An essential part of our work at Automated Water & Effluent Ltd (AWE) involves liaising with our customers, clients and prospective customers on products and services related to industrial processes, primarily but not limited to Water Treatment, Effluent Treatment and Process control. Our Legitimate Interests in holding your data is to provide business continuity to your Services.
The aim of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is to harmonise data protection legislation across EU Member states, enhancing the privacy rights for individuals. It becomes enforceable from 25th May 2018. The purpose of this policy is to give you a better understanding of:
- Who we are
- How we collect information about you
- What personal data we store
- What we do not do
- What the GDPR commitment means
- Who’s data we do not collect
- Your rights as an individual or data subject
Review of this policy
Who we are?
We are Automated Water & Effluent Ltd, sometimes referred to as AWE, which includes properties such as AWE Instruments and AWE Direct.
We are a supplier of sensors, instruments and control systems for use in industrial, municipal and commercial sectors for Water Treatment, Effluent Treatment and Process Control Applications.
How we collect information about you?
When a contact from a company registers an interest in our products and services in person at an exhibition; by visiting our factory in Stafford; when telephoning the office to enquire about our products or services; when you register interest in our newsletter ‘The Watermark’ from our website or by registering to receive a catalogue from our website.
What personal data we store?
We hold data that is designed to ensure business continuity, including but not limited to the following legitimate interests:
- Material data for devices including pumps and sensors used with chemical reagents to ensure material compatibility.
- Material and process data so we can ensure spares and replacements maintain process compatibility.
- Information on processes and systems so that in the event of further modification; repair; replacement; servicing; calibration or system analysis, we can delivery exceptional service.
- Data for the purposes of web analytics, to assess the number of visitors, page views and other associated metrics so that we can further optimise future marketing campaigns,
- The processing of data for direct marketing campaigns, exhibition invitations and so we can wish you a Merry Christmas.
- Contact information so that we can send out our Red Catalogue to a select number of our customers throughout the year, which includes information on our range of sensors, instruments and control equipment.
- Contact information so that we can send out letters for the Service and Maintenance Contracts.
What we do not do
- We do not and never will sell your data onto third parties.
- We do not carry advertising for third parties on our website.
- We do not impact negatively on the reasonable expectations of an individual.
- We do not process data overseas. (All of the data we process remains here in the UK, for the purposes of the above.)
- We do not buy contact details for the purposes of direct marketing.
What the GDPR commitment means?
We are committed to take our customers data in accordance with the EU General Data Protection Regulation (EU) 2016/679, as of 25th May 2018.
We take our commitment to comply with the EU GDPR very seriously. The processing of the stored personal data must not undermine the interests, rights and freedoms of the individual or data subject and we, the controller, must comply with data protection principles in the GDPR under the transparency provision outlined in GDPR Articles 12-14.
Where there is a direct ‘appropriate’ relationship between the controller and the individual, Legitimate Interests will apply because the processing of the subject data is less likely to be unexpected or unwanted.
We act as controller and hold your personal data under the Lawful Basis of Legitimate Interests. As per Article 6(1)(f) and Recital 47, detailed below, we meet the criteria to process personal data because we carry out the required Legitimate Interests Assessments
A ‘Balance Test’ must be conducted to examine the interests of the controller (data processor) against the interests or fundamental rights and freedoms of the individual (data subject). This is called a Legitimate Interests Assessment.
A Legitimate Interests Assessment (LIA) is required to check the balance between the controllers right to process personal data against the individual’s data protection rights.
By conducting a Legitimate Interests Assessment, the controller can document that they have considered the necessity of the purpose of the processing as well as the privacy and fundamental rights and freedoms of the individual and have decided that the individual’s rights do not override the interests of the controller. This documentation will support the controller in the event of an inspection being carried out, by an individual or Supervisory Authority, should they wish to challenge the Lawful Basis of ‘Legitimate Interests’, for processing personal data under the GDPR regulation.
AWE Ltd decides who will complete the LIA; who evaluates the data and who will sign it off, ensuring there are no conflicts of interest.
‘Processing will be lawful if it is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.’
Note, Article 6(1)(f) provides protection for individuals by requiring that all their relevant interests and rights and freedoms (including but not limited to their privacy rights) should be taken into account and weighed against the interests of the Controller.
Recital 47, applicable to Automated Water & Effluent Ltd
Under Recital 47, the legitimate interests of a controller, including those of a controller to which the personal data may be disclosed, or of a third party, may provide a legal basis for processing, provided that the interests or the fundamental rights and freedoms of the data subject are not overriding, taking into consideration the reasonable expectations of data subjects based on their relationship with the controller.
Such legitimate interest could exist for example where there is a relevant and appropriate relationship between the data subject and the controller in situations such as where the data subject is a client or in the service of the controller.
At any rate the existence of a legitimate interest would need careful assessment including whether a data subject can reasonably expect at the time and in the context of the collection of the personal data that processing for that purpose may take place.
The interests and fundamental rights of the data subject could in particular override the interest of the data controller where personal data are processed in circumstances where data subjects do not reasonably expect further processing.
The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.
Who’s data we do not collect?
If you are under the age of 16, we congratulate you on your interest in process monitoring and control equipment, however, we will need the permission of a parent or guardian, before you are able to supply us with any personal information.
What are your rights as an individual or data subject?
The individual or data subject has the ability and the right to opt-out or unsubscribe and in so doing, terminate the relationship, which will curtail future processing of the individual’s data.
The individual’s data will remain on file but with a check mark on the CRM (Customer Relationship Management system to identify that their data is not to be processed and so prevent emails for the purposes of direct marketing, Newsletter distribution and any other direct mailing through post or email, from being sent out.
The process to opt-out of receiving any information about our exciting products and services from us is very simple. Please email our Data Protection Officer (DPO) at email@example.com Refusing to consent to your information being processed by us will have no detrimental affects to your relationship with us.
Review of this policy
Reviews of the scope of data processing are necessary if there are changes to how and why data is processed.
This policy was last updated on May 1st 2018