At SPAR we are committed to protecting and respecting your privacy.
Who we are
SPAR (UK) Limited of Mezzanine Floor Hygeia Building, 66-68 College Road, Harrow, Middlesex, HA1 1BE (we, our, or us) are committed to protecting and respecting your privacy.
This policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
This policy is intended to be compliant with the General Data Protection Regulation 2016 (GDPR) and any enabling UK legislation (the Data Laws).
For the purpose of the Data Laws, we are the data controller. This means that we are responsible for determining when, why and how to process personal data.
Our Data Manager is Jackie Mackenzie and she has overall responsibility within SPAR (UK) Ltd for data protection. She may be contacted by emailing firstname.lastname@example.org or by writing to: Jackie Mackenzie, SPAR (UK) Ltd of Mezzanine Floor Hygeia Building, 66-68 College Road, Harrow, Middlesex, HA1 1BE.
1. Information we may collect about you
Names, email addresses, trading addresses, job titles may be collected;
- When we sign an agreement with you for products or services, if you are a supplier of goods or services
- In the course of our day to day business with you, if you are a supplier, retailer or part of the SPAR group of businesses (the RDCs) who contacts us by email, phone or letter
- Via our Quality Assurance system, if you are a supplier or a product development consultant
- If we meet you, we may retain notes of our meetings to record our communications with you
- When you contact us to make a complaint, if you are a customer
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
- Uses made of the information
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation
- Where we might need to protect your vital interests in the event of an emergency
Examples of the way in which we may use your information is set out below:
- To communicate about the fulfilment of contracts between us, if you are a supplier of goods or services
- To maintain our database of store locations, if you are a retailer
- To communicate about matters of mutual importance, if you are part of the SPAR group of businesses
- To track the progress of your query, or to inform you of progress, if you are a customer
- Disclosure of your information
We may share your personal information with any member of the SPAR group of companies, in order to fulfil contracts between us, if you are a supplier of products and services, or to respond to your queries if you are a customer
- CJ Lang & Son Ltd – Scotland region;
- James Hall & Co Ltd – North of England region;
- AF Blakemore & Son Ltd – Central and South East England and Wales region.
- Appleby Westward Group Ltd – South West England region.
- Henderson Wholesale Ltd – Northern Ireland region.
Each of the above companies will have their own privacy policies that explain how they use your personal data. It is important that you read these.
We may also share some of your relevant information with suppliers, if you are part of our product development process
We require all third parties that process personal data with our permission and on our behalf to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- Where we store your personal data
Some personal data that we collect from you may be transferred to the following entities who are based outside the European Economic Area:
MailChimp, for the purposes of sending newsletters via email.
Virtual Academy, for the purposes of managing access to an informational website for our retailers.
MailChimp are based in the US and is signatory to the EU/US Privacy Shield framework which provides a mechanism to comply with EU data protection requirements which is deemed adequate by the European Commission. Virtual Academy is based in Canada but there is in place an adequacy decision of the European Commission in respect of Canada confirming that it offers an adequate level of data protection.
These entities only use the personal data we transfer to them on our instruction and for our stated purposes and we understand that appropriate technical and organisational measures are in place to keep your personal data secure.
- How long we will keep your data
Data we collect from you will be stored only for as long as required to fulfil the purpose for which it was collected, and for no more than 7 years thereafter unless we decide otherwise or are required to retain such data for longer periods due to legal or regulatory requirements. Generally, the criteria we use for determining how long we retain personal data includes, but is not limited to the following:
- The purpose for which we hold the personal data;
- The amount, nature and sensitivity of the personal data;
- The potential risk of harm from unauthorised use or disclosure of such personal data;
- What alternative means we have for achieving our purposes;
- The legal limitation periods for bringing claims and whether we need the personal data to bring or defend any proceedings (usually 6 years plus 1 year to take into account the time for issuing and serving proceedings and any delay factors);
- Any legal or regulatory requirements for the retention of personal data;
- What our insurance terms require in relation to the retention of personal data;
- Any specific requests to hold such personal data from a Data Subject;
- Satisfying any legal, accounting or reporting requirements;
- Whether we need to hold on to such personal data to assist us with the performance of our services or the performance of a contract; and/or
- Any orders for preservation of evidence, including personal data.
- Your rights
Under the GDPR, you have a number of individual rights in connection with your personal data. Those rights are as follows:
Right to be informed: You have the right to be informed of the personal data we collect about you and the reasons for this. This Policy seeks to provide this information.
Right to access: You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.
Right to rectification: You have the right to correct any inaccurate or incomplete personal data we hold about you.
Right to erasure: You may ask us to delete your personal data where there is no good reason for us continuing to process it or you have successfully objected to our processing (see below), where we are unlawfully processing or are required to delete your personal data by law. This is a limited right and we may not agree to your request if we consider that we have a compelling legal reason for continuing to process your personal data.
Right to object: You have the right to object to our processing of your personal data where we are relying on a legitimate interest and you consider that your rights and freedoms override such interests. You have the right to object where we are processing your personal data for direct marketing purposes. In some instances we may be able show that we have compelling legal reasons for continuing to process your personal data notwithstanding your objection.
Right to restrict: You can ask us to suspend the processing of your personal data: (1) if you want us to establish the data’s accuracy; (2) where our use of such data is unlawful but you do not want us to erase it; (3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (4) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Right to Data Portability: You have the right to request the transfer of the personal data we hold for you to a third party in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Right to withdraw consent at any time: Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw that consent at any time. You can withdraw your consent by emailing the Privacy Team at SPAR (UK) Ltd and asking us. The email address is set out at the end of this policy.
You will not have to pay a fee to exercise any of these individual rights unless we consider that your request is clearly unfounded, repetitive or excessive. We may also refuse to deal with your requests in these circumstances.
We may seek to verify your identity first before responding to any of your individual requests.
We may revise this policy at any time by amending this page.
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) at www.ico.org.uk. We would however appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.