Privacy Notice

1. Introduction

At Saywell International we take the protection of your personal data very seriously and undertake to respect your privacy at all times.

This privacy notice (“notice”) will explain how we look after your personal data and how the law can help to protect your rights to privacy.  The notice applies to the processing of personal data by Saywell International in connection with any:

  • “customer services”: provision of products and services by Saywell International to actual and prospective customers;
  • “supplier services”: provision of products and services to Saywell International by its suppliers or service providers;

Any references in this notice to “you” or “your” are references to individuals whose personal data Saywell International processes in connection with customer and supplier services.  When we refer to our “customers” or our “suppliers” this includes their employees or other staff whose personal details we process.

This Privacy notice is issued on behalf of Saywell International Limited and its wholly owned subsidiary Saywell International Inc. Together, they are referred to as “Saywell International”. References in this notice to “Saywell International”, “we”, “us” or “our” are references to the relevant company in the group responsible for processing your data. Saywell International Limited is the controller responsible for this website and whose registered office is Aviation Centre, Downlands Business Park, Worthing, West Sussex BN14 9LA, England.

 

2. Importance of personal data protection

We recognise that the use and disclosure of personal data has important implications for us and for the individuals whose personal data we process.

 

3.Purpose of this notice

This notice aims to give you information about how we collect and process your personal data. It is important that you read this notice together with any other notices we may provide on specific occasions when we are collecting or processing your personal data, so that you are fully aware of how and why we are using your personal data. This notice supplements the other notices and is not intended to override them.

 

4. Who is the controller for the personal data processed?

A “controller” is a person or organisation who alone or jointly determines the purposes for which, and the manner in which, any personal data is, or is likely to be, processed. Saywell International Limited is the controller for your personal data.

We have appointed a data protection officer (DPO) who you can contact If you have any questions about this notice, including any requests to exercise your rights.

Contact details are as follows:
Aviation Centre, Downlands Business Park
Worthing
West Sussex
BN14 9LA
UK

Data Protection Officer: DPO@saywell.co.uk

 5. How to make a complaint about the use of your personal data by us

If you have any concerns or would like to make a complaint about our processing of your personal data, please contact our Data Protection Officer in the first instance.  You have the right to complain at any time to the Information Commissioner’s Office (ICO) the UK supervisory authority for data protection issues (www.ico.org.uk). However, we would encourage you to contact us in the first instance as we aim to promptly, efficiently and satisfactorily resolve any concerns or complaints you may have in relation to Saywell International’s processing of your personal data.

 

6. Changes to the notice or to your personal data

The first version of this notice was issued in May 2018 and this notice was last updated on the “as amended on” date (if any) on the cover page of this notice. Any prior versions of this notice can be obtained by contacting us at DPO@saywell.co.uk.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you wish to update your personal data, please contact your usual Saywell International contact.

 

7. The personal data we collect about you

Personal data includes any information about an individual from which that person can be identified. It does not include personal data where the identity has been removed (anonymous data).

We collect, use, store and transfer different kinds of personal data about you. We have grouped together the following categories of personal data to explain how this type of information is used by us. These terms are used throughout this notice:

  • Identity Data”: including your first name, middle names, last name, username or similar identifier.
  • Contact Data”: including your or your company’s billing address, delivery address, email address and telephone numbers;
  • Financial Data”: including your or your company’s bank account and payment card details;
  • Services Data”: including details about payments to and from you or your company and other details of services you have purchased from us or we have purchased from you;
  • Profile Data”: including your usernames and passwords, purchases or orders made by you or your company, feedback and survey responses;
  •  “Marketing and Communications Data”: including information collected about you or your company’s product interest. Additional information about the personal data we process in connection with marketing is included with the marketing communications we send you;
  • Professional Information”: including your contact details and job title, email address, phone number and addresses; and
  • Professional History”: including your email address, phone number, address and positions, maybe stored on file for company’s which you were previously associated with.

Neither our website or the services we offer are intended for children and we do not knowingly collect data relating to children.

