General Personal Data Protection Policy
In the course of JS Davidson’s work, we’re committed to ensuring that all the data we collect about our business partners, employees, contractors and customers is securely stored and responsibly handled in adheres with the regulations laid out by the General Personal Data Protection Regulation (GDPR).
If you have any questions about this protection policy contact the data protection officer using the details set out below.
You have the right to make a complaint at any time to the Information Commissioners Office (ICO) (www.ico.org.uk), which is the supervisory authority for UK data protection issues. However, we ask that you contact us in the first instance and give us the opportunity to address your concerns before you consider contacting the ICO.
Contact Details
- JS Davidson’s GDPR Office
- Anthony Rolph-Brown
- Anthony.rolph-brown@JSDavidson.co.uk
- +44 (0)1733 731 300 Ext 1020
JS Davidson’s Principal’s for Data Collection and Processing
All data we collect during our business activities is done so in accordance with our business and legal obligations and is done so with the express purposes of fulfilling our contractual and service obligations as a tailored distribution and temperature-controlled storage provider.
Definitions:
Personal Data: Any information that directly or indirectly identifies an individual.
Data Controller: A person, department or organisation that determines the purposes and means of data processing.
Processor: A person, department or organisation that processes Personal Data on behalf of the Data Controller (IT service provider, transport subcontractor, logistics subcontractor, communication agency, etc.).
Processing: Any operation or set of operations applied to Personal Data, such as data collection, recording, organisation, structuring, storage, adaptation, modification, extraction, consultation, use and transmission.
Data Subjects: Individuals whose Personal Data is processed.
1. Data Controller
The personal Data Controller is JS Davidson as defined above.
We can be contacted as follows:
- by using the contact form available on the https://jsdavidson.co.uk/ website.
- by post, at the following address:
- JS Davidson
- Chiltern House
- Shrewsbury Ave
- Peterborough
- PE2 7LB
In the event the integrity, confidentiality or security of Data Subjects, Personal Data is compromised, the Data Controller may inform them by any means, if necessary, and in accordance with the law.
2. Purpose of processing operations
Personal Data processed by JS Davidson is collected and used for specific objectives or purposes, of which the data subjects are informed.
Each processing operation has its own purposes.
The sole goal of these processing operations is to enable JS Davidson to provide and optimise transport and logistics services for controlled-temperatures products, the maritime transport of persons and cargo.
In addition, these processing operations meet the needs of recruitment, business communication, information, delivery, merchandise traceability, service quality monitoring, personnel management, internal management of activities and services, etc.
The possible purposes include the following:
- Use of our websites and computer tools.
- Providing requested information or services (in particular, sending newsletters, sales offers, studies, e-mailing campaigns, etc.);
- Collecting information that enables us to improve our products and services.
- Communication about various JS Davidson-related events, including updating services, products and customer support.
- Communicating on social networks strictly for the needs of the JS Davidson’s activities.
- Sending invoices and documentation related to the performance of our business, regardless of the medium (written, digital, electronic, etc.).
- Recruitment management, administrative management of staff (management of working hours, schedules, travel, leave, absences, etc.), preparation of reports and compliance with local legal and regulatory obligations, in particular with regard to social contributions, database management, payroll management, management of social protection regimes and supplementary pension schemes, if any, training and career management, professional evaluations, verification of employee activities and compliance with internal rules applicable within the company, conduct of internal investigations and disciplinary procedures, management of the employment contract termination procedure, telecommunications management, management of the use of service or company vehicles, and management of the company’s internal directory and the company’s intranet;
- Collecting, communicating, exchanging and forwarding all commercial, financial, contractual, legal, corporate and regulatory documentation.
- Conducting marketing studies exclusively for internal use.
- Securing all of our sites and vehicles, tools and technical operating resources in accordance with the safety and security rules required by law or regulation.
- Managing, controlling and optimising the transport and logistics services provided by JS Davidson.
- Any other uses required to conduct our activities as described above.
Personal Data collected is only used for the purposes listed above and may not be used for purposes other than those determined for each processing operation.
3. Lawfulness of processing (legal grounds)
JS Davidson’s processing of Data Subjects’ Personal Data is supported by the following legal grounds:
- The performance of a contract they have entered with JS Davidson
- The performance of pre-contractual measures at their request
- Compliance with a legal obligation
- The pursuit of JS Davidson’s legitimate interests.
4. Consent
In the absence of one of the legal grounds indicated in section 1.3, the specific, explicit, comprehensible and informed consent of the Data Subjects is required before its implementation.
The required consents are obtained and managed in accordance with the JS Davidson’s consent management procedure.
