PEM Stainless Ltd is a registered company ( 03952534 ) in England and Wales.
Any personal information provided or obtained by PEM Stainless Ltd is used and processed only for its own legitimate purposes.
If you have any questions or concerns relating to how PEM Stainless Ltd may use your personal information, please contact:
Nigel May (Company Director)
Telephone Number: 0114 2448811
PEM Stainless, 67 Julian Road, Sheffield, S9 1FZ
Personal information collected about you
We will collect the following information about you that will be held securely on a central database:
Contact information including email address and telephone number
Demographic information such as postcode, communications & preferences
The information we collect is necessary for us to be able to provide you with the service you require, for the effective management of PEM Stainless Ltd. Refer to the section below ‘What we do with your information' for further details
Where we collect your information from
The following are the different sources we may collect personal data about you from:
Directly from you . This is information you provide to us when you submit an email via our website or on an account application form
When you access PEM Stainless' social media . We might also obtain your personal data through your use of social media such as Facebook, WhatsApp, Twitter or LinkedIn, depending on your settings or the privacy policies of these social media and messaging services. To change your settings on these services, please refer to their privacy notices, which will tell you how to do this.
Through publicly available sources . We may use the following public sources: Newspaper or other media coverage, open postings on social media sites such as LinkedIn, and data from Companies House / Experian.
By Reference or word of mouth . For example, you may be recommended to us by a friend or a family member may purchase a product on your behalf.
What we do with the information we gather :
Internal record keeping, accurate accounting and financial reporting and compliance purposes
Our legal basis for processing your information
For anyone using our services, support, advice or guidance, our processing is necessary for our legitimate interests in that we need the information in order to provide these services to you.
If you notify us of any health or disability requirements then this may involve the processing of more detailed personal data including sensitive data such as health information that you or others provide about you. In that case we always ask for your consent before undertaking such processing.
Consequences of not providing your information
If you do not provide the personal data necessary or withdraw your consent for the processing of your personal data, it will be very difficult for PEM Stainless Ltd to provide you with the service, support, advice or guidance.
PEM Stainless Ltd must also have access to some of your information in order to operate and to comply with legal obligations.
How long we keep your information for
How long we keep your information will depend on the purpose or purposes for which we use it. While you are a customer, or a visitor to our website, we will only retain your information for as long as is necessary for those purposes and to comply with statutory or regulatory retention periods.
PEM Stainless Ltd respects your rights under data protection laws and takes our obligations seriously. Any information provided to us is used and protected by us for our own legitimate purposes. Your rights to privacy, confidentiality and information security are highly important to us and upheld by us. Your support is extremely important to PEM Stainless Ltd, so we do not and will not share, swap, or sell your personal information with any other organisation without your explicit consent.
We will not use your information for a different and non-compatible purpose to those described above or those that you would not reasonably expect. We will always let you know at the time of capturing your information if our intended purpose is different to those described above.
We do not carry out automated decision making or automated profiling.
PEM Stainless Ltd will share your information for its own internal purposes and only where necessary.
Any sharing will be carried out under formal non-disclosure agreements and only after due diligence processes have been followed to ensure that those we work with support our aims and objectives.
Non-disclosure agreements are designed to protect information security, your confidentiality and set strict obligations as to the control and use of your information. Any information that is shared is secured through security protocols such as encryption and secure file transfer portals.
We never have and never will share, swap or sell your personal details to any organisation for their own marketing purposes. Your privacy and confidentiality are paramount to us and we will only use the information that you provide for PEM Stainless Ltd's own purposes.
Information security and how we store your information
We are committed to ensuring that your information is secure and that your right to privacy and confidentiality are protected. We take information governance and security seriously and have technical and organisational measures in place that include ensuring all antivirus, antispam and software packages are up-to-date, correctly configured firewalls, encryption, secure file transfer protocols, Trust policies, processes and staff training to manage and protect your personal information in order to prevent unauthorised access, unlawful processing, accidental loss, damage, destruction or disclosure.
All information you provide to us is stored securely by PEM Stainless Ltd and governed by IT Security Policy and Procedures. Your information remains under the control of PEM Stainless Ltd at all times. You have the right to access your information at any time. Refer to section below ‘Your legal rights'.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to us online; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access, loss or damage.
