Prior to submitting any business or personal data to Rolec you will be required to read and accept the terms of this privacy statement.
Please read this privacy statement carefully to understand our arrangements regarding your personal data and how we capture, store, and process it. We recommend that you visit our website from time to time, to stay up to date with any changes. Our Data Protection Policy is also available upon request - email us at firstname.lastname@example.org for a copy.
Personal data is information that can be used to identify a person - this can be through business to business (B2B) or business to consumer (B2C) transactions. Rolec Services Ltd (hereafter “Rolec”) does not consider personal information to include information that has been made anonymous or consolidated, so that it can no longer be used to identify a specific person.
Scope and Consent
Rolec and our supply partners recognise our moral, legal, and ethical duty to manage business and personal information in line with contractual agreements (e.g. Non-disclosure agreements and terms and conditions, etc.), our own Data Protection Policy, and the law. We will not make your business or personal information available to any third party not bound by subcontract agreements.
This Privacy Statement sets out our collection, use, storage, disclosure, retention, manipulation, and protection of your business or personal information. It applies to our website where the Privacy Statement appears at the bottom of the page, and to any other Rolec application, software, service, or tool (collectively "Services"), where this Privacy Statement is referred to, regardless of how you access or use them, including through mobile devices. By using our services, and or making business enquiries with us, you are required to accept the terms of this Privacy Statement and provide consent to our collection, use, disclosure, retention, and protection of your personal information as outlined in this Privacy Statement.
Once you submit your business or personal data, Rolec becomes the data controller for that information, as per the General Data Protection Regulation (GDPR) (EU) 2016/679 (hereafter “GDPR”), Article 5(2), “the controller shall be responsible for, and be able to demonstrate compliance with the GDPR principles” (See Rolec’s Data Protection Policy).
Rolec is a registered Data Controller with the Information Commissioner’s Office (Hereafter referred to as ICO)
Rolec Services Ltd; Company Registration 02294468; ICO Registration ZA220261.
Rolec Data Protection Officer
Has been appointed to support the Data Protection duty of care holder, Rolec’s Managing Director.
The Data Protection Officer can be contacted by emailing email@example.com (Please title the email – GDPR Complaint/Enquiry, as appropriate).
Job Applicants, Current and Former Employees
Rolec is the data controller for your information during the hiring process and during employment, unless otherwise stated.
Applicants that have been unsuccessful during the hiring process will have their data fully erased once the process is completed.
If you have any queries regarding how we handle your information, please contact us at Rolec@Rolecserv.co.uk and title the email “Recruitment”.
It has been a Rolec philosophy for many years to ensure privacy and data protection by design, applying the principles of data protection at the onset of any transaction or client project.
Depending on the size and complexity of a project, it may be necessary to draft a General Data Management Plan “GDMP,” to be able to demonstrate risk assessment and the implementation of adequate control measures, whilst assessing each project based on its individual merits.
Types of Personal Data Rolec Collects Business/Personal Data Transactions:
Job Applicants, Current And Former Rolec Employees:
Date of Birth
Next of Kin
Right to Work/Passport
Qualification & Memberships
What Does Rolec Use Your Personal Data For?
Rolec uses your personal data to:
Complete your orders and enquiries.
Achieve statutory compliance.
Recruit people and administer employee contracts.
Fulfil projects, services, and subscriptions.
Fulfil warranty obligations.
Deliver aftersales care.
Undertake repairs and maintenance.
Perform hardware/software upgrades and fixes.
Send out promotional offers and news on Rolec products, services, events, legal updates, technical support (e.g. government grant funded system, etc.)
Direct our supply chain and internal resources to fulfil your requirements.
Rolec Right to Process
If Rolec holds your personal information we have established one or more of the following lawful bases for processing (Article 6 of the GDPR):
Consent: the individual has given clear consent for us to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.
Legal Obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
Vital Interests: the processing is necessary to protect someone’s life.
Public Task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
Legitimate Interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Who May Have Access To Your Personal Information? Rolec contractors who support us to deliver the services you require, e.g.:
Server Hosting Company.
Hardware and Software Support Company.
Sage Accounting System.
Website Support Company.
Where reasonably practicable, Rolec will:
Operate a need to know policy with its internal employees and contractors, limiting access to information to only that data which is necessary to fulfil your order or enquiry.
Hold your information in a form that will not easily identify the data subject.
Have data and physical security measures in place to protect your data.
B2B (Business to Business) - Rolec’s Suppliers and Contractors: Personal Names Used In Email Addresses
To support the flow of day-to-day business activities, Rolec has established that a legitimate interest exists for processing personal email address data (only) under the following circumstances:
The processing is of clear benefit to the businesses involved.
