Data Privacy

Thank you for visiting our website and for showing an interest in our company. We see data protection as a hallmark of our commitment to our customers. Protecting your personal data and safeguarding your personal rights is important to us.

The purpose of this Data privacy statement is to allow us to transparently inform all users of our website about the nature, scope, and purpose of the personal data that we collect, use, and process as well as to clarify your rights as a user.

In principle, it is possible to use our website without providing any personal data. However, if you use our website to access our company’s services, we may be required to process your personal data.

Data that is collected automatically when you visit our web pages, or personal data that you submit when using our services, is processed in accordance with the latest statutory provisions on the protection of personal data.

If processing of your personal data is required and there is no legal basis for such processing, we will always obtain your consent in relation to the purpose for which your data is to be processed.

As a controller responsible for the processing of your personal data, we have established technical and organisational measures to ensure that your personal data is protected to the highest possible level.

However, it should be noted that the transfer of data via the Internet will always be vulnerable to security breaches.

If you would like to use our company’s services but do not wish to use the Internet for transferring data, you also have the option of communicating by phone.

Contact details of the controller

The controller within the meaning of the General Data Protection Regulation is as follows:

Keeley Travis Business Solutions Ltd
Unit A1 Lingard Court, Lingard House
Stockport
SK6 2QU
Tel.: 0161 683 4247

Email: sales@keeley-travis.co.uk

The following person has been appointed as data protection officer:

John Keeley
Keeley Travis Business Solutions Ltd
Tel.: 0161 683 4247
Email: sales@keeley-travis.co.uk

Collection of general access data

Each time you visit our website, the server log file data that your browser sends to us is automatically collected. This includes the following data:

1. The IP address (Internet Protocol address) of the computer that was used to access the website
2. The website from which you accessed our website (referring website)
3. The pages on our website that you visit
4. The date and duration of your visit
5. Your browser type and browser settings
6. Your operating system

Note that it must not be possible to attribute this data to a specific person. We use this technical access data for the following purposes exclusively:

1. To improve the appeal and usability of our web pages
2. To identify any technical problems with our website in a timely manner
3. To deliver the content of our web pages without errors
4. To provide law enforcement authorities with the information needed to enforce the law in the event of a cyberattack
5. For advertising and sales purposes
6. Collection and sharing of personal data

Registering on our website

We only use your personal data for the purposes listed on this information page on data protection.

Our website includes entry forms for collecting personal data. These largely correspond to the following:

• Forms used for getting in contact with us: https://www.keeley-travis.co.uk/contact-us/
• Forms used for scheduling a demo or requesting a quote: https://keeley-travis.co.uk/office-photocopiers-managed-print-service/ (EXAMPLE)

In order to provide you the best consultancy, it might be necessary to disclose your data to one of our solutions providers.  In this case you will be contacted by a consultant of those.

Subscribing to our newsletter

Our website allows you to subscribe to our newsletter, which we use to inform you about our offers, products, and information at regular intervals.

To receive our newsletter, you need to have a valid e-mail address.

In order to send you a personalized newsletter, we need you to provide the following information:

1. E-mail address

The data specified here is exclusively used for the purposes of sending the newsletter. This personal data is not disclosed to third parties. We use Mailchimp technology to process, send, and analyse newsletters. If we obtain your e-mail address in connection with the sale of a product or service, and you have not objected to this, we reserve the right to send you by e-mail regular offers for other products in our range that are similar to those already purchased. At all times, you have the option to stop receiving the newsletter by cancelling your subscription, and to withdraw your consent in relation to the use of your data for the purposes of sending the newsletter. Each newsletter will include a corresponding link for this purpose.

Submission of application documents

When you submit an application to us (either online or via e-mail), we collect and process various personal data relating to your application.

This includes the following data in particular:

• Your contact information (name, address, phone number, and e-mail address)
• Your application documents (letter of application, curriculum vitae, certificates, or other educational diplomas and qualifications)

Once you have submitted your application, you will receive an e-mail confirming receipt of your application documents.

Personal data relating to your application is collected and processed exclusively for the purposes of filling positions within our company. Your data will only ever be forwarded to the internal departments and specialist units of our company that are responsible for the specific application process. Personal data relating to your application will never be shared with other companies without your prior, express consent. The data relating to your application will not be used or shared with third parties beyond the scope described here.

Personal data relating to your application will be systematically erased six months after the application process has ended. This does not apply if statutory provisions preclude erasure, if storage for a longer period is required for the purposes of providing evidence, or if you have expressly agreed to have your data stored for a longer period; for job vacancies in the future, for example.

If a contract of employment is concluded with an applicant, the data provided will be stored for the purposes of putting in place the employment relationship in compliance with the legal requirements.

Communication via e-mail or contact form

Our website allows you to get in touch with us via e-mail and/or via a contact form.

If you contact us by e-mail or via a contact form, the personal data that you provide will be automatically saved.

Such personal data, which you freely submit to us, will be stored for the purposes of processing your request or contacting you in your capacity as a data subject.

