During normal business activities, Rolec Smart Solutions (a trading name of Rolec Services Limited) collects stores and processes its customer’s personal information. We recognise our responsibilities to protect this data and embrace the current data protection legislation (GDPR). This document is intended to inform you, in an easy to read manner, what information we collect, why we collect it and what we do with it. It also explains important rights that you have to access and control personal data, held in our systems, relating to you as an individual.
Our full Data Protection Policy can be read here and is hereby expressly incorporated into this Privacy Notice.
What Information we collect
When you make a purchase, or register for an account with us, we collect Identifying information from you such as your name, addresses, telephone number, email address, current location and financial information such as payment card details in connection with a transaction. We also collect information relating to charging sessions you have made at specific charge points.
You may also provide us with other information through mobile applications, web forms, by updating or adding information to your account, telephone conversations, online chats, or when you otherwise communicate with us regarding our products & services.
When accessing our websites please note that our systems may be configured to collect limited computer and connection information such as browser type, statistics on your page views, traffic to and from our sites, referral URL and your IP address.
Why we collect it
It is our policy to only collect the information that we need to fulfil our contractual obligations to you as a customer and that allows us to provide you with the best possible experience in dealing with us.
It will normally be self-evident to you that you are passing us data when (say) you fill in a form, register an account with us or make a purchase.
How we store the information
Your data records are stored on highly secure, encrypted, enterprise level servers, located in the United Kingdom, protected and maintained to the highest standards by Microsoft Corporation (by their UK and/or EEA subsidiary).
Your data may also be held and processed electronically at our premises, behind our own firewalls, on our own secure servers.
We follow all applicable regulations and accepted standards for storage, protection and transmission of the personal data we collect, including the use of encryption methods wherever appropriate. Please note that we do not store your payment card details.
What we do with the information
We primarily use your information to satisfy your requirements and comply with statutory regulations. Most commonly this would be fulfilling an order and providing high quality after sales services and support.
We may also use your information to improve our level of service, for instance as part of our Quality Management procedures we regularly review the process and outcomes of specific transactions and any system failures with a view to continuously improving our own performance and that of our suppliers.
If you are a business customer (and the PECR regulations permit), we may send you notice of specific promotions and business updates that we consider may be of interest to you. These emails always contain a clear opt out link, through which you can add your email address to our email exclusion list.
If you are a consumer, and you have specifically requested us to do so, we may also send you notice of specific promotions and business updates that we consider may be of interest to you. These emails will always conform to PECR regulations and will always contain a clear opt out link, through which you can add your email address to our email exclusion list.
Who we share the information with
To ensure that we maintain strict compliance with the Payment Card Industry Data Security Standard [PCI DSS], we do not store your payment card details but instead pass them to Opayo who is Europe’s leading independent payment service provider [PSP].
When we pass this information, we only ever pass the subset of data that is necessary for the card transaction to occur. We never pass data that is not needed.
In the event that you require technical support or other services it may be necessary for us to share your data on occasion with subcontractors, in such event we will only ever share the subset of data needed. We never pass data that is not needed.
We only pass data to suppliers and subcontractors who have confirmed that they maintain strict GDPR compliance and with whom we have specific GDPR compliant Processing Agreements in place which prohibit them using, sharing or retaining your personal data for any purpose other than they have been specifically contracted to by us.
Retention and Destruction
We retain personal data only for as long as necessary in order to:
Provide the services you have requested from us
Facilitate a high standard of after sales customer support;
Satisfy requirements mandated by law, contract or similar obligations applicable to our business operations including the requirement to maintain adequate and accurate business and financial records.
Preserve, resolve, defend or enforce our legal/contractual rights.
We make a clear distinction between live data, normally accessible through our operational interfaces, and archived data which is not accessed easily and held only for specific legal or contractual compliance reasons. It is our policy to keep both classifications of personal data held to the minimum.
Your Right to know what personal data we hold for you
If you wish to know what personal data we hold on you, you should contact our Data Protection Officer at firstname.lastname@example.org. All personal data requests will normally be answered within 28 days. Please note that it will be necessary for us to verify your identity before we can release this information to you.
We will be happy to provide you the details we hold on you and how your data has been processed in an easily readable electronic format with confirmation of the legal basis under which it is being held and associated retention policy.
Personal Data Deletion Requests
We respect your “right to be forgotten” and will respond appropriately and promptly to all data deletion requests.
In the event that it is necessary for us to continue to hold your data to meet statutory compliance requirements we will explain the basis of this clearly to you and work with you to achieve, (say through archiving, minimising or anonymising your live data where possible), a satisfactory outcome.
If you have concerns or are not happy with how we process your personal data please email our Data Protection Officer at email@example.com who will be pleased to investigate your concerns and respond appropriately.
If you are not content with our Data Protection Officer’s response, or you do not wish to contact him, you may also complain to the Information Commissioner’s Office at www.ico.org.uk.