Download this policy here

Introduction

Optimum takes privacy seriously and will only use personal information to administer client accounts and to provide services requested from us.

We do not, and will not, sell, share or otherwise use personal information other than as described here.

About this policy

This policy sets out how we will use and share the information that you give us. This policy describes your relationship with the group companies (“Optimum”, “Optimum Displays Ltd.”, “TBA”, “The TBA Group”) and how we process your data.

Who are we and how to contact us

Optimum Displays Ltd. is a company registered in England, number 03677603. The data controller is Guy Horner. You can get in touch with us in any of the following ways:

compliance@optimumprojects.co.uk


+44 121 224 7329 [0800hrs to 1800hrs UTC on weekdays]

Guy Horner (data controller)
Optimum Displays Ltd
514 The Greenhouse
Gibb Street
Birmingham B9 4DP

Our operation

We operate in line with EU GDPR [May 2018] data protection guidelines. We are committed to maintaining your personal rights and allow all data subjects to change or withdraw their opt-in options at any time. We will also advise you on how to complain to the relevant authorities, namely the Information Commissioner’s Office, if you feel that we have not dealt with your request in the correct manner.

Who this policy applies to

This policy relates to Optimum Displays Ltd. Processing of your data is required in order to offer you the services we provide. This policy applies to individuals who have registered with Optimum as either a client,  supplier, website visitor or in any other capacity.

Sensitive data

Sensitive data refers to data that includes details about:

  • race or ethnicity

  • religious or philosophical beliefs

  • sex life

  • sexual orientation

  • political opinions

  • trade union membership

  • health and genetic and biometric data

We do not collect any sensitive data.

What this policy applies to

This section describes the lawful basis for processing data and applies to the information about individuals that they choose to provide us with, or that they allow us to collect. This includes information that:

  • Is provided to us during any registration process

  • we collect about network, systems or website usage

  • relates to purchases and other transactions

  • is given and stored as part of our ongoing relationship

Scope of consent

By submitting personal data, individuals affirm explicit consent for such information to be used in accordance with this privacy policy. Consent can be withdrawn at any time using the methods described below.

Opting out at a later date

Once consent has been given, it can be amended or withdrawn at any time. We adhere to all user rights as defined in GDPR. Under certain circumstances, individuals have rights under data protection laws in relation to  personal data. These include the right to:

  • request access to personal data

  • request correction of personal data

  • request erasure of personal data

  • object to processing of personal data

  • request restriction of processing personal data

  • request transfer of personal data

  • right to withdraw consent

More information about these rights is available at: ICO – Individuals rights. There is no fee for individuals wishing to access their own personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if the request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with the request in these circumstances.

We may need to request specific information from individuals to help us confirm identity and ensure the right to access personal data (or to exercise any of the other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact individuals to ask for further information in relation to the request, to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if the request is particularly complex, or an individual / group have made a number of requests. In this case, we will notify requestors and keep them updated. If there are any comments or wish to complain, we can be contacted at any time using the above information.

If individuals wish to exercise the rights above, or complain about our processing of their data, they can email our Data Protection Officer at compliance@optimumprojects.co.uk or by writing to: Optimum Displays Ltd, 514 The Greenhouse, Gibb Street, Birmingham B9 4DP. If this does not resolve an individual’s complaint, they have the right to lodge a complaint with the Information Commissioners Office on 0303 123 1113, via email: https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England

How we store and process data

We will only retain personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for which we process personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers, for tax purposes. In some circumstances we can fulfil data deletion requests: see below for further information.

We may anonymise personal data (so that it can no longer be associated with an individual) for research or statistical purposes, in which case we may use this information indefinitely without further notice.Account data can be collected, stored and processed within the UK & Ireland only. Data will be stored as described here or until a personal data removal request is received. We are unable to carry out removal requests if there are still any open transactions against an individual’s account. We use recognised third parties to take payment, manage our company accounts and provide banking services. We will store transactions, payment (this does not include payment card data) and order data for up to 7 years, or for as long as required by UK financial authorities and company regulations. These third parties may operate outside the EU.

We will only use personal data when legally permitted. The most common uses of personal data are:

  • where we need to perform a contract

  • where it is necessary for our legitimate interests (or those of a third party) and individuals’ interests, and fundamental rights do not override those interests

  • where we need to comply with a legal or regulatory obligation

Generally, we do not rely on consent as a legal ground for processing personal data. Consent to marketing can be withdrawn at any time by contacting us.

We will only use personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.If we need to use personal data for a purpose unrelated to the purpose for which we collected the data, we will notify individuals and we will explain the legal grounds of processing. We may process personal data without individuals knowledge or consent where this is required or permitted by law.

Our obligations

We are a data controller. In relation to the information that is provided to us, we are legally responsible for how that information is handled.

We will comply with the Data Protection Act 1998 and the GDPR [2018] in the way we use and share personal data. Amongst other things, this means that we will only use personal data:

  1. Fairly and lawfully

  2. As set out in the legislation and this policy

  3. To the extent necessary for these purposes

We will process personal data ourselves as the data processor. We will take reasonable precautions to safeguard the personal information supplied.Optimum will from time to time use information for account management or relationship management purposes. The main purpose of this is to maintain any existing relationship we may have.

Third parties

Data is not shared with any third parties. We may, however, have to share personal data with the parties set out below:

  • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.

  • HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.

We require all third parties to whom we transfer data to respect the security of personal data and to treat it in accordance with the law. We only allow such third parties to process personal data for the specified purposes and in accordance with our instructions.

Security

We have put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify any applicable regulator of a breach where we are legally required to do so. We will report any breaches or potential breaches to the appropriate authorities within 72 hours.

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data. We do not control these third-party websites and are not responsible for their privacy statements. When individuals leave our websites, we encourage them to read the privacy notice of every website visited.

Legitimate interests

Under the Data Protection Act, we are also permitted to share some information with third parties who use such data for non-marketing purposes (including credit and risk assessment and management, identification and fraud prevention, debt collection and returning assets to individuals).

Contacting us, exercising information rights and complaints

If individuals have any questions or comments about this Privacy Policy, wish to exercise their information rights in connection with the personal data shared with us or wish to complain they should contact: Guy Horner (the Data Protection Officer) at compliance@optimumprojects.co.uk. We will process Subject Access Requests (SARs) within 30 days, SAR responses are usually free but we reserve the right to charge for excessive or unfounded requests. We fully comply with Data Protection legislation and will assist in any investigation or request made by the appropriate authorities.

Changes to this privacy policy

We keep our privacy and data policies under review. This policy was last updated on 18 December 2019