What are cookies used for?

Cookies are used in various parts of our website. For more information and to find out what cookies we use, please see our Cookie policy.

Implementation and use of tracking and analysis tools and social media plug-ins

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies,” which are text files that are stored on your computer and used to analyse the way you use our website. The information generated by cookies in relation to your use of this website is generally sent to a Google server in the US where it is stored. As part of this process, we use IP anonymization (“IP masking”) on our website. This means that within member states of the European Union or in other states that are party to the Agreement on the European Economic Area, your IP address will be shortened by Google before it is transmitted. Only in exceptional cases will the full IP address be transmitted to a Google server in the US first, and then shortened. Google will use this information to evaluate your use of the website, compile reports on website activity, and provide the website owner with other services relating to website and Internet usage. The IP address that is sent from your browser by Google Analytics is not merged with other Google data. You can prevent cookies from being saved by applying a specific setting in your browser software. However, please note that if you do this, you may not be able to use all of the features of this website to the fullest extent possible. You can also prevent Google from collecting and processing the data generated by cookies in relation to your use of the website (including your shortened IP address). You can do this by downloading and installing the browser plug-in available from the following link: http:///tools.google.com/dlpage/gaoptout?hl=en For both general and detailed information about Google Analytics as well as information about data privacy, refer to the link above or go to http://www.google.com/intl/en/policies/privacy/. This website uses Google Tag Manager. Google Tag Manager is a solution that enables marketers to manage website tags through a single interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect personally identifiable information. The tool triggers other tags that in turn may collect data. This data is not accessed by Google Tag Manager. If disabled at domain or cookie level, Google Tag Manager will be disabled for all tracking tags implemented by Google Tag Manager. For more information about Google Tag Manager, see http://www.google.com/tagmanager/faq.html and http://www.google.com/tagmanager/use-policy.html. This website also uses the online advertising program Google AdWords as well as its conversion tracking feature. The cookie that is used for conversion tracking is stored on your computer or mobile device whenever you click on an ad served by Google. These cookies expire after 30 days and are not used to personally identify individual users. If you visit certain pages of this website and the cookie has not yet expired, both we and Google can detect that you clicked on the ad and were redirected to this page. Each Google AdWords client receives a different cookie. This means that cookies cannot be tracked via the websites of AdWords clients. Information gathered using a conversion cookie is used to generate conversion statistics for AdWords clients that have opted to implement conversion tracking. Clients are informed about the total number of users that clicked on their ad and were redirected to a page containing an embedded conversion tracking tag. However, they do not receive information that personally identifies individual users. If you do not want your data to be tracked, you can easily disable the Google conversion tracking cookie in your Internet browser’s user settings. Your data will then be excluded from conversion tracking statistics. In addition to Google AdWords, this website also uses Google Remarketing. Google Remarketing determines whether you have visited certain pages of our website and then uses this information to display targeted advertisements on our website or on the Google Advertising Network.

HubSpot

This website uses HubSpot. HubSpot is a software solution for managing and conducting inbound marketing. Stored information is stored on HubSpot servers. We may use this information to get in touch with users of our website and to determine which of our services are most relevant to these users. All of the information we collect is subject to this Privacy Policy. We use all collected information solely for the purposes of optimizing our marketing efforts. HubSpot is a US-based software company with a subsidiary based in Ireland. Contact details: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Tel.: +353 (0)1 5187500. HubSpot is regulated by TRUSTe’s Privacy Seal, the US–EU Safe Harbor Framework, and the US–Swiss Safe Harbor Framework. For more information, visit the HubSpot Legal Stuff section of the HubSpot website (which contains general information about HubSpot and data privacy).

Deletion, blocking, and storage of personal data including retention periods

We only process and store your personal data for the duration needed in order to fulfill the purpose for which the data was stored, or as required by the various retention periods provided for by law.

Once the purpose for which the data was stored has been fulfilled, or after expiry of the retention period provided for by law, the personal data will be routinely deleted or blocked to prevent further processing in accordance with the statutory provisions.

Data protection rights of the data subject

If you have any questions about your personal data, you can contact us in writing at any time. In accordance with the GDPR, you have the following rights:

Right of access (Article 15 of the GDPR and subpoints)

At all times, you have the right to obtain information about the categories and types of information we process in respect of your personal data, the purpose for which this data is processed, how long this data is stored including the criteria used to determine storage of this data, and whether automated decision-making including profiling is used in this context. You also have the right to find out the recipients or categories of recipient to whom your data has been or will be disclosed; in particular, recipients in third countries or international organizations. In this case, you also have the right to be informed about which appropriate safeguards have been put in place in connection with the transfer of your personal data.

In addition to the right to lodge a complaint with a supervisory authority and the right to be informed about the origin of your data, you have the right to erase and rectify your data as well as the right to restrict or object to the processing of your personal data.

In all cases mentioned above, you have the right to request from the data processor a free copy of your personal data that is processed by us. We are entitled to charge a reasonable administration fee for any additional copies that you request or that exceed the scope of a data subject’s right to be informed.

