Privacy Policy

Privacy Policy

As a British company with a proud history of 80 years of innovation and UK manufacturing, exporting to more than 60 countries currently, Colpac is conscious of its responsibility for maintaining exemplary business practices, not only with and by its staff, but also in relation to its local community and worldwide network of customers and suppliers. Colpac is committed to ensuring that all personal data associated with its business is processed and stored securely and in line with the legal obligations of the General Data Protection Regulations (GDPR) (Regulation (EU) 2016/679).

The following Policy is intended to demonstrate how Colpac collects and stores personal data. As a data controller and data processor, Colpac collects, stores and processes data to fulfil its contractual and legal compliance obligations. The purpose of this Policy is to ensure that all individuals associated with the Company understand its principles, procedures and standards for handling personal data, and to establish individuals rights.

Personal data is defined as any information which can identify or be associated with an individual. This includes, but is not limited to: names, addresses, phone numbers and email addresses.

Sensitive personal data includes, but is not limited to: medical details, financial information and other sensitive personal information.

Data subjects are defined as any individuals (e.g. employees, customers, suppliers, contractors) associated with the Company.

Colpac has a legitimate interest in processing personal data. The personal data Colpac holds is business critical and essential to its legal and contractual compliance and for achieving its business objectives. The data Colpac processes allows its team to maintain business relationships to consistently high standards.

How Colpac uses your information
Colpac uses external data subjects information (this means that of Colpac’s customers, suppliers, contractors, agents) collectively referred to as “you” in the tables below, in a number of different ways.  What Colpac does depends on the information. The tables below set this out in detail, showing what Colpac does, and why it does it.

Your name and contact details

How Colpac uses your name & contact details Why?
To progress and deliver your orders to you

This may be facilitated by Colpac sharing this information with its agents and distributors as appropriate

This is part of Colpac’s business contract with you as it wants to make sure you receive what you have ordered.
To place enquiries and orders on you and manage your supply to Colpac This is part of Colpac’s business contract with you and it wants to make sure it is placing orders appropriately.
To send you information by email or post, about Colpac’s new products and services.

This may be facilitated by Colpac sharing this information with its 3rd party marketing automation provider MailChimp®

To keep you up to date. Colpac only sends this to you with your permission.
For fraud prevention and detection To prevent and detect fraud against either you or Colpac, absolutely essential to your and its business.

Your market sector details

How Colpac uses your market sector information Why?
To allow Colpac to tailor its offering to you To ensure that Colpac’s discussions are as effective and efficient as possible

Your payment information

How Colpac uses your payment information Why?
To take payment, and give refunds This is part of Colpac’s business contract with you.
To make payments, and give refunds This is part of Colpac’s business contract with you.
For fraud prevention and detection To prevent and detect fraud against either you or Colpac, absolutely essential to your and its business.

Your contact history with Colpac

Every time you contact Colpac by email, phone, text or social media.

How Colpac uses your contact history Why?
To provide professional customer service and support This is part of Colpac’s business contract with you and makes sure you receive the best customer service from Colpac.
To provide professional and personal interaction This is part of Colpac’s business contract with you and to make sure you receive all the information that you require to supply Colpac appropriately.
For training and best practice purposes To make sure you always receive the best service and efficient interaction possible.

Purchase history

What you have bought from Colpac and what Colpac has bought from you over the time.

How Colpac uses your purchase history Why?
To provide service and support, and handle your returns This is part of Colpac’s business contract with you and Colpac wants to make sure all receive the best service and most effective interaction.
For fraud prevention and detection To prevent and detect fraud against either you or Colpac, absolutely essential to your and its business.

Information about your phone or laptop, and how you use Colpac’s website

Information you give Colpac when you browse its site, including your IP address and device type and, if you choose to share it with Colpac, your location data, as well as how you use Colpac’s website.

How Colpac uses information about your phone or laptop, and how it uses Colpac’s website and app Why?
To improve Colpac’s website and set default options for you. To always improve Colpac’s service and offering.
To protect Colpac’s website To prevent and detect fraud against either you or Colpac, absolutely essential to your and its business and meet legal obligations about data.

Information from social media accounts you link to Colpac

What Colpac does if you link your Twitter, Instagram or LinkedIn to it

How Colpac uses information from accounts you link to it Why?
To provide product suggestions and keep you informed on Colpac’s industry and company So you can easily see Colpac’s new products and keep yourself updated with news and info.

Your responses to customer surveys, competitions and promotions

How Colpac uses information from your responses to surveys, competitions and promotions Why?
Colpac reviews and analyses the information.

This process may be facilitated by Colpac collecting and sharing this information with its 3rd party survey automation provider SurveyMonkey®

To be better able to gauge customer satisfaction to allow us to improve customer service.

Colpac also anonymises and aggregates personal information (so that it does not identify you) and use it for purposes including testing its IT systems, research, data analysis, improving its website and developing new products and services. Colpac also may share this information with trusted third parties.

