Privacy Policy

NSR Privacy Policy 2018

  • Introduction
  • Who are NSR Management Ltd
  • An explanation of the legal basis we rely on
  • When do we collect your personal data?
  • What sort of personal data do we collect?
  • How do we use your personal data?
  • How we protect your personal data
  • How long will we keep your personal data?
  • Who do we share your personal data with?
  • Where your personal data may be processed
  • What are your rights over your personal data?
  • How you can stop the use of your personal data for direct marketing
  • Contacting the Regulator
  • If you are based outside of the UK
  • Any questions?


Introduction This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data and keep it safe.

We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how NSR Management Ltd use your data.

We hope the following sections will answer any questions you have but if not, please do get in touch with us.

It’s likely that we’ll need to update this Privacy Notice from time to time. We’ll notify you of any significant changes, but you’re welcome to come back and check it whenever you wish.

When you are using NSRs Managements Website, NSR Management Ltd is the data controller.

For simplicity throughout this notice, ‘we’ and ‘us’ means NSR Management Ltd.

Who are NSR Management Ltd NSR management is a niche company which was founded in 1982.We publish and sell the National Schedule of rates and supply a data format version which is compatible with our bespoke pricing, contracting and invoicing software.

Our trusted name comes from some of the foundational values of the business which include transparency and accountability. We are based in Aylesbury and have a team who are highly focused on customer service. We pride ourselves on delivery through to after sales care and support.

An explanation of the legal basis we rely on The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Consent In specific situations, we can collect and process your data with your consent.  For example when you tick a box to receive email newsletters.  When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.


Contractual obligations In certain circumstances, we need your personal data to comply with our contractual obligations.  For example, if you order an item from us for delivery, we’ll collect your address details to deliver your purchase, and pass them to our courier. Likewise if you register for data or software we need to share your details without third party providers who manage our server and software programme.


Legal compliance If the law requires us to, we may need to collect and process your data.  For example, we can pass on details of people involved in fraud or other criminal activity to law enforcement.


Legitimate interest In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.  For example, we will use your purchase history to send you amendments or new product information. We also combine the shopping history of many customers to identify trends and ensure we can keep up with demand, or introduce new products/services.

We will also use your address details to send you direct marketing information by post, telling you about products and services that we think might interest you.

When do we collect your personal data?

  • When you create an account with us.
  • When use your account to buy products by visiting our website, or over the phone.
  • When you engage with us on social media.
  • When you contact us by any means with queries
  • When you comment on or review our products and services.
  • Any individual may access personal data related to them, including opinions. So if your comment or review includes information about companies we work in conjunction with who provided that service, it may be passed on to them if requested.
  • When you’ve given a third party permission to share with us the information they hold about you.


What sort of personal data do we collect?

  • If you have an account with us: your name, business name, business type, billing/delivery address, orders and receipts, email and contact telephone numbers. If you have a website account then for your security, we’ll also keep an encrypted record of your login password.
  • Details of your interactions with us through our office or online – For example, we collect notes from our conversations with you, to assist our frequently asked questions, details of purchases.
  • Details of your visits to our website via Google Analytics.
  • Payment card information.
  • To deliver the best possible web experience, we collect technical information about your internet connection and browser as well as the country and telephone code where your computer is located, the web pages viewed during your visit, the advertisements you clicked on, and any search terms you entered.
  • Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback. We also collect cookies on our website.
  • If you purchase certain products you would have consented to a data capture which gives us your Ip address and computer user name.
  • When you contact us by telephone we record the calls manually.



How and why do we use your personal data?

We want to give you the best possible customer experience. One way to achieve that is to get the richest picture we can of who you are by combining the data we have about you.  We then use this to share newsletters and information of new product releases or updates. The data privacy law allows this as part of our legitimate interest in understanding our customers and providing the highest levels of service.

Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some services you’ve asked for.  For example, without data capture completed we would be unable to supply certain products.


How NSR use your personal data:


  • To process any orders that you make by using our website, or over the phone
  • We will use your data collected in checkout to set up viewing accounts for you to access your products on line.
  • To respond to your queries.
  • To protect our business and your account from fraud and other illegal activities.
  • To process payments and to prevent fraudulent transactions.
  • To send you relevant, personalised communications by post in relation to system updates, services and new products. – You are free to opt out of hearing from us at any time.
  • To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice, product amendments, and legally required information relating to your orders. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
  • To comply with our contractual or legal obligations to share data with law enforcement
  • To contact you for your feedback helps us improve our services. These calls or emails have no purpose other than to check your service – you are free to opt out of receiving these calls or emails from us at any time by contacting us via email, telephone or adjusting your profile online.


