Privacy and Cookie Policy
Yarto Europe Limited a company incorporated in England and Wales whose registered office is at (The Promenade (Rear), Edgwarebury Lane, Edgware, Middlesex, HA8 8LW UK registered number 5307361) (“we/us/our”) holds personal data about our employees, clients, suppliers and other individuals for a variety of business purposes. We will always abide by applicable data protection and privacy laws and are committed to your privacy.
This privacy and cookie policy gives you the details of how we (including all our staff) collect and process your personal data and it applies to all products and services provided by us to you which includes any information that you may provide to us through our website when you purchase a product or service or sign up to our newsletter and sets out how we seek to protect personal data.
Please read this Policy together with our Terms & Conditions of Use.
You give us your information either through this website or by any other means. Any and all personal data passed to us by any third party will be treated in accordance with this policy. Our Data Compliance Officer has overall responsibility for the day-to-day implementation of this policy.
1.What We Do To Protect Your Data
1.1 How We Process Data
We will always seek to process personal data fairly and lawfully in accordance with your rights. So, this means that we will not process personal data unless the individual whose details we are processing has consented to this happening or it is a legitimate interest to do so. We ensure that the processing of all data will be(i) necessary to deliver our services and the services that we deliver on behalf of our clients; (ii) in our legitimate interests and not unduly prejudice the individual's privacy and (iii) in most cases this provision will apply to routine business data processing activities.
1.2 Sensitive personal data
Generally, we do not collect sensitive data but in the unusual situation where we collect and process sensitive personal data we will require the individual’s explicit consent to do this unless exceptional circumstances apply or we are required to do this by law (e.g. to comply with legal obligations to ensure health and safety at work). Any such consent will need to clearly identify what the relevant data is, why it is being processed and to whom it will be disclosed.
1.3 Your personal data
You are responsible to ensure that your personal data is accurate and up to date. So, if your personal circumstances change, please inform the Data Compliance Officer so that we can update your records.
1.4 Keeping your Data secure
We keep personal data secure against loss or misuse. We are committed to protecting the confidentiality and security of your information and we have taken all reasonable measures to secure your information, including encryption, third party audits, access controls and security testing. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know the data.
We will always keep our security measures up to date and under constant review to protect personal data.
Data that is stored on a computer will be protected by strong passwords and our Data Compliance Officer will approve all data stored in the cloud.
Our servers containing personal data will be kept in a secure location, away from general office space and back-ups will be regularly made in line with company procedures. Servers containing sensitive data will be approved and protected by security software and strong firewalls.
Data will never be saved directly to mobile devices such as laptops, tablets or smartphones
In cases when data is stored on printed paper, it will be kept in a secure place where unauthorised personnel cannot access it and printed data will be shredded when no longer needed.
Where other organisations process personal data as a service on our behalf, our Data Compliance Officer will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third party organisations.
2. How we collect data and what we will do with it:
We will always be transparent and provide information to individuals about how we will use their personal data.
2.1 The information that we collect is:
- Identity Data including - Full name, marital status, title, date of birth and gender
- Contact Data including – billing address, delivery address, email address and telephone numbers
- Financial Data including – your bank account and payment card details
- Transaction Data including – details about payment between us and other details of purchase made by you
- Technical data including – login data, internet protocol addresses, browser type and version, browser plug-in types and version, times zone setting and location, operating and platform and other technology on the devices that you use to access this site
- Profile Data including – username and password, purchase orders, your interests, preferences, feedback and survey responses
- Usage Data including – information about how you use our website, products and services
- Marketing and Communications Data including – your preferences in receiving marketing communications from us and your communication preferences
2.2 We collect data:
- When we meet you in person at an exhibition or otherwise
- When we speak to you by telephone
- When you correspond with us by email
- When you fill in forms and questionnaires or give us your business card
- When you visit our website, or create an account with us
- When you order our products or services
- When you download or install our app
- When you subscribe to our services or publications
- We may receive personal data about you from a third party in a legitimate manner eg a financial provider
- When we request/receive trade references
2.3 Use of data:
We use the information we collect in order to fulfil our contractual obligations with you and understand your needs and provide you with a better service and in particular for the following purposes:
- In connection with good and services offered by our business including on this website and to carry out our obligations arising out from any contracts entered into between you and us which includes providing quotes prior to a contract being in place but following an enquiry from you
- To respond to and fulfil your requests
- Where it is necessary for our legitimate interest as long as it does not override your interests
- Where we need to comply with a legal or regulatory obligation and general good practice
- To communicate with you to enable you to access the benefits and services of this website/ our products and services
- To allow you to participate in interactive features of our service, when you choose to do so
- To notify you of changes to our service and to improve our services through knowledge of what is used and how
- Internal record keeping
- To improve our products and services; provide relevant offers and fulfil transactions
- Protect you, provide you with customer service, prevent fraud, operate this website on your behalf and respond to your requests
- To understand the visiting patterns to our online site and please see our Cookie Policy for further information on this.
- For operational reasons, such as recording transactions, training and quality control, ensuring the confidentiality of commercially sensitive information, security vetting, credit scoring
- To send promotional emails and updates about new products, special offers or other information we may think is of interest to you
- To contact you for market research purposes, we may contact you by email, phone or mail and we may use the information to customise the website according to your interests
- To check references, ensure safe working practices, monitoring and managing staff access to systems and facilities and staff absences, administration and assessments and to monitor staff conduct and carry out disciplinary matters
- To ensure business policies are adhered to (such as policies covering email and internet use)
- To gather information as part of investigations by regulatory bodies or in connection with legal proceedings or requests and to investigate any complaints
Performance of a Contract
If you register as a new customer or place an order with us, you are providing us with a lawful basis to process your data necessary for the performance of a contract, including processing and delivering to you and contacting you about the order.
Legitimate Interest
The personal data that we collect and process under the legitimate interest basis is done so in the commercial interest of the business and we will use this basis especially in connection with the business eg debt recovery, business management/ growth e.g. to improve our website, products/services and customer relationships and to send you our Surveys, Newsletters, Events and other marketing literature.We will process information in a targeted, proportionate way, which would be reasonably expected for that data and has a minimal privacy impact in accordance with our Legitimate Interest Assessment.As regards direct marketing, you have an absolute right to object to this processing and if you wish to exercise this right contact the Data Compliance Officer, at which time we will stop processing your data.
Consent
Where we rely on consent to process your personal data it will be subject to active consent properly obtained and given by you to us directly or by virtue of us fulfilling our role as a Fulfilment Partner of a third party. This consent can be revoked at any time by contacting our Data Compliance Officer.
2.4 Purpose for Use of Data:
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for a reason that it was not originally collected for, we will notify you and explain the legal grounds of processing.
2.5 Who will your information be shared with?
Your personal data is an important part of our business. We do not sell your information to third parties. We will only share your information as set out below as necessary or with your express consent where appropriate. All information sharing is only done on the basis of being necessary and to fulfil legitimate business purposes. For example:
- Payment card information may be shared with payment processors to facilitate card transactions
- Bank account information may be shared with our bank to facilitate payment into your account
- Information may be shared with third parties to fulfil transactions including passing your delivery address and contact details to our delivery partners; payment information, shipping, and other personal information may be required to fulfil the transaction.
- Service providers e.g. who provide IT and systems administration services or Professional Advisers eg law firms, bankers, auditors, insurance companies.