 

8. If you fail to provide personal data to us

Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide the personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with a product or services). In this case, we may have to decline to provide or receive the relevant services, but we will notify you if this is the case at the time the personal data is collected.

 

9. How your personal data is collected

We use different methods to collect personal data from and about you, including through the channels set out below.

Direct interactions: You give us your personal data in your direct interactions with us. Such personal data includes Identity Data, Contact Data, Financial Data, Services Data, Profile Data, Usage Data, Marketing and Communications Data, Professional Information, and/or Professional History which you give us from time to time (i) by filling in forms on our website or (ii) corresponding with us by email, post, in person, telephone or otherwise. Such direct interactions include, for example, instances when you:

  • enquire about or apply for our products or services;
  • market or provide your supplier services to us;
  • give us your business card at an event or a meeting, or otherwise personally give us your personal data (for example, by leaving your contact details at the reception of one of our offices or with our switchboard);
  • give us your personal data via an electronic platform which we make available or which we have agreed with you to use in connection with our client services (for instance, any e-billing system which you require us to use) or in connection with your supplier services (for example, an electronic platform that you supply to us);
  • subscribe to our publications or otherwise ask for our marketing;
  • participate in our marketing or other promotional events;
  • participate in our trade shows and similar events; or
  • give us feedback (for example, by completing a survey).

Website, cookies and marketing: You give us your personal data, which includes Profile Data, Usage Data, Professional Information and/or Marketing and Communications Data, when you use our website or review the publications or marketing we send you.

Third-party sources: We receive Identity Data, Contact Data, Financial Data and Professional Information about you from third parties, when we:

  • provide our products and services to other parties who send us your personal data to enable the provision of those products or service;
  • conduct our background checks using search information providers;
  • you provide your personal data to a third party for the purpose of sharing it with us.

Publicly available sources: We collect Identity Data, Contact Data, Financial Data, Professional Information, Professional History from publicly availably sources, including from:

  • public registers of companies for instance, Companies House in the United Kingdom;
  • public registers of sanctioned persons and entities (such as, HM Treasury in the United Kingdom or the Office of Foreign Assets Control of the United States department of the Treasury); and
  • other public sources including any services accessible on the Internet which you are using for professional networking purposes for example Linked-In.

 

10. How we use your personal data

We will only process (i.e. use) your personal data when the law allows us to, that is, when we have a legal basis for processing. Section 11 (Purposes and legal basis for which we will use your personal data) below sets out further information about the legal bases that we rely on to process your personal data.

We use your personal data in the following circumstances:

  • “performance of a contract”: where we need to perform a contract which we are about to enter into or have entered into with you;
  • “legal or regulatory obligation”: where we need to comply with a legal or regulatory obligation that we are subject to;
  • “legitimate interests”: where necessary for our interests (or those of a third party), provided that your fundamental rights do not override such interests. This can mean, for instance, that it is in our interest, to monitor how you are using any customer portals we set up for you or access to systems to ensure that the security of such portals or systems is maintained. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests; and
  • “consent and explicit consent”: where you have provided your consent or explicit consent to processing your personal data.

We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

With limited exceptions (for instance, in relation to some of our electronic marketing), generally we do not rely on consent as the legal basis for processing your personal data. You have the right to withdraw consent to electronic marketing at any time by following the unsubscribe instructions in such marketing materials or by contacting us at DPO@saywell.co.uk.  Please refer to Section 13 (Marketing and exercising your right to opt-out of marketing) for more information about how we use your personal data for marketing purposes and your rights.

 

11. Purposes and legal basis for which we will use your personal data

We set out below, in a table format, a description of the ways in which we use your personal data and the legal bases we rely on to do so. Where appropriate, we have also identified our legitimate interests in processing your personal data.

We may process your personal data for more than one legal basis depending on the specific purpose for which we are using your personal data. Please contact us at DPO@saywell.co.uk if you need details about the specific legal basis we are relying on to process your personal data where more than one ground has been set out in the table below.

