G Ryder is committed to keeping all data entrusted to us secure and will only use any such data for the purpose it was collected for. This document outlines how we use your information.
We must have a legal reason for storing personal data. One of these reasons is where you have given your consent. If you have volunteered to provide us with your personal data (for example, by sending us an unsolicited email), we will treat this as you providing your consent. Where the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. Simply email firstname.lastname@example.org. Other reasons we may hold and/or process your personal data is: where we are legally obliged to; in order to fulfill contractual obligations; or for legitimate interests.
- Visitors to our website
- Visitors to our office
- People who contact us
- People who use G Ryder’s services
- Complaints or queries
- Job applicants, current and former G Ryder employees
- Use of Data Processors
- Your rights
- Access to personal information
- Links to other websites
- Changes to this privacy notice
- How to contact us
VISITORS TO OUR WEBSITE
The www.ryderbox.co.uk website is used for marketing our Products and the G Ryder brand. The website collects information about how you use the website and provides an opportunity for you to contact us.
When someone visits https://shop.ryderbox.co.uk we use Google Analytics, which is Third Party software, to collect standard internet log information and details of visitor behaviour patterns (such as, what pages you looked at and what links you clicked on). We do this to better understand who visits our site and the type of information they are trying to find out - this allows us to improve our website to ensure it remains fit-for-purpose and provides the best experience possible. More information about Google’s treatment of your personal data can be found at: https://policies.google.com/privacy
You may choose to provide Personally Identifiable Information (PII) through our ‘Contact Us’ page. We collect the information in order to respond to your contact. Our contact page -
http://shop.ryderbox.co.uk/contact-us/ - uses Third Party Software functionality provided by Captcha to prevent automated-trolling. No personal data is passed to Captcha.
Our Products can be purchased directly through www.ryderbox.co.uk. Purchases require you to provide personal information, such as a contact name, delivery and billing information in order for us to authenticate your payment and ensure delivery of your chosen product(s). G Ryder use Shopify to power the www.ryderbox.co.uk website. Payments are collected through Sage Pay. Sage Pay are compliant with the Payment Card Industry Data Security Standards (PCI DSS) and their treatment of personal data is outlined in their Privacy Notice which can be found at:
https://www.sagepay.co.uk/policies/privacy-policy Sage pay is also audited annually as part of PCI DSS and is a fully approved Level 1 payment services provider, which is the highest level of compliance.
VISITORS TO OUR OFFICE
- Ryder & Co. Ltd. is located at Denbigh Road, Bletchley, Milton Keynes, MK1 1DG. We collect personal information about the visitors to our office.
Visitor Book - To identify external visitors, every person visiting us at our premises (excluding visitors to our reception area) is required to record information in our visitor book. This includes your name, who you are visiting and your vehicle registration number. This data is retained for a maximum of six
(6) months following your visit.
PEOPLE WHO CONTACT US
People who contact us via social media
G Ryder has a presence on Twitter - you can find us @Gryderbox
People who phone our office
When you call G Ryder we collect information, such as the number that is calling. We use this information to help us provide an efficient and effective process. The numbers are retained indefinitely as the phone system provider does not provide the ability for us to delete these. The numbers are kept securely.
People who email us
Where a member of the public has contacted us via email@example.com or any other publically available (external) email address (including firstname.lastname@example.org):
We use a Third Party supplier - Google Mail - to receive and transmit emails. Employees choose to view and reply to emails through Microsoft Outlook. Emails are therefore stored in both Google Mail
(cloud based storage) and Microsoft Outlook (local secure storage). Where an email is deleted in
Microsoft Outlook it is automatically deleted in Google Mail (i.e. the two systems are kept in sync).
Any emails sent to individually named accounts are only received by the named recipient, but may be forwarded internally in order to affect a resolution.
The use of email at G Ryders reflects the requirements of our business and our customers and the retention periods vary accordingly. For example:
- Emails relating to personnel (applicants, current and past employees) are retained as defined within the ‘JOB APPLICANTS, CURRENT AND FORMER G RYDER EMPLOYEES’ section of this Policy
- Emails relating to product orders are retained indefinitely due to the often lengthy replacement cycles. If you would rather we did not retain the emails relating to your order, please email us at email@example.com and we will ensure for its secure erasure.
- Emails that are not required for future reference are not retained.
Emails sent to group email addresses are received by the employees who are responsible for the type of message that the email address relates to. For example, emails sent to firstname.lastname@example.org are viewed by our sales and admin team but no other employees have access to these emails.
We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
People who contact us about a sales enquiry
We have to hold the details of the people who have opted to be quoted for and/or purchase any of our Products in order to provide it. However, we only use these details to provide the service the person has requested and for other closely related purposes.
We encourage customers wishing to pay for our goods by credit card, to do so via our website. However, where a customer wishes to make a credit card payment over the phone we can facilitate this. We take the security of your information, including payment card information, very seriously. Your security details are entered directly into our payment processing system, which is provided by SecurityMetrics. Your payment card information is not written down or retained by G Ryder.
Customer data is also held in internal systems to enable us to manage our orders and to enable appropriate account management. All such information is securely stored locally. If you do not want your information to be retained once an order has been fulfilled, please email email@example.com and we will be happy to securely delete it from our records.
PEOPLE WHO MAKE A COMPLAINT TO US
We try very hard to provide the best Products and Services we can. However, when we do not live up to your expectations we want to hear about it so we can investigate and make any changes we need to at G Ryder to prevent it happening again.
When we receive a complaint from a person, we create a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do not compile or publish statistics showing information such as the number of complaints we receive.
