Introduction

   

Aura Infection Control Ltd (AIC) processes and holds personal data from, and about, prospective, current and former business partners (customers and suppliers) to comply with tax, labour, health and safety, and other laws, to operate our businesses, and to serve our customers.

 

Aura Infection Control Ltd.

Company Registration Number: 0881466

Email address: orders@qwsonline.co.uk

Postal address: Aura Infection Control Ltd, Unit 22 Stainton Grove Industrial Estate, Barnard Castle, DL12 8UJ

Tel : 01833 630393

 

This Statement sets out the basis on which such information is held.

 

We may make changes to this Statement from time to time to reflect developments in the law.

 

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). However, we ask that you contact us in the first instance and give us the opportunity to address your concerns before you consider contacting the ICO.

 

Scope                                                                                                                                                                                                                                             

This policy statement details the basis on which such information is held, what we might do with the information, and who it will be shared with.

 

It sets out our position and commitment relating to data protection. We hold and process individual’s personal and sensitive personal data in regards to our business and services. We hold individual data in secure paper based, and electronic files and systems.

 

The data we process may relate to former, present and potential future business partners. We collect and maintain such data in order to meet our legitimate interests as a business, to comply with statutory requirements and fulfil individual contracts.

 

 

Responsibility

The specific responsibilities of the Data Controller, the Data Protection Officer, the IT Manager and the other roles in the company to ensure the data is collected, handled and stored appropriately are set out in our Data Protection Policy.

 

Where personal data is to be processed, all members of staff are responsible for ensuring data is processed in line with the current legislation and the General Data Protection Regulations.

 

 

Reasons and Purposes for Processing Information

 

We collect personal information so that we can deliver excellent customer service. It allows us to conduct business with you and inform you of our products and services, events, new launches, special offers, process orders and undertake deliveries etc. We have a legitimate interest in collecting the data to conduct business with you and we take all necessary steps to keep your data secure.

 

Type pf Personal Information Held

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). It is not possible for Aura Infection Control Ltd to enter into a contract to deliver products or services without the provision of certain personal data.

 

  • Identity data: includes first name, last name, username or similar details
  • Contact data: includes billing address, delivery address, email address, social media ID and telephone numbers
  • Transactional data: such as bank details and details about payments to and from Aura Infection Control Ltd
  • Technical data: IP address, browser type
  • Profile data: Marketing preferences and survey feedback responses
  • Aggregated data: statistical data
  • Usage data: includes information about how you use our website, products and services.

Aura Infection Control Ltd does not collect any special categories of personal data, i.e., details of race, ethnicity, religious belief, sexual orientation, political opinions, trade union membership, health, and generic and biometric data.

 

How We Collect Your Personal Data

We use different methods to collect your personal data including through:

 

Directly from you:

You may give us your identity and contact data either face-to-face or by filling in forms, or by corresponding with us by post, phone, email or otherwise. This includes any personal data you provide when you:

  • Place an order for products or services
  • Discuss a possible project or after sales activity
  • Request information to be sent to you
  • Meet us at an exhibition or at a business event
  • Give us feedback

 

Automated technology or interactions:

As you interact with our website or any of our digital platforms, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and similar technologies. Please see our cookie policy for further details.

 

Third parties or publicly available sources:

Aura Infection Control Ltd may receive personal data from third parties and public sources.

  • Request access to your personal data
  • Financial data such as payment transaction details from providers of payment and delivery services
  • Identity and contact data from publicly available sources such as Companies House

 

Use of Data

When we ask you for personal information we will keep to the law, including the General Data Protection Regulations, and we will:

 

  • make sure you know why we need it
  • only ask for what we need, and not to collect too much or irrelevant information
  • protect it and make sure nobody has access to it who should not have access
  • let you know if we share it with other organisations - and if you can say no
  • make sure we don’t keep it longer than necessary

 

When deciding the retention period for personal data we will take into account our legal and business interests.

 

Marketing

Aura Infection Control Ltd will use personal data to form a view on what marketing activities it believes will be of interest. You may receive technical and marketing communications if you have requested information from us or purchased products or services and have not opted out of receiving such communications. These communications will include important information such as new product availability, factory holiday shut downs, ordering details and new sales resources.

 

Aura Infection Control’s marketing activity is based on an email system which provides suppression of any unsubscribed individuals. The list is cleaned a minimum of every six months to remove any outdated contacts and to ensure accuracy.

 

Every marketing email you receive will have a clear unsubscribe option. You can ask us to stop sending you marketing messages at any time by using the unsubscribe link on our emails, or by contacting orders@qwsonline.co.uk.

 

Where you opt out of receiving marketing emails, this will not apply to personal data provided to us and still required to process your orders or requested services.

 

 

Security Procedures in Place to Protect the Data

We have established systems in place to protect personal data. Our company codes of conduct/policies protect data while allowing us to utilise process’s designed to make our businesses more efficient and effective in managing and supporting our business partners.

