Website Privacy and Cookies Policy
This Privacy and Cookies Policy applies to the website www.jbpackaging.co.uk, any subdomains thereto, and any webpages displayed on or through www.jbpackaging.co.uk or such subdomain (collectively, the “Site”) which is run by DS Smith Plc (the “Company”, “we” or “us”) with an address at 350 Euston Road, London, United Kingdom, NW1 3AX.
Version 6 -02-2018
The Company recognises the importance of honest and responsible use of your personal information. This Privacy and Cookies Policy (this “Policy”) explains how the Company collects, uses and discloses personal information about you when you visit this Site and when you contact the Company, whether by e-mail, post, fax or telephone using the contact options on this Site. The information you provide to us through the Site will initially be collected by the Company, but may then be shared with affiliates of the Company (the Company, together with its Affiliates, the “Group”). It is important to us that you feel comfortable in visiting the Site.
What type of information does the Company collect and why?
If you want to contact us or to use certain features that we provide on the Site, you will need to provide us with some additional personal information so that we can liaise with you and deal with your request, query or application. If you choose to provide us with your personal information, we will collect that information for our own use and for the purposes described in this Policy.
What type of personal information does the Company collect?
In connection with your use of the Site and its features, we may collect certain personal information from you. Some of this information is only collected if you choose to provide such information to us (such as your full name, title and gender), while some of this information is collected automatically (such as standard internet and website log information).
The following are the categories of personal information that we collect from you:
- your full name, title and gender;
- your work and home contact details, such as address, telephone numbers and e-mail address;
- the reason for your contact, which may be a request or enquiry on your own behalf, a request or enquiry on behalf of someone else, a customer service need, providing a comment, or details in relation to a possible or existing order or service contract;
- if you create an account - your username, password, e-mail address and your full name, address and telephone numbers;
- financial account information, such as credit card number and other payment information;
- your contact and marketing preferences;
- information necessary for legal compliance;
- standard internet and website log information and details of patterns about how website visitors behave on the Site. The information we may collect includes information about your Internet service provider, your operating system, browser type, domain name, the Internet protocol (IP) address of your computer (or other electronic Internet-enabled device), your access times, the website that referred you to us, the Web pages you request and the date and time of those requests.
- where you “like” us or make posts on our pages on social networking websites.
This information will be collected primarily from you as information voluntarily provided to us, but we may also collect it where lawful to do so from (and combine it with information from) public sources, third party service providers, individuals whom you have indicated have agreed for you to provide their personal information, government, tax or law enforcement agencies, and other third parties. We may also collect personal information about you from your use of services provided by affiliates of the Company.
How does the Company use information about you?
The Company may use information about you for purposes described in this Policy or disclosed to you on the Site or with our services. For example, we may use information about you for the following purposes:
- to respond and/or deal with your request, order or enquiry;
- to process and administer your order(s) or purchase(s) of our products and/or services;
- to improve our products and services and to ensure that content from the Site is presented in the most effective manner for you and for your computer (or other electronic Internet-enabled device);
- to administer the Site;
- for internal record-keeping;
- to contact you (directly) by e-mail or phone for the above reasons;
- subject to your consent where required under applicable laws, to carry out direct marketing and/or e-mail marketing that you have requested;
- where necessary as part of any restructuring of the Company, or sale of any business or assets of the Group;
- to perform any contract the Group has with you; and
- for compliance with legal, regulatory and other governance obligations.
Some of the personal information that the Company maintains will be kept in paper files, while other personal information will be included in computerised files and electronic databases as set out in more detail below.
In most cases, the information the Company processes about you is required to deal with your request or registration, or required by law, or is necessary for the exercise of the Company’s legitimate business interests and needs, in which case, special care is taken to safeguard your rights and to ensure any such use is proportionate.
The Company or one of its affiliates may also convert personal information into anonymous data and use it (normally on an aggregated statistical basis) for research and analysis to improve the performance of the Site or the services provided by the Group.
What is the legal basis for the use of personal data?
The legal basis on which we rely to process your personal information include:
- On some occasions, we process your data with your consent (for example, when you agree that we may place cookies or process information that you input into our website).