How we protect your personal data

We know how much data security matters to all our clients. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.  We secure access to all transactional areas of our website using ‘https’ sage technology.  Access to your personal data is password-protected, and sensitive data such as payment card information is through a secured server to ensure it is protected.

We regularly monitor our system for possible vulnerabilities and attacks.

How long will we keep your personal data?

If we collect your personal information, the length of time we retain it is determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.

We may need your personal information to establish, bring or defend legal claims.  For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How NSR use your personal information above. The only exceptions to this are where:

the law requires us to hold your personal information for a longer period, or delete it sooner;

You exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law; or

in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.


Who do we share your personal data with? We sometimes share your personal data with trusted third parties.  For example, delivery couriers, software managers, networking team and our web mangers.

The policy we apply to those organisations to keep your data safe and protect your privacy:


  • We provide only the information they need to perform their specific services.
  • They may only use your data for the exact purposes we specify in our contract with them.
  • We work closely with them to ensure that your privacy is respected and protected at all times.
  • If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.


Examples of the kind of third parties we work with are:


  • IT companies who support our website and other business systems.
  • Operational companies such as delivery couriers.
  • Direct marketing companies who help us manage our electronic communications with you.
  • Google/Facebook/Twitter.


Others who may receive or have access to your personal information:


Third parties who provide products and services

When we use third party service providers, we only disclose to them any personal information that is necessary for them to provide their service and we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions or for a specified purpose.

Certain third party product providers may share your information with us, which we will use in accordance with this policy. In some cases, they will be acting as a controller of your information and therefore we advise you to read their privacy policy.

Credit/debit card payment processors

Where you elect to pay for a product or service by way of credit card, your credit/debit card payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us using the details at the end of this policy.

Other ways we may share your personal information

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation. We may also transfer your personal information if we’re under a duty to disclose or share it in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers. We will always take steps with the aim of ensuring that your privacy rights continue to be protected.


Where your personal data may be processed

Currently we do not work outside of the UK but if we did, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact our Data Controller.

Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.

What are your rights over your personal data?

An overview of your different rights you have the right to request:


  • Access to the personal data we hold about you, free of charge in most cases.
  • The correction of your personal data when incorrect, out of date or incomplete.
  • When you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end.
  • That we stop using your personal data for direct marketing.
  • That we stop any consent-based processing of your personal data after you withdraw that consent.


You have the right to request a copy of any information about you that NSR Management Ltd holds at any time, and also to have that information corrected if it is inaccurate. To ask for your information, please contact Data Controller, NSR Management Ltd, Ardenham Court, Oxford Road, HP19 8HT. To ask for your information to be amended, update your online account personally online or contact us in the office.

If we choose not to action your request we will explain to you the reasons for our refusal.

Your right to withdraw consent Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:

for marketing activities

to correspond or communicate with you;

to verify the accuracy of data that we hold about you and create a better understanding of you as a client;

for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;

for analysis to inform our marketing strategy, and to enhance and personalise your client experience (including to improve the recommendations we make to you on our website);

for prevention of fraud and other criminal activities;

to comply with a request from you in connection with the exercise of your rights

for the management of queries, complaints, or claims; and

for the establishment and defence of our legal rights.

Direct marketing You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.


Checking your identity To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.


How you can stop the use of your personal data for direct marketing There are several ways you can stop direct marketing communications from us:

  • Click the ‘unsubscribe’ link in any marketing email communication that we send you.
  • If you have an online account, log in, visit the ‘My Account’ area and change you’re Communication Preferences.
  • Contact our office on Telephone: 01296 339966 or email:
  • Write toThe Data Controller, NSR Management Ltd, Ardenham Court, Oxford Road, HP19 8HT

Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated.

Contacting the Regulator If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113 or go online to (opens in a new window; please note we can’t be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence. Details can be found in Section 16.

If you are based outside of the UK

For all non-UK customers

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Any questions?

We hope this Privacy Notice has been helpful in setting out the way we handle your personal data and your rights to control it.  If you have any questions that haven’t been covered, please contact our Data Protection Officer who will be pleased to help you:

This notice was last updated on 24/05/2018