as someone who may be interested in receiving goods or services from us or delivering goods or services to us.

We may contact you about new business opportunities for us to work together with you and to keep you informed of our activities. We do this where we have a legitimate interest to direct market to you and develop our business. We will only contact you in this way if we believe that you would reasonably expect us to process your personal information in this way and that such processing does not impact on you in a way that would make this processing unfair. Where your information is stored in our contacts database but is not kept in a customer or supplier file, we carry out a review of our contacts database in accordance with our Data Retention Policy when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.

5. You are an employee or a relative of an employee

Employees should refer to the Employee Data Protection Policy for further information about our privacy policy in respect of employees.

Where an employee has provided us with personal information about a spouse, civil partner or other family member/friend (perhaps in relation to sharing a company car, private medical insurance or other benefits or as an emergency contact), it is the employee’s responsibility to inform that person that the employee has provided us with their details and that we will be processing it as an emergency contact or in connection with the relevant benefit and/or policy in accordance with this privacy policy.

6. You are a prospective employee

If we have received your details in response to a recruitment initiative, we will store the personal information that either you, your recruitment agent or another third party has provided us with. We process that information because it is in our legitimate interests to do so in order for us to be able to make an informed decision about whether to interview you and, ultimately, recruit you. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair. Where your personal information is kept as part of a file relating to prospective employees of the Group, we will retain that information and any information relating to that matter. This is so that we can review the file if any complaints or issues arise after the recruitment process. The length of time that we keep prospective employee files is usually 6 months after conclusion of the relevant recruitment process.

Unless you request us not to do so, we may also contact those individuals who are referred to in any information you provide us with, for example referees; this contact may be made by telephone, e-mail, post or text. We will only do this if we have your express permission to contact them in this way.

7. We have received your information from a third party

If we have received your personal information from a third party, for example your employer or service provider, that third party will normally be the controller in relation to that personal information and we will be processing it on their behalf. You should therefore contact that third party to review their privacy policy. Where we have received your personal information from a customer, for example where you are a customer of our customer, we are holding this information because it is in our legitimate interests to hold that information on behalf of the customer for the purpose of fulfilling our contract with our customer. We will normally be holding such information subject to our professional duty of confidentiality.

8. Your relationship with us is not covered by any of the above

We may hold your contact details and personal information as a result of an interaction between you and one of our employees. We are processing your personal information in this way because it is in our legitimate interests to retain a record of our employee’s engagement with third parties. We believe that you would reasonably expect us to process your personal information in this way and that such processing does not have an impact on you in a way that would make this processing unfair. We carry out a review of our contacts database every [three] years when we consider whether or not we still have a legitimate interest to keep your contact information. Where we consider that we no longer have a legitimate interest to keep your contact information we will delete it.

Where you provide us with personal information about another person

If you give us personal information about another person, you must ensure that:
(a) you are legally entitled to give us that information;
(b) the disclosure is in accordance with any applicable data protection or privacy laws; and
(c) such other person has also read this privacy policy.

Personal information we hold

We may collect, use and otherwise process the following categories of personal information:

  • job title
  • email address
  • name
  • title
  • username
  • password
  • date of birth
  • telephone number
  • postal address
  • payment information for credit checks for our customers
    payment and financial information for billing purposes for our customers
  • information from credit reference and fraud prevention agencies for our customers
  • emails and correspondence
  • call recordings when you contact us, or one of our third-party sales agents, through our customer call centres messages through social media sites or via webchats
  • records of any settings or marketing or communication preferences you choose

When we share personal information

The Group shares or discloses personal information when necessary to provide goods and/or services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell any personal information to third parties. We may occasionally share non-personal, anonymised, and statistical data with third parties. Below are the parties with whom we may share personal information and why.

Within the Group: Our business is supported by a variety of people who are part of the Group’s teams and functions, and personal information will be made available to them if necessary for the provision of goods and/or services, account administration, sales and marketing, customer and technical support, and business development, for instance. All of our employees and contractors are required to follow our data privacy and security policies when handling personal information.

Our business partners: We occasionally partner with other organisations to deliver goods and/or services. As part of these arrangements, you may be a customer of both the Group and our partners, and we and our partners may collect and share information about you. The Group will handle personal information in accordance with this Policy, and we encourage you to review the privacy policies of our partners to learn more about how they collect, use, and share personal information.

Our third-party service providers: We partner with and are supported by service providers around the UK, EEA, USA and other countries that are outside of the European Economic Area (Third Countries). Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, including (without limitation) software, enterprise resource planning, system and platform support; direct marketing services; cloud hosting services; advertising; data analytics; accountancy; insurance; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us. The United States and other Third Countries may not have data protection laws that are as strong as those in the UK and EEA. Any transfer to third party service providers in the United States and Third Countries are subject to model contractual clauses as required by law or other appropriate safeguards to ensure personal data is protected.

Third parties for legal reasons: We will share personal information when we believe it is required, such as:

  • to comply with legal obligations and respond to requests from government agencies, including law enforcement and other public authorities;
  • in the event of a merger, sale, restructure, acquisition, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings); and
  • to protect our rights, users, systems, and goods and services.

Where we store and process personal information

We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.

We store information in hard copy files, which are stored in our offices. We also store information in electronic format using cloud based servers [within the European Union and the United States]. We collaborate with third parties such as cloud based services, suppliers, and technology support to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your personal information within the Group or to third parties in areas outside of UK and EEA. Any transfer to third parties outside the UK and EEA are subject to model contractual clauses as required by law or other appropriate safeguards to ensure personal data is protected.

How we secure personal information

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How long we keep personal information

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data set out in our Data Retention Policy.

Your legal rights

We respect your right to access and control your information and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.

  • Access to personal information: You have the right to request access to your personal data (known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
  • Object to processing of your personal data: You have the right to object to the processing of your personal data. Where we are relying on a legitimate interest (or those of a third party), if there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms, you have the right to do so. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request erasure of your personal data: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Request restriction of processing of your personal data: This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the accuracy of the data; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party: We will provide to you, or a third party chosen by you, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Correction of your data: You have the right to request that we correct your personal information if it is inaccurate or requires updating or complete your personal information if the information we hold is incomplete.
  • Withdrawal of consent: If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by using the contact details below.
  • Marketing preferences: To opt out of email marketing, you can use the unsubscribe link found in the email communication you receive from us or by using the contact details below.
  • Filing a complaint: If you are not satisfied with how the Group manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office.

If you fail to provide personal data

Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services). In this case, we may have to cancel your engagement with us but we will notify you if this is the case at the time.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please let us know by using the contact details below.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Third-party links

This website has links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

How to contact us

Please contact us in one of the following ways:

For All Group customers:
By Email: gdpr@westbase.io
By Post: GDPR Officer, Westbase Group Ltd, Westbase House, 2 Lodge Way, Severn Bridge Industrial Estate, Caldicot, Monmouthshire, NP26 5PS
By Telephone: +44 (0) 1291 437 567