There is limited privacy impact on the individual.
The recipient reasonably expects Rolec to use their data in this way.
A precedence already exists.
Note: We do not want to bother people with disruptive consent requests when they are unlikely to object in any event.
How Long Do We Keep Your Information For?
The GDPR does not set out any specific minimum or maximum periods for retaining personal data.
Rolec will retain information for no longer than is necessary.
You may decide to grant permission to Rolec to hold your business and or personal information by actively opting-In, so we can send you communications on the following topics:
Software/hardware updates and fixes
Updates on Rolec products and services
Event information and news
Technical support e.g. government grant funded systems
Training and awareness programmes
Once a business or person has actively opted-In, Rolec may contact you from time to time to ensure that the data we hold for you is accurate and up to date.
Right To Be Forgotten, Withdraw Your Consent Or Fully Erase Your Data
You may unsubscribe from any of the Rolec mailing lists by selecting “unsubscribe”.
You may contact Rolec to request your Right to be Forgotten, withdraw your consent or fully erase your data at any time - simply email Rolec@rolecserv.co.uk and request “Active GDPR Opt-Out”.
Once the “Active GDPR Opt-Out” has been received, Rolec will process your request within 30 days.
How Can You Submit A Complaint Or Enquire About the Data That Is Held About You?
Simply send an email to Rolec@rolecserv.co.uk and title your email “GDPR Complaint/Enquiry.”
Object to the processing of your personal information.
Ask for your data to be transferred.
Provide permissions for someone to act on your behalf regarding your personal information.
Request correction or access of personal information.
Request the removal of personal information in relation to a living or deceased person.
Note: Please allow up to 30 days for the processing of your enquiry, request, or complaint.
Will We Use Your Personal Data For Any Other Purpose?
Rolec will only use your data for the purpose(s) that you have agreed.
Notification Of Data Breaches Or Loss
As per the requirement of GDPR, Rolec will:
Submit a data breach notification to the ICO (Information Commissioner’s Office) where information loss or breach is likely to affect the rights and freedoms of individual(s).
Rolec and our supply partners will inform the data subject and the ICO, in the required format and within 72 hours of first becoming aware of any loss or breach.
If Rolec, through an investigation and risk assessment, will determine that there is no need to report a breach, we will use formal documentation to justify this decision. In assessing risk to rights and freedoms, Rolec will focus on the potential negative consequences for individuals (e.g. any emotional distress, physical and material damage that could result).
Recital 85 of the GDPR explains: “A personal data breach may, if not addressed in an appropriate and timely manner, result in physical, material or non-material damage to natural persons such as loss of control over their personal data or limitation of their rights, discrimination, identity theft or fraud, financial loss, unauthorised reversal of pseudonymisation, damage to reputation, loss of confidentiality of personal data protected by professional secrecy or any other significant economic or social disadvantage to the natural person concerned.”
Contacting Rolec By Telephone, Mobile, Email or Fax
When you make contact with Rolec your permission will be sought to collect your personal data and/or send you marketing communications. To ensure we are fulfilling the requirements of the GDPR, audit trail of consent will be sought.
Our organisation strives to achieve transparency and a high level of business ethics. By being part of the Sdiptech Group, our whistleblowing service offers a possibility to alert suspicions of misconduct in confidence. It is an important tool for reducing risks and maintaining trust in our operations by enabling us to detect and act on possible misconduct at an early stage. Whistleblowing can be done openly or anonymously. Read more here.
Rolec protects your information using security systems and measures to mitigate risks, unauthorised access, misuse, disclosure losses and alterations. Some of the current safeguards we employ are encryption, firewalls, anti-virus software and physical access controls.
Our information technology provision is:
PCI DSS v3.2 Compliant
SOC 1 certified (SOC 1 type II)
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
What are Cookies?
For more information what cookies are used for and how to manage them, please see this link: All About Cookies
The following links explain how to access cookie settings in various browsers:
To opt out of being tracked by Google Analytics across all websites, visit this link: http://tools.google.com/dlpage/gaoptout.
Data Protection Audit and Review
Rolec operates an audit function via its own Risk and Compliance Department. One of the objectives for this department is to provide a periodic and disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Training and Awareness
Rolec’s in-house data protection training ensures staff members and those who handle personal data are equipped with the necessary skills and knowledge to comply effectively with GDPR regulation. The training focuses on accountability, whilst maintaining data quality principles and implementing appropriate measures to protect data.