We understand that our use of your information requires your trust. Aura Brand Solutions is committed to the highest standards of data privacy and being transparent about how we use your information.
We will only use your information for clearly described purposes and in accordance with your data protection rights and privacy principles set out in the EU’s General Data Protection Regulation (GDPR).
This policy is effective from 16th May 2018.
We’re Aura Brand Solutions Limited. We provide a range of branding and image management services for commercial and public sector organisations that are described in more detail on our website in the What We Do section.
Our registered office is Freemantle Road, Lowestoft, Suffolk, NR33 0EA, United Kingdom. Our Registered company number is 02984457.
We are part of a group of companies owned and operated by Supersine Duramark Group Limited, which is registered at Freemantle Road, Lowestoft, Suffolk, NR33 0EA, United Kingdom under company number 00226536.
We operate from the locations shown on the Contact page of our website.
We also provide services under our wholly owned subsidiary, GLIMMA UK Limited, registered at Freemantle Road, Lowestoft, Suffolk, NR33 0EA, United Kingdom under company number 01558260.
We are a data controller of your personal data and act as a data processor for our clients and their partners in the capacity of providing the services they have contracted to us.
We have a dedicated data protection officer (“DPO”). You can contact the DPO using the details below or by writing to the above address, marking it for the attention of the DPO or going to our Contact page.
All the companies named above are registered with the Information Commissioner’s Office (ICO) in the UK and details can be checked at the ICO website - https://ico.org.uk/
Data Protection Registration Numbers:
|Aura Brand Solutions Limited (formerly Aura Graphics Limited):||ZA227841|
|Supersine Duramark Group Limited:||ZA227848|
|GLIMMA UK Limited:||ZA227858|
Personal information that we’ll process in connection with all of our products and services, if relevant, includes:
- Your first and last name, job title, company name, billing/delivery address, email and telephone number.
- Vehicle information, such as make and model and registration number used to carry out and record the completion of installation or repair works as instructed by you or our clients’ on your behalf.
- For your security, we’ll also keep an encrypted record of your login password if using one of our online services.
- Details of your interactions with us through our contact centres, via our sales team, online or by using one of our services. For example, we collect notes from our conversations with you, details of activities in relation to sales process, details of any complaints or comments you make, survey responses, details of orders you’ve placed, items viewed or added to your basket (if using our online ordering), web pages you visit and how and when you contact us.
- Current and previous positions, current and previous companies you represent, publicly available professional information about you.
- Payment card information - we don’t keep this information, but it may be processed over the phone only at the time of transaction or provided by you to a third-party payment processor (e.g. PayPal) on our ordering site.
- Your image and vehicle registration number may be recorded on CCTV when you visit one of our sites.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
We do not collect any Sensitive Data about you. Sensitive data refers to special categories of data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any information about criminal convictions and offences.
We’ll collect personal information from the following general sources:
- When you visit any of our websites, and use your account to buy products and services, on the phone, by email or online.
- When you create an account with us.
- When you request a quotation for or make an enquiry about a product or service by phone, by email, via an online form, directly to one of our sales staff or at an event.
- When you engage with us on social media.
- When you contact us by any means with queries, complaints, etc.
- When you book any kind of appointment with us or book to attend an event, for example a vehicle installation slot or graphics application training course.
- When you choose to complete any surveys we send you.
- When you comment on or review our products and services.
- When you enter any prize draws or competitions.
- When you fill in any forms. For example, when you sign up to newsletters or other marketing communications. If an accident happens on a site where we are carrying out works or a warranty claim is submitted, a Partner may collect your personal data.
- When you’ve given a third-party permission to share with us the information they hold about you. For example, you have engaged an intermediary (e.g. design agency, building contractor, vehicle repairer) to organise the purchase and delivery of the products or services from us.
- We collect data from publicly-available sources (such as business directories, your company website) when you have given your consent to share information or where the information is made public as a matter of law.
- When you use our car parks, facilities and offices, which usually have CCTV systems operated for the security of both customers and partners. These systems may record your image during your visit.
Legal grounds for processing your personal information
The law on data protection sets out several different reasons (the legal basis) for which a company may collect and process your personal data. We will only use your personal data when legally permitted.
We will not resell your personal data at any time or pass it to third parties for any other purpose than those listed below.
