We understand that privacy and the security of your personal information is extremely important. This policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This policy applies to you if you use our products or services over the phone, online, through our mobile applications or otherwise by using any of our websites or interacting with us on social media (our “Services”). This policy gives effect to our commitment to protect your personal information.
Who are we?When we say ‘we’ or ‘us’ or “Redbox” in this policy, we’re generally referring to Office Base Limited (Company No 02218322) although it does depend on the context. Office Base Ltd is a subsidiary of Office Base (Holdings) Limited. It also includes any other businesses we add to this group in the future.
What sorts of information do we hold?
We collect information about you when you register with us or place an order for products or services. We also collect information when you voluntarily complete customer surveys, provide feedback and participate in competitions. Website usage information is collected using cookies.
Information that you provide to us such as your name, address, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
Information about the Services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and Services, and so on);
Your account login details, including your user name and chosen password;
Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and how you use our Services;Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication.
Information from other sources such as our partners, specialist companies that provide customer information (like credit reference agencies, fraud prevention agencies, claims databases, marketing and research companies) and social media providers as well as information that is publicly available.
How do we use your information?
Under the General Data Protection Regulations (GDPR) we have a number of lawful reasons that we can use (or ‘process’) your personal information. One of the lawful reasons is called ‘legitimate interests’. Broadly speaking Legitimate Interests means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.
When you provide your personal details to us we use your information for our legitimate business interests to carry out our work of servicing businesses throughout our territory. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.
Some typical examples of when we might use the approach are for preventing fraud, direct marketing, maintaining the security of our systems, data analytics, enhancing, modifying or improving our services, identifying usage trends and determining the effectiveness of our campaigns and sales.
We will process the personal information you have supplied to us to conduct and manage our business to enable us to give you the most appropriate marketing, information, service and products and provide the best and most secure experience. These are what we consider to be our ‘Legitimate Interests’.
The following are some examples of when and why we would use this approach in our work:
Set up and administer your account. In order for us to process an order, payment has to be taken and contact information collected, such as name, delivery address and telephone number, provided. Both the buyer and seller would need to record the transaction. Help answer your questions and solve any issues you have.
Marketing: We will make best effort to ensure our marketing is tailored and relevant for you where-ever we deem you to be in the sales cycle.
Your best interest: Processing your information to protect you against fraud when transacting on our website, and to ensure our websites and systems are secure.
Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers and prospects.
Analytics: To process your personal information for the purposes of customer analysis, assessment, profiling and marketing, on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information if this does not harm any of your rights and interests.
Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
Due Diligence: We may need to conduct investigations on supporters, potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.
We will also hold information about you so that we can respect your preferences for being contacted by us.
When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Remember, you can change the way you hear from us or withdraw your permission for us to process your personal details at any time by using our contact details below.
Who we might share your information with?
We will only share information about you within our organisation from time to time so we can provide you with a high-quality service across our group.
Our service providers – we may pass your personal data to carefully selected partners (third parties) for the purpose of processing your enquiry or order. We work with partners, suppliers, and agencies so they can process your personal information on our behalf but only where they meet our standards on the processing of data and security. We only share information that allows them to provide their services to us or to facilitate them providing their services to you.
Other organisations and individuals – we may transfer your personal information to other organisations in certain scenarios. For example:
If we’re discussing selling or transferring part or all of a business, we may share information about you to prospective purchasers – but only so they can evaluate that business;
If we are reorganised or sold to another organisation, we may transfer information we hold about you to them so they can continue to provide the Services to you;
If required to by law, under any code of practice by which we are bound or we are asked to do so by a public or regulatory authority such as the Police or the Department for Work and Pensions;
If we need to do so in order to exercise or protect our legal rights, users, systems and Services; or
In response to requests from individuals (or their representatives) seeking to protect their legal rights or the rights of others.
International transfers of your information
Access and correction of your personal information
You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it.
Right to stop or limit our processing of your data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances.
If you would like to exercise these rights, please contact us via one of the mechanisms set out below.
How long do we keep your information for?
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
Links to other websites
We take security measures to protect against unauthorised access, improper use, alteration, destruction or accidental loss of your personal information including:
limiting access to our buildings to those that we believe are entitled to be there (by use of passes, key card access and other related technologies);
implementing access controls to our information technology, such as firewalls, ID verification and logical segmentation and/ or physical separation of our systems and information;
never asking you for your passwords;
advising you never to enter your account number or password into an email or after following a link from an email.
When we use third party organisations to process information on our behalf, we will select reliable third parties and processing will be subject to written agreements between ourselves and the third parties processing the data. These written agreements specify the rights and obligations of each party, and will provide that the third party has adequate security measures in place and will only process information on specific written instructions from us.
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy or the way your personal information is processed, please contact us by one of the following means:
By email: firstname.lastname@example.org
By post: The Directors, Redbox, Unit E3 Brooklands Close, Sunbury-on-Thames, Middlesex, TW16 7EB You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Please go to www.ico.org.uk/concerns to find out more.