Privacy Statement

This privacy Notice shall become effective as of 25th May 2018. To see the Privacy Policy in effect up to that date, please click here: Privacy-Policy-Pre-25th-May-2018

At Concept Group Ltd, we understand that we have a responsibility to protect and respect your privacy and look after your personal data.

This Privacy Notice, inclusive of our General Terms of Service, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely.

For clarity, Concept Group Ltd may be both data controller and data processor for your personal data under certain circumstances.

We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes.

Data Protection law will change on 25th May 2018

This Privacy Notice sets out your rights under the new laws.

Who are we?

Concept Group Ltd is a wholly owned subsidiary of Xerox, providing hardware and software solutions around the digital print and document solutions space. Concept Group Ltd have a registered office at: Concept House, Fairbairn Road, Livingston, West Lothian, EH54 6TS and company number SC86898.

How the law protects you

Data protection laws state that we are only able to process personal data if we have a valid reason to do so. The reasons we process your personal data include, but not limited to, your consent, performance of a contract, billing and to contact you.

How do we collect personal data from you?

We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email, live-chat or otherwise in respect of any of our products and services or during the purchasing of any such product. Additionally we also collect information from you when you sign up, enter a competition, promotion or survey or when you inform us of any other matter.

If you provide us with personal data about a third party (for example when requesting service or products on their behalf), you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data.

Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information, server logs, device event information, location information and unique application numbers.

What type of data do we collect from you?

The personal data that we may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. We may also keep details of your visits to our site including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.

How do we use your data?

We use information about you in the following ways:

  • To process orders that you have submitted to us
  • To provide you with products and services
  • To comply with our contractual obligations we have with you
  • To help us identify you and any accounts you hold with us
  • To enable us to review, develop and improve the website and services
  • To provide customer care, including responding to your requests if you contact us with a query
  • To administer accounts, process payments and keep track of billing and payments
  • To detect fraud and to make sure what you have told us is correct
  • To carry out marketing and statistical analysis
  • To review job applications
  • To notify you about changes to our website and services
  • To provide you with information about products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes
  • To inform you of service and price changes

Retention periods

We will keep your personal data for the duration of the period you are a customer of Concept Group Ltd. We shall retain your data only for as long as necessary in accordance with applicable laws.

On the closure of your account, we may keep your data for up to 7 years after you have cancelled your services with us. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes stated herein.

Who has access to your personal data?

Here is a list of all the ways that we may use your personal data and how we share the information with third parties. For clarity, we have grouped them into specific products and services that we offer:

Contracts:

If finance is requested for any of our products or services, your personal data may be shared with 3rd party finance companies. This information is either posted or emailed to the 3rd party finance company.

Contracts and finance agreements are stored in our document management system.

Service Management System:

Personal data may be required for operational purposes and be stored in our on-site service management system. The information may be retrieved from contracts, emails or telephone calls.

  • Logging Service calls
  • Accounts and Credit Control
  • Order and Delivery Information

Correspondence

Letters or email information may contain personal data that are stored in our email system or our document management system.

Third Parties

For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes.

We work closely with a number of third parties (including business parties, service providers and fraud protection services) and we may receive information from them about you. They will have their own privacy policies, which we advise you to read.

We may pass your personal data to third parties for the provision of services on our behalf (for example processing your payment). However, we will only ever share information about you that is necessary to provide the service and we have specific contracts in place, which ensure your personal data is secure and will not be used for any marketing purposes.

We may share your information if we are acquired by a third party and therefore your data will be deemed an asset of the business, In these circumstances, we may disclose your personal data to the prospective buyer of our business, subject to both parties entering into appropriate confidentiality undertakings. Similarly, we may share your personal data if we are under a duty to disclose data in order to comply with any legal obligation or to protect the rights, property, or safety of Concept Group, our customers, or others. This includes but is not limited to exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction and dispute policies, and includes Debt Collection Agencies, Field Tracing Agents and Doorstop Collection Agents who have been appointed by us to recover any outstanding debt due from your company to our company. This is all based on our Legitimate Interests however, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Your rights

In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services or process the cancellation of your service.

You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly.

Our Privacy Notice shall be made clear to you at the point of collection of your personal data.

You have the right to ask us not to process your personal data for marketing purposes. If you choose not to receive marketing communications from us about our products and services, you will have the choice not to choose these by ticking the relevant boxes situated on the contact us page either at sign up or thereafter.

Accessing and updating your data

You have the right to access the information we hold about you. Please email your requests to compliance@concept-group.co.uk so that we can obtain this information for you.

Use of cookies

Our cookies policy is available to view here – https://www.concept-group.co.uk/cookie-policy/

Links to other sites

Concept Group may provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.

Where we store your personal data

All Concept Group Ltd managed systems are hosted on servers within the European Union. Where we use an external service, we are seeking assurance from our suppliers that they are compliant with GDPR legislation.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping the password confidential. We ask you not to share a password with anyone.

Liability

We agree to take reasonable measures to protect your data in accordance with applicable laws and in accordance with our General Terms and Conditions

Data breaches

In the event of a data breach, we shall ensure that our obligations under applicable data protection laws are complied with where necessary.

Contact us

Please e-mail any questions or comments you have about privacy to us at:  compliance@concept-group.co.uk

Your right to make a complaint

You have the right to make a complaint about how we process your personal data to the Information Commissioner.

 

GDPR Compliance

Concept Group Limited are continually engaged in ensuring they are compliant with the legislation in the area of GDPR.

Concept Group has undertaken the following measures to ensure general compliance with the new legislation.

  • Participation in Parent Company (Xerox) GDPR compliance review, including review of all processes which involve the handling of personal data
  • Internal review of personal data held and the removal of that not currently held for operational purpose
  • Review of supplier processes and obtaining GDPR compliance confirmations
  • Creation of a privacy statement, detailing what personal data we hold and how it is used, published above
  • Creation of privacy and personal data handling policy included in internal employee handbook

In addition to the above,  we also undertake annual ethics and compliance training through our parent company training and HR portal, in order that all employees remain aware of current compliance requirements.