Depending on the relationships we have or wish to have with you, the most common reasons and legal grounds for use of your personal data that we use are:
- Where we need to for the performance of the contract between us (art. 6 para. 1 b GDPR).
- Where it is necessary for us to pursue our legitimate interests (or those of a third party) in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests (art. 6 para. 1 f GDPR).
- Where we need to comply with a legal or regulatory obligation (art. 6 para. 1 c GDPR).
- Where we collect and process your personal data with your consent usually via a tick-box opt in action (art. 6 para. 1 a GDPR).
Generally, we do not rely on consent as a legal ground other than in relation to sending some marketing communications to you where we are not relying on our legitimate interest to do so.
Where we do use consent, you have the right to withdraw it at any time using the instructions found in all relevant communications or using the details in the contact us section below.
There may be uses that are permitted based on other grounds; where this is the case we will use reasonable endeavours to identify the ground and communicate it you as soon as possible after becoming aware of the new basis.
Purposes for processing your personal data
To manage business relations based on our legitimate interest. If you are a representative of our current/potential client, supplier, business partner or investor, we may process your personal data as outlined in "Personal information we collect about you?" section above, to develop and/or maintain business relations and communications with us, to engage a new business with the company you represent, to provide you with the status/details/other information about our works and services, to organise the approval, processing and signing of contracts, orders, invoices and other contractual documentation, to promote our new products, works and services, to confirm the high level of our works and services, to invite you to meetings, events and organise them.
To manage all sales stages and activities relevant to the processing of any quotations, product/service enquiries, orders or appointments, that you make by using our websites, by telephone, by email, other written communication, or via our sales staff. We do this based on the performance of a contract with you and our legal obligations in relation to financial record keeping, etc. If we don’t collect your personal data for these purposes, we won’t be able to process your request to provide pricing or delivery of the goods of services you require.
For example, your details may need to be passed to a third party (e.g. courier service provider or installation subcontractor) to supply or deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards to fulfil any contractual obligations such as refunds, guarantees and so on.
Customer service and support to respond to your queries, refund requests and complaints. Handling the information you send enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
To administer and protect our business, our website and your account (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). We do this for our legitimate interests for running our business in the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.
For example, by checking your password when you log in and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.
To provide the most interesting and relevant content to you on our websites and improve our products/services, marketing, customer relationships and experiences, we’ll use data we hold about your order history, your activity on our website (data analytics), your preferred products and so on. We do so on the basis legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy.
For example, we might display a list of items you’ve recently looked at or offer you recommendations based on your purchase history and any other data you’ve shared with us.
To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
To send you survey and feedback requests to help improve our product and services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We do this based on our legitimate interests to help make our products and services more relevant to you, study how customers use our products/services, to develop them and grow our business.
Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences or unsubscribing using the links providing in these communications.
To build a rich picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from third parties and data from publicly-available sources as we have described in the "Personal information we collect about you?" section above. We’ll do this based on our legitimate business interest.
For example, by combining this data and in some instances using automated decision making, will help us personalise your experience and decide which content to share with you. We also use anonymised data from customer order histories to identify trends in product use and report on operational data relating to our clients’ assets (areas of damage to vehicles, branding audits, etc).
To protect our customers, premises, assets and partners from crime, we operate CCTV systems at our sites and offices which record images for security. We do this based on our legitimate business interests.
To process payments and to prevent fraudulent transactions. We do this based on our legitimate business interests. This also helps to protect our customers from fraud.
If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.
To send you communications required by law or which are necessary to inform you about our changes to the services we provide you.
For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders.
These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
To comply with our contractual or legal obligations to share data with law enforcement.
For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
You will receive relevant marketing communications from us if you have:
(i) requested information from us or purchased goods or services from us based on legitimate interest; or
(ii) if you provided us with your details and ticked the opt-in box at the point of entry of your details for us to send you marketing communications based on consent; and
(iii) in each case, you have not opted out of receiving that marketing.
We will not share your personal data with any third party for marketing purposes.
You can ask us to stop sending you marketing messages at any time by using the unsubscribe link on these communications or emailing us with your request at email@example.com at any time.
Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some of the products and services you’ve asked for.
We use a variety of security measures, including encryption and authentication tools, to help protect and maintain security, integrity and availability of your information.
Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:
- tightly restricted personal access to your data for those employees, agents and contractors other third parties on a 'need to know' basis and for the communicated purpose only and subject to a duty of confidentiality;
- transferred collected data only in encrypted form;
- archive data stored in minimised or pseudonymised and encrypted form;
- firewalled IT systems to prohibit unauthorised access e.g. from hackers;
- permanently monitored access to IT systems to detect and stop misuse of personal data.
If you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, do not forget your responsibility for keeping this password confidential. We ask you not to share your password with anyone.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We may have to share your personal data with the following third parties for the purposes listed in section above - How do we use your personal data and why?
- Business partners (for example, courier service providers, installation sub-contractors), or others who are a part of providing your products and services or operating our business.
- Other organisations and businesses who provide services to us such as debt recovery agencies, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- Third parties to whom we sell, transfer, or merge parts of our business or our assets.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes to fulfil the service they provide you on our behalf and in accordance with our instructions.
We’re based in the UK, but sometimes your personal information may be transferred and stored outside the European Economic Area. If we do so we’ll make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
We rely upon a number of means to transfer personal information, which is subject to the European General Data Protection Regulation (“GDPR”) in accordance with Chapter V of the GDPR. These include:
Privacy Shield - We transfer, in accordance with Article 45 of the GDPR, personal information to companies that have certified their compliance with the EU-U.S. or Swiss-U.S. Privacy Shield Frameworks (each individually and jointly, the “Privacy Shield”).
Standard data protection clauses - We may, in accordance with Article 46 of the GDPR, transfer personal information to recipients that have entered into the European Commission approved contract for the transfer of personal data outside the European Economic Area.
Other means - We may, in accordance with Articles 45 and 46 of the GDPR, transfer personal information to recipients that are in a country the European Commission or a European data protection supervisory authority has confirmed, by decision, offers an adequate level of data protection, pursuant to an approved certification mechanism or code of conduct, together with binding enforcement commitments from the recipient to apply the appropriate safeguards, including as regards data subjects’ rights, or to processors which have committed to comply with binding corporate rules.
You can find out more information about these transfer mechanisms here.
Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.
You should tell us so that we can update our records using the details in the Contact section of our website. We’ll then update your records if we can.
We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. For instance, we may do this to decide: whether to offer you a product or service, to determine the risk of doing so, the price we will offer, whether to offer you credit, what terms and conditions to offer you.
We’ll do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent.
We retain personal information regarding you or your use of the products or services for as long as your Account or contract is active or for as long as needed to provide you with the goods and services.
The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
- For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
- For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
- Retention periods in line with legal and regulatory requirements or guidance.
For example, the period we keep your contact details is dependent on where and how it was used – if on an invoice this may be kept for 7 years following the end of the contract for financial and tax auditing purposes. Conversely the period for which we keep a response to a customer survey you complete would be significantly less.
If information is used for two purposes, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.
We restrict access to your information to only those persons who need to use it for the relevant purpose.
Please note that during the operating of our business, we collect and maintain aggregated, anonymised or de-personalised information which we may retain indefinitely. When your information is no longer needed it may be treated this way, or securely erased or destroyed.
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.
- The right to be informed about the processing of your personal information
- The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
- The right to object to processing of your personal information
- The right to restrict processing of your personal information
- The right to have your personal information erased (the “right to be forgotten”)
- The right to request access to your personal information and to obtain information about how we process it
- The right to move, copy or transfer your personal information to another organisation (“data portability”)
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you
To exercise any of these rights please contact our Data Protection Officer using the details at the bottom of this policy. Please detail the rights you are wishing to exercise so we can send you any appropriate forms (e.g. Subject Access Request Form) and further instructions.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to complain to Aura Brand Solutions about how we (or one of the third parties we list above) are using your personal data, you also have the right to complain directly to the Information Commissioner’s Office which enforces data protection laws in the UK: https://ico.org.uk.
You can contact us using the details at the end of this policy.
This privacy notice applies to personal information processed by or on behalf of Aura Brand Solutions for all products and services, and instances where we collect your personal data as a customer, prospect, supplier, partner or visitor to our website.
If you are a client and we process personal data on your behalf, see our Data Protection Policy Statement to learn more about how we process data you give us on your instructions or with your permission.
Attention: Data Protection Officer, Aura Brand Solutions, Freemantle Road, Lowestoft, Suffolk, NR33 0EA, UK