PRIVACY POLICY

‘Elonex’ is a trading name of Booh Media Plc, which specialise in the supply of LED hardware on a sale and rental basis, and the supply of advertising media to all organisations.

The privacy of data held by Elonex is very important to us. The collection and processing of general data by is governed by the General Data Protection Regulation (the “GDPR”).

The business complies with its obligations by keeping data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 

This privacy policy explains:

  • What constitutes ‘personal data’
  • Who we collect data from
  • How we process personal data
  • Who we share your data with
  • What measures we take to keep your data private and secure
  • Your rights
  • Who to contact if you have any queries or concerns about any personal data we may store about you.

 

YOUR PERSONAL DATA – WHAT IS IT?

 

Personal data is any information which identifies you as a living individual. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession.

 

This may include name, address, phone numbers, email addresses, date of birth, gender, employment status, demographic information, personal descriptions, photographs, CCTV images, usernames, passwords, attitudes and options.

 

We will only collect personal data that we need in order to fulfil our legal obligations, deliver services to you and enable us to tailor and enhance your experience with Elonex.

 

WHO WE COLLECT PERSONAL DATA FROM

We collect personal data from:

  • Existing customers
  • Prospective customers
  • Visitors to Elonex
  • Visitors to our website
  • People who make enquiries via telephone or our website
  • Employees
  • Self-employed contractors
  • Suppliers
  • Stakeholders

 

We never sell personal data. We will only share it with organisations when necessary in order to fulfil our service to you and where the privacy and security of your data is assured. 

 

HOW DO WE PROCESS YOUR PERSONAL DATA

 

We will only process your ‘personal data’ for legitimate purposes, as set out in the General Data Protection Regulation (from 25 May 2018). All ‘personal data’ supplied to us will be processed for the purpose outlined in a specific privacy notice at the time of collection and in accordance with any consent and preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may be obliged to provide them with your personal data.

 

Below are the main uses of personal data, dependent on your relationship with us and how you interact with various services and technology.

 

Existing Customers

 

To update our existing customer details, we may collect the following information:

  • Persons details (Name, email address, telephone number)
  • Organisation details (Name, address, web address, linked brands, agency type, telephone, budgets, number of employees)
  • Financial information (credit or debit card, BACS details)
  • What company you work for or are associated too
  • Products of interest (Roadside, Malls, Motorway network)

 

Prospective Customers

 

To update our existing customer details, we may collect the following information:

  • Persons details (Name, email address, telephone number)
  • Organisation details (Name, address, web address, linked brands, agency type, telephone, budgets, number of employees)
  • Financial information (credit or debit card, BACS details)
  • What company you work for or are associated too
  • Products of interest (Roadside, Malls, Motorway network)
  • How you found about us to improve our marketing

 

 

Visitors to Elonex Offices/Warehouse

 

We collect the following information from visitors to Elonex Offices and warehouse:

  • Name
  • Organisation you work for or represent
  • Who you are visiting
  • Vehicle registration that you have travelled to our offices/warehouse (if applicable)

Visitors to the Website

 

If you visit and interact with our website we may collect information about you using cookies. Cookies are small text files stored on your device when you visit certain websites. Cookies will not give us access to your device, cannot harm your computer and cannot provide us with any personal data about you, other than the data you choose to share with us by completing forms on our website.

 

Non-personally identifiable information may include: the type of browser and operating system you are using, your IP address, your device identifiers, your Internet or wireless service provider, and location-based information, specific web pages, length of time spent, pages accessed and search terms used to find the website.

 

We use cookies to:

  • Personalise your experience of using the website, for example by remembering what stage you are at in completion of a form
  • Measure the performance of our website and marketing activity. We use Google Analytics to gather aggregate statistical information about the site to improve the user experience. We are not able to identify individual users with these cookies.
  • Ensure we deliver limited, relevant advertisements to prospective customers based on you visits to our website and your interests as expressed by your internet and social network use.

 

When you first visit our website, you will be asked whether you wish to accept our cookies. You can choose to accept or decline cookies and you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

If you wish to learn more about cookies go to www.allaboutcookies.org

 

You may find links to third party websites on our website. These websites should have their own privacy policies which you should check. We do not accept any responsibility or liability for their policies whatsoever as we have no control over them.

 

Employees and Self-employed contractors

In order to comply with our contractual, legal, and management obligations and responsibilities as a responsible employer, we process personal data, including ‘sensitive’ personal data, from job applicants, employees and our self-employed contractors.  This includes:

  • Data processed to meet our contractual responsibilities: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts;
  • Data processed to meet our legal responsibilities: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, identification (passport), equal opportunities monitoring. Such data may be used to fulfil Office of National Statistics (ONS) surveys.
  • Data processed to meet our performance management responsibilities: recruitment and induction processes, training and development records, absence and disciplinary records

The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.

 

We will process data about an employee’s health where it is necessary, for example, to:

  • record absence from work due to sickness
  • to pay statutory sick pay
  • to make appropriate referrals to the Occupational Health Service;
  • to make any necessary arrangements or adjustments to the workplace in the case of disability.

This processing will not normally happen without the employee’s knowledge and, where necessary, consent.

