Privacy Policy

Purpose of this policy

As a business, we take our data protection obligations very seriously and have prepared this policy in order to explain:

  • the personal information we collect and receive;
  • what we do with such personal information; and
  • the legal rights that you have in connection with our processing of the personal information.

This policy has been prepared in order to meet the transparency requirements set out in Articles 13/14 of the General Data Protection Regulation (GDPR). If you have any questions regarding this policy or our practices, please contact us. You’ll find our contact details at the end of this policy.

We may update this policy from time to time and will publish any updates on our website.

Who we are

REL Acoustics Limited and REL Acoustics America Limited, LLC (‘we’ or ‘us’) is a company incorporated and registered in England and Wales (company number 05455463), with its registered office at REL Acoustics, North Road, Bridgend Industrial Estate, Bridgend, Mid Glamorgan, CF31 3TP and a California Limited Liability Company.

We act as a ‘data controller’ for the purposes of the Data Protection Act 2018, the General Data Protection Regulation (EU) 2016/679 and any subsequent UK data protection legislation.

The person with overall responsibility for our data protection compliance is Alex Brody, with oversight from our Executive Committee.

We are registered with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection. You can find out more about the ICO at ico.org.uk.

Whose information do we process?

As a data controller, we will process personal information relating to:

  • our own employees, workers, agents and consultants, as well as any applicants for such roles;
  • our customers and prospective customers;
  • our suppliers, contractors, partners and other businesses we work and collaborate with; and
  • those who contact us, including via our website, by email, or by telephone, or subscribe to receive updates from us.

This personal information will consist of information these parties provide to us themselves and information obtained from third party sources (e.g. where we conduct a credit search, criminal record check, or obtain other references).

As a data processor, we will process personal information provided by our customers relating to their business, which may include personal data pertaining to their own customers and relating to the work they have been engaged in. We will only process such personal information in accordance with our written contract with such customers and their lawful instructions.

Categories of personal data

The personal information we process will vary depending on the type of individual and the nature of our business relationship. As a data controller, we will routinely process the following categories of personal information:

For employees, workers, agents, consultants and applicants for such roles:

  • Name;
  • Address;
  • Age and/or date of birth;
  • Contact details (which may include your landline telephone number, mobile number, and/or email address);
  • Financial details (e.g. bank information);
  • Professional information and employment history (e.g. job title and/or type, professional qualifications, industry); and
  • Other related information.

We may process ‘special’ categories of data in relation to employees, worker, agents, consultants and applicants for such roles, such as ethnic origin, trade union membership, physical or mental health, and/or criminal record history. We will only do so subject to your explicit consent and/or as otherwise described in our employment policies and procedures.

For customers and prospective customers, as well as those who contact us and register for information and/or marketing correspondence:

Our customers and prospective customers may include traders and retailers, as well as individual consumers who interact with our website, purchase products from us and/or contact us for information and product support.

For traders/retailers and other bodies corporate, we may process the following information relating to individual representatives:

  • Name;
  • Age and/or date of birth;
  • Contact details (which may include your business telephone number, mobile number and/or email address); and
  • Professional information (e.g. job title and/or type, professional qualifications, industry).

Where a customer or prospective customer is a natural individual, we will process the following:

  • Name;
  • Address;
  • Age and/or date of birth;
  • Contact details (which may include your personal telephone number, mobile number, social media contacts and/or email address);
  • Your purchasing history and support issues; and
  • Financial details (e.g. bank information, payment card information, and/or credit history).

For suppliers, contractors, partners and other businesses we work and collaborate with:

Our suppliers and other business partners will typically be bodies corporate as opposed to natural individuals. Nevertheless, we will process personal information relating to named individuals representing those businesses, which will typically include:

  • Name;
  • Age and/or date of birth;
  • Contact details (which may include your business telephone number, mobile number and/or email address); and
  • Professional information (e.g. job title and/or type, professional qualifications, industry).

Where a supplier or business partner is a natural individual, we will also process the following:

  • Address;
  • Age and/or date of birth; and
  • Financial details (e.g. bank information and/or credit history).

How we use your data and our legal basis for processing your data

The data protection laws provide several lawful grounds for the processing of personal information, which we must rely on when we use your personal information and which you have the right to be informed about. We may process personal information for a variety of reasons, including because:

  • we are legally obliged to e.g. to confirm your identity or comply with laws imposed on us as a business;
  • the processing is necessary for the performance of the contract with you to provide our products and related services;
  • you have provided your consent for us to use your personal information, for example to contact you concerning products and/or services that may interest you; or
  • it is in our legitimate business interests to do so.

Our main processing activities for personal data, and the legal basis on which we perform those activities are:

Employees, workers, agents, consultants and applicants for such roles:

We will process applicant personal information on the basis that there is a legitimate business interest in doing so. We may also process such personal data in order to comply with a legal obligation (for example, in order to comply with ‘right to work’ and/or criminal record checking requirements).

We will process employee, worker etc. personal information as necessary to administer and manage our working relationship, including for the purposes of management, progress and performance review, safeguarding and care, and payroll, on the basis that the processing is necessary for the performance of our contract with you or, in some limited cases, in order to comply with a legal obligation and/or it is in our legitimate business interests to do so.

Prospective customers and those who contact us:

We will process your personal data in order to contact you in relation to our products and/or services and keep a record of our communications (e.g. telephone calls, quotations and offers).

Where you register to receive a newsletter or other marketing communications from us, you will have consented to receive such communications from us.

For business contacts, our legal basis for processing personal information in this context shall be our legitimate business interests, which allows us to market our products and services provided that there is a business case for doing so and our interests do not override the rights of the individuals in question. We will only contact individuals acting in a business capacity under this lawful basis.

If you are subscribed to marketing communications, you may unsubscribe by following the instructions included within the communication. You may also contact us directly to object to direct marketing. For more information on this, see “What rights do you have?” and “How to contact us” below.

Customers:

We will process your personal data in order to provide our products and/or services to you and to provide you with information and updates regarding the same. Our legal basis for doing so is that the processing is necessary for the performance of a contract.

We will also keep a record of your data and use it for related purposes, including account management, customer support, and audit purposes, on the basis that we have a legitimate interest in doing so.

Suppliers and business partners etc.:

We will process your personal information in order to receive goods and/or services from you and to manage our relationship, including making payments to you, dealing with accounts issues, etc. Our legal basis for doing so will typically be that the processing is necessary for the performance of a contract.

Other processing activities

Monitoring and recording communications:

We may monitor and record communications we receive and send (such as telephone conversations and emails) for the purpose of training, fraud prevention, and/or quality assurance.

We may also retain copies of communications and details provided to us, for example support requests, account queries, complaints, for internal account management and auditing purposes. This is done on the basis of our legitimate interests.

Credit checking:

We may conduct credit checks:

  • so that we can make sensible credit decisions; and
  • to prevent and detect fraud and money laundering.

Our search will be recorded on the files of the credit reference agency.

If you provide false or inaccurate information to us and we suspect fraud, we will record this.

Storage of your information and who your information might be shared with

We primarily store personal information governed by this policy on our own servers OR on our parent company’s servers based in the United States of America. For personal information relating to individuals outside of the USA, personal information may also be stored on local systems operated by REL Acoustics Limited.

We transfer personal information to our parent company, REL Acoustics America Ltd LLC, to enable it to provide us with customer support, account management and accountancy support. We have an agreement in place, governing the transfer of this personal information, which meets the requirements of UK and EU data protection laws and provides adequate safeguards for your personal information.

We also routinely use the following third party providers for customer and marketing support. These providers may access and store elements of your personal information in order to provide services to us:

  • WooCommerce – provide the website interface for our consumer website and may transmit personal information submitted to and via the website;
  • Zendesk – provide customer and technical support management software to assist in our management of sales and product queries;
  • Quickbooks – provider of accounting and financial management software;
  • Stripe, Inc. – our payment processor, which will store and process customer payment information for sales made via our website;
  • Foghorn Labs, LLC – provider of digital marketing services; and
  • Klaviyo, Inc. – provider of our electronic newsletter service.

We may also disclose your personal information to:

  • other companies within our group to the extent that there is a requirement to do so in our to meet our obligations to you, or a legitimate interest in doing so to support our business aims;
  • other agents and service providers, to the extent that they require access to the information in order to provide goods/services to us, in which case they will be bound by a contract requiring them to process personal data in accordance with the requirements prescribed by data protection law;
  • law enforcement agencies in connection with any investigation to help prevent unlawful activity; and
  • a third party purchaser if we sell our business, in which case, customer and user information will be a transferred asset.

Keeping your data secure

We will use technical and organisational measures to safeguard your personal information, for example by storing your personal information on secure servers, maintaining appropriate physical and technical security measures, and providing appropriate training and awareness to our employees.

How long do we keep your personal information?

We keep your personal information for as long as we need to for the purposes for which it was collected or (if longer) for any period for which we are required to keep personal information to comply with our legal and regulatory requirements.

If you are looking for more specific information regarding how your personal information is retained and how/when it is deleted, please contact us.

Is there any automated decision making and/or profiling?

No, we do not make any automated decisions, including profiling, within the meaning of Article 22 of the GDPR.

What rights do you have?

You are responsible for ensuring that information you provide to us is accurate, complete and up-to-date. You can review and change your information by contacting us.

You have a number of rights in relation to your personal data. These include the right to:

  • find out how we process your data;
  • request that your personal data is corrected if you believe it is incorrect or inaccurate;
  • obtain restriction on our, or object to, processing of your personal data;
  • if we are relying on consent, you can withdraw your consent to our processing of your personal data (including any direct marketing);
  • if we are relying on legitimate interests for direct marketing, you can object to receiving such direct marketing;
  • obtain a copy of the personal data we process concerning you. We will take steps to verify your identity before responding to your request. Once we have verified your identity we will respond as soon as possible and in any event within one month.
  • lodge a complaint with the UK supervisory body, the ICO at https://ico.org.uk/. If you have a concern or complaint about the way we handle your data, we ask that you contact us in the first instance to allow us to investigate and resolve the matter as appropriate.

Some of the above rights are subject to exclusions, which we may rely on if applicable. We will inform you if we intend to do so.

If you would like to exercise any of your rights or find out more, please contact us.

How to contact us

Please contact us if you have any questions about this privacy policy or the information we hold about you.

If you wish to contact us, please send an email to Sales@rel.net or write to us at North Road, Bridgend Industrial Estate, Bridgend CF313TP.