General Personal Data Protection Policy

In the course of JS Davidson’s work, we’re committed to ensuring that all the data we collect about our business partners, employees, contractors and customers is securely stored and responsibly handled in adheres with the regulations laid out by the General Personal Data Protection Regulation (GDPR).

If you have any questions about this protection policy contact the data protection officer using the details set out below.

You have the right to make a complaint at any time to the Information Commissioners Office (ICO) (www.ico.org.uk), which is the supervisory authority for UK data protection issues. However, we ask that you contact us in the first instance and give us the opportunity to address your concerns before you consider contacting the ICO.

Contact Details

JS Davidson’s Principal’s for Data Collection and Processing

All data we collect during our business activities is done so in accordance with our business and legal obligations and is done so with the express purposes of fulfilling our contractual and service obligations as a tailored distribution and temperature-controlled storage provider.

Definitions:

Personal Data: Any information that directly or indirectly identifies an individual.

Data Controller: A person, department or organisation that determines the purposes and means of data processing.

Processor: A person, department or organisation that processes Personal Data on behalf of the Data Controller (IT service provider, transport subcontractor, logistics subcontractor, communication agency, etc.).

Processing: Any operation or set of operations applied to Personal Data, such as data collection, recording, organisation, structuring, storage, adaptation, modification, extraction, consultation, use and transmission.

Data Subjects: Individuals whose Personal Data is processed.

1. Data Controller

The personal Data Controller is JS Davidson as defined above. 

We can be contacted as follows:

In the event the integrity, confidentiality or security of Data Subjects, Personal Data is compromised, the Data Controller may inform them by any means, if necessary, and in accordance with the law.

2. Purpose of processing operations

Personal Data processed by JS Davidson is collected and used for specific objectives or purposes, of which the data subjects are informed.

Each processing operation has its own purposes.

The sole goal of these processing operations is to enable JS Davidson to provide and optimise transport and logistics services for controlled-temperatures products, the maritime transport of persons and cargo.

In addition, these processing operations meet the needs of recruitment, business communication, information, delivery, merchandise traceability, service quality monitoring, personnel management, internal management of activities and services, etc.

The possible purposes include the following:

Personal Data collected is only used for the purposes listed above and may not be used for purposes other than those determined for each processing operation.

3. Lawfulness of processing (legal grounds)

JS Davidson’s processing of Data Subjects’ Personal Data is supported by the following legal grounds:

4. Consent

In the absence of one of the legal grounds indicated in section 1.3, the specific, explicit, comprehensible and informed consent of the Data Subjects is required before its implementation.

The required consents are obtained and managed in accordance with the JS Davidson’s consent management procedure.

5. Categories of data

The categories of Personal Data collected vary depending on each processing operation.

However, regardless of the processing carried out, JS Davidson does not collect the following data: information about racial origin, political opinions, religious, philosophical or racial beliefs, sexual orientation or genetic data.

If one or more of the categories of data indicated above were to be processed, JS Davidson would do so only occasionally and in strict compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 6 January 2016 (GDPR).

​​​​​​​6. Restrictions on data collected (proportion and relevance)

Only Personal Data strictly necessary for the purposes determined is collected.

JS Davidson endeavours to minimise and limit the data collected and to keep it up to date.

​​​​​​​7. Retention period and deletion

The retention periods are determined based on the following criteria:

​​​​​​​8. Data recipients

Depending on the processing operations, Personal Data collected may be transmitted to the following recipients:

With the exception of the recipients listed above, no data is transmitted without the express prior agreement of the data subjects.

​​​​​​​​​​​​​​9. Security and confidentiality

JS Davidson implements data protection measures that are appropriate in light of the type of data processed and the JS Davidson’s activities.

Appropriate physical, logical and organisational security measures are taken to ensure optimal data confidentiality and, in particular, to prevent unauthorised access.

The technical security measures are covered by our IT Security Policy (ITSP).

JS Davidson requires all Processors to furnish the guarantees necessary to provide at least the same level of security, protection and confidentiality to the personal data transmitted to it, as well as compliance with the GDPR.

In certain cases, data may be transferred to countries outside the European Union. In such case, JS Davidson ensures that legal tools are in place to ensure that the countries where this data will be received offer an adequate level of protection, in accordance with Articles 45 and 46 of the GDPR.

​​​​​​​​​​​​​​10. Rights of Data Subjects

JS Davidson takes the necessary measures to enable Data Subjects to effectively exercise their rights over the Personal Data collected.

Data Subjects have the right to correct or have access to the data that JS Davidson holds on them. Unless this request is excessive or regular, there will be no charge for this. Please contact the Data Protection Officer – as detailed above – if you would like to correct or access your personal data; or if you have any questions about this notice.

You also have the right to ask the DPO for some (but not all) of the information that JS Davidson holds and processes about you to be erased in certain circumstances (the right to be forgotten). The DPO will provide you with further information about the right to be forgotten if you ask for it. 

You have the right to have this data deleted at any point, but this will not be possible if the retention of it is required to ensure that JS Davidson meets with its legal obligations.

Formal requirements for requests

Information and details to be provided with requests

Response times

Monitoring the General Personal Data Protection Policy and practices

JS Davidson’s General Personal Data Protection Policy is available on JS Davidson’s Website; https://jsdavidson.co.uk/.

The “secure by design” principle, i.e. the principle of taking into account Personal Data security from the design stage, and the “secure by default” principle, i.e. the principle of limiting the amount of Personal Data, are incorporated into the development and deployment procedures for JS Davidson’s IT systems.

Compliance audits and upgraded practices

The systems’ compliance with national and European rules on personal data management and security is regularly audited by JS Davidson.

Functional improvements to the Personal Data management systems and organisation, as well as to the procedures for handling requests to exercise rights, are regularly made in accordance with ongoing legal, regulatory and technical developments to ensure the highest possible security, at all times, for the Personal Data collected and processed and to enable Data Subjects to effectively exercise their rights.

General Personal Data Protection Policy updated 06/12/2023