Website Privacy Notice
Adopted 25 May 2018
|Document Name||Website Privacy Notice|
|Owner||Group Data Protection Officer|
|Audience||Users of websites of the John Menzies plc Group|
|Issue Date||May 2018|
1. Notice statement
1.1. John Menzies plc and the wider John Menzies plc group (together “we”/ “our”/ “us”) are committed to protecting the privacy of our website users and take our responsibility regarding the security of their information very seriously. We will be clear and transparent about the information we are collecting and what we will do with that information.
1.2. This Privacy Notice tells you about the information we collect from you when you use our website. In collecting this information, we are acting as a Data Controller and, by law, we are required to provide you with information about us, about why and how we use your Personal Data, and about the rights you have over your Personal Data.
1.3. This Notice sets out the following:
(a) what Personal Data we collect and process about you in connection with your relationship with us as a user of our website;
(b) where we obtain your Personal Data from;
(c) what we do with your Personal Data;
(d) how we store your Personal Data;
(e) who we transfer/disclose your Personal Data to;
(f) how we deal with your data protection rights; and
(g) how we comply with the applicable data protection laws and regulations.
1.4. The Processing of Personal Data within the United Kingdom is regulated by the European Union’s General Data Protection Regulation 2016/679 (“GDPR”). We processed all Personal Data in accordance with the GDPR.
“Data Controller” means the organisation which determines the purpose(s) and means of Processing of Personal Data (e.g. John Menzies plc); think of a ‘data controller’ as a “data owner”.
“Data Processor” means the organisation / individual that Processes Personal Data on behalf of the Data Controller (e.g. IT service providers).
“Personal Data” is a broadly defined term and means any information relating to a living individual who can be identified, directly or indirectly, from such data e.g. name, email address, IP address and mobile telephone number. Descriptions of individuals with sufficient specificity will also be considered ‘personal data’.
“Processing”/ “Processed” means any use of Personal Data e.g. storage in databases, input onto systems and applications, sharing with law enforcement agencies or creating customer accounts. The act of typing a customer’s name into a spreadsheet is an example of ‘processing’ Personal Data.
3. Contact Details
3.1. You can contact us by post at Menzies Response, Orbital Park, Ashford, Kent, TN24 0GA, by email at email@example.com or by telephone on 01233 211010
3.2. The contact details of the Group’s Data Protection Officer (“DPO”) are:
Email Address: firstname.lastname@example.org or
Group Data Protection Officer
John Menzies plc
2 Lochside Avenue
4. What Personal Data we collect
4.1. We may collect and process the following data about you:
We collect Personal Data that you give us by filling in forms on our website or by corresponding with us by telephone, e-mail or otherwise. It includes information you provide if you register to use our website, subscribe to a service provided by us and also when you report a problem with our website. The information you give us may include your:
iii. e-mail address
iv. phone number
v. technical information (such as IP address)
vi. details about your project.
|Your name and surname and your contact details
(email address, telephone number, postal address)
|When you request information
When you complete a contact formWhen you subscribe to our emails
|The communications you exchange with us (for example, your emails, letters, calls)||When you contact us or you are contacted by us|
|Your posts and messages on social media directed to us.||When you interact with us on social media|
|Information about how you use our website||When you navigate on our website|
5. How do we use your Personal Data?
5.1. Information you give to us:
We may use this information to:
(a) contact you, respond to any correspondence, email or telephone call you have made to us or to provide the information you have requested from us;
(b) notify you about changes to our service; and
(c) ensure that content from our website is presented in the most effective manner for you and for your computer.
5.2. Information we collect about you:
We may use this information:
(a) to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
(b) to improve our website to ensure that content is presented in the most effective manner for you and for your computer;
(c) to allow you to participate in interactive features of our service, when you choose to do so;
(d) as part of our efforts to keep our website safe and secure;
(e) to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
(f) to make suggestions and recommendations to you and other users of our website about goods or services that may interest you or them.
5.3. Information we receive from other sources:
We may combine information we receive from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
5.4. We will only Process your Personal Data where we have a legal basis to do so.
5.5. We may also Process your Personal Data for one or more of the following reasons:
(a) to comply with a legal obligation;
(b) where you have consented to us using your Personal Data (e.g. for marketing-related uses);
(c) to protect your vital interests or those of another person; or
(d) where it is in our legitimate interests in operating as a business (e.g. for administrative purposes).
6. Sensitive personal information
We ask that you do not send or disclose any sensitive personal information to us either through our website, by post, by email, by text message, through live chat or via telephone call or any other method. For clarity, “sensitive personal information” means information relating to racial or ethnic origin, political opinions, religious or other beliefs, health, criminal background or trade union membership.
7. How long do we keep your Personal Data?
7.1. We will not retain your Personal Data for longer than is necessary to fulfil the purpose it is being Processed for. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the Personal Data, the purposes for which we Process it and whether we can achieve those purposes through other means.
7.2. We must also consider periods for which we might need to retain Personal Data to meet our legal obligations or to deal with complaints and queries.
