Privacy Policy


Introduction

Whistl understands that your privacy is important to you and that you care about how your personal data is used and shared online. We respect and value the privacy of everyone who visits this website www.whistl.co.uk (“Our Site”).

This privacy policy aims to give you information on how Whistl collects and processes your personal data through Our Site, including any data you may provide through Our Site when you sign up to it or purchase services through it.

Our Site is not intended for children and we do not knowingly collect data relating to children.

It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them. By using this site you are accepting the practices described in this policy.

1.            Information About Us

1.1.         Our Site is owned and operated by Whistl UK Limited a limited company registered in England and Wales under company number 04417047, whose registered address is Meridian House, Fieldhouse Lane, Marlow, Buckinghamshire, England, SL7 1TB (“We/Us/Our”).

1.2.         Our VAT number is GB991 2657 87.

1.3.         We are regulated by OFCOM in relation to the postal services that we provide.

1.4.         We are a member of the DMA, IPM, Print Power, ELMA, RHA and the MCF.

1.5.         Our ICO Registration number is: Z692857X.

1.6.         For any enquiries about this privacy policy please contact Stephen A Betts at steve.betts@whistl.co.uk, by telephone on 01628 891644, or by post at Meridian House, Fieldhouse Lane, Marlow, Buckinghamshire, SL7 1TB.

2.            What Does This Policy Cover?

2.1.         This Privacy Policy applies only to your use of Our Site. Our Site may contain links to other websites. Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check the privacy policies of any such websites before providing any data to them.

2.2.         Please refer to our Compliance Statement for additional information about our approach to Data Protection: https://www.whistl.co.uk/news/whistl-gdpr-compliance-statement/.

3.            Your Rights

3.1.         Under certain circumstances, you have rights under data protection laws in relation to your personal data, which this privacy policy and our use of personal data have been designed to uphold:

3.1.1.     Right to be informed – When we collect your data we have to tell you what we are going to do with it primarily through this Privacy Policy.

3.1.2.     Right of access – You have the right to contact us in writing to request details of the information we hold about you.

3.1.3.     Right of rectification – You have the right to ask us to rectify information that we hold about you if this is inaccurate or incomplete.

3.1.4.     Right to erasure- This is also known as the right to be forgotten and gives you the right to request your information to be removed if there is no compelling reason for its continued processing. A word of warning though, we keep a list of people who have asked not to be contacted which is used to ensure that you receive no further marketing information from Whistl or client from the result of our activity. Without this list your data could enter our system again from another source and we would have no record of the fact that you asked us not to contact you.

3.1.5.     Right to restrict processing – this is the alternative to erasure and gives you the right to tell us to stop processing your data but allowing us to keep enough information about you to ensure that your wishes are respected in the future.

3.1.6.     Right to data portability – this gives you the right to ask the holder of your information to transfer that information to another business. This right would be most commonly used if you were switching banks, insurance companies, utility companies or mobile phone companies.

3.1.7.     Right to object – you have the right to object to the processing of your data for marketing purposes and profiling for marketing purposes. Your rights and freedoms override our interests.

3.1.8.     Rights related to automated decision making including profiling – we do not use automated decision making processes which would have a potentially damaging effect on the information we hold about you. But if we did you have the right to obtain human intervention, express your point of view and obtain an explanation of the decision and challenge it.

3.1.9.     Rights to withdrawn consent at any time where relevant – you have the right to withdraw your consent to the processing of your information at any time and we must provide you with the information to need to do so at the time we collect your data and each time we contact you.

3.2.         You have the right to make a complaint at any time to the Information Commissioner Office (ICO) (the UK supervisory authority for data protection issues (www.ico.org.uk)). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the details provided in section [13] and we will endeavour to solve the problem for you.

3.3.         For further information about your rights please contact the Information Commissioner Office or your local Citizens Advice.

4.            What Data Do We Collect?

4.1.         Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

4.2.         We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

4.2.1.     Identity Data [first name, maiden name, last name, or similar identifier].

4.2.2.     Contact Data [email address and telephone numbers].

4.2.3.     Technical Data [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access Our Site].

4.2.4.     Usage Data [information about how you use Our Site, products and services].

4.2.5.     Marketing and Communications [your preferences in receiving marketing from us and our third parties and your communication preferences].

4.3.         We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

4.4.         We do not collect any Special Categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

4.5.         Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.