We may have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying them to be disclosed, we will try to respect that wherever possible.
However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
JOB APPLICANTS, CURRENT AND FORMER G RYDER EMPLOYEES
G Ryder is the data controller for the information provided by you in the course of seeking work opportunities, recruitment or employment. Inbound queries and/or applications should be made via sending your CV and covering letter to us (our address details can be found in the How To Contact Us section at the end of this Policy).
What will we do with the information you provide to us?
All of the information you provide during the process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.
We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us and/or our data processors whether the information is in electronic or physical format.
We will use the contact details you provide to us to contact you to progress your application. We will use the other information you provide to assess your suitability for the role you have applied for.
We will keep information provided and/or obtained during the recruitment process in line with our retention policy. This means that information relating to an unsuccessful application will be retained for six months and for five years after the end of employment for successful applicants. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
What information do we ask for and why?
We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary. The information we ask for is used to assess your suitability for employment. You don’t have to provide what we ask for, but it might affect your application if you don’t.
Application and Shortlisting stage
We might ask you to participate in assessment days; complete tests; and/or to attend an interview – or a combination of these. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. This information is held securely by G Ryder. If you are unsuccessful following assessment for the position you have applied for, we will retain your details for a period of six months. This is to enable us to recontact you if a suitable position arises or to investigate and respond to any appeals. If you would rather we did not retain your data, please contact us at firstname.lastname@example.org
If we make a conditional offer of employment we will ask you for information so that we can carry out pre-employment checks. You must successfully complete pre-employment checks to progress to a final offer. We are required to confirm the identity of our staff, their right to work in the United Kingdom and seek assurance as to their trustworthiness, integrity and reliability.
You may therefore be asked to provide or complete some or all of the following:
- Proof of your identity – provide the original documents, we will take copies.
- Proof of your qualifications – provide the original documents, we will take copies.
- Criminal convictions – complete a criminal records declaration to declare any unspent convictions.
- We will contact your referees, using the details you provide in your application, directly to obtain references
- Fitness to work - complete a questionnaire about your health. This is to establish your fitness to work.
If we make a final offer, we will also ask you for the following:
- Bank details – to process salary payments.
- Emergency contact details – so we know who to contact in case you have an emergency at work. You must ensure that your emergency contacts are happy for you to provide us with their personal data.
- Financial and contact information in order to join the Contributory Company Pension scheme. Joining the pension scheme is entirely your choice, but is dependent upon successful completion of three months probation period.
- Where the role requires driving and/or the provision of a company vehicle, we will need to see your driving licence and be granted permission, by you, to look up any endorsement data via the DVLA service.
- National Insurance number and other financial data in order to ensure the HMRC have all required information for your employment
How long is the information retained for?
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 5 years following the end of your employment. This includes your criminal records declaration, fitness to work, records of any security checks and references.
If you are unsuccessful at any stage of the process, the information you have provided until that point will be retained for 6 months from the closure of the campaign. Information generated throughout the assessment process, for example interview notes, is retained by us for 6 months following the closure of the campaign.
How we make decisions about recruitment?
Existing and past employees
An employee ‘file’ is created for you when you join G Ryder. This file is retained securely by HR and the ‘need to know basis’ principle applied. Over time, G Ryder will hold numerous pieces of data about you spanning: your recruitment; attendance; absences; performance and development reviews; remuneration; Health and Safety records; remuneration reviews; and any disciplinary and/or performance management records. Information is retained for a maximum of 5 years following the end of employment (some records - such as Accident records - are retained for three years after the end of the investigation). The only exception is where employment is ended through redundancy, these are retained for 6 years after the redundancy.
USE OF DATA PROCESSORS
Data processors are third parties who provide elements of our services or enable the delivery of our internal processes. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. We undertake assurance assessments on all of our Suppliers to ensure that they meet our high standards for data security.
Some of the personal data collected is, as a result, shared with these carefully selected third party service providers and our business partners.
We use Third Parties in both the operation of the G Ryder company and also our products. G Ryder uses UK and European Suppliers wherever possible, but this is not always commercially viable. The suppliers can be grouped as follows:
Logistics - we use a range of Logistics companies to ensure prompt and reliable service deliveries for our customers. In order to deliver to your requested address, G Ryder will pass your address and contact information to the carefully selected Third Party company. Our main/preferred suppliers are Bakro Ltd (for pallets) and APC Parcel Network, who are part of the Action Express Group (for parcels). Information about their GDPR compliance can be found on their website.
Business Operation - we use systems to ensure we can provide our services to our customers, these include our invoicing system (Xero).
Communication - we use various third party products for communicating internally and externally. Products used include: Google Mail and Outlook
Document creation and/or repository - we use various third party products for creating and storing our documents (internal and external). Products used include: Google Docs.
Under the General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information we hold about you.
More information can be found on the ICO website:
ACCESS TO PERSONAL INFORMATION
G Ryder tries to be as open as it can be in terms of giving people access to their personal information. You can find out if we hold any personal information by making a ‘subject access request’. Once we have verified your identity and if we do hold information about you we will:
- give you a description of it;
- tell you why we are holding it;
- tell you who it could be disclosed to; and
- let you have a copy of the information in an intelligible form.
To make a request to G Ryder for any personal information we may hold, you need to put the request in writing and contact us via either the email or postal address in the ‘How to contact us’ section below.
We will initially try to deal with your request informally. If you agree, we will look to provide the specific information you need over the telephone.
If we do hold information about you, you can ask us to correct any mistakes by contacting us via either the email or postal address in the ‘How to contact us’ section below.
LINKS TO OTHER WEBSITES
HOW TO CONTACT US