POLICIES AT TOOL RAPTORS

PRIVACY POLICY

Summary

We are Tool Raptors Ltd, a tool supply, procurement, storage & asset management company that
designs and manufactures visual tool control systems. We are incorporated and registered in England
with registration number 09662094 whose registered office is Sticle, Castle Road, Pencader, Dyfed,
Wales, SA39 9AN. Our VAT Number is GB 258469654.

We take your privacy seriously and are committed to protecting it. This privacy policy, together with
our general terms and conditions and any other documents referred to, sets out the types of personal
information we collect about you, how we use and store that personal information, whom we share the
personal information with, and what rights you may have in respect of that personal information. Our
services are not intended for children, and we do not knowingly collect data relating to children.
Please read this privacy policy so that you are fully aware of how and why we collect and use your
personal information. This privacy policy supplements other privacy notices and is not intended to
override them.

Tool Raptors Ltd is the controller of and is responsible for your personal data. We only process
personal data for core business purposes. When we mention “we”, “us” or “our” in this privacy policy,
we are referring to Tool Raptors Ltd. Where we instruct our suppliers or other third parties to use your
personal information, these data processors will process your information on our behalf and only on
our instructions and for the purposes set out in this privacy policy.

We are committed to protecting and respecting your privacy and protecting your personal data. We
have produced this document to help you understand what personal data we collect about you, how
we use that data, and to give you clear and transparent guidance on your rights. This document
covers the following areas:

1. The data we collect about you
2. How is your personal data collected?
3. How we use your personal data
4. Promotional Communications
5. Who we share your personal information with
6. How long your personal information will be kept
7. International transfers
8. Your rights
9. Data security
10. How to complain
11. Changes to this privacy policy
12. Contact details

​

1. The data we collect about you

Personal data, or personal information, means any information about an individual from which that
person can be identified. It does not include data where the identity has been removed
(anonymous data). We may collect and use the following personal information about you:

A. Identity Data including your first name, maiden name, last name, username or similar
identifier, marital status, title, date of birth, passport number and gender, as well as
employment history, educational or professional background, tax status, employee number,
job title and function;

B. Contact Data including your billing address, delivery address, email address and telephone
numbers, and company details;

C. Financial and Payment Data including your bank account, billing information, payment card
details, details of services and other data necessary for processing payments;

​

D. Business Information including information provided in the course of the contractual or client
relationship between you or your organisation and us, or otherwise voluntarily provided by
you or your organisation, as well as information available from public sources;

E. Technical Data including your internet protocol (IP) address, information about your device
type, browser type and version, time zone setting and location, if you choose to give it to us,
browser plug-in types and versions, operating system and platform, and other technology on
the devices you use to access this website;

F. Usage Data including information about how you use our website, IT, communication, and
other systems and services, namely information about services you viewed or searched for,
page response times, download errors, length of visits and page interaction information (such
as scrolling, clicks and mouse-overs). To learn more about our use of cookies or similar
technology please read our Cookie Policy here: [LINK];

G. Marketing and Communications Data including your preferences in receiving marketing
from us and our third-party partners, and your communication preferences;

H. Physical Access Data relating to details of your visits to our sites;

I. Aggregated Data. We may also collect, use and share Aggregated Data such as statistical or
demographic data, for any purpose. Aggregated Data could be derived from your personal
data but is not considered personal data in law as this data will not directly or indirectly reveal
your identity. For example, we may aggregate your Usage Data to calculate the percentage of
users accessing a specific website feature. However, if we combine or connect Aggregated
Data with your personal data so that it can directly or indirectly identify you, we treat the
combined data as personal data which will be used in accordance with this privacy policy.
 

We do not collect any "Special Categories of Personal Data" about you (this includes details
about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political
opinions, trade union membership, information about your health, and genetic and biometric
data). Nor do we collect any information about criminal convictions and offences.
Stripe is our payment provider and collects “Financial Data” when the Buyer processes payments.
They may collect your Bank details, name, address, date of birth, and passport
number/identification to process payment. A Stripe customer ID (“payment reference”) will be
generated and retained by us for account reference. For further information on stripe and how
they handle your data, please visit their website: www.stripe.com/gb/privacy .
Where you use Facebook, Gmail, or Apple as third-party sign-ins for your account, we by default
access your basic account information, including your name, email, gender birthday, current city,
and profile picture URL, as well as other information that you choose to make public. For more
information regarding these permissions, please refer to their managing third-party accounts
page: Facebook , Gmail , or Apple.

