Privacy Policy
1. Who we are?
Edexia Group Ltd ("we", “our”, “us”, or "Edexia") is a road haulage and logistics company in the United Kingdom. At Edexia Group may process certain personal data about you, depending on the scope of your specific relationship with us. This processing of personal data is regulated under the General Data Protection Regulation (2016/679) (GDPR). We are responsible as ‘controller’ of your personal data for the purposes of those laws. We are committed to protecting and respecting your privacy and this Privacy Policy tells you what to expect us to do with your personal information.
This Policy (together with our website terms of use https://edexia.co.uk and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Any changes we may make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by post or e-mail. We continually review and update this Privacy Notice to reflect changes in our services as well as to comply with changes in Data Protection Laws and Legislation. We would, therefore, encourage you to review this Notice on a regular basis.
2. Who does this Privacy Policy cover?
This policy governs the collection and utilization of personal data belonging to individuals, sole traders, and parties engaged in business partnerships with us. This Privacy Notice is applicable in the following contexts:
· When personal data is processed during your visit to and use of our website;
· When personal data is processed in relation to our recruitment practices;
· For any natural person contacted via our direct marketing initiatives, whether by telephone or email; and
· When personal data is processed to support our prospective and current clients.
3. Data protection principles
We will comply with the principles set out in the GDPR, which states that the personal data we hold about you must be:
(a) processed lawfully, fairly and in a transparent manner;
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (“purpose limitation”);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (“data minimisation”);
(d) accurate and, where necessary, kept up to date (“accuracy”)
(e) kept only as long as necessary for the purposes we have told you about (“storage limitation”)
(f) processed in a manner that ensures appropriate security of the personal data (“integrity and confidentiality”)
(g) controlled responsibly (“accountability”)
4. How do we collect personal data?
We may collect your personal data from anything you have provided us within our websites o over the telephone, in a letter, e-mail, any mobile applications, or via social media (e.g. LinkedIn, Facebook). We may also access information about you that is already publicly available.
Please note that some outbound and inbound calls may be recorded for training and quality purposes.
5. What information we collect, use, and why?
Overall, we may collect and process the following data about you:
· Name, organisation, position, email address, website address, telephone/mobile number and postal address.
· Payment details, including payments made by post, online, by telephone or directly to and from your bank (including standing orders and direct debits).
· Information relating to additional services and products that you have inquired about or that we have provided to you.
· Information that you provide by filling in forms on our site https://edexia.co.uk. This includes information provided when subscribing to our service, posting material or requesting further services. We may also ask you for information when you report a problem with our site.
· If you complete any surveys that we use for research purposes, although you do not have to respond to them.
· Details of transactions you carry out through our site and of the fulfilment of your orders.
· Details of your visits to our site including, but not limited to; traffic data, location data, web logs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
Any opt in or opt out preferences that you have provided us with confirming whether you wish to receive information about offers and information that may be of interest to you.
We use CCTV cameras/ dashcams on our sites and/or in/on our vehicles to capture images of people and vehicle identification information such as number plates.
In addition, we collect your personal data from third parties including:
· Individuals that have permission to contact us on your behalf.
· Law enforcement agencies.
· Credit reference and tracing agencies, for example, where it has not been possible to identify the person responsible for payment of charges.
5.2 For transparency purposes, the following specific information may be collected for us to ensure effective and lawful operations.
5.2.1 We collect or use the following information to provide services, including delivery, and/or for the management of customer accounts:
· Names, contact details and addresses
· Payment details (including card or bank information for transfers and direct debits)
· Credit reference information
· Purchase history
· Website (https://edexia.co.uk) user information (including user journeys and cookie tracking)
· Identification documents (where required)
· Information relating to compliments or complaints
· Marketing preferences
5.2.2 We collect or use the following information for service updates or marketing purposes:
· Names and contact details
· Marketing preferences
· Recorded images, such as photos or videos
· Purchase or viewing history
· Records of consent, where appropriate
5.2.3 We collect or use the following information to comply with legal requirements:
· Names and contact information
· Identification documents
· Financial transaction information
· Criminal offence data (including Disclosure Barring Service (DBS), Access NI or Disclosure Scotland checks)
· Any other personal information required to comply with legal obligations
· Health and safety information
5.3.4 We may collect or use the following personal information for dealing with queries, complaints or claims:
· Names and contact details
· Payment details
· Account information, including purchase or service history
· Video/audio recordings of staff only areas and call recordings
· Dashcam footage – inside/outside vehicle
· Witness statements and contact details
· Relevant information from previous investigations
· Customer or client accounts, correspondence and records
· Financial transaction information
· Information relating to health and safety
6. Our lawful bases for the collection and use of your data
Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.
In order to deliver our services, we need to keep reliable, accurate and up-to-date records and details of our current and prospective clients, customers as well as any interactions with them related to these services. This also includes taking surveys to improve customer satisfaction.
