Whistl understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website www.whistl.co.uk (“Our Site”).
Our Site is not intended for children and we do not knowingly collect data relating to children.
1. Information About Us
1.1. Our Site is owned and operated by Whistl UK Limited a limited company registered in England and Wales under company number 04417047, whose registered address is Meridian House, Fieldhouse Lane, Marlow, Buckinghamshire, England, SL7 1TB (“We/Us/Our”).
1.2. Our VAT number is GB991 2657 87.
1.3. We are regulated by OFCOM in relation to the postal services that we provide.
1.4. We are a member of the DMA, IPM, Print Power, ELMA, RHA and the MCF.
1.5. Our ICO Registration number is: Z692857X.
2. What Does This Policy Cover?
2.2. Please refer to our Compliance Statement for additional information about our approach to Data Protection: https://www.whistl.co.uk/news/whistl-gdpr-compliance-statement/.
3. Your Rights
3.1.2. Right of access – You have the right to contact us in writing to request details of the information we hold about you.
3.1.3. Right of rectification – You have the right to ask us to rectify information that we hold about you if this is inaccurate or incomplete.
3.1.4. Right to erasure- This is also known as the right to be forgotten and gives you the right to request your information to be removed if there is no compelling reason for its continued processing. A word of warning though, we keep a list of people who have asked not to be contacted which is used to ensure that you receive no further marketing information from Whistl or client from the result of our activity. Without this list your data could enter our system again from another source and we would have no record of the fact that you asked us not to contact you.
3.1.5. Right to restrict processing – this is the alternative to erasure and gives you the right to tell us to stop processing your data but allowing us to keep enough information about you to ensure that your wishes are respected in the future.
3.1.6. Right to data portability – this gives you the right to ask the holder of your information to transfer that information to another business. This right would be most commonly used if you were switching banks, insurance companies, utility companies or mobile phone companies.
3.1.7. Right to object – you have the right to object to the processing of your data for marketing purposes and profiling for marketing purposes. Your rights and freedoms override our interests.
3.1.8. Rights related to automated decision making including profiling – we do not use automated decision making processes which would have a potentially damaging effect on the information we hold about you. But if we did you have the right to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.
3.1.9. Rights to withdrawn consent at any time where relevant – you have the right to withdraw your consent to the processing of your information at any time and we must provide you with the information to need to do so at the time we collect your data and each time we contact you.
3.2. You have the right to make a complaint at any time to the Information Commissioner Office (ICO) (the UK supervisory authority for data protection issues (www.ico.org.uk)). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the details provided in section  and we will endeavour to solve the problem for you.
3.3. For further information about your rights please contact the Information Commissioner Office or your local Citizens Advice.
4. What Data Do We Collect?
4.1. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
4.2. We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
4.2.1. Identity Data [first name, maiden name, last name, or similar identifier].
4.2.2. Contact Data [email address and telephone numbers].
4.2.3. Technical Data [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Our Site].
4.2.4. Usage Data [information about how you use Our Site, products and services].
4.2.5. Marketing and Communications [your preferences in receiving marketing from us and our third parties and your communication preferences].
4.4. We do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
4.5. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
5. How we collect your personal data
5.1. We use different methods to collect data from and about you including through:
5.1.1. Direct interactions. You may give us your Contact Data when you:
184.108.40.206. use any of the tools on Our Site;
220.127.116.11. subscribe to any service/software updates;
18.104.22.168. request marketing to be sent to you;
22.214.171.124. give us feedback or contact us.
5.1.3. Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:
5.1.4. Technical Data from analytics providers Google based outside the EU and Ruler Analytics based inside the EU.
6. International Transfers
We do not transfer your personal data outside the United Kingdom.
7. How Do We Use Your Data?
7.1. We will only use personal data when the law allows us to. Most commonly, we will use your personal data as follows:
7.1.1. where we need to perform the contract that we have entered into with you;
7.1.2. where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;
7.1.3. where we need to comply with a legal obligation.8.1 If we do collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under GDPR at all times.
7.2. As noted above, we do not generally collect any personal data. If you contact Us and We obtain your personal details from your email or we retain your address in order to deliver your mail, We may use them as follows:
7.2.1. To reply to your email;
7.2.2. To do address verification.
7.3. You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
7.4. We may share your data with selected associated partners in order to provide the service required. We will ensure your data is only provided to third parties with appropriate and commensurate controls in place.
7.5. We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate:
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical||Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve Our Site, products/services, marketing, customer relationships and experiences||(a) Technical (b) Usage||Necessary for our legitimate interests (to define types of customers for our products and services, to keep Our Site updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications||Necessary for our legitimate interests (to develop our products/services and grow our business)|
7.6. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
7.7. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.8. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7.9. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
7.10. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required.
8. How and Where Do We Store Your Data?
8.1. Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure any data we hold about you.
8.2. Whistl secures your personal information from unauthorised access, use or disclosure. Whistl secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
9. Data Sharing
10. We may share your personal data with the following organisations and for the reasons set out in the table below:
|Carriers and national postal service providers||Name, address, email address and telephone number||Receive personal data on the item label||The purpose of all activities is to deliver the item to the recipient|
The purpose of all activities is to deliver the item to the recipient
11. How long will you use my personal data for
11.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, inclunding for the purposes of satisfying any legal, regulartory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
11.2. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable leglal and regulatory, tax, accounting or other requirements.
11.3. Details of retention periods for different aspects of personal data are set out below:
|Contact Details||2 Years|
|Estimated Volumes||2 Years|
|Company Name||3 Years|
|Industry Type||3 Years|
12. How Can You Access Your Data?
You have the right to ask for a copy of any of your personal data held by us (where such data is held under GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details at firstname.lastname@example.org, or using the contact details below in section .
13. Contacting Us
14.2. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Implementation of Policy
This Policy shall be deemed effective as of 15th April 2019.
No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.
This Policy has been approved and authorised by:
|Name:||Stephen A Betts|
|Position:||Director Security and nominated Data Protection Manager|
|Date:||15th April 2019|
|Due for Review by:||15th April 2020|