As part of the J Marr Group of companies, The Ice Co adheres the the below Privacy Notice.
J Marr & Son Limited (and its subsidiary companies) here after known as the Company, is committed to protecting the privacy and security of your personal information. It is important that you read this notice, together with any privacy notice we may provide on specific occasion when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
J Marr & Son Limited is a “data controller”. This means that the Company is responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this Privacy Notice. We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information. If you have any questions about this privacy notice, please contact the Data Protection Officer or the GDPR Committee.
This notice applies to all those customers either in a current, previous or potential future working relationship with us.
3. Data Protection Officer (DPO)
We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Notice. The DPO is responsible for the upkeep, amendment and modification of this document. If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Data Protection Officer by emailing [email protected].
You also have the right to make a complaint at any time to the Information Commissioners Office, the UK supervisory authority for data protection issues.
4. The Personal Data we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We collect, store and use the following categories of personal information about you:
Contact details, such as name and title
Business details including address, telephone numbers, job title and email addresses
Credit Card, Bank Details and/or Payment Details
5. Special Categories of Personal Data
“Special categories” are more sensitive personal data including information such as race or ethnicity, religious beliefs or sexual orientation, Trade Union Membership, health including any medical conditions, health and sickness records, genetic information or biometric data, or information about criminal convictions.
We do not currently collect and store any special categories of personal data from our customers.
6. Why do we collect this information about you and what is the legal basis?
It is necessary for us to collect information about you to perform our contract in supplying you with our products and services. It is also within ours, and your, businesses legitimate interests for us to conduct certain business and marketing activity. We only collect the data that is needed, and only use it for the purpose intended. We only retain the data for the time period we believe is necessary and will only share data where we need to in order to complete activity. The third parties we share data with can be found later in this notice.
Some of the grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
8. How your Personal Information is collected
We collect personal information about customers directly from the data subject or through third party providers.
We collect personal information about you in the following ways:
Business contracts & Account Management
Incoming marketing and business emails
Linked In & industry publications
Trade shows and industry events
From other colleagues and/or contacts from within your business
Through sales orders, enquiries or complaints through any means of verbal, online or written contact.
On using our Company websites
From a contact outside your business, but who believes it is in your legitimate interest to share your details with us.
9. How we will use information about you
We will only use your personal information when the law allows us to. Most commonly, we will use your information in the following circumstances;
To engage in a working business relationship and/or contract
To contact you if we believe you would have a legitimate interest in our products and services
To allow us to send marketing emails to you with regards our latest news and product information.
10. If you fail to provide personal information
If you fail to provide certain information when requested, we may not be able to perform the activity we have entered into with you (such as sending product to fulfil orders), or we may be prevented from complying with our legal obligations.
11. Change of Purpose
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is permitted or required by law.
12. Automated Decision Making and Profiling
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. We do not envisage that any decisions will be taken about you using automated means, however we will notify you in writing if this position changes.
13. Data Security and Storage
The Company, third-party service providers and other entities within the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. We will put in place appropriate security measures to protect your data proportionate to the size of our operation, the resources available to us and the nature of the data we store. The third-party and cloud based companies we use can be seen in Point 14.
14. Data sharing – Third Party Service Providers
“Third parties” includes third party service providers (including designated agents) and other entities within our group. When we require third parties to handle and store your data, we request that they respect the security of your data and to treat it in accordance with the law. The third parties we work with that handle your data are;
Website Content Management Software
Email marketing storage and service provider
Delivery Partners: to send samples, gifts or letters.
Finance and Manufacturing Management Systems
Warehouse Management System
Transport Management System
We may share your personal information with other third parties, for example in the context of the possible sale or restructure of the business. We may also need to share your personal information with a regulator or to otherwise comply with law.
J Marr & Son Limited and its subsidiary companies will never sell your personal information to a third party.
15. Data retention – how long will you use my information for?
We will only retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.
If you need to know how long we retain your information for with regards to a specific activity, please contact the GDPR Committee.
16. Your duty to inform us of changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
17. Your rights in connection with personal information (Data Subject Access Request)
Request Access to your personal information (commonly known as a “data subject access request” DSAR). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it
Request Correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request Erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below point 17.4).
Object to Processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party (also known as portability).
Right to Withdraw Consent where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose (in limited circumstances). You have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate interest for doing so in law.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, withdraw consent for specific processing, or request that we transfer a copy of your personal data to another party, please contact the GDPR Committee as explained in point 3.
You will not have to pay a fee to access your personal data, (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of the other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
If you have any questions about this Privacy Notice or how we handle your personal information, please contact the Data Protection Officer by emailing [email protected]marr.co.uk.