The General Data Protection Regulation
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). This regulation is effective from 25th May 2018.
The GDPR defines “personal data” as any information relating to an identified or identifiable person who can be identified, directly or indirectly, in particular by reference to a name, an address, phone number, an identification number, location data, and an online identifier.
The Data Protection Principles
The GDPR sets out the following principles with which any party handling personal data must comply. All personal data must be:
- Processed lawfully, fairly, and in a transparent manner in relation to the data subject.
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
- Accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased, or rectified without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
Your right to privacy matters to us and we strictly adhere to the requirements of GDPR legislation in the UK. Shearwell Data Ltd places high importance on the correct, lawful, and fair handling of all personal data, respecting the legal rights, privacy, and trust of all individuals with whom it deals.
How do we obtain your personal information?
Personal information is collected directly from our customers, or their representatives, via our websites, email, telephone, fax, in person by a member of staff at the office, at trade shows, or by our representatives around the country. It is also supplied to us by third parties such as Trade Outlets who are marketing and taking orders for our products to service their own customers.
We do not buy personal data from any source.
Why do we hold personal information?
Personal information is held for three reasons:
- As a legitimate business requirement where information is needed to fulfil a contract or order – personal information is required to process customer requests such as orders and enquiries. Some of this information will be required by law to process cattle and sheep tag orders through government services.
- For marketing purposes by email only if you have agreed (opted in) to receive marketing material by email.
- For targeted marketing purposes by post to existing customers for whom we have carried out a Legitimate Interests Assessment.
What personal information do we collect?
Depending on which of our services you use, we may collect:
- Your name and email address when you register on the website; even if you do not complete your purchase.
- Your name, address, email address and telephone numbers when you order, to allow us to process and fulfil your order.
- Your card payment details when purchasing goods from Shearwell Data Ltd, however this data is not stored.
- Your CPH number or Business ID number, herd number and flock number when ordering tags or farm management software.
- Other specific information relating to orders placed by customers outside the UK.
- You may provide us with additional management information in order to process an order – for example breed society or pedigree numbers.
- Marketing information – prize draw entry forms may also optionally ask you for additional information such as farm type, number and type of livestock and this may be used for marketing purposes.
- Your IP address when using our websites.
- Information about users’ activity on our websites to understand which parts of the website and which products are popular, so that we can improve the website and tailor our services. Further details can be found in the Cookies section of this Privacy Notice.
- Information and data you post on any social media channels we offer including your user name.
- Details of your interactions with us through the office, through our representatives, online or by email. For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, items viewed or added to your basket, wish list requests for software changes, products you show interest in, web pages you visit and how and when you contact us.
- Copies of documents you provide us with that are legally required for us to process your order. For example Tag Authorisation forms from Northern Ireland customers.
When do we collect data from you?
- When you visit any of our websites.
- When you make an online purchase.
- When you create an account with us.
- When you purchase a product or service.
- When you engage with us on social media.
- When you download or install one of our apps.
- When you install our farm management software and opt for on-line upgrades.
- When you contact us by any means with orders, queries, complaints etc.
- When you ask us to email you information about a product or service.
- When you enter prize draws or competitions.
- When you book any kind of appointment with us or book to attend an event. For example a demonstration of our products, a visit to the factory or a training session.
- When you choose to complete any surveys we send you.
- When you fill in any forms. For example, tag authorisation forms for Northern Ireland customers.
- When you’ve given a third party permission to share with us the information they hold about you. For example when ordering through a third party.
- When we collect data from government sources (such as the Cattle Tracing Service (CTS), the Ear Tag Allocation Services) where the information is required to fulfil an order.
What do we do with your personal information?
- We use your personal information to get in contact with you if needed to ask you for information relating to an ongoing order, a query or to provide you with an update on the status of the order.
- We use it for processing the enquiries you make.
- We use it for internal accounting.
- We use it for official validation and for regularity requirements – cattle and sheep tag orders are validated through the government tag allocation websites.
- We may use it internally to improve our products and services.
- If you opt in we may email you marketing and promotional material and newsletters.
- We use it to respond to your queries and complaints. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- We use it to protect our business and your account from fraud and other illegal activities. This includes using your personal data to maintain, update and safeguard your account. We’ll may also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. We’ll do all of this as part of our legitimate interest. For example, by checking your password when you login and using automated monitoring of IP addresses to identify possible fraudulent logins from unexpected locations.
- We may use it to send you relevant, personalised communications by post in relation to updates, offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time.
