- Scope and Applicability
This policy applies to all registered users, visitors and subscribers to any websites, all customers and suppliers who provided information during their routine business interactions and activities with Werfen Limited.
- Policy Statement
We reserve the right to change this policy at any time. All changes made, will either be notified on successful logon to website services, or will be freely available online for all current customers and suppliers to review, where deemed necessary we will contact individuals to inform them of significant changes to either data handling or processing activities.
- Responsibility and Authority
The General Manager will approve this policy and any subsequent changes.
The General Manager has delegated security and compliance responsibilities to the Technical Services Manager. Security responsibilities are described in the Werfen Information Security Policy Manual.
The General Managed remains responsible for data protection compliance but has delegated operation compliance and monitoring to the Data Protection Delegate.
The Technical Services Manager is responsible for the ongoing review of this document to ensure it remains relevant and appropriate.
The document will be reviewed annually.
- Policy Objectives
Werfen websites provides a platform for users to access and receive information about Werfen UK news, events, educational content, and products, including package inserts and material safety data sheets (MSDS), and provides a portal for other Werfen UK Resources and dashboards such as ISI calibration web site (ISIweb)
Werfen UK customers, and suppliers need to work closely with Werfen UK when providing their details, to enable to compilation of contractual requirements, legitimate sales and support interests and where relevant performance monitoring of all parties.
For the purpose of the Data Protection Act 2018 (and subsequent amendments) the data controller is Werfen UK of 712 The Quadrant, Cavendish Avenue, Birchwood, Warrington, Cheshire, United Kingdom .
Registered with the Information Commissioner Office (ICO) - Number: Z5683002
This Policy also applies if you contact us or we contact you about our Services.
Some other parts of our business and other WerfenLife SA Companies may need to collect and use personal data to provide you with their products and services and for certain other purposes. They have their own privacy policies that explain how they use your personal data.
Information you give us
When you register on our websites, use our services or correspond with us or participate in any discussion boards or other social media functions we may collect personal information that can identify you (Personal Identifiable Information (“Pii”)) such as your full name, email address, mailing address, telephone number, and information regarding the institution for which you work. We may also collect non-personal information about you, such as what type of Werfen UK product you use. The information that we collect varies depending upon how you use our Site(s) and Services.
Customer Personal Data we collect: -
This section tells you what personal data we may collect from you when you use our services and what other personal data we may receive from other sources. When you register for our services, you may provide us with:
- Your personal details, including your postal and billing addresses, email addresses, phone numbers and date of birth and title
- Information relating to your products, services,
- Your account login details, such as your username and the password that you have chosen
When you access our online services or browse our websites or use our mobile apps, we may collect:
Information about your online products reviewed (for example, what you have reviewed, services accessed)
- Information about your online browsing behaviour on our websites and mobile apps and information about when you click on one of our adverts (including those shown on other organisations’ websites)
- Information about any devices you have used to access our services (including the make, model and operating system, IP address, browser type and mobile device identifiers)
- Information about data usage during your visit.
- Information about response times and duration of visits on specific pages.
- Information about your location.
When using the “Contact us” part of the website you will agree a specific data processing notice found here https://www.werfen.com/uk/en-gb/contact-us
When you contact us or we contact you or you take part in promotions, competitions, surveys or
questionnaires about our services, we may collect:
- Personal data you provide about yourself anytime you contact us about our services (for example, your name, username and contact details), including by phone, email or post or when you speak with us through social media.
- Details of the emails and other digital communications we send to you that you open, including any links in them that you click on
- Your feedback and contributions to customer surveys and questionnaires
Supplier Personal Data we collect: We require a certain amount of information from our Suppliers to ensure that communications run smoothly; such as:
- Contact details of relevant individuals at your organisation
- Financial Details
Legal Basis of Processing -
Online Services – User Consent – Opt-In
How and why we use your personal information – Online Services
Generally, we may use information in the following ways:
- to carry out our obligations arising from any contracts entered between us and you and to provide you with the information, products and services you request from us
- to enable us to process and fulfil your requests relating to Werfen UK products and/or Services
- to send you information about your relationship or transactions with us
- to notify you about our products, services, events and/or educational opportunities
- to otherwise contact you with information that we believe will be of interest to you
- to enhance or develop our Site’s features, and our products and services
- for market research
We may use non-personally identifiable information for purposes such as measuring the number of visitors to sections of our Site, making the Site more useful to visitors and for our own internal market research. We may use IP addresses or other analytic data to analyse trends, administer the Site, track a visitor’s movement, and gather demographic information for aggregate, non-personally identifiable use.
Marketing and market research
This section explains the choices you have when it comes to receiving marketing communications and taking part in market research.
We will send you relevant information about news about our products and services in a number of ways including by email, but only if you have previously agreed to receive these marketing communications. When you register with us we will ask if you would like to receive marketing communications, and you can change your marketing choices online, over the phone or in writing at any time, or via embedded un subscription links.
We also like to hear your views to help us to improve our Services, so we may contact you for market research purposes. You always have the choice about whether to take part in our market research.
Customer contact database and supplier information - Legitimate Interest
Werfen has a legitimate interest policy, https://www.werfen.com/uk/en-gb/legitimate-policy, this contains the basis of the processing of customer and supplier data linked, with all other provided Services.