 

 Purpose and/or activity Type of data  Legal basis for processing
To register you on as a new customer
  • Identity Data
  • Contact Data
  • Financial Data
  • Services Data
  • Professional Information
  • Professional History
  • Performance of a contract
  • Legitimate interests: ensuring we do not deal with proceeds of criminal activities or assist in any other unlawful or fraudulent activities for example terrorism
To deliver our product or services to you including (among others) to manage payments, fees and charges and to collect and recover money owed to us
  • Identity Data
  • Contact Data
  • Financial Data
  • Services Data
  • Profile Data
  • Usage Data
  • Marketing and Communications Data
  • Professional Information
  • Performance of a contract
  • Legitimate interests: ensuring that you are provided with the best customer service we can offer and securing a prompt payment of any fees, costs and debts in respect of our services
To manage our relationship with you which will include notifying you about changes to our terms of business or this notice
  • Identity Data
  • Contact Data
  • Profile Data
  • Marketing and Communications Data
  • Professional Information
  • Performance of a contract
  • Legal or regulatory obligation
  • Legitimate interests: ensuring we can notify you about changes to our terms of business or this notice
To manage and protect our business, including improving data security, troubleshooting data and systems, system maintenance and testing, data hosting, managing our offices and other facilities
  • Identity Data
  • Contact Data
  • Profile Data
  • Usage Data
  • Marketing and Communications Data
  • Professional Information
  • Legal or regulatory obligation
  • Legitimate interests: ensuring the efficient and secure running of our business, including through office and facilities administration, maintaining information technology services, network and data security, fraud prevention and improving or reorganising our infrastructure
To invite you to take part in marketing or other promotional events and to manage your participation in them
  • Identity Data
  • Contact Data
  • Profile Data
  • Usage Data
  • Marketing and Communications Data
  • Professional Information
  • Professional History
  • Legitimate interests: ensuring our customer records are up-to-date, promoting our customer services, receiving feedback, improving our services and identifying ways to grow our business
To send you marketing (including paper and electronic marketing communications) or to contact you by other means to offer you our products or services
  • Identity Data
  • Contact Data
  • Profile Data
  • Usage Data
  • Marketing and Communications Data
  • Professional Information
  • Professional History
  • Legitimate interests: promoting our products and services, identifying ways to grow our business
To ask you for feedback (for instance, in a survey) about our services and to manage, review and act on the feedback we are getting
  • Identity Data
  • Contact Data
  • Profile Data
  • Marketing and Communications Data
  • Professional Information
  • Legitimate interests: reviewing how clients use, and what they think of, our services improving them and identifying ways to grow our business

 

12. Change of purpose

We will only use your personal data for the purposes for which we collected it as detailed in Section 10 (How we use your personal data) andSection 11 (Purposes and legal basis for which we will use your personal data), unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to receive an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at DPO@saywell.co.uk.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

13. Marketing and exercising your right to opt-out of marketing

We will not use your personal data to send you marketing materials if you have requested not to receive them. If you request that we stop processing your personal data for marketing purposes, we shall stop processing your personal data for those purposes.

We would encourage you to make such requests via email to your usual Saywell International contact or to DPO@saywell.co.uk. In any event, such request can be made at any time free of charge.

 

14. Third-party marketing

We do not share your personal data with any organisations outside of Saywell International for marketing purposes.

 

15. Disclosures of your personal data

We may have to share your personal data with the entities and persons set out below for the purposes for which we collected the personal data, as detailed in Section 10 (How we use your personal data) and Section 11 (Purposes and legal basis for which we will use your personal data).

  • Your personal data will be shared between the Saywell International group of companies. As an international company, we share your personal data between Saywell International offices to ensure the efficient operation of our company and to provide the highest quality of customer service.
    1. any person or entity to whom we are required or requested to make such disclosure by any court of competent jurisdiction or by any governmental, taxation or other regulatory authority, law enforcement agency or similar body;
    2. our professional advisers or consultants, including lawyers, bankers, auditors, accountants and insurers providing consultancy, legal, banking, audit, accounting or insurance services to us;
    3. any financial institutions providing finance to us;
    4.  service providers who provide information technology and system administration services to us; and
    5. any external auditors who may carry out independent checks of your file as part of our accreditations.
  • Where required, we will disclose your personal data to:
  • If you ask us to do so in relation to the products or services we are providing or the supplier services you are providing, we may disclose your personal data to other persons or entities as instructed.
  • We may share your personal data with persons or entities outside of Saywell International to whom we may sell or transfer parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, the part of our business that is (as the case may be) sold, acquired or is the merged entity may use your personal data in the same way as set out in this notice.