 

In protecting personal data we will not allow the misuse of individual’s data and we shall protect our legitimate interests as a business, and the vital interests and freedoms of our partners.

 

All personal data shall be:

 

  • obtained by lawful and fair means and, where appropriate, with knowledge or consent;
  • processed within the strict terms of the law, including but not limited to the General Data Protection Regulations, and any associated rules, regulations, statutory provisions, extensions or re-enactments thereof and where possible, in line with any current guidance and other publications of the Information Commissioner;
  • relevant for the purposes for which it is to be used;
  • accurate, complete and up to date;
  • kept for no longer than is necessary for its declared purpose;
  • held in the full knowledge of the individual (except in cases specifically excluded under the law);
  • protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data;
  • protected from unauthorisedcross border transmission to any other state which does not meet those standards laid down by the Council of Europe Convention (1981), the EC Data Protection Directive (95/46/EC) and the GDPR 2015.

 

Disclosure of Information to Third Parties

We sometimes need to share the personal information we process with the individual it concerns and also with other organisations.  Where this is necessary we will comply with all aspects of the law including the General Data Protection Regulations.  We do not disclose your information to any third parties or bodies unless we have permission to do so or are required to do so by law.

 

 

Obtaining the information we hold about you

You have the right to ask for a copy of your information and to correct any inaccuracies. 

 

If you wish to gain access to information you should write to the Data Protection Officer requesting this. The provision of personal data shall be satisfied within a month from receipt of a written request. 

 

We can refuse or charge for requests that are manifestly unfounded or excessive.  If we refuse a request, we will tell you why without undue delay and at the latest, within one month.

 

In all cases the relevant information will only be disclosed following a written request instructing the Data Protection Officer, and giving consent to the Data Protection Officer to make such disclosure. We will need to be satisfied of the identity of the individual making the Subject Access Request. 

 

You have the right to make any reasonable request for the rectification or amendment of personal data records provided that:

 

  • you can readily demonstrate the existence of an identifiable error, necessary update, relevant omission, superfluous fact, or
  • it is unlawful to maintain such a record.

 

The rectification of personal data shall be satisfied within a month from receipt of a request. 

 

Retention and Disposal of Personal Data

When we ask for personal information we will keep to the law, including the GDPR. Under the Regulations personal data processed for any purpose must not be kept for longer than is necessary for that purpose. When deciding the retention period for personal data we will take into account our legal and business interests.  It is a matter for reasonable judgement and common sense as to how long personal data should be retained.

 

 

Length of time for Retention of Personal Data

We will retain your personal information only for as long as is necessary for the purposes for which the information was collected, or as long as is required pursuant to law.

 

Data may be retained longer in cases where it is used in relation to a legal claim or is used in relation to a valid legal process.

 

Right to be forgotten

You have the right to ask for your personal data to be erased.

 

Individuals have the right to have their personal data erased if:

  • the personal data is no longer necessary for the purpose for which it was originally collected;
  • we are relying on consent as the lawful basis for holding the data, and you withdraw your consent;
  • we are relying on legitimate interests and there is no overriding legitimate interest to continue this processing;
  • we have processed the personal data unlawfully;
  • we have to do it to comply with a legal obligation.

 

The right to erasure does not apply if retaining the personal data is necessary for one of the following reasons:

 

  • to exercise the right of freedom of expression and information;
  • to comply with a legal obligation;
  • for the performance of a task carried out in the public interest or in the exercise of official authority;
  • for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
  • for the establishment, exercise or defence of legal claims.

 

If you wish to have personal data erased you should request this verbally or in writing to the Data Protection Officer. The erasure of the personal data relating shall be satisfied within a month from receipt of a request. 

 

We can refuse or charge for requests that are manifestly unfounded or excessive.  If we refuse a request, we will tell you why without undue delay and at the latest, within one month.

 

Website

We use analytical cookies on our websites which allow us to record technical data (such as IP addresses) so that we can recognise and count the number of visitors to our site and to see how visitors move around the site when they are using it.

 

This helps us to improve the way our website works, for example by ensuring that users find what they are looking for easily. We do not keep records of individual names or addresses, all of the data that we collect from the use of cookies is aggregated and anonymous.

 

You are not required to input any personal information to use our website in general, however, access to certain areas may require personal information to be recorded.

 

Any such personal information which we receive via this website will be used by us only for the purposes for which it was received and for any future communications with the sender of such information by Aura Infection Control Ltd. We will not, however, disclose such personal information we receive in respect of your use of the website to any third party without your permission, except as required by law.

 

Whilst we take all reasonable precautions to protect any personal data users may input via this website we cannot be responsible for and therefore exclude all liability for loss or misuse of personal data which is intercepted or otherwise accessed by unauthorised persons.

 

Our websites or other platforms may contain links to websites operated by third parties. Aura Infection Control Ltd does not control these sites and is not responsible for their privacy policies or security, such links are provided for your convenience only.