- On other occasions, we process your data when we need to do this to fulfil a contract with you (for example, for billing purposes) or where we are required to do this by law (for example, to comply with governmental record-keeping obligations).
- We also process your data when it is in our legitimate interests to do so and when these interests are not overridden by your data protection rights (including, for example, when we share data with our affiliates).
Does the Company share personal information with third parties?
Your personal information will be made available for the purposes mentioned above (or as otherwise notified to you from time to time), on a ‘need-to-know’ basis and only to management, human resources, accounting, legal, logistics, audit, compliance, information technology and other corporate staff who properly need to know these details for their functions within the Group. Certain individuals who will see your personal information may not be based at the Company or in your country (please see below).
We may share personal information within the Group as needed for reasonable management, analysis, planning and decision making, including in relation to taking decisions regarding the expansion and promotion of our product and service offering, order or customer request fulfilment and for use by the Group for the other purposes described in this Policy.
Your personal information may also be made available to third parties (within or outside the Group) providing relevant services under contract to the Group (see below for further details), such as employment recruiters, human resources support services, credit card processors, auditors and compliance managers, providers or call centres and IT hosting and IT maintenance providers. These third parties may use information about you to perform their functions on our behalf. The Company has put in place various security and data privacy measures, including with such third parties, in order to protect personal information and shall seek to comply with applicable legal requirements.
We will not sell your personal information to any third party other than as part of any restructuring of the Group or sale of any business or assets of the Group.
Will your personal information be transferred abroad?
Some transfers of personal information have been explained above. Individuals within the European Economic Area (“EEA”) should be aware that recipients of their personal information, within the Group or third parties (as set out in this notice), may not be located within the EEA but instead located in countries which do not have equivalent protection for personal information to that within the EEA. Steps will be taken to protect your personal information in that instance consistent with applicable law. For example data is adequately protected by EU Commission approved standard contractual clauses, an appropriate Privacy Shield certification or a vendor's Processor Binding Corporate Rules. A copy of the relevant mechanism can be provided for your review on request to email@example.com.
What choices does the Company offer you with regard to direct marketing?
The Company may wish to provide you with information about new products, services, promotions and offers, which may be of interest to you and may invite you to take part in market research or request feedback on the Group’s products and services. This communication may occur by e-mail, telephone, post or SMS. We will obtain your consent and advise you of how to opt-out of receiving such communications where we are required to do so in accordance with applicable law.
What safeguards are in place to protect your personal information?
The Company takes reasonable steps to employ appropriate physical, technical and administrative security measures to help prevent loss, misuse, unauthorised access, disclosure or modification of your personal information. While we take these reasonable efforts to safeguard your personal information, we cannot guarantee the security of any personal information you disclose online. You accept the inherent security implications of dealing online and will not hold us responsible for any breach of security unless such breach has been caused by the specific negligence of the Group or their agents.
What rights do you have to review and amend personal information?
You have the right to review and access your personal information held by the Company.
You also have the right to ask us to rectify, block, complete and delete your personal information, to restrict its use, and to ‘port’ your personal information (that is, to ask us to provide it to you in a structured, commonly used and machine readable format and to transmit it directly to another organisation).
In addition, you have the right to request further information about the handling of your personal information.
If you wish to do so, or to notify the Company of a change in your details, please contact firstname.lastname@example.org.
There are exceptions to these rights, however. For example, access to personal information may be denied in some circumstances if making the information available would reveal personal information about another person or if we are legally prevented from disclosing such information. In addition, we may be able to retain data even if you withdraw your consent, where we can demonstrate that we have a legal requirement to process your data.
If you have a question about the use of your personal information, or wish to file a complaint about it, please contact us, using the contact details set out above.
Finally, if you have unresolved concerns, you also have the right to complain to data protection authorities.
Keeping you informed
When we store your information, we do so for as long as necessary to (i) fulfill the specific purposes for which your personal information was collected, (ii) to perform the services set out in this notice, or (iii) to comply with our legal obligations or enforce our legal rights.