How and why we use your personal information – Customer & Suppliers
- to carry out our obligations arising from any contracts entered into between us and you and to provide you with the information, products and services you request from us;
- to enable us to process and fulfil your requests relating to Werfen UK products and/or services;
- to send you information about your relationship or transactions with us;
Your right to be Informed – Werfen UK - Customers
For Werfen UK customers we have created a specific data processing notice to provide further visibility on the use and processing for your data.
Please see https://www.werfen.com/uk/en-gb/about-us
Sharing your information
In the circumstances described below, we may share your information as follows:
- With business partners, suppliers, service providers or sub-contractors: We may use other companies for the performance of any contract we enter into with them or you, including the performance of services including, without limitation, services such as analytics and search engine searches that assist us in the improvement and optimisation of our Site or sending emails or hosting webinars or other events. We may share your Pii with these service providers as necessary to facilitate a transaction or communication.
- Special circumstances: We also may disclose your Pii:
- In response to a writ or similar investigative demand, a court order, or other request from a law enforcement or government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law.
- When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our Site’s terms and conditions or other agreements or policies.
- In connection with a corporate transaction, such as the sale of all or a portion of our business, a divestiture, merger, consolidation, or asset sale, or in the event of bankruptcy.
How we protect your information
We know how important it is to protect and manage your personal data. This section sets out some of the measures we have in place.
We use computer safeguards such as firewalls and data encryption, and we enforce physical access controls to our buildings and files to keep this data safe. We only authorise access to employees who need it to carry out their job responsibilities.
- We protect the security of your information while it is being transmitted by encrypting it using Secure Sockets Layer (SSL).
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal data. We may occasionally ask for proof of identity before we share your personal data with you.
- Werfen is ISO 27001 certified, we have an Information Security Management System (ISMS), to manage all risks and activities linked with the processing of your data.
Children’s online privacy protection
Children under the age of 18 must not create an account through our Site and should not submit any information to us.
How long do we store your data?
If we have not had meaningful contact with you (or, where appropriate, the company you are working for or with) for a period of five years, we will Delete your personal data from our systems unless we believe in good faith that the law or other regulation requires us to preserve it (for example, because of our obligations to tax authorities or in connection with any anticipated litigation). Even if we already hold your personal data, you still have various rights in relation to it. To get in touch about these, please contact us. We will seek to deal with your request without undue delay, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object: If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities (for example, for profiling your suitability for certain roles), or consent to market to you, you may withdraw your consent at any time.
Data Subject Access Requests (DSAR): Just so it's clear, you have the right to ask us to confirm what information we hold about you at any time, and you may ask us to modify, update or Delete such information. Right to erasure: In certain situations (for example, where we have processed your data unlawfully), you have the right to request us to "erase" your personal data. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases) and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will Delete your data but will generally assume that you would prefer us to keep a note of your name on our register of individuals who would prefer not to be contacted. That way, we will minimise the chances of you being contacted in the future where your data are collected in unconnected circumstances. If you would prefer us not to do this, you are free to say so. If your interests or requirements change, you can unsubscribe from part or all our marketing content (for example, My Werfen content or Product newsletters) by clicking the unsubscribe link in any marketing email, or by contacting us directly linked with data held and processed and used for other purposes.
How can you access, amend or take back the personal data that you have given to us?
One of the Global Data Protection Regulations (GDPR) main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect of your data, even once you have given it to us. These are described in more detail below
- we can show that we have compelling legitimate grounds for processing which overrides your interests; or
- we are processing your data for the establishment, exercise or defence of a legal claim. If your objection relates to other activities, we must act on your objection by ceasing this activity.
How do you exercise your right to withdraw consent? Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing arrangements or automatic profiling), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.
How do you exercise your right for Data Subject Access Requests (DSAR)? You may ask us to confirm what information we hold about you at any time, and request us to modify, update or Delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is "manifestly unfounded or excessive". If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
Right to erasure: You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
- the data are no longer necessary for the purpose for which we originally collected and/or processed them;
- where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
- the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
- it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
- if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing. We would only be entitled to refuse to comply with your request for one of the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
- for public health reasons in the public interest;
- for archival, research or statistical purposes; or to exercise or defend a legal claim.
When complying with a valid request for the erasure of data we will take all reasonably practicable steps to Delete the relevant data. Right to restrict processing: You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either: (i) one of the circumstances listed below is resolved; (ii) you consent; or (iii) further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.
The circumstances in which you are entitled to request that we restrict the processing of your personal data are:
- where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
- where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
- where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
- where we have no further need to process your personal data, but you require the data to establish, exercise, or defend legal claims. If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.
Right to rectification: You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.
Right of data portability: If you wish, you have the right to transfer your personal data between data controllers. In effect, this means that you are able to transfer your details to another online platform. To allow you to do so, we will provide you with your data in a commonly used machine-readable format that is password-protected so that you can transfer the data to another online platform. This right of data portability applies to: (i) personal data that we process automatically (i.e. without any human intervention); (ii) personal data provided by you; and (iii) personal data that we process based on your consent or in order to fulfil a contract. It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data
How to contact us
Since information security is critical to the security of the business, not agreeing to these terms prevent usage of the website and associated services. If any customer of supplier has concerns about the use of their data linked with this policy, please use the above address to highlight these issues.