We require any person or entity to whom we disclose personal data to respect the confidentiality and security of your personal data and to treat it in accordance with applicable laws and regulations. We do not allow such recipients of your personal data to use it for their own purposes, and we only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

16. International transfers

We may share your personal data within the Saywell International group.  This may involve transferring your personal data outside the European Economic Area (“EEA”).

In some cases, our external third parties are based outside the EEA.  Therefore their processing of your personal data will involve a transfer of such data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
  • where we use certain service providers, we may use specific contracts approved by the European Commission which gives personal data the same protection it has within the EEA; and
  • Where we use providers based in the US, we may transfer personal data to them if they are certified under the EU-US Privacy Shield which requires certified providers to have in place and maintain a similar level of protection to the personal data as if it was processed within the EEA.

Please contact us at DPO@saywell.co.uk if you would like further information about the specific mechanism used by us when transferring your personal data out of the EEA.

 

17. Data security

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk of processing, including:

  • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and
  • a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.

We ensure that those who have permanent or regular access to personal data, or that are involved in the processing of personal data, or in the development of tools used to process personal data, are trained and informed of their rights and responsibilities in when processing personal data.

 

18. Data retention

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. This includes for example the purposes of satisfying any legal, regulatory, reporting or accounting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

It is a legal requirement in the United Kingdom to keep basic information about customers (including Contact, Identity, Financial and Transaction Date) for six years even after they cease being customers.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

 

19. Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data.

Details of your rights are set out below:

  • right to be informed about how personal data is used – you have a right to be informed about how we will use and share your personal data. This explanation will be provided to you in a concise, transparent, intelligible and easily accessible format and will be written in clear and plain language;
  • right to access personal data – you have a right to obtain confirmation of whether we are processing your personal data, access to your personal data and information regarding how your personal data is being used by us;
  • right to have inaccurate personal data rectified – you have a right to have any inaccurate or incomplete personal data rectified. If we have disclosed the relevant personal data to any third parties, we will take reasonable steps to inform those third parties of the rectification where possible;
  • right to have personal data erased in certain circumstances – you have a right to request that certain personal data held by us is erased. This is also known as the right to be forgotten. This is not a blanket right to require all personal data to be deleted. We will consider each request carefully in accordance with the requirements of any laws relating to the processing of your personal data;
  • right to restrict processing of personal data in certain circumstances – you have a right to block the processing of your personal data in certain circumstances;
  • right to data portability – in certain circumstances you can request to receive a copy of your personal data in a commonly used electronic format. This right only applies to personal data that you have provided to us (for example by completing a form or providing information through a website). Information about you which has been gathered by monitoring your behaviour will also be subject to the right to data portability. The right to data portability only applies if the processing is based on your consent or if the personal data must be processed for the performance of a contract and the processing is carried out by automated means (i.e. electronically);
  • right to object to processing of personal data in certain circumstances, including where personal data is used for marketing purposes – you have a right to object to processing being carried out by us if (a) we are processing personal data based on legitimate interests or for the performance of a task in the public interest (including profiling), (b) if we are using personal data for direct marketing purposes, or (c) if information is being processed for scientific or historical research or statistical purposes. You will be informed that you have a right to object at the point of data collection and the right to object will be explicitly brought to your attention and be presented clearly and separately from any other information; and
  • right not to be subject to automated decisions where the decision produces a legal effect or a similarly significant effect – you have a right not to be subject to a decision which is based on automated processing where the decision will produce a legal effect or a similarly significant effect on you.

You may exercise any of your rights at any using the contact details set out in Section 4. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one calendar month. Occasionally it may take us longer than one calendar month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.