Our principles

1. The principles of the Policy require that personal information must:

  • be processed fairly and lawfully and in accordance with the data subject’s rights;
  • be processed in a manner that would be reasonably expected by the data subject;
  • be used for the purpose it was collected for;
  • be processed in the Company’s legitimate interest;
  • be adequate, relevant and not excessive for the purpose it was collected;
  • be processed with the correct level of confidentiality;
  • not be transferred outside of the EU, unless that country or territory can ensure a suitable level of protection for the rights and freedoms of the data subjects whose personal data is being processed;
  • be retained for as long as deemed appropriate and deleted thereafter. Low-risk paper documents are recycled and higher-risk documents with more sensitive personal data must be shredded.

2.Informed consent

  • Transparency about the personal information Colpac holds on individuals is central to this Policy;
  • At the first point of contact, individuals must be made aware of what information is collected and why;
  • Failure to object or respond does not mean that consent has been given and consent must be as easy to give as it is to take it away;
  • Consent should be reviewed at appropriate intervals.

3. Records

  • Records relating to processing, storing and erasure of personal data are kept so that Colpac can understand and provide traceability for the full scope of its data handling activities;

4. Data disclosure and a secure business network

  • Colpac has a responsibility to ensure that it both maintains its business relationships to consistently high standards and that it collects, processes and stores personal data in line with GDPR;
  • Personal data held by Colpac will not be transferred to any country outside of the EU without obtaining the data subjects consent or otherwise complying with the relevant privacy legislation;
  • Colpac has an international network of agents, suppliers, contractors and external third parties that help it to provide the best quality service and achieve its day-to-day business objectives. For sales and compliance purposes, it may disclose personal information (such as contact information) to such trusted third parties inside and outside of the EU. Such business associates are bound by this Policy and will process personal data only when they can offer adequate measures to protect it;
  • Colpac may disclose personal information if required by law.

5. Appropriate confidentiality at all levels

  • Data stored in different formats is treated with the same level of security and safeguarding. Where electronic documents are password protected or have restricted access, paper versions are locked in filing cabinets or desk drawers;
  • All sensitive personal data is held with the appropriate safeguards and access is limited;
  • Profiling and credit checks are carried out against customers, suppliers and contractors by a third party. All results are held securely;
  • There are CCTV cameras on site. Certain members of staff have login access via a browser. CCTV and other surveillance systems have a legitimate role to play in helping to maintain a safe and secure environment for all our staff and visitors. However, we recognise that this may raise concerns about the effect on individuals and their privacy. The policy is intended to address such concerns. Images recorded by surveillance systems are personal data which must be processed in accordance with data protection laws. We are committed to complying with our legal obligations and ensuring that the legal rights of staff, relating to their personal data, are recognised and respected. A more comprehensive CCTV policy is available.

6. Effective internal regulation

  • This Policy empowers Senior Management and the Privacy Protection Officer to carry out internal data audits and compliance checks;
  • Data protection procedures and guidelines should be reviewed annually by the Privacy Protection Officer to ensure compliance and good practice, and that all queries regarding data protection internally and externally are being dealt with effectively and in compliance with this Policy;
  • All employees should receive general awareness training and/or sufficient information and guidelines on the implications of GDPR;
  • All personal and Company-issued electronic devices are covered by GDPR and are verified for password checks. Employees working remotely should work on Colpac’s VPN where accessible and log in and out of each session;
  • A password change policy is in place managed by the IT department;
  • In an employee’s absence, IT support will be contacted and the absentee’s emails may be forwarded to another team member;
  • Employees should avoid leaving documents with personal data out overnight.

Individual rights

1. Right to Access
All data subjects have the right to know what data Colpac holds on them. Colpac has one month to reply to all requests. If the request is excessive or unreasonable, Colpac has the right to charge a fee.

In all instances below, Colpac has the right to request one or two pieces of identification, to ensure the identity of the person who requests the information.

General response times are as detailed. If the response is unsatisfactory for the individual, they have the right to repeat their request. In this instance, Colpac has two weeks to review the objection with the Managing Director. The decision made in this second review is final.

All requests should be made in writing to the individual’s manager or Company contact.

2. Right to Portability
Data must be provided in a format that the individual can understand and that another data controller could easily import. If requested, Colpac must send to the data to a third party. Colpac should provide the data in whatever format it is requested where this is a commonly used and readily available format to Colpac. Colpac is not responsible for protecting the data that has been received by the data subject or third party.

3. Right to Object
Data subjects can object to the processing of their personal information. Objections to direct marketing should be made automatically through the ‘unsubscribe’ link at the bottom of the marketing email, or in their account preferences. Colpac has one month to review and respond to objections to processing for HR purposes. Colpac may have a legitimate interest to override the request.

4. Right to Erasure (right to be forgotten)

Data subjects may request for their personal information to be deleted. The legitimate interest of the Company may override the request. The HR department and the Privacy Protection Officer will respond without undue delay.

5. Right to Rectification (right to correct administrative mistakes)

Data subjects have the right to request for any mistakes made in recording personal data, such as spelling mistakes or incorrect information, to be rectified. Colpac has one month to correct the mistake and inform the individual.

Security breach

All individuals will report any actual, near miss, or suspected data breaches to Colpac’s Privacy Protection Officer for investigation. Lessons learnt during the investigation of breaches will be relayed to data controllers and processors to enable necessary improvements to be made.

The Privacy Protection Officer and Managing Director are responsible for assessing the level of security breach and informing the ICO and data subjects where necessary. In the event of a security breach, Colpac has 72 hours to respond.

Privacy Protection Officer: