We are committed to safeguarding the privacy of our website visitors and protecting your personal data; this policy sets out how we will treat your personal information and tells you about your privacy rights.

It is important that you read this privacy policy together with any privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

(1)       What information do we collect?

We may collect business data and personal data.  Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, store and use the following kinds of personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter, purchase a product or service or take part in a competition and when you e-mail us:

(a)      information about your computer and about your visits to and use of this website, such as your IP address, geographical location, browser type, referral source, length of visit and number of page views;

(b)      information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services, request for literature, requests for certificate of analysis, requests for Instructions For Use (IFU);

(c)       information that you provide to us for the purpose of registering with us;

(d)      information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;

(e)      any other information that you choose to send to us; and

(f)        relevant personal data if you register with us for training courses, educational programmes or competitions.

Types of data collected

Included in the personal data may be the following types of data:

Identity Data includes first name, last name, username or similar identifier and gender.

Contact Data includes billing address, delivery address, email address and telephone numbers of persons in your business and their respective roles in the business.

Financial Data includes bank account and payment card details and may include credits searches against your business and its officers.

Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.

Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.

Profile Data includes your username and password, purchases or orders made by you, your preferences, feedback and survey responses. 

Usage Data includes information about how you use our website, products and services and your dealings with us.

Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

It is important that the personal data we hold on you is accurate and current.  Please keep us informed if your personal data changes during your dealings with us. 

(2)       Cookies

We use cookies on this website. A cookie is a text file sent by a web server to a web browser, and stored by the browser. The text file is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.

We may send a cookie which may be stored on your browser on your computer’s hard drive. We may use the information we obtain from the cookie in the administration of this website, to improve the website’s usability and for marketing purposes.  We may also use that information to recognise your computer when you visit our website, and to personalise our website for you.

Our cookies help provide additional functionality to the Site and allow us to analyse Site usage more accurately. For instance, our Site may set a cookie on your browser that eliminates any need for you to remember and then enter a password more than once during a visit to the Site. In all cases in which we use cookies, we will not collect Personal Data through the use of such technology. On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how you may turn cookies off. We recommend that you leave cookies turned on because they allow you to take advantage of some of the Site’s features which may not otherwise be available to you.

(3)        Google Analytics

We use Google Analytics to analyse the use of this website.  Google Analytics generates statistical and other information about website use by means of cookies, which are stored on users' computers.  The information generated relating to our website is used to create reports about the use of the website.  Google will store this information. Google's privacy policy is available at: http://www.google.com/privacypolicy.html.

(4)       Using your personal data

Personal data submitted on this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal information to:

  1. perform a contract with you;
  2. where it is necessary for our legitimate interests and your rights do not override those interests;
  3. administer the website;
  4. improve your browsing experience by personalising the website;
  5. enable your use of the services available on the website;
  6. send to you goods purchased via the website or portal, and supply to you services purchased via the website or portal;
  7. send statements and invoices to you, and collect payments from you;
  8. send you general (non-marketing) commercial communications;
  9. send you email notifications which you have specifically agreed to receive;
  10. send to you our newsletter and other marketing communications (relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications to be sent by emailing us at fit@mastgrp.com.
  11. provide third parties with statistical information about our users – but this information will be anonymised and cannot be used to identify any individual user; and
  12.  deal with enquiries and complaints made by or about you relating to the website.

How long we may retain your personal data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

In some circumstances you can ask us to delete your data.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Third party access to personal data

We may share your personal data within the other members of the Mast Group of companies within the European Economic Area. This will involve transferring your data within the European Economic Area.   

We may also have to share your personal data with:

(a)        Internal members of our staff who have a need to know such data to provide our service to you;

(b)        External suppliers to our business who either have a need to know such details or who may have access through their services to us as data processors;

(c)        to the purchaser (or prospective purchaser) of any business or asset which we are (or are contemplating) selling.in connection with any legal proceedings or prospective legal proceedings;

(d)        Professional advisers including lawyers, bankers, auditors and Insurers who provide consultancy, banking, legal, insurance and accounting services; and

(e)        HM Revenue & Customs, regulators and other authorities who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, the law and to the extent you have agreed it may be used or as provided in law.

Except as provided in this privacy policy, we will not provide your information to third parties.

Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at fit@mastgrp.com.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

(5)      International data transfers

We will only transfer your personal data to parties outside of the European Economic Area that provide an adequate level of protection for personal data.

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

If you are in the European Economic Area, information which you provide may be transferred to countries (including Japan and South Africa) which do not have data protection laws equivalent to those in force in the European Union. You expressly agree to such transfers.

(6)        Your rights

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Under certain circumstances and subject to legal requirements placed on us, you have the following rights under data protection laws in relation to your personal data:

•           Request access to your personal data.

•           Request correction of your personal data.

•           Request erasure of your personal data.

•           Object to processing of your personal data.

•           Request transfer of your personal data.

•           Right to withdraw consent.

If you wish to exercise any of the rights set out above, please contact us at fit@mastgrp.com

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

You may instruct us not to process your personal data for marketing purposes at any time.  In practice, you will usually either expressly agree in advance to our use of your personal data for marketing purposes, or we will provide you with an opportunity to opt-out of the use of your personal data for marketing purposes.  Where you opt out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transaction.

(7)       Security of your personal data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

Of course, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping your password and user details confidential. We will not ask you for your password.

(8)      Your provision to us and use of our personal data

As supplier to our business, you have access to certain personal information of individuals within our business which may be necessary for our business relationship.  This information will include (but is not limited to) names and personal data of individual persons such as:

  1. officers of a company;
  2. partners in a partnership;
  3. shareholders in a business; and
  4. names and contact details of persons within our business and related third parties whose details are required or provided for communication purposes (such as sales and accounts personnel in our organization with whom you deal) or which are acquired in pursuance of providing the services (such as access to data relating to our clients, when providing support services).

In agreeing to allow you to process “our” personal data, you confirm in each instance that:

  1. you limit access to that data to those who have a genuine business need to access it;
  2. you have appropriate security measures to prevent personal information from being accidentally lost, or used or accessed unlawfully;
  3. you will only process that data for the purpose, and for the period strictly required in our transactions with you and that you will review and cleanse such data from time to time as appropriate;
  4. you have provisions within officer and employee service agreements or employment policies within your business, which are compliant with data protection law, and which require personnel to comply with the data protection law when accessing or processing our personal data; and
  5. if applicable, you have enforceable provisions within your contracts and terms of business in place with your suppliers, which may have access to such personal data.

You confirm that in processing our personal data, you will process such personal data only for the purpose for which it is provided and will retain such personal data only for so long as is necessary for the purpose for which it is provided and that you will review and cleanse such data from time to time as appropriate and in accordance with our agreement with you.

You confirm that you have enforceable provisions within your contracts and terms of business in place with your suppliers who are involved in the provision of services to us, or which have access to our personal data through you which are compliant with data processing law, and which would comply with the provisions in this paragraph 2 which we apply to you.

Where employees within your organisation provide us with personal data, you confirm that you have the necessary contractual provisions in place to ensure it has been provided in accordance with data protection law.

 (9)       Third party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

 (10)     Contact

If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email to fit@mastgrp.com or by post to:

Mast Group Ltd. Mast House, Derby Road, Bootle, Merseyside