5.            How we collect your personal data

5.1.         We use different methods to collect data from and about you including through:

5.1.1.     Direct interactions. You may give us your Contact Data when you:

5.1.1.1.     use any of the tools on Our Site;

5.1.1.2.     subscribe to any service/software updates;

5.1.1.3.     request marketing to be sent to you;

5.1.1.4.     give us feedback or contact us.

5.1.2.     Automated technologies or interactions. As you interact with Our Site, we will automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please see our cookie policy for further details.

5.1.3.     Third parties or publicly available sources. We will receive personal data about you from various third parties and public sources as set out below:

5.1.4.     Technical Data from analytics providers Google based outside the EU and Ruler Analytics based inside the EU.

5.1.5.     You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of Our Site may become inaccessible or not function properly. For more information please see our cookie policy

6.            International Transfers

We do not transfer your personal data outside the United Kingdom.

7.            How Do We Use Your Data?

7.1.         We will only use personal data when the law allows us to. Most commonly, we will use your personal data as follows:

7.1.1.        where we need to perform the contract that we have entered into with you;

7.1.2.        where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests;

7.1.3.        where we need to comply with a legal obligation.8.1 If we do collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. We will comply with our obligations and safeguard your rights under GDPR at all times.

7.2.         As noted above, we do not generally collect any personal data. If you contact Us and We obtain your personal details from your email or we retain your address in order to deliver your mail, We may use them as follows:

7.2.1.     To reply to your email;

7.2.2.     To do address verification.

7.3.           You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.

7.4.           We may share your data with selected associated partners in order to provide the service required. We will ensure your data is only provided to third parties with appropriate and commensurate controls in place.

7.5.         We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate:

 

 

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve Our Site, products/services, marketing, customer relationships and experiences (a) Technical (b) Usage Necessary for our legitimate interests (to define types of customers for our products and services, to keep Our Site updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile (f) Marketing and Communications Necessary for our legitimate interests (to develop our products/services and grow our business)

7.6.         We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

7.7.         If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

7.8.         Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7.9.         We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

7.10.      We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required.

8.            How and Where Do We Store Your Data?

8.1.           Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure any data we hold about you.

8.2.           Whistl secures your personal information from unauthorised access, use or disclosure. Whistl secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information (such as a credit card number) is transmitted to other Web sites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

9.            Data Sharing

10.          We may share your personal data with the following organisations and for the reasons set out in the table below:

 

Party Personal Data Activity Purpose
Carriers and national postal service providers Name, address, email address and telephone number Receive personal data on the item label The purpose of all activities is to deliver the item to the recipient

The purpose of all activities is to deliver the item to the recipient

11.          How long will you use my personal data for


11.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, inclunding for the purposes of satisfying any legal, regulartory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

11.2. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable leglal and regulatory, tax, accounting or other requirements.

11.3. Details of retention periods for different aspects of personal data are set out below:

Type Period
Contact Details 2 Years
Estimated Volumes 2 Years
Company Name 3 Years
Industry Type 3 Years

12.          How Can You Access Your Data?

You have the right to ask for a copy of any of your personal data held by us (where such data is held under GDPR, no fee is payable and we will provide any and all information in response to your request free of charge. Please contact us for more details at steve.betts@whistl.co.uk, or using the contact details below in section [13].

13.          Contacting Us

If you have any questions about Our Site or this Privacy Policy, please contact us by email at steve.betts@whistl.co.uk, by telephone on 01628 891644, or by post at Meridian House, Fieldhouse Lane, Marlow, Buckinghamshire, England, SL7 1TB. Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.

14.          Changes to Our Privacy Policy and to Your Personal Data

14.1.      We may change this Privacy Policy from time to time (for example, if the law changes). Any changes will be immediately posted on Our Site and you will be deemed to have accepted the terms of the Privacy Policy on your first use of Our Site following the alterations. We recommend that you check this page regularly to keep up-to-date.

14.2.      It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Implementation of Policy

 

This Policy shall be deemed effective as of 15th April 2019.

No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

This Policy has been approved and authorised by:

Name: Stephen A Betts
Position: Director Security and nominated Data Protection Manager
Date: 15th April 2019
Due for Review by: 15th April 2020
Whether you’re new to Whistl, one of our customers or just want to ask some questions we’d love to chat!
01628 879 776
Or let us give you some ideas on how we can help you drive your business forward. Tell us a bit about yourself