Our lawful bases for collecting or using personal information to provide services and goods, managing customer accounts, for recruitment purposes and/or dealing with queries, complaints or claims are:
· Consent - we have permission from you after we give you all the relevant information. All your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
· Contract – we must collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
· Legal obligation – we must collect or use your information so we can comply with the law. All your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
Additionally, in order to support the delivery of our services we need to process personal data for the following purposes:
· Managing enquiries.
· To service and administer your Edexia account and to carry out our obligations arising from any contracts entered into between you and us.
· Billing, receiving payment and debt recovery.
· Fraud prevention and detection of criminal activity.
· Public education on matters affecting our services.
· Internal training.
· Listening and addressing concerns and customer satisfaction surveys.
· Research and statistical analysis for matters affecting our services.
· Managing legal claims.
· Responding to requests for information.
· To notify you about changes to our service, our terms and conditions or our privacy policy.
· To keep you informed about our services, news, promotions and competitions if you have consented to ensure that content from our site is presented in the most effective manner for you and for your computer.
7. Your rights
Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:
· Your right of access - You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
· Your right to rectification - You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
· Your right to erasure - You have the right to ask us to delete your personal information. Read more about the right to erasure.
· Your right to restriction of processing - You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
· Your right to object to processing - You have the right to object to the processing of your personal data. Read more about the right to object to processing.
· Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
· Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
To make a data protection rights request, please contact us using the contact details at the bottom of this Privacy Notice.
8. Who will see your personal data?
We may also disclose your personal information to our agents, partners, subcontractors and advisors but only if necessary to fulfil our obligations to you.
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service, and we require them to keep your information secure and not to use it for their own direct marketing purposes.
Other parties we may share personal information with include:
· Professional or legal advisors
· Relevant regulatory authorities
· External auditors or inspectors
· Warranty and guarantee providers
· Organisations we are legally obliged to share personal information with
· Emergency services (where applicable)
· Debt collection agencies
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the DPO using the details set out below.
9. Keeping your personal data secure
We store your personal data in a secure environment and have appropriate security measures in place to prevent personal data from being lost, accessed or used in an unauthorised way, including encryption and other forms of security.
We limit access to your personal data to those who have a genuine business need to know it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality. We may, however, share your information with credit reference agencies and other companies for use in credit decisions, for fraud prevention.
In addition, we have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Please be reassured that, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime, we do not share your information for marketing purposes.
Whilst we will use all reasonable efforts to secure your personal data, in using the website you acknowledge the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of personal data that is transferred from you.
10. How long do we keep information?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Some data we are required to maintain for a minimum period of time, examples include:
· Driver CPC records which must be retained for a minimum of 6 years;
· Financial, payroll and accounting records minimum of 6 years for auditing purposes;
· VAT records for minimum 6 years;
· Recruitment/ application records of up to 6 months (could be extended to 12 months, where appropriate to meet legal obligations);
· BPSS and supporting documents, Right to Work documents for 7 years
We will not keep your information for longer than is appropriate. If we are not required to retain the personal data, we will destroy, delete or anonymise it at the point it is no longer required.
11. Other things to be aware of
We may use certain types of personal data collected to help us understand how we can focus on sending you information which is relevant to you or to your circumstances. For example, whether you could benefit from having more manageable payment scheme. However, we do not make choices based solely on automated decision-making or profiling.
On occasions we may wish to tell you about products or services we feel would be of benefit or interest to you. These products or services may be provided by us or carefully selected third parties. We may need to share some of your personal data with others in order to do this. If you have agreed to receive marketing, products or services from another company and later decide you no longer want these, please contact that company directly to let them know.
12. Subject Access Requests
Individuals can make a formal request for information we hold about them.
When receiving telephone enquiries, we will only disclose personal data we hold on to our systems if the following conditions are met:
· We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
· We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.
Where a request is made electronically, data will be provided electronically where possible.
If you would like to submit a Subject Access Request, please contact our team using the contact details at the bottom of this Privacy Policy.
13. Links to other websites
Our website may contain links to other websites run by other organisations.
This privacy notice applies only to our website‚ so we encourage you to read the Privacy Statements on the other websites you visit.
We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the notice of that third party site.
14. Contact details
If you have any questions about this Privacy Notice, the personal data we hold about you, or whether you need to contact us to discuss the handling of your personal data or to submit a request to exercise one of your Data Protection Rights, please contact us by:
Email: info@edexia.co.uk
Post: Edexia Group Ltd, 2 Anstree Close, Cheslyn Hay, Walsall, WS6 7LS
Our nominated representative is the Data Protection Officer of Edexia Group Ltd.
If you wish to raise a complaint on how we have handled your personal data, in the first instance you should telephone us on 07762 229147 and we will try to resolve you query over the phone.
15. How can I contact the Information Commissioner’s Office?
We will make the utmost effort to address any questions or concerns you might have. If you remain unhappy with how we have used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113