- Public Authorities e.g. HM Revenue & Customs or other regulators and authorities who require us to report to them
- Details may be shared with marketing platforms e.g. Mailchimp
If further consent is required to pass your personal data to third parties, you may be contacted in order to give your positive consent for this purpose
We may disclose your personal information to third parties in limited circumstances as follows:
- Where we engage the business services of a third party to provide services directly to us. We will carry out the necessary due diligence on any third party that we use to ensure that they fully comply with data protection regulations. Any third party will be engaged for a specific purpose and they will be strictly prohibited from using your personal data for any other purposes. For example, we will need to pass your details to delivery companies in order to deliver your products as part of our fulfilment of our business contract with you. If we do share your personal information we will contact you, where necessary and appropriate, to inform you of the identity of that third party and to gain positive consent to pass your personal data to the third party specified.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply our terms of use on this website and other agreements
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
2.6 Use of Data Processors
We will usually be the Data Controller. Data Processors are third parties who may provide elements of our business service for us. We have contracts in place with our data processors and/or sub data processors so that we control your personal data and they cannot do anything unless we have instructed them to do it. They will not share your personal information with any organisation unless they have our explicit permission or where there is a legal obligation to do so. They will hold it securely and retain it for the period that we instruct.
2.7 We will hold your data for:
We will retain personal data for no longer than is necessary and in any event no longer than 10 years from the date of last usage. What is necessary will depend on the circumstances of each case, taking into account the reasons that the personal data was obtained, but will be determined in a manner consistent with our data retention guidelines.
We will also need to take into consideration satisfying any legal, accounting or reporting requirements and any regulations that we must fulfil, for example for auditing purposes or for legitimate business purposes and may retain your information after your relationship with us has ended.
By law we have to keep basic information about our customers for six years after they cease being customers for tax purposes and any other legal obligations.
2.8 Transferring data internationally
There are restrictions on international transfers of personal data. Your personal data will not be transferred anywhere outside the UK without first consulting the Data Compliance Officer. Where we do transfer your personal data outside the European Economic Area (EEA) we will do our best to ensure a similar degree of security of data by transferring to countries with a similar degree of protection for your personal data, or, we may use specific contracts or codes of conduct or certification which gives personal data the same protection as it has in Europe.
3. Training
New staff will receive training as part of the induction process. Further training will be provided whenever there is a substantial change in the law or our policy and procedure.
4. Marketing
We will abide by any request from an individual not to use their personal data for direct marketing purposes and notify the Data Compliance Officer about any such request.
We will not send direct marketing material to anyone electronically (e.g. via email) unless they have given us positive consent to receiving our marketing material and that consent will be recorded and stored, or if it is in our legitimate interest to do so.
Existing Customers
We would like to send you information, from time to time about our products and services but will only do so where you have requested information from us or purchased goods or services from us and where you have not opted-out of receiving that marketing. Where we use the legitimate interest basis to send you marketing communications, you can object to at any time by emailing the Data Compliance Officer.
Where you opt-out of receiving our marketing communications we will cease immediately from sending you any marketing communications as specified by you.
Prospects
Where we wish to promote our services, we may purchase databases of business contacts within our target sectors. These contacts will only be bought from credible sources, who we have checked for validity. Additionally, we may combine these records with publicly available information. Our primary market is business to business and therefore where we email or call prospects, we will only do so where there is evidenced consent or a legitimate interest to do so. If we are considering legitimate interest as grounds for processing, we will carry out our Legitimate Interest Assessment to ensure that the process is valid and that our interest does not outweigh the individual’s right to privacy.
5. Your Legal Rights
5.1 Access your data
You have the right to access information held about you. If you would like a copy of your personal data, please contact the Data Compliance Officer which we will supply free of charge.
You can ask us to correct any inaccurate data held about you.
5.2 Accuracy and relevance
We will seek to ensure that any personal data we process is accurate, adequate, relevant and not excessive, given the purpose for which it was obtained. We will not process personal data obtained for one purpose for any unconnected purpose unless you have agreed to this or would otherwise reasonably expect this.
Individuals may ask that we correct inaccurate personal data relating to them. If you believe that information is inaccurate you must inform the Data Compliance Officer.
5.3 Data portability
Upon request, you will have the right to receive a copy of your data in a structured format. These requests will be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. You may also request that your data is transferred directly to another system. This will be done for free.
