Reef Recycling is committed to compliance with the General Data Protection Regulation (GDPR).
This privacy statement outlines how Reef Recycling processes and stores data. It also provides the appropriate contact information should you wish to exercise any of your personal data processing rights under GDPR such as the right to object, the right to restrict processing etc. (Explained fully here on the ICO website).
Under the EU General Data Protection Regulation (GDPR) there are six lawful bases for processing personal data. These are detailed as follows:
- Consent – the individual has given clear consent for you to process their personal data for a specific purpose
- Contract – the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
- Legal Obligation – the processing is necessary for you to comply with the law (not including contractual obligations)
- Vital Interests – the processing is necessary to protect someone’s life
- Public Task – the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
- Legitimate Interests – the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Further information regarding the lawful bases for processing personal data can be found at www.ico.org.uk
Supplier & Customer Data Processing
Having assessed all six grounds for lawful processing of personal data Reef’s Directors has selected ‘contract’ as the most suitable lawful ground for the processing of data for the purposes of delivering services to their suppliers and customers, and for and communicating with them prior to delivery of the service, during delivery and afterwards.
Sales & Marketing Data Processing
As an organisation that works solely with other businesses (i.e. not directly with the general public) Reef has assessed all six grounds for lawful processing of personal data and has selected ‘Legitimate Interests’ as the most suitable lawful ground for the processing of data for the purposes of communicating marketing and sales messages to the target organisations they wish to work with (including former suppliers and customers).
Reef collects, processes and stores data relating to businesses and decision makers. They believe the individuals they are marketing to are likely to have an interest in Reef services. Deemed as ‘Legitimate Interest’ this is based upon specific criteria including the business industry sector, size of organisation as well as the individual’s job function within the organisation.
Reef will only ever collect, process and store the essential information required for making contact with the data subjects within a business environment. The personal data they collect is limited to first name, last name, email address, social profiles (e.g. LinkedIn). Other business related data may also be processed including business name, job function, turnover and business address, however Reef will never collect further personal data such as those classed under ‘special category personal data’.
The data collected will be used to communicate marketing and sales messages relating to Reef’s services, based upon the job function held by the data subject. Reef specifically only sends messages to those they believe are likely to be interested in Reef’s services based upon the organisation they are employed by and based upon their job function within that organisation. Messages from Reef could be delivered via email, social media, via telephone or any other business to business (B2B) marketing methods that may be relevant.
When you send Reef an enquiry or booking form via the Reef website or by email or letter you will be asked to provide your contact details. Reef will use the data you provide to process your request and may use it to inform you by email, telephone or mail about other Reef services and news that they deem of interest to you. You have the right to object from any method of correspondence at any time via email or telephone.
How Reef Procures Data
Reef procures data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. If you have received correspondence from Reef, they will have procured your data in one of the following ways:
- You have requested information from Reef on a previous occasion
- Someone has sent Reef your e-mail address requesting information Reef services
- You or someone else has expressly shared your contact details with Reef for the purpose of receiving information now and/or in the future
- Reef have previously met you and your business card or contact details were handed to Reef willingly
- You or a business colleague has visited the Reef website and therefore Reef believe there is a genuine legitimate interest in their services
- You have previously connected with a member of the Reef team via the LinkedIn regarding the company and / or services
- A member of the Reef team has researched your contact details, believing that your business would genuinely be interested in Reef services, based upon your job function and they have made contact to introduce you to Reef services
- Your data has been purchased by a registered third party data supplier, which will have been segmented by industry, organisation size and job function based upon our typical customer profiles. (Due diligence checks around GDPR compliance will have been conducted accordingly)
Legitimate Interest Assessment (LIA)
Reef has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our correspondence regarding Reef and that in no way would a data subject be caused harm by our correspondence.
Per the ICO guidance, Reef can confirm:
- They have checked that legitimate interests is the most appropriate basis
- They understand their responsibility to protect the individual’s interests
- They have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure they can justify their decision
- Reef have identified the relevant legitimate interests
- They have checked that the processing is necessary and there is no less intrusive way to achieve the same result
- They have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests
- They only use individuals’ data in ways they would reasonably expect
- They are not using people’s data in ways they would find intrusive or which could cause them harm
- They do not process the data of children
- They have considered safeguards to reduce the impact where possible
- They will always ensure there is an opt-out / ability to object
- Their LIA did not identify a significant privacy impact, and therefore Reef do not require a ‘Data Protection Impact Assessment’ – DPIA
- They keep their LIA under review every six months, and will repeat it if circumstances change
- They include information about their legitimate interests assessment in their privacy statement
UK Data Storage
The data held Reef is processed and stored in the UK within a secure environment.
Request to Object / or Restrict Processing
In all correspondence Reef respect the right to object from receiving further correspondence. On any emails you receive from Reef there will be the option to ‘unsubscribe’ from receiving any further email correspondence. If you receive a telephone call from Reef, you have the right to request not to receive any further calls. Reef will log your request to object on their database to ensure that you do not receive further communication.
Request for Deletion
It is important to understand the difference between a right to object and a request for deletion. If you make a request for deletion, Reef will remove any data they hold about you from their database. This will also mean that they will remove you from their suppression files. If you are removed from their suppression files, there is a risk that your data may be processed again in the future if your details are re-added to their database by a member of the team who genuinely believes that your business would benefit from Reef services. If you do not wish for Reef to contact you again with their sales and marketing messages, they recommend you request to ‘object’ rather than request ‘deletion’, as this will ensure that your details are always suppressed from processing.
The option however is yours, and in either case Reef will process your request within 30 days.
This privacy statement was last reviewed and updated on the 17 November 2020. Policies are periodically reviewed to ensure compliance with the current compliance environment.
For questions relating to this policy please contact us.
Contacting Reef Recycling regarding your data processing rights under GDPR:
Should you wish to object to receiving communication from Reef, or exercise any of your other rights under GDPR you can do so in a variety of ways:
- Send an email to firstname.lastname@example.org
- Please call 01937 520306 and speak to the operator
- Write to Reef Recycling, 2 Parkfield Drive, Boston Spa, Wetherby, Leeds, LS23 6EF