Where possible, we try to only process your information within the UK and European Economic Area (EEA). If we or our service providers transfer personal data outside of the UK or EEA, we always require that appropriate safeguards are in place to protect the information when it is processed. You can obtain a copy of these safeguards by contacting us.
A cookie is a small file which asks permission to be placed on your computer's hard drive, smart phone, tablet or other device and is used to improve your online experience by almost every website including ours. Therefore, it is important to understand how cookies work, what they are for and when they are being used.
Once you agree, the cookie file is added to your computer and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
More information about cookies can be found at www.allaboutcookies.org
We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. The cookies we use in no way give us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
You can manage your cookie preferences for our website or any other websites by using your browser settings. Your browser's ‘help' function will show you how to do this. However, please remember that cookies are often used to enable and improve certain functions on our website. If you chose to switch certain cookies off, it could affect how our website works on your device.
Individuals have specific rights contained within data protection laws that relates to their personal information. These rights can be enforced against any organisation, from any sector, that holds your information. This section will detail what these rights are and how you can exercise them.
You have the right to be informed of how and why your information is being used and who it is being shared with. This right relates to the first data protection principle of fair and lawful processing and the second data protection principle that relates to processing personal information for specified and lawful purposes. Both of these principles obligate organisations to be open, honest and transparent with what and how they use personal information.
You have the right to access information about you. This is called a Subject Access Request. This means you can have a copy of your personal information held by PEM Stainless Ltd. If an exemption is being relied on to restrict your right to access specific details that contain your information, you are entitled to know which exemption applies. There is no charge for a Subject Access Request and PEM Stainless Ltd must provide you with a copy within 30 days.
You have the right to have any incorrect or inaccurate information about you rectified or erased from our records. If we are holding information about you that you know, or feel is incorrect you have a right for this to be corrected.
You have the right to be forgotten. This means you have the right to ask PEM Stainless Ltd to delete or remove your information from our systems where there is no lawful reason for its continued processing.
You have the right to restrict processing of your information. For example, you can request that we do not use your information in a way that will cause you any distress such as the publication of your photograph on our website or in our newsletters.
You have the right to withdraw consent.
You have the right to object to automated decisions and profiling. This right relates to decisions being made about you by automated or mathematical reasoning applied by a computer. There is no human input to the decision-making process. This is quite common for online credit card applications where the decision is based upon an algorithm. PEM Stainless Ltd does not use this kind of technology.
You have the right to data portability. This means you have the right to move your information from one database to another. For example, you could ask to move all of your personal data from one utility provider to another.
There are other more general rights that you have within the law, these are:
The right to compensation for distress caused
The right to complain to the Information Commissioner by calling 0303 123 1113 or visiting the ICO's website https://ico.org.uk/concerns/
The right to privacy and confidentiality and for your information not to be disclosed without your knowledge or consent.
All organisations that process personal information are under strict obligations that govern how they use and process personal information. Predominantly these are found within the data protection principles:
Fair and lawful processing. This means we need to tell you about how and why we collect and use your information. PEM Stainless Ltd does this through data protection statements and privacy notices.
Specified and legitimate purpose(s). This means that we need to be clear, honest and transparent as to the purpose(s) that we will use your information for. This is also achieved through the use of data protection statements and privacy notices.
Adequate, relevant and not excessive. This relates to the capture of information about you not being excessive for the intended purpose. For example, asking for your banking details when they are not required would be excessive.
Accurate and where necessary up to date. This relates to our obligations around the management of your information.
Not kept for longer than necessary. This principle means that the information held about you cannot be held indefinitely. Your information can only be retained for the purpose(s) required and to comply with certain other legal obligations. For example, tax laws require information to be retained for seven years. PEM Stainless Ltd will retain your information to conform with legal requirements and for as long as is justifiable for the management and historical account of our work.
Appropriate security against unlawful and unauthorised processing. This obligation means that organisations are under a lawful duty to protect your information. Information security comes in different forms from physical security, technical and organisational measures to restrict access to your information and protect it from unlawful or unauthorised disclosure.