7.3. When we no longer need your Personal Data, we will securely delete or destroy it. We will also consider if and how we can minimise over time the Personal Data that we use, and if we can anonymise your Personal Data so that it can no longer be associated with you or identify you, in which case we may use that information without further notice to you.
8. Where we store your Personal Data
8.1. The Personal Data that we collect from you will be Processed in the European Economic Area (“EEA”). It may also be Processed by individuals operating outside the EEA who work for us
or on our behalf. Such staff may be engaged in, amongst other things, the Processing of your payment details and the provision of support services. By submitting your Personal Data, you agree to this Processing. We will take all steps reasonably necessary to ensure that your Personal Data is treated securely and in accordance with the appropriate provision(s) of the GDPR.
8.2. Where we have given you (or where you have chosen) a password that enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
8.3. We use physical, technological and administrative safeguards to protect your Personal Data against loss, misuse or alteration. All your Personal Data is stored securely and may only be accessed by Group employees with a legitimate business need to access the Personal Data.
9. Security of your Personal Data
9.1. We follow strict security procedures in the storage and disclosure of your Personal Data and in protecting it against accidental loss, destruction or damage.
9.2. We may disclose your Personal Data to trusted third parties for the purposes set out in this Privacy Notice. We require all such third parties to have appropriate technical and operational security measures in place to protect your Personal Data, in line with the GDPR.
10. Sharing of your Personal Data
In addition to the information that we share in order to comply with our legal obligations, we may also share or disclose your Personal Data to:
10.1. third parties that process Personal Data on our behalf; or
10.2. any other party with your prior consent.
11. Data Processor
Where we are a Data Processor for your Personal Data, we will:
11.1. only act on the written instructions of the Data Controller;
11.2. not use a sub-processor without the prior written authorisation of the Data Controller;
11.3. co-operate with the relevant supervisory authority (such as the Information Commissioner’s Office in the UK);
11.4. ensure the security of its Processing;
11.5. keep records of our Processing activities; and
11.6. notify any Personal Data breaches to the Data Controller.
12. Your data protection rights
12.1. In certain circumstances you have the legal right to:
(a) Request information about whether we hold Personal Data about you and, if so, what that information is and why we are holding/using it.
(b) Request access to your Personal Data (commonly known as a “data subject access request”). This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully Processing it.
(c) Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
(d) Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to Process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to Processing (see below).
(e) Object to Processing of your Personal Data where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground. You also have the right to object where we are Processing your Personal Data for direct marketing purposes.
(f) Object to automated decision-making including profiling i.e. not to be subject of any automated decision-making by us using your Personal Data or profiling of you.
(g) Request the restriction of Processing of your Personal Data. This enables you to ask us to suspend the Processing of your Personal Data e.g. if you want us to establish its accuracy or the reason for Processing it.
(h) Request transfer of your Personal Data in an electronic and structured form to you or to another party (commonly known as a right to “data portability”). This enables you to take your Personal Data from us in an electronically useable format and transfer it to another party.
(i) Withdraw consent. In the limited circumstances where you may have provided your consent to the Processing of your Personal Data for a specific purpose, you have the right to withdraw your consent for that specific Processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer Process your Personal Data for the purpose(s) you originally agreed to, unless we have another legitimate basis for doing so in law.
12.2. If you want to exercise any of these rights, then please contact our DPO at email@example.com / John Menzies plc, 2 Lochside Avenue, Edinburgh Park, Edinburgh EH12 9DJ.
12.3. You will not have to pay a fee to access your Personal Data (or to exercise any of the other above rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
12.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it.
13. Direct Marketing Communications
13.1. We may use your data to enable us to send you post and emails with information about our goods and services that we believe may be of interest to you.
13.2. You have the right to withdraw from or amend the receipt of direct marketing communications. If you would like to do this, then simply contact the Data Controller and let us know. If you do decide to do this, then you will miss out on news that we would like to make you aware of.
14. Opt -Out
14.1. You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us.
14.2. If you prefer, you can also send an email to firstname.lastname@example.org with the header “Unsubscribe”.
15.1. A cookie is a small file of letters and numbers that we may store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
15.2. Cookies make it easier for you to log onto and use websites. Any aggregate information collected permits us to analyse traffic patterns on our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. By continuing to browse our website, you consent to any use by us of cookies in accordance with this cookies policy.
16. What cookies do we use?
We may use the following cookies:
16.1. Strictly necessary cookies: these are required for the operation of our website e.g. cookies that enable you to log into secure areas of our website.
16.2.Analytical/performance cookies: they allow us to recognise and count the number of visitors and see how visitors move around our website when they are using it. This helps us improve the way our website works by ensuring that users are finding what they are looking for easily.
16.3. Functionality cookies: these are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences e.g. your choice of language or region.
16.4. Targeting cookies: these record your visit to our website, the pages you have visited and the links you have followed. We may use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.
17. Changes to this Privacy Notice
This Privacy Notice may change from time to time and any changes to it will be communicated to you by way of an e-mail or a notice on our website.