5.4 Right to be forgotten
You may request that any information held on you is deleted or removed, and any third parties who process or use that data will also comply with the request. An erasure request can only be refused if an exemption applies. We will respond to any request within one month.
6. Privacy by design and default
We will always ensure that privacy and data protection is at the heart of everything that we do and so compliance is considered right from the outset of every project. Our Data Compliance Officer will conduct any Privacy Impact Assessments and ensure that all IT projects have a privacy plan in mind. In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
When relevant, and when it does not have a negative impact on the data subject, privacy settings will be set to the most private by default.
7. Cookies
Cookies help us to provide you with a good user experience when you browse our website.
If you have registered on our website we record the pages you visit. This allows us to see which products are most popular, and also to provide assistance in the event of problems. We do not share this data with anyone else. This data is retained for a maximum of 3 years, but usually deleted after 18 months.
We use website “cookies” to facilitate the smooth working of this website. Cookies are small files which are sent to your browser when you visit our website, and allow us to distinguish you from other visitors, although they do not personally identify you if you have not actually registered on our website. If you do not wish to accept these cookies you can delete them and/or block them in your browser. All the major browsers have options in their security settings to allow you to do this. However, parts of our website will then not work as expected and you will not be able to place an order.
We only use “first party” cookies, in other words, cookies set by us for direct operation of our website. We do not use “third party” cookies which could allow your details to be passed to third party marketing organisations. The names of the cookies we use are as follows:
- Analytics Cookies
Analytics are persistent cookies that allow us to recognise, count the number of visitors, and provide anonymous data about how our visitors use our websites.
Using analytics cookies helps us improve the way our websites work and navigate, ensuring that users are able to find what they are looking for without difficulty. No personally identifiable data is collected about you.
We use Google Analytical Cookies ending with:
_utma
_utmb
_utmc
_utmz
For further information please click here https://support.google.com/analytics/answer/6004245.
- Default Cookies
Our website is hosted on an industry-standard Microsoft webserver, which issues a default cookie called asp.net_sessionid. This cookie is set as soon as you visit our site but expires automatically after you leave it.
Some of our pages include plug-ins from social networking sites such as Facebook and Twitter, and these sites may also set or retrieve cookies on your browser, if your browser is already signed-in to them. These social networking cookies are exchanged between your browser and the social networking sites you belong to, they are not accessible by us.
You can find out more about cookies and how to manage them on this Wikipedia article.
8. Monitoring
Although we take every reasonable step to protect the information that you provide, we cannot guarantee the security or accuracy of the information that we gather. Please be assured that all our staff must observe this policy. The Data Compliance Officer has overall responsibility for this policy. They will monitor it regularly to make sure it is being adhered to.
If you have any questions or concerns about anything in this policy, do not hesitate to contact the Data Compliance Officer.
9. Complaints
If you have a complaint as to how your data is being collected or used, please contact our Data Compliance Officer in the first instance. If you are still not happy with the way your data is being collected and used, you have the right to complain to the UK Supervisory Authority, the ICO (www.ico.org.uk).
10. Links to other websites
Links on this website may take you to a third-party website. At the point you enter the third-party website, the privacy and cookie policy of the third party will apply to any and all information that you provide. It is important to read the third party’s privacy and cookie policy.
11. Notification of changes to this policy
Our privacy and cookie policy will be reviewed and enhanced from time to time. Please check our website or contact us for a copy of the current privacy and cookie policy. If you are not happy with the conditions of a revised privacy and cookie policy you may opt out by contacting us.
12. Contact Us
If you have any concerns about our privacy policy please contact us at: Post: Yarto Europe Ltd, The Promenade (Rear), Edgwarebury Lane, Edgware, Middlesex, HA8 7JZ UK Email: info@yarto.com (Data Compliance Officer); Telephone: 020 8952 1222
Updated: November 2021