Data about an employee’s criminal convictions will be held as necessary.

We may process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.

 

Suppliers, contractors and stakeholders

We will hold the following data about our suppliers, contractors and stakeholders

  • Personal details (Name, address, email address, telephone number) of the lead contact
  • Details of any contracts or agreements
  • Financial information where necessary in order to process and pay invoices

 

AUTOMATED PROFILING AND TARGETING

 

We are committed to using our resources in a responsible and cost-effective way. We use automated profiling and targeting in very limited ways. These include:

  • Automated emails to prospective new customers, based on the preferences they choose when completing forms on our website. This ensures they receive relevant information.
  • Using Google Analytics and third-party cookies to collect information on the use of our website to improve the user experience, optimise our marketing activity and ensure the site is performing.
  • Collecting data from existing customer about their advertising or hardware interests and usage. The information collected is aggregated to create generic member personas or types. This information is used to ensure our resources are used efficiently to target and attract new customers

 

CCTV

Elonex uses CCTV technology across its site network to provide a safer, more secure environment for staff and visitors and to prevent vandalism, theft and bullying. Essentially it is used for:

  • The prevention, investigation and detection of crime.
  • The apprehension and prosecution of offenders (including use of images as evidence in criminal proceedings).
  • Safeguarding public, visitors and staff safety.
  • Monitoring the security of the site.
  • Elonex does not use the CCTV system for covert monitoring.

Access to the CCTV recorded footage is limited to designated staff and other authorised personnel (including police) with a legitimate reason to view and/or otherwise use the captured footage, including the provision of evidence in support of prosecution of criminal or illegal behaviour. Authorisation to review any footage will be given to relevant parties on a case by case basis which will be determined at the discretion of the Chief Executive Officer or Chief Technical Officer in accordance with applicable data protection legislation.

 

Live footage recording is automatically erased after 28 days. However, any footage recorded will not be stored for longer than 12 months.

 

PAYMENT CARD SECURITY

 

Elonex has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back.

Our online payment solutions are carried out using a ‘payment gateway’ (e.g. Sagepay) which is a direct connection to a payment service provided by a bank.

 

All staff must store, process and transmit payment card information in accordance with PCI DSS mandatory requirements. This standard applies to information held on paper as well as electronically and to transactions processed online and via a third-party terminal.

 

SHARING YOUR PERSONAL DATA

Your personal data will be treated as strictly confidential. We do share your personal data to any third parties for commercial purposes. We only share your data with third parties in order to administer products/services contracted. This includes:

  • Client contact responsible for order
  • Address where hardware equipment is to be installed
  • To manage our email communication with you

 

When we do share data with third parties, we take measures to ensure they are compliant with GDPR and there are appropriate measures and controls in place to keep your data secure.

 

Employees, Self-Employed contractors

In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third parties:

  • Payroll & pension providers
  • HM Revenue & Customs
  • Office of National Statistics (ONS)

We never share ‘personal data’ to any other third party for commercial reasons and would only do so if we obtained your consent. 

 

KEEPING YOUR DATA SAFE AND SECURE

 

We undertake the following measures to ensure the personal data we hold is kept safe and secure:

  • We maintain an Information Asset Register which details the data, including personal data we hold, the staff responsible for obtaining consent, who has access, how access is secured and how long the data is retained.
  • Our IT Support supplier undertake regular audits and implement appropriate measures to minimise the risk of cyber attacks
  • All new staff receive mandatory training on the importance of data protection at their induction and regularly thereafter to reinforce their responsibilities.
  • We only use and retain your information for as long as it is required for the purpose it was collected for and in order to comply with statutory requirements. Our retention periods are set out in the Information Asset Register.
  • Once we no longer require your personal data, it will be deleted in accordance with the GDPA.

 

YOUR RIGHTS AND YOUR PERSONAL DATA

 

Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:

  • The right to request a copy of your personal data which Elonex holds about you;
  • The right to request that the Elonex corrects any personal data if it is found to be inaccurate or out of date;
  • The right to request your personal data is erased where it is no longer necessary for the Club to retain such data;
  • The right to withdraw your consent to processing at any time
  • The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability),
  • The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
  • The right to object to the processing of personal data, (where applicable)
  • The right to lodge a complaint with the Information Commissioner’s Office.

If you would like further information on your rights, please write to the Elonex Sports Plc, Edgbaston Stadium, Edgbaston, Birmingham, B5 7QU.

 

SUBJECT ACCESS REQUESTS

If you would like to view the personal data Elonex holds about you, you will be asked to complete a Subject Access Request Form to provide us with:

  • The personal information you wish to access
  • Where it is likely to be held
  • The date range of the information you wish to access
  • Information to confirm your identity

If we hold your personal data, we will give you a copy of the information together with an explanation of why we hold and use it.

Once we have all the information necessary to respond to your request we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.

WHAT TO DO IF YOU’RE NOT HAPPY

In the first instance, please talk to us directly so we can try to resolve your issues. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113, by post at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF or at www.ico.org.uk

 

UPDATING THIS POLICY

If we wish to use your personal data for a new purpose, not covered by this Privacy Policy or any specific privacy statement issues to you when collecting and obtaining consent to hold your data, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.