- We use it to send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- We use it to administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.
- We use it to comply with our contractual or legal obligations to share data with law enforcement. For example, when a court order is submitted to share data with law enforcement agencies or a court of law.
- We use it to process your booking or appointment requests. For example for training, demonstration or meeting purposes.
Who do we share it with?
We do not sell, rent or exchange your personal information with any third party for commercial reasons.
We only validate or share your personal information with the following as part of the legitimate business requirements for processing your requests:
- Credit/debit card validation during purchase – card payments are validated through WorldPay – we do not store credit / debit card information
- As required by law or regulation – holding details, herd number, flock numbers and tag numbers are validated through direct links to government services
- Postal addresses are recorded through the Royal Mail websites and shared with courier services in order for us to fulfil our contractual obligations and deliver your goods. Contact telephone numbers are shared with some courier companies so that they can notify you when an order is due for delivery.
- Sometimes, we’ll need to share your details with a third party who is providing a service, for example delivery couriers, or a Representative who is planning to visit you or a BVD laboratory which will be processing your cattle tissue samples. Without sharing your personal data, we’d be unable to fulfil your request.
How long do we store personal information?
Data is only stored for as long as is required to ensure an order has been fulfilled, a service such as software support has been discharged satisfactorily or as long as it is required to be held by law.
To fulfil our contractual obligations with our customers we are required to hold details of cattle tag orders for 15 years in order for us to validate requests for ear tag replacements and fulfil our promise to provide certain cattle tags free for the life of the animal.
For legal and accounting purposes we are required to hold details of your orders for 10 years. This information will include, name, address and the order details – e.g. goods supplied, herd and flock numbers.
Data that is not required for contractual, legal and accounting purposes will be removed five years after the final transaction unless you request that it is removed earlier. The remaining data will be archived for a further five years, but will be accessible by Shearwell Data accounting staff if required for legal or accounting purposes.
Data supplied to us in the course of software support activities may be stored for up to 2 years.
This information is stored securely within our accountancy software and in-house ordering software. Paper copies are not stored.
We do not store credit card information.
Information such as email addresses and telephone numbers will be removed once there is no longer a legitimate business requirement to store them.
We will remove any information used solely for marketing if you have not opted in to receive marketing information or if you wish to opt out.
How secure is your data?
We follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access in accordance with the UK data protection legislation.
Shearwell Data Ltd always has, and will continue to, strive to make your data as secure as possible. We make sure that we have appropriate and effective firewalls. Any paperwork that contains personal data is either locked away in filing cabinets or destroyed as soon as possible. We maintain a ‘clean desk’ policy – no personal data is left unattended.
In limited cases data may be stored with third parties on servers that are not in the UK or EU such as our bulk emailing service. Users are invited to join these optional services by a two stage signup process and are able to view the terms and conditions of using the service when they sign up. We have agreements with these service providers that ensure they are GDPR compliant.
What happens if there is a breach of security?
Shearwell Data Ltd has procedures in place should the unlikely event of a breach of data occur. We will notify both yourself and the ICO as soon as we are aware of a breach.
We use a technology called "cookies" as part of a normal business procedure to track patterns of behaviour of visitors to our site. A cookie is an element of data that our Website sends to your browser which is then stored on your system. Information collected in this way can be used to identify you. You can change your browser settings to prevent this.
If the law requires us to, we may need to collect and process your data on behalf of a law enforcement agency if it can be shown that the need overrides your right to privacy. For example, we may be required to pass on details of people involved in fraud or other criminal activity to law enforcement agencies.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we may use your purchase history to send you or make available personalised offers. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or develop new products and services.
We may also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to request a copy of the information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review – in the event that Shearwell Data Ltd refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in the clause below.
Non UK residents
- This Privacy Notice is only available in English.
- By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
- Sometimes we’ll need to transfer your personal data between countries to enable us to supply the goods or services you’ve requested. In the ordinary course of business, we may transfer your personal data from your country of residence to ourselves and to third parties located in the UK. For example courier services.
- By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
- This may occur because our information technology storage facilities and servers are located outside your country of residence, and could include storage of your personal data on servers in the UK.
- We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that is not set out in this Privacy Notice. We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
- We’ll ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence. Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.
Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
In the event that you wish to make a complaint about how your personal data is being processed by Shearwell Data Ltd or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Shearwell Data Ltd’s data protection representatives.
If you have any questions about privacy, please contact us at www.shearwell.ie/contactus or call us on 01643 841611