ENDURATEC Ltd is a company registered in England and Wales. Our company registration number is 10097301 and our registered address is: c/o BPE, St James House, St James Square, Cheltenham, GL50 3PR, UK. Trading Address is the Old School House, Overbury, Tewkesbury, GL20 7NT
For the purposes of the General Data Protection Regulation (GDPR), the data controller is ENDURATEC Ltd.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
LAWFUL GROUNDS FOR PROCESSING YOUR DATA
When collecting your personal data, we will always make clear which data is necessary in connection with a particular service. We may process your data for more than one lawful ground.
The law on data protection sets out a number of different reasons why we may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent. For example, when you sign up for our newsletter or promotions by providing your email address.
If you are a customer or a supplier, we need your personal data to comply with our contractual obligations. For example, we need your name, email address and postal address to complete your order.
If the law requires us to, we may need to collect, process and store your data. For example, we need to store personal data that is needed to support our regulatory reporting to HMRC and Companies House.
We will use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
For example, we may use your address details to send you information on new products and offers (from ENDURATEC Ltd only) that might interest you.
WHEN DO WE COLLECT YOUR PERSONAL DATA?
We may collect personal data under any of the following circumstances. It will always be clear what we are collecting and why:
When you undertake training
When you place an order or reorder
When you sign up for our newsletter and promotions via our website
When you enter any of our prize draws or competitions
When you choose to complete any of the surveys we may send you
When you’ve given a third-party permission to share with us the information they hold about you.
When you deliver a service or a product to us as a supplier
We may collect data from publicly-available sources (such as the MINT data service) when you have given your consent to share information or where the information is made public as a matter of law.
We will never insist on having your consent in order to receive any of our services or information
WHAT PERSONAL DATA DO WE COLLECT?
Employee number (if providing you training on behalf of your employer)
Mobile phone number
Business address (if applicable)
Credit or Debit card details to process orders
HOW AND WHY DO WE USE YOUR PERSONAL DATA?
Here’s how we’ll use your personal data and why. (If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below)
If you are a customer or past customer, then we will use your personal data to:
Deliver our contractual obligations (processing & delivering orders)
To provide tips, ideas and information
To gain feedback to help us improve our products & services
To send you offers & product/service information that we feel will be useful to you as a customer
If you are yet to become a customer but have expressed an interest in what we can offer, then we will use your personal data to:
Send your product and service information
Send you information on reviews collected by our independent review partner
Send you to any of our Social Media platforms for addition information
PROTECTING YOUR PERSONAL DATA
We will treat your data with the utmost care and take all appropriate steps to protect it. Our websites are secured with ‘https’ technology and access to your personal data is password-protected on the various applications we use. Data is regularly backed up and virus software kept up to date.
We have a procedure in place to handle any data breaches if they should occur.
HOW LONG WILL WE KEEP YOUR PERSONAL DATA?
We will only keep your personal data for as long as is necessary for the purpose for which it was collected or as specified by HMRC or similar regulatory authorities.
At the end of that retention period, your data will either be deleted completely or anonymised (so that it can still be used for management information analysis).
WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We will share your personal data with trusted third parties who act as data processors. We check that they are GDPR compliant and have processing agreements in place with each of them.
We provide only the information they need to perform their specific services and they may only use your data for the exact purposes we specify in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
We do not sell your data to any third party nor do we share your data with any third party for their own direct marketing purposes
We currently use the following companies, who will process your personal data as part of their contracts with us:
We use Google Mail to handle all our incoming and outbound emails and calendar events. We only store name and email address in the address book. For more information, please see Google’s privacy notice.
When someone visits websites we use Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. The way this information is processed does not allow us to identify an individual
We only use Facebook to share information, tips and promote our products. We do not use any of the personal data outside of Facebook
We use Twitter to share information, tips and promote our products. We do not use any of the personal data outside of Twitter.
We use LinkedIn to share information& tips as well as contacting our connections via the platform. Email addresses may also be used outside of LinkedIn
We use Royal Mail OBA & Click & Drop Services to deliver all mail to UK, European & International customers & suppliers. For more information please see Royal Mail’s privacy notice
We use Parcel2Go to deliver mail & parcels to UK, European & International customers & suppliers. For more information please see Parcel2Go’s privacy notice
We use SagePay as a payment gateway collect secure payment for orders placed on the website. For more information please see SagePay’s privacy notice
We use Paypal as a payment gateway collect secure payment for orders placed on the website. For more information please see SagePay’s privacy notice
The data subject may, at any time, prevent the setting of cookies through our website by means of corresponding settings of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.
The newsletter of ENDURATEC contains so-called tracking pixels. A tracking pixel is a miniature graphics embedded in such e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, ENDURATEC Ltd may see if and when an e-mail was opened by a data subject, and which links in the e-mail were called up by data subjects.
Such personal data collected in the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimize the shipping of the newsletter, as well as to adapt the content of future newsletters even better to the interests of the data subject. These personal data will not be passed on to third parties. Data subjects are at any time entitled to revoke the respective separate declaration of consent issued by means of the double-opt-in procedure. After a revocation, these personal data will be deleted by the controller. ENDURATEC Ltd automatically regards a withdrawal from the receipt of the newsletter as a revocation.