2. How is your personal data collected?

Generally, we collect your personal information directly from you – in person, by telephone, text,
or email. This may occur in the following circumstances:

A. when you or your organisation enquire about our products or services;

B. when you or your organisation offer to provide, or provides, products and/or services to
us;

C. when you communicate with us by phone, email or other electronic means, or in writing,
or when you provide other information directly to us, including to consultants and other
personnel;

D. when you create an account on our website;

E. when you sign up to attend and/or attend our seminars, charity events or other events or
sign up to receive marketing communication and offers from us;

F. when you enter a competition, promotion or survey; and

G. when you give us feedback or contact us.

We may also collect information about you indirectly, including:

A. from publicly accessible sources, e.g. Companies House;

B. from third parties, e.g. credit reference agencies, or customer due diligence providers;

C. from third parties with your consent, e.g. your bank or building society;

D. from cookies saved by our website in your browser (for more information on our use of
cookies, please see our Cookie Policy);

E. through our IT systems monitoring your interaction with us, e.g. automated monitoring of
your interaction with our websites and other technical systems, such as our computer
networks and connections, communications systems, email and instant messaging
systems; and

F. through our IT systems monitoring your conduct on our premises, e.g. reception logs,
CCTV and access control systems.

G. from web analytics services e.g. Google Analytics, which uses tracking codes and cookies
to analyse how visitors use the website. The information generated by Google Analytics
about you is transmitted to and stored by Google on servers in the US. Google
participates in and has certified its compliance with the US Privacy Shield . For further
information about Google’s privacy, please see their Privacy policy.

​

​

3. How we use your personal data

Under data protection law, we can only use your personal information if we have a proper
reason for doing so, for example:

A. for the performance of our contract with you or to take steps at your request before
entering into a contract;

B. to comply with our legal and regulatory obligations;

C. for our legitimate interests or those of a third party; or

D. where you have given consent.

A legitimate interest is when we have a business or commercial reason to use your
information, so long as this is not overridden by your rights and interests.
Generally, we do not rely on consent as a legal basis for processing your personal information
although we will get your consent before sending third-party direct marketing communications
to you via email or text message. You have the right to withdraw consent to marketing at any
time by contacting us.

We will only use your personal information for the purposes for which we collected it unless
we reasonably consider that we need to use it for another reason and that reason is
compatible with the original purpose. If we need to use your personal information for an
unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or
consent, in compliance with the rules set out in this section, where this is required or
permitted by law. We may also request your consent to process Special Categories of
Personal Data or process this data without your consent where this is required or permitted by
law.

We will use your personal information for the following purposes and on the following
grounds:

A. On the basis of fulfilling our contract with you or entering into a contract with you
on your request, in order to:

i. register you as a new client and update our client records;
ii. register you as a new supplier and update our supplier records;
iii. provide and administer products, services or solutions, as instructed by you or
your organisation;

iv. process and deliver the products or services ordered, including sending you
updates and managing payments, fees and charges; and
v. deal with and respond to requests, enquiries and complaints.

B. On the basis of our legal obligations, we process your personal information when it
is necessary:
i. for compliance with tax, accounting and other applicable laws and obligations
to which we are subject to;
ii. for managing your statutory rights;
iii. for notifying you about changes to our terms or privacy policy; and
 iv.  for ensuring the security of your personal data by preventing unauthorized
access to it.

​

C. On the basis of our legitimate interest, we will use your personal information for:

i. allowing the effective performance of our business by ensuring necessary
internal administrative, commercial, and security processes (including in
finance, controlling, business intelligence, legal & compliance, and
information security);

ii. to facilitate account creation, and authentication and otherwise manage user
accounts.

