OX GROUP WEBSITE PRIVACY POLICY

Privacy Policy

OX Group (UK) Ltd is a company registered in England and Wales (hereinafter referred to as “We”, “Our” or “Us”.

Our registered address is:
OX Group UK LTD
Unit 2 Riverside 
Kangley Bridge Road
London 
SE26 5DA

Overview

Maintaining the security of the data you provide to us is of upmost importance, and we are committed to respecting your privacy rights. This notice applies to our use of your data, whether through using the website, www.oxtools.co.uk, or if you are an OX Group Tuff Club member, or data we hold about you on our internal systems. This notice will provide information about:

  • The personal data we collect
  • How we use your data
  • Who we share your data with
  • How we ensure your privacy is maintained
  • Your rights relating to your personal data
  • Our Lawful basis for processing your data
  • Cookies

In addition, this notice will provide information about:

  • How we use the data belonging to your business

GDPR

Under the General Data Protection Regulations (EU Regulation 2016/679), also known as GDPR, OX Group (UK) Ltd will act as a Data Controller and, where applicable, a Data Processor.

  • We are the Data Controller for information we hold about you.
  • We are the Data Processor for information held by you for your own business purposes, that you share with us to complete a business task.

Information we collect The exact details of the personal information collected will vary according to the specific purposes for which we are collecting the information.  We may collect and process the following data about you:

  • Information provided by you when completing our website forms. This includes information provided at the time of requesting further services
  • Information provided by you when completing the OX Group Tuff Club application
  • If you contact us by phone, email or otherwise and is provided voluntarily, we may keep a record of that correspondence
  • We may record and monitor telephone conversations that we have with you. The purpose of any recording is for training and monitoring purposes.  Any confidential information disclosed will not be used by any third party (unless required by law to do so) or used for marketing purposes.  Call recordings will be kept on a secure server.
  • Details of your visits to our website including, but not limited to, traffic data, location data, web logs and other communication data
  • We also may collect behavioural and browsing data from you for the purposes of offering you a tailored or personalised online experience
  • We may also collect any personal information which you allow to be shared that is part of your public profile on a third party social network..
  • We may ask you to complete surveys to assist us with quality control, and for research purposes. You do not have to respond to these surveys.

Using the information

The personal data provided to us by you is processed as is necessary. We use information held about you in the following ways:

  • To carry out our obligations arising from any contracts entered into between the two parties
  • To provide you with information or products or services that you request from us
  • To promote use of our products and services to you. You can stop receiving our promotional emails by following the opt-out link included in every email we send. In addition, we may use information we collect in order to advertise our products and/or services to you or suggest additional features of our services that you might consider using.
  • To provide you with appropriate and useful communications. This includes but is not limited to;
    • our latest assets (newsletters, videos and case studies),
    • updates on our services and event invitations.
    • To administer your account with us

The storing and processing of your data is necessary as part of our commitment to providing you with information and services regarding The OX Group, including, but not limited to account management and marketing communications. This falls under the lawful basis of Legitimate Interest. At any time, you are able to request not to receive our marketing communications.  This can be requested by either using the ‘unsubscribe’ feature in each email, or by contacting us via one of the options in the ‘Contact us’ section.

Data sharing

In order to make certain products or services available to you, we may need to share your personal data with other 3rd parties.

  • We may disclose your information to our trusted service providers who provide services such as email marketing or courier services
  • If OX Group (UK) Ltd substantially sell all its assets or are acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation, we will make the requested personal data available to the relevant authorities

Maintaining privacy

We are committed to keeping your personal data safe and secure, and employ many security measures such as and not limited to:

  • Enhanced website browsing security
  • File deletion
  • File auditing software to identify unauthorised access to data
  • Use of Anti Virus software and certified robust firewall
  • Secure USB policy for all employees
  • Restricted physical access to buildings
  • Hard drives and confidential waste properly disposed of

Your Rights

At any stage while we are in possession of, or processing your personal data, you, the data subject, have the following rights:

  • The right to be informed – how we collect and use your personal data
  • The right of access – you can request a copy of the information that we hold about you
  • The right to rectification – you can correct data that we hold about you if it is inaccurate or incomplete
  • The right to erasure – in certain circumstances, you can ask for the data that we hold about you to be erased from our records
  • The right to restrict processing – where certain conditions apply, you have the right to restrict processing
  • The right to data portability – you are able to have the data that we hold about you transferred to another organisation
  • The right to object – you have the right to object to certain types of processing such as direct marketing
  • Rights in relation to automated decision making and profiling – if at any stage we use any automated decision-making tools, you reserve the right to object to this

You can exercise the above rights by contacting us using the details on the OX Group UK LTD Website

Cookies

Your Internet browser has the in-built facility for storing small files – “Cookies” – that hold information which allows a website to recognise you as a user. Our website takes advantage of this facility to enhance your experience. We use a number of these cookies for analytical purposes, and these are described below. By using the OX Group website, you consent to the use of cookies for these purposes. We use a combination of both session and persistent cookies. Session cookies keep track of your current visit and how you navigate the site, persistent cookies enable our website to recognise you as a repeat visitor when you return. The session cookies will be deleted from your computer when you close your browser. Persistent cookies will be removed on a pre-determined expiry date, or when deleted by you. Most web browsers allow user privacy settings to block either all cookies, or third party cookies. Blocking cookies will, however, have a negative impact upon the usability of many websites, including this one. Please visit www.aboutcookies.org for comprehensive information on how to change your cookie settings in a wide variety of different web browsers.

OX Group as a Data Processor

During the course of our business relationship, there may be instances where we will have visibility of your business data.  This could be:

  • When you provide us with your business data for us to open an account
  • Sales demonstration
  • Training

The data that we will be able to access can include, but is not limited to:

  • Your customer list & contact information
  • Your supplier list
  • Your accounts data
  • Delivery addresses
  • Employee names

What we do with your data

As a Data Controller, you have responsibility under GDPR to determine what we can do with the data for processing purposes. The processing that we conduct will be for the purposes outlined above.  We do not have any commercial interest in the data that you hold.  Visibility of the data is a consequence of one of the above instances.  You will be informed of the specific requirement for us to obtain this information when it is requested.  We will never:

  • Sell, or pass on, any of your business data
  • Use business data for our own commercial interests, including marketing
  • Perform any actions on your data that have not been agreed with you in advance

Data security

Any backups that we have of your data will be deleted from our systems either on request or when we cleanse our data history.  We have dedicated, secure servers where this information is stored, with file auditing software providing alerts when the data is accessed.

The above Privacy Policy has been updated on 25/04/2018