ATR — Equipment Management Outsourcing Solutions | Privacy Policy

Privacy Policy

We are ATR Group and act as the data controller of the personal data collected and processed on our website: www.atrgroup.co.uk, including in accordance with our ATR Group Cookie Policy CG-ATR-DP-POL-001. This Privacy Notice explains how we collect, use and keep personal data obtained from our customers, suppliers and website users.

1 WHAT INFORMATION DOES THE COMPANY COLLECT AND HOW IS IT USED?

ATR Group collects and processes a range of information about you which includes:

  • Your name and business contact details (including address, job title, email address and telephone number).
  • Personal information on directors, officers and shareholders for screening purposes to ensure ATR Group comply with legal and regulatory obligations, including trade control, anti-money laundering, anti-bribery and corruption laws and other regulatory requirements.

Data is stored in a range of different places, including our Customer Relationship Management (CRM) database, supplier database, marketing/mailing lists and email system.

When you submit your personal details via our website contact form or the “live chat” option (where applicable), we will use that information to respond to your message, which will be relayed to the relevant department, who will respond directly to you. The information captured will be added to our CRM database, so that we can manage future communications with you, which will include information about our range of products and services.  We believe that processing this data is within our Legitimate Interests, however, if you do not wish to hear from us, you can unsubscribe at any time, using the unsubscribe option within the message/email or by contacting us directly at DPO@centuriongroup.co.uk.

Please be assured that we will never buy, sell or trade personal data to any third parties. 

2 WHY DOES THE COMPANY PROCESS PERSONAL DATA?

Your personal data may be processed by ATR Group or its sub-processors (or any of their affiliates, agents, employees, delegates or sub-contractors) for the following purposes:

  • To use data analytics to improve our website, marketing, customer experiences, products and services, on the basis of our legitimate interests;
  • To fulfil a contract for goods and/or services;
  • To comply with legal or regulatory requirements;
  • To communicate with potential, new, existing or previous customers and suppliers, based on our legitimate interests;
  • To scan or monitor emails sent to us (including attachments) for viruses or malware, and to store personal data on our systems to pursue our legitimate interests including for document retention purposes;
  • To manage activities including processing instructions, monitoring and recording electronic communications (including telephone calls and emails) for quality control, analysis and training purposes; and
  • To enforce or defend the rights and interests of ATR Group in order to comply with legal and/or regulatory obligations.

Where we process personal data on the basis of our legitimate interests, or those of a third party, we will ensure that your interests and fundamental rights are not overridden by those interests.

3 WHO HAS ACCESS TO DATA?

Your information will be shared internally with ATR Group staff, if access to the data is necessary for performance of their roles and, where necessary, competent public authority, government, regulatory or fiscal agency where it is necessary to comply with a legal or regulatory obligation to which ATR Group is subject to.

We may also disclose personal data we hold to third parties in the event we sell any business or assets, in which case we may disclose personal data about you to the prospective and actual buyer, and to any successor in the unlikely event of our insolvency, winding up or liquidation.

We may disclose your personal data to third parties who provide us with goods and/or services, including IT service providers, event management, PR and marketing service providers, telephone and hosting service providers, document storage providers and backup and disaster recovering service providers.

Where we engage third party suppliers to process data on our behalf, we do so on the basis of written instructions, ensuring the third party has implemented appropriate technical and organisational measures to ensure the security of data.

Any sharing of personal data is subject to appropriate due diligence assessments, along with the implementation of contractual and confidentiality controls, including data sharing agreements.

4 HOW DOES THE COMPANY PROTECT DATA?

ATR Group have implemented a number of operational controls and internal policies to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by our employees in the performance of their duties.

In the event that personal data is transferred outside of the European Economic Area to companies within the ATR Group, it is protected by appropriate transfer safeguards, which guarantee an adequate level of data protection wherever your data is physically kept.

5 FOR HOW LONG DOES THE COMPANY KEEP DATA?

ATR Group will hold data for the duration of our contractual relationship with you and for a period of 2 years thereafter, as set out in our internal data management procedures.

In cases where data is held for a longer period of time, where there is a legal or regulatory reason to do so, data will be deleted when it is no longer required for the legal or regulatory purpose it was held for

6 YOUR RIGHTS

As a data subject, you have a number of rights, in certain circumstances as follows:

  • access and obtain a copy of your data on request;
  • to change incorrect or incomplete data;
  • to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
  • object to the processing of your data in certain circumstances
  • to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing data.

If you would like to exercise any of these rights, or if you have any queries relating to the processing of your personal data, please contact us at DPO@centuriongroup.co.uk or by post at Blackwood House, Union Grove Lane, Aberdeen, AB10 6XU.

If you believe that we have not complied with your data protection rights, you can complain to the Information Commissioner via www.ico.org.uk

This policy is subject to review and change at any time and its most current version will be published here.