iii. verifying your identity, assessing your creditworthiness, and preventing and
detecting fraud against you or us;

iv. analyse how our services are used so we can improve them to engage and
retain users;

v. collecting and recovering money you owed to us;

vi. asking you to provide feedback, leave a review or take a survey;

vii. sending you information about and enabling you to participate in events
(including online events) organised by us (with or without another party),
including seminars and training; leisure, sports and/or charity events; prize
draws and competitions; and surveys, marketing campaigns, market analysis
or other promotional activities;

viii. communicating with you and keeping you up-to-date on the latest
developments, announcements, and other information about our services and
solutions (including briefings, newsletters and other information), events and
initiatives;

ix. promoting (including by delivering advertisements) and making suggestions
and recommendations to you (including by email or when you visit our
website) about services that may be of interest to you, as well as to
personalize the content you see on our website, and measuring and
analyzing the effectiveness of the promotions and suggestions we serve you;

x. preventing unauthorized access and modifications to systems;

xi. carrying out and dealing with security-related tasks, such as troubleshooting,
data analysis, testing, system maintenance, support, reporting and hosting of
data;

xii. allowing interoperability within our applications; and

xiii. establishing, exercising and/or defending our legal rights.

​

4. Promotional Communications

We may use your personal information to send you updates (by email, telephone or post) about
our services.

We have a legitimate interest in processing your personal information for promotional purposes
(see above). This means we do not usually need your consent to send you promotional
communications. However, where consent is needed, we will ask for this consent separately and
clearly.

We will not sell your personal information to or share it with other organisations for marketing
purposes, except where we remain the controller of your personal information and share it with
third parties who act as a data processor on our behalf and only process the personal information
on our instructions and for the purposes set out above.

You have the right to opt-out of receiving promotional communications at any time by:

A. contacting us at sales@toolraptors.co.uk ;

B. update your marketing preference through your website account with us; or

C. using the ‘unsubscribe’ link in emails.

We may ask you to confirm or update your marketing preferences if you instruct us to provide
further products or services in the future, or if there are changes in the law, regulation, or the
structure of our business.

​

5. Who we share your personal information with

We routinely share personal information with certain business support service providers whom we
instruct to assist us with the provision of services associated with or related to the provision of our
services. These include providers of business support services in the fields of security, delivery,
technology, research, banking, payment, insurance, credit checking, archiving, storage, business
development, marketing and event management. We only allow our service providers to handle
your personal information if we are satisfied they take appropriate measures to protect your
personal information. We also impose contractual obligations on service providers to ensure they
can only use your personal information to provide services to us and you.
We may also occasionally share personal information with:

A. credit reference agencies who may, for example, supply anti-fraud and credit-insight
information to us;

B. social media companies and our advertising partners. For example, we might match
your email address with Facebook or LinkedIn to enable us to run promotions on its
platform;

C. legal and regulatory authorities including courts or public authorities who may compel
disclosure, such as HMRC, Information Commissioner’s Office, Health & Safety Executive
and National Crime Agency in the event that we are required to make a disclosure under
various legislation and regulation or where we have a legal, regulatory or professional
obligation to do so or are required to protect the safety or rights of our clients, personnel
or others;

D. our professional advisers such as our lawyers, HR & management advisers, or auditors
when they need to give us their professional advice;

E. public authorities, agencies and other government bodies. We may disclose and
exchange information with law enforcement agencies and regulatory bodies to comply
with our legal and regulatory obligations;

F. potential corporate buyer. We may also share some personal information in the case of
transfer of some or all of our business, during restructuring or change of ownership of the
business. Usually, information will be anonymised but this may not always be possible.
The recipient of the information will be bound by confidentiality obligations;

G. our insurers or brokers. Usually, information will be anonymised, but this may not
always be possible. The recipient of the information will be bound by confidentiality
obligations; and

H. our banks. Usually, information will be anonymised, but this may not always be possible.
The recipient of the information will be bound by confidentiality obligations.

Your personal information may be held at our offices and those of our third-party service
providers, representatives and agents as described above. Some of these third parties may be
based outside the United Kingdom (UK). For more information, including on how we safeguard
your personal information when this occurs, see Section 7 below.

If you choose to register or log in to our services using social media account, we have access to
certain information. Our services offer you the ability to register and log in using your third-party
social media account details (like your Facebook or Twitter logins).

Where you choose to do this, we will receive certain profile information about you from your social media provider.

The profile information we receive may vary depending on the social media provider concerned, but will often
include your name, email address, friends list, and profile picotee, as well as other information
you choose to make public on such a social media platform. We will use the information we
receive only for the purposes that are described in this privacy policy or that are otherwise made
clear to you on the relevant services.

Please note that we do not control, and are not responsible for, other uses of your personal information by your third-party social media provider.

We recommend that you review their privacy notices to understand how they collect, use, and share
your personal information, and how. You can set your privacy on their sites and apps.

