If a person or business processes the personal data of EU citizens or residents, or offers goods or services to such people, then the GDPR applies to that person or business even if they are not in the EU.
In the UK, data privacy laws are covered by the Data Protection Act 2018 (DPA 2018). These laws were formed at the same time as GDPR to put in place UK equivalent laws which are recognised by the EU through a term called ‘Adequacy’. ‘Adequacy’ is a term the EU uses to describe countries, territories, sectors, or organisations it deems to have an “essentially equivalent” level of data protection to the EU.
The EU Commission have adopted adequacy decisions for the UK GDPR and the Law Enforcement Directive. This means data can continue to flow freely from the EU to the UK, in the majority of cases.
In the US, there is no over-arching equivalent data protection law. Instead, there are several state level laws that apply to very specific circumstances.
GDPR and UK Privacy equivalent laws represent the gold standard in data privacy standards. It is therefore the adopted policy of Primority Ltd to comply with the letter and spirit of the law with respect to GDPR and other relevant UK data protection laws.
Personal data - Personal data is any information that relates to an individual who can be directly or indirectly identified from that information. Names and email addresses are obviously personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.
Data processing - Any action performed on data, whether automated or manual. The examples cited in the text include collecting, recording, organizing, structuring, storing, using, erasing data.
Data subject - The person whose data is processed. These are our customers, their suppliers, or web site visitors but may also be contractors and employees in certain cases.
Data controller - The person who decides why and how personal data will be processed. In general terms, this is usually the owner or employee in an organization who handles data of data subjects. In the case of Primority Ltd, the Data controller is the CEO of the Company and Primority is a Tier 1 registered Data Controller with the UK Information Commissioners Office (ICO), ICO reference number: ZB178361.
Data processor - Any third party that processes personal data on behalf of a data controller. The GDPR has special rules for these individuals and organizations. They could include cloud servers and services like Microsoft Azure, CRM providers like Salesforce or Nutshell, or email service providers like Microsoft Office 365.
Any person, organisation or business who processes data must do so according to seven protection and accountability principles outlined in Article 5.1-2 of the GDPR:
Primority Ltd is committed to ensuring that your privacy is protected. We have robust procedures in place to ensure that any personal data you choose to share with us will be kept secure, stored, processed, and used within the letter and spirit of the General Data Protection Regulation (GDPR) and UK Data Protection Act (DPA) 2018 laws.
Should we ask you to provide certain information by which you can be identified, such as your name, email address or other personal information when using this website, then you can be assured that it will only be used in accordance with GDPR and UK DPA 2018 requirements and that the information will be securely stored and used and processed only for the purposes intended.
Your personal information will never be used for any other purpose, sold, transferred, or given in any way to any other party, except when required to do so by law. Your personal information will be encrypted wherever possible so that in the unlikely event of a data breach your information will be protected and be useless to any would be bad actors. Below is a summary of how we process your data:
|Data Protection Principle||How We Process and Protect Your Personal Data|
|Lawfulness||Your personal data (name, email, address, telephone number) may be gathered on this web site, with your permission, when making a legitimate enquiry, sending us an email, or asking us a question through a contact form or through encrypted functional and analytical cookies.|
|Fairness||Gathering of your personal information above is fair as we will use it to respond to your enquiry or send you information that you request. You have a right to request that we remove you from our records at any time and we will always comply with such requests made in writing to us at email@example.com. In addition, we will always give you the option to opt out of any emails and communications that we send to you.|
|Purpose Limitation||The legitimate purposes which we use to process your data are to respond to your enquiry and to communicate information and services that are of interest to you in your professional role provided you have requested this information.|
|Data Minimization||We only collect, store and process personal information that is needed to establish your information needs and to contact you by email and telephone where required.|
|Accuracy||We endeavour to keep your data up to date and accurate and may from time-to-time message you to establish that your personal information is accurate and up to date and that you still wish to be contacted by us.|
|Storage Limitation||We will only store your information for as long as you want us to store it in relation to the information and services that we provide and will remove any data when it is not accurate or when you ask us to.|
|Integrity||All personal data we process, as far as practical, will be stored in a GDPR and DPA 2018 compliant manner and, wherever possible, will be encrypted to ensure that it is secure.|
|Confidentiality||All personal we process will be kept confidential and only authorised personnel at our organisation or at trusted data processors will be able to access it in a secure, controlled and monitored way.|
|Accountability||The CEO of Primority Ltd has taken personal responsibility for your data privacy and is directly involved in the management and review process to ensure that our team and systems are fully GDPR compliant.|
We may collect the following information:
We require the above information to understand your needs and provide you with a better service, and the following reasons:
You have a right to request that we remove you from our records and we will always comply with such requests made in writing to us at firstname.lastname@example.org. In addition, we will always give you the option to opt out of emails and communications.
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect about you. This includes technical measures like encryption, two factor authentication, limited data access privileges by our staff and contractors and organisational measures like training and regular review of data privacy and security management procedures.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or tracks when you visit a particular web site or link. Cookies allow web applications to respond to you as an individual. This helps web applications tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used and accessed by site visitors. This helps us analyse data about web page traffic and improve our website to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer but his may prevent you from taking full advantage of the website.
You may disable the use of such cookies upon entering our web site by selecting the appropriate option or by adjusting your cookie settings in your web browser – see https://ico.org.uk/your-data-matters/online/cookies/ for more information on this.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to explicitly share with us through the web site contact forms.
All cookies used on our web site are encrypted so that no personal identifiable information about you can be read by a human even on your own, or a public, computer without significant time and resource restrictive code cracking activities.
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and review the privacy statement applicable to the website in question.
We agree that you, with our explicit permission, can share links to images and information from our web site and third-party web sites using social media platforms such as LinkedIn, Twitter, Facebook, and Pinterest. All such social media sharing will be fully transparent, and you will be able to view or preview any content you wish to share in advance of sharing. In addition, you will be able to authorise the relevant social media platform in advance of sharing such content. We will only provide content that is relevant to our web site, the services we provide and to food safety, quality and food fraud topics.
You may choose to restrict the collection or use of your personal information in the following ways:
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at email@example.com or by using the unsubscribe link in all emails from us.
We will not sell, distribute, or lease your personal information to third parties unless we have your permission or are required by law to do so.
You may request details of personal information which we hold about you under the GDPR and Data Protection Act 2018 (UK visitors only). If you would like a copy of the information we hold about you, please write to 50 Williamsons Quay, Kirkcaldy, Fife, UK, KY1 1JS or email us at firstname.lastname@example.org.
If you believe that any information, we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.
Primority Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 30th June 2022.