Introduction This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how NSR Management Ltd use your data.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.
When you are using NSRs Managements Website, NSR Management Ltd is the data controller.
For simplicity throughout this notice, ‘we’ and ‘us’ means NSR Management Ltd.
Who are NSR Management Ltd NSR management is a niche company which was founded in 1982.We publish and sell the National Schedule of rates and supply a data format version which is compatible with our bespoke pricing, contracting and invoicing software.
Our trusted name comes from some of the foundational values of the business which include transparency and accountability. We are based in Aylesbury and have a team who are highly focused on customer service. We pride ourselves on delivery through to after sales care and support.
An explanation of the legal basis we rely on The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
Consent In specific situations, we can collect and process your data with your consent. For example when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.
Contractual obligations In certain circumstances, we need your personal data to comply with our contractual obligations. For example, if you order an item from us for delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier. Likewise if you register for data or software we need to share your details without third party providers who manage our server and software programme.
Legal compliance If the law requires us to, we may need to collect and process your data. For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.
Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, we will use your purchase history to send you amendments or new product information. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or introduce new products/services.
We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.
When do we collect your personal data?
What sort of personal data do we collect?
How and why do we use your personal data?
We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you. We then use this to share newsletters and information of new product releases or updates. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for. For example, without data capture completed we would be unable to supply certain products.
How NSR use your personal data:
How we protect your personal data
We know how much data security matters to all our clients. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it. We secure access to all transactional areas of our website using ‘https’ sage technology. Access to your personal data is password-protected, and sensitive data such as payment card information is through a secured server to ensure it is protected.
We regularly monitor our system for possible vulnerabilities and attacks.
How long will we keep your personal data?
If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.
We may need your personal information to establish, bring or defend legal claims. For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How NSR use your personal information above. The only exceptions to this are where:
the law requires us to hold your personal information for a longer period, or delete it sooner;
You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law; or
in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.
Who do we share your personal data with? We sometimes share your personal data with trusted third parties. For example, delivery couriers, software managers, networking team and our web mangers.
The policy we apply to those organisations to keep your data safe and protect your privacy:
Examples of the kind of third parties we work with are:
Others who may receive or have access to your personal information:
Third parties who provide products and services
When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions or for a specified purpose.
Credit/debit card payment processors
Where you elect to pay for a product or service by way of credit card, your credit/debit card payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.
Other ways we may share your personal information
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.
Where your personal data may be processed
Currently we do not work outside of the UK but if we did, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact our Data Controller.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
What are your rights over your personal data?
An overview of your different rights you have the right to request:
You have the right to request a copy of any information about you that NSR Management Ltd holds at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact Data Controller, NSR Management Ltd, Ardenham Court, Oxford Road, HP19 8HT. To ask for your information to be amended, update your online account personally online or contact us in the office.
If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:
for marketing activities
to correspond or communicate with you;
to verify the accuracy of data that we hold about you and create a better understanding of you as a client;
for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
for analysis to inform our marketing strategy, and to enhance and personalise your client experience (including to improve the recommendations we make to you on our website);
for prevention of fraud and other criminal activities;
to comply with a request from you in connection with the exercise of your rights
for the management of queries, complaints, or claims; and
for the establishment and defence of our legal rights.
Direct marketing You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.
Checking your identity To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
How you can stop the use of your personal data for direct marketing There are several ways you can stop direct marketing communications from us:
Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.
Contacting the Regulator If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 16.
If you are based outside of the UK
For all non-UK customers
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it. If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:
This notice was last updated on 24/05/2018