5. Categories of data
The categories of Personal Data collected vary depending on each processing operation.
However, regardless of the processing carried out, JS Davidson does not collect the following data: information about racial origin, political opinions, religious, philosophical or racial beliefs, sexual orientation or genetic data.
If one or more of the categories of data indicated above were to be processed, JS Davidson would do so only occasionally and in strict compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 6 January 2016 (GDPR).
6. Restrictions on data collected (proportion and relevance)
Only Personal Data strictly necessary for the purposes determined is collected.
JS Davidson endeavours to minimise and limit the data collected and to keep it up to date.
7. Retention period and deletion
The retention periods are determined based on the following criteria:
- Operational requirements: the period during which the data is required to ensure complete performance of the services provided by JS Davidson
- Legal and regulatory requirements: the period during which JS Davidson is required to keep the data pursuant to its legal and regulatory obligations.
8. Data recipients
Depending on the processing operations, Personal Data collected may be transmitted to the following recipients:
- The relevant departments of JS Davidson
- Third parties who have concluded a contract with JS and who act as Processors.
- Public or private legal and/or regulatory bodies.
With the exception of the recipients listed above, no data is transmitted without the express prior agreement of the data subjects.
9. Security and confidentiality
JS Davidson implements data protection measures that are appropriate in light of the type of data processed and the JS Davidson’s activities.
Appropriate physical, logical and organisational security measures are taken to ensure optimal data confidentiality and, in particular, to prevent unauthorised access.
The technical security measures are covered by our IT Security Policy (ITSP).
JS Davidson requires all Processors to furnish the guarantees necessary to provide at least the same level of security, protection and confidentiality to the personal data transmitted to it, as well as compliance with the GDPR.
In certain cases, data may be transferred to countries outside the European Union. In such case, JS Davidson ensures that legal tools are in place to ensure that the countries where this data will be received offer an adequate level of protection, in accordance with Articles 45 and 46 of the GDPR.
10. Rights of Data Subjects
JS Davidson takes the necessary measures to enable Data Subjects to effectively exercise their rights over the Personal Data collected.
Data Subjects have the right to correct or have access to the data that JS Davidson holds on them. Unless this request is excessive or regular, there will be no charge for this. Please contact the Data Protection Officer – as detailed above – if you would like to correct or access your personal data; or if you have any questions about this notice.
You also have the right to ask the DPO for some (but not all) of the information that JS Davidson holds and processes about you to be erased in certain circumstances (the right to be forgotten). The DPO will provide you with further information about the right to be forgotten if you ask for it.
You have the right to have this data deleted at any point, but this will not be possible if the retention of it is required to ensure that JS Davidson meets with its legal obligations.
Formal requirements for requests
- Requests made by post must be sent by registered letter with acknowledgement of receipt.
Information and details to be provided with requests
- A copy of any official document recognised by law as indisputably proving the identity of the requesting party. This proof is requested due to the Data Controller’s obligation to ensure the security and confidentiality of data processing operations.
- If possible, requests should include the login and/or e-mail address used to access the JS Davidson IT system, the Personal Data provided, the context in which it was collected and/or the nature of the relationship between the Data Subject and JS Davidson (employee, customer representative, etc.).
- To ensure data security, each request will be confirmed by an acknowledgement of receipt sent to the applicant’s e-mail or postal address according to existing information. The identity of the Data Subject making the request will then be confirmed via the link provided in the return e-mail or letter.
Response times
- The Data Controller undertakes to respond to any properly submitted and documented request within a reasonable time, which may not exceed two months from receipt of the request.
- The date of receipt taken into account for purposes of calculating the above time period is the date on which the form is sent or, if the request is made by post, the date on which the registered letter with acknowledgement of receipt is delivered.
Monitoring the General Personal Data Protection Policy and practices
JS Davidson’s General Personal Data Protection Policy is available on JS Davidson’s Website; https://jsdavidson.co.uk/.
The “secure by design” principle, i.e. the principle of taking into account Personal Data security from the design stage, and the “secure by default” principle, i.e. the principle of limiting the amount of Personal Data, are incorporated into the development and deployment procedures for JS Davidson’s IT systems.
Compliance audits and upgraded practices
The systems’ compliance with national and European rules on personal data management and security is regularly audited by JS Davidson.
Functional improvements to the Personal Data management systems and organisation, as well as to the procedures for handling requests to exercise rights, are regularly made in accordance with ongoing legal, regulatory and technical developments to ensure the highest possible security, at all times, for the Personal Data collected and processed and to enable Data Subjects to effectively exercise their rights.
General Personal Data Protection Policy updated 06/12/2023