You may choose to restrict the collection or use of your personal information in the following ways:
Postal communications will be sent to you under the legitimate interest of PEM Stainless Ltd. You can stop these communications at any time by emailing email@example.com or by calling 0114 2448811
PEM Stainless Ltd will comply with your request without unreasonable delay, but please note that it may be difficult to stop communications that are in the process of being mailed.
Electronic communications (emails) require your consent before PEM Stainless Ltd can lawfully send them.
You can email firstname.lastname@example.org or by calling 01142448811 and PEM Stainless Ltd will stop all email communications without any unreasonable delay.
You are entitled to enforce any of your legal rights and to make a complaint to the Information Commissioner's Office. Refer to the section above ‘Your legal rights'.
If you believe that any information we are holding on you is incorrect or incomplete, please let us know as soon as possible. We will promptly correct any information found to be incorrect.
If you have any questions, concerns or complaints please contact Nigel May by e-mail or telephone.
Closed circuit television (CCTV) is installed at the premises for the purposes of staff, customer and premises security. Cameras are located at various places on the premises, and images from the cameras are recorded. The use of CCTV falls within the scope of the Data Protection Act 1998 (“the 1998 Act”). This code of practice follows the recommendations issued by the Data Protection Commissioner in accordance with powers under Section 51 (3)(b) of the 1998 Act.
In order to comply with the requirements of the 1998 Act, data must be:
Data Protection statement
Images from cameras are recorded on videotape/disc/computer system (“the recordings”). Where recordings are retained for the purposes of security of staff, customers and premises, these will be held in secure storage, and access controlled. Recordings which are not required for the purposes of security of staff, customer and premises, will not be retained for longer than is necessary. (30 Days)
It is important that access to, and disclosure of, images recorded by CCTV and similar surveillance equipment is restricted and carefully controlled, not only to ensure that the rights of individuals are preserved, but also to ensure that the chain of evidence remains intact should the images be required for evidential purposes.
Access to recorded images is restricted to the Data Controllers , who will decide whether to allow requests for access by data subjects and/or third parties (see below).
Viewing of images must be documented as follows:
In cases where recordings are removed from secure storage for use in legal proceedings, the following must be documented:
Requests for access to images will be made using the contact form.
The data controller will assess applications and decide whether the requested access will be permitted. Release will be specifically authorised. Disclosure of recorded images to third parties will only be made in limited and prescribed circumstances. For example, in cases of the prevention and detection of crime, disclosure to third parties will be limited to the following:
All requests for access or for disclosure should be recorded. If access or disclosure is denied, the reason should be documented as above.
If it is decided that images will be disclosed to the media (other than in the circumstances outlined above), the images of other individuals must be disguised or blurred so that they are not readily identifiable.
If the CCTV system does not have the facilities to carry out that type of editing, an editing company may need to be used to carry it out.
If an editing company is used, then the data controller must ensure that there is a contractual relationship between them and the editing company, and:
This is a right of access, which is provided by section 7 of the 1998 Act. Requests for access to images will be made using the web form on the contacts page.
All requests for access by Data Subjects will be dealt with by the data controller: PEM Stainless Ltd.
The data controller will locate the images requested. The data controller will determine whether disclosure to the data subject would entail disclosing images of third parties.
The data controller will need to determine whether the images of third parties are held under a duty of confidence. In all circumstances the practice's indemnity insurers will be asked to advise on the desirability of releasing any information.
If third party images are not to be disclosed, the data controllers will arrange for the third-party images to be disguised or blurred. If the CCTV system does not have the facilities to carry out that type of editing, an editing company may need to be used to carry it out. If an editing company is used, then the data controller must ensure that there is a contractual relationship between them and the editing company, and:
The company director will provide a written response to the data subject within 21 days of receiving the request setting out the data controller's' decision on the request. A copy of the request and response should be retained.
Complaints must be in writing and addressed to the company director. Where the complainant is a third party, and the complaint or enquiry relates to someone else, the written consent of the patient or data subject is required. All complaints will be acknowledged within 7 days, and a written response issued within 21 days.