COMMENTS FUNCTION IN THE BLOG ON THE WEBSITE
ENDURATEC Ltd offers users the possibility to leave individual comments on individual blog contributions on a blog, which is on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blog posts. Blog posts may usually be commented by third parties.
If a data subject leaves a comment on the blog published on this website, the comments made by the data subject are also stored and published, as well as information on the date of the commentary and on the user's (pseudonym) chosen by the data subject. In addition, the IP address assigned by the Internet service provider (ISP) to the data subject is also logged. This storage of the IP address takes place for security reasons, and in case the data subject violates the rights of third parties or posts illegal content through a given comment. The storage of these personal data is, therefore, in the own interest of the data controller, so that he can exculpate in the event of an infringement. This collected personal data will not be passed to third parties unless such a transfer is required by law or serves the aim of the defence of the data controller
Data protection provisions about the application and use of Google Analytics (with anonymisation function)
On this website, the controller has integrated the component of Google Analytics (with the anonymiser function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
For the web analytics through Google Analytics the controller uses the application "_gat. _anonymizeIp". By means of this application, the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyse the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyse the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
Data protection provisions about the application and use of Google Remarketing
On this website, the controller has integrated Google Remarketing services. Google Remarketing is a feature of Google AdWords, which allows an enterprise to display advertising to Internet users who have previously resided on the enterprise's Internet site. The integration of Google Remarketing therefore allows an enterprise to create user-based advertising and thus shows relevant advertisements to interested Internet users.
The operating company of the Google Remarketing services is the Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
The purpose of Google Remarketing is the insertion of interest-relevant advertising. Google Remarketing allows us to display ads on the Google network or on other websites, which are based on individual needs and matched to the interests of Internet users.
Google Remarketing sets a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google enables a recognition of the visitor of our website if he calls up consecutive web pages, which are also a member of the Google advertising network. With each call-up to an Internet site on which the service has been integrated by Google Remarketing, the web browser of the data subject identifies automatically with Google. During the course of this technical procedure, Google receives personal information, such as the IP address or the surfing behaviour of the user, which Google uses, inter alia, for the insertion of interest relevant advertising.
The cookie is used to store personal information, e.g. the Internet pages visited by the data subject. Each time we visit our Internet pages, personal data, including the IP address of the Internet access used by the data subject, is transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google may be deleted at any time via a web browser or other software programs.
In addition, the data subject has the possibility of objecting to the interest-based advertising by Google. For this purpose, the data subject must call up the link to www.google.de/settings/ads and make the desired settings on each Internet browser used by the data subject.
Further information and the actual data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/.
DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF GOOGLE+
On this website, the controller has integrated the Google+ button as a component. Google+ is a so-called social network. A social network is a social meeting place on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or business-related information. Google+ allows users of the social network to include the creation of private profiles, upload photos and network through friend requests.
The operating company of Google+ is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
With each call-up to one of the individual pages of this website, which is operated by the controller and on which a Google+ button has been integrated, the Internet browser on the information technology system of the data subject automatically downloads a display of the corresponding Google+ button of Google through the respective Google+ button component. During the course of this technical procedure, Google is made aware of what specific sub-page of our website was visited by the data subject. More detailed information about Google+ is available under https://developers.google.com/+/.
If the data subject is logged in at the same time to Google+, Google recognizes with each call-up to our website by the data subject and for the entire duration of his or her stay on our Internet site, which specific sub-pages of our Internet page were visited by the data subject. This information is collected through the Google+ button and Google matches this with the respective Google+ account associated with the data subject.
If the data subject clicks on the Google+ button integrated on our website and thus gives a Google+ 1 recommendation, then Google assigns this information to the personal Google+ user account of the data subject and stores the personal data. Google stores the Google+ 1 recommendation of the data subject, making it publicly available in accordance with the terms and conditions accepted by the data subject in this regard. Subsequently, a Google+ 1 recommendation given by the data subject on this website together with other personal data, such as the Google+ account name used by the data subject and the stored photo, is stored and processed on other Google services, such as search-engine results of the Google search engine, the Google account of the data subject or in other places, e.g. on Internet pages, or in relation to advertisements. Google is also able to link the visit to this website with other personal data stored on Google. Google further records this personal information with the purpose of improving or optimizing the various Google services.
DATA PROTECTION PROVISIONS ABOUT THE APPLICATION AND USE OF FACEBOOK
On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.
A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.
The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.
If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.
Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.
The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.
WHERE TO FIND INFORMATION ABOUT CONTROLLING COOKIES
WHERE YOUR PERSONAL DATA MAY BE PROCESSED
Several of the data processors we use are outside of the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. Where the processor is outside of the EEA we ensure that they have appropriate privacy policies in place and that the processing agreement with them includes appropriate protection for your data.
WHAT ARE YOUR RIGHTS OVER YOUR PERSONAL DATA?
You have the right to request:
Access to the personal data we hold about you
The correction of your personal data when incorrect, out of date or incomplete.
That we stop using your personal data for direct marketing (either through specific channels, or all channels). You can click the ‘unsubscribe’ link in any email communication we send you or send an email to firstname.lastname@example.org subject ‘UNSUBSCRIBE’ Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated
That we stop any consent-based processing of your personal data after you withdraw that consent.
That we erase all data that we hold about you
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any data subject access request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
LINKS TO OTHER WEBSITES
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
CONTACTING THE REGULATOR
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
© ENDURATEC LTD. 2016-2018 All rights reserved.