Right to rectify (Article 16 of the GDPR)

You have the right to request the immediate rectification of your incorrect personal data as well as, taking into account the purposes for which the data is processed, the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.

If you would like to exercise your right to rectify your data, you can contact our data protection officer or the controller at any time.

Right to erase (Article 17 of the GDPR)

You have the right to request immediate erasure of your data (“right to be forgotten”), especially if storage of the data is no longer necessary, if you have withdrawn your consent to have your data processed, if your data has been unlawfully processed or collected, or if erasure of your data is required in order to ensure compliance with a legal obligation under EU or national law.

However, the right to be forgotten does not apply if there is an overriding right to freedom of expression or freedom of information, if retention of the data is necessary in order to ensure fulfillment of a legal obligation (retention obligations, for example), if erasure of the data is precluded for archiving reasons, or if storage of the data is required for the establishment, exercise, or defense of legal claims.

Right to restrict (Article 18 of the GDPR)

You have the right to request that the controller restrict the processing of your data if you are contesting the accuracy of the data, if processing is unlawful, if you refuse to have your personal data erased and are requesting instead that processing of your data be restricted, if the requirement to process your data no longer applies, or if you have objected to the processing of your data in accordance with Article 21 (1), pending confirmation that the legitimate grounds of the controller do not override your own legitimate grounds.

Right to data portability (Article 20 of the GDPR)

You have the right to have any personal data that you provided to a controller supplied to you in a structured, commonly used, machine-readable format. In addition, you have the right to freely transfer this data to another controller without being restricted from doing so by the controller to whom you had provided the personal data initially, where:

• processing is based on consent, and
• processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where this is technically feasible. This must not adversely affect the rights and freedoms of others. The right to data portability shall not apply in cases where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object (Article 21 of the GDPR)

You have the right to object at any time to the collection, processing, or use of your personal data for the purposes of direct marketing, market research, or public opinion polling, as well as to general business data processing, unless we can demonstrate compelling legitimate grounds for processing your personal data that override your interests, rights, and freedoms.

In addition, you cannot exercise your right to object if the collection, processing, or use of the data is provided for or required by law.

Right to lodge a complaint with a data protection supervisory authority (Article 77 of the GDPR in conjunction with Section 19 of the German Federal Data Protection Act—BDSG)

You have the right to lodge a complaint with the competent supervisory authority if you believe that an infringement has occurred in relation to the processing of your personal data.

Right to withdraw consent with regard to data protection regulations (Article 7 (3) of the GDPR)

You can withdraw your consent to the processing of your personal data at any time without stating a reason. This also applies to the withdrawal of declarations of consent issued to us prior to the entry into force of the EU General Data Protection Regulation.

Legal basis of processing

When processing personal data for which we have obtained the data subject’s consent, Article 6 (1), point a of the General Data Protection Regulation (GDPR) shall serve as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is party, Article 6 (1), point b of the GDPR shall serve as the legal basis.  This provision also covers processing operations that are necessary to carry out preparatory steps prior to entering into a contract.

Insofar as processing of personal data is necessary to ensure compliance with a legal obligation to which our company is subject, Article 6 (1), point c of the GDPR shall serve as the legal basis.

If processing is necessary for the purposes of safeguarding the legitimate interests pursued by our company or by a third party, and if the interests, fundamental rights, and freedoms of the data subject do not override the former interest, Article 6 (1), point f of the GDPR shall serve as the legal basis for processing. The legitimate interests pursued by our company relate to the performance of our business activities as well as to the analysis, optimization, and maintenance of the security of our online offering.

Transfer of data to third parties

In general, we do not sell or rent user data. The transfer of data to third parties that extends beyond the scope described in this Data privacy statement shall only take place if required in order to provide the requested service.

We shall only transfer data if there is a legal obligation to do so. This would be the case if a government institution (a law enforcement authority, for example) submitted a written request for information or if a court order was in place.

Personal data shall not be transferred to third countries outside the EU/EEA area.

Statutory or contractual regulations for the provision of personal data and possible consequences of failure to provide such data

We would like to point out that the provision of personal data is required by law in certain cases (tax regulations, for example) or may result from contractual arrangements (information relating to or provided by the contracting party, for example). For example, in order to enter into a contract, it may be necessary for the data subject/the contracting party to provide their personal data so that we can process their request (their order, for example). An obligation to provide personal data primarily arises when entering into a contract. If no personal data is provided in this case, the contract cannot be entered into with the data subject. Prior to any provision of personal data by the data subject, the data subject may contact our data protection officer or the controller. The data protection officer or the controller shall then inform the data subject whether the provision of the necessary personal data is a statutory or contractual requirement or a requirement necessary to enter into the contract, whether the data subject is obliged to provide the personal data based on their specific request, and what the consequences of failing to provide the requested data would be for the data subject.

Existence of automated decision-making

As a company conscious of our responsibilities, we refrain from the use of automated decision-making in our business dealings.