6. How long your personal information will be kept

We will keep your personal information while we are providing products or services to you.
Thereafter, we will keep your personal information for as long as is necessary:

A. to respond to any questions, complaints or claims made by you or on your behalf;
B. to show that we treated you fairly; and
C. to keep records required by law.

We will not retain your personal information for longer than necessary for the purposes set out in
this policy. Different retention periods apply for different types of personal information. By law, we
have to keep basic information about our customers (including Identity, Contact, Financial and
Payment Data and Business Information) for six years after they cease being customers. If you
want to learn more about our specific retention periods for your personal information, please
contact us.

When it is no longer necessary to retain your personal information we will securely destroy your
personal information in accordance with applicable laws and regulations. In some circumstances,
we will anonymise your personal data (so that it can no longer be associated with you) for
research or statistical purposes, in which case we may use this information indefinitely without
further notice to you.

7. International transfers

If to deliver our products or services to you and if it is necessary for us to share or transfer your
personal information outside the UK or European Economic Area (EEA), then some additional
safeguards will apply.

When we need to make a transfer of this nature, we will only do so if such a transfer is safe and
your personal information will is secure.

This means that when we transfer your personal information outside the UK or EEA we will only
do so where (i) there are binding corporate rules in place; or (ii) the country where we are making
the transfer to a country deemed by the UK government or (where references to EU GDPR or
European Commission’s decisions are made) European Commission to have an adequate level
of protection in place for your personal information; or (iii) if there is no adequacy decision, where
we have a contractual arrangement with the service provider containing protections for your
personal information (the EU Commission approved Standard Contractual Clauses, for example)
or (iv) where the service provider is part of an approved scheme.
Please contact us if you want further information on the mechanisms used by us when
transferring your personal information out of the UK or EEA.

8. Your rights

Under the applicable data protection laws you have several rights, as set out below:
A. Right to access your personal information. You may request confirmation that we hold
personal information about you, as well as access to a copy of any such data.

B. Right to rectification. You may ask us to correct any inaccurate information we hold
about you.

C. Right to erasure (or Right to be forgotten). You may, in certain circumstances, ask us
to delete your personal information.

D. Right to restriction. You may ask us to restrict the processing of your personal
information if (i) you want us to establish the accuracy of the information, (ii) where our
use of the information is unlawful but you do not want us to erase it, (iii) where you need
us to hold the information even if we no longer require it as you need it to establish,
exercise or defend legal claims, or (iv) you have objected to our use of your personal
information but we need to verify whether we have overriding legitimate grounds to use it.

E. Right to portability. You may request the receipt of the personal information that you
have provided to us, in a structured, commonly used and machine-readable form, or its
transfer to another organisation.

F. Right to object. You may object to our processing of your personal information (i) at any
time when your personal information is being processed for direct marketing, or (ii) where
we are relying on a legitimate interest (or those of a third party) and there is something
about your particular situation which makes you want to object to processing on this
ground as you feel it impacts on your fundamental rights and freedoms. In some cases,
we may demonstrate that we have compelling legitimate grounds to process your
information which override your rights and freedoms.

G. Right not to be subject to automated individual decision-making. You have the right
not to be subject to a decision based solely on automated processing (or profiling) that
produces legal effects concerning you or similarly significantly affects you.

H. Right to withdraw consent. Where our processing of your personal information is based
on your consent, you may withdraw this consent at any time, although this will not affect
the lawfulness of any prior processing where we relied on your consent.

I. Right to make a complaint. You may make a complaint about our processing of your
personal information by contacting us via the contact details set out in this privacy policy.
While we hope that we would be able to address any issues you have in respect of this
processing, you may also make a complaint to the UK’s data protection regulator (see
below).

For further information on each of these rights, including the circumstances in which they apply,
please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on
individuals’ rights under the General Data Protection Regulation available via the following link:
https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-
regulation-gdpr/individual-rights/.

If you would like to exercise any of these rights, please contact us using our contact details set
out below.

You will not have to pay a fee to access your data or to exercise any of the other rights. However,
we may charge a reasonable fee if your request is unfounded, repetitive or excessive.
Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure
your right to access your personal information (or to exercise any of your other rights). This is a
security measure to ensure that personal information is not disclosed to any person who has no
right to receive it. We may also contact you to ask you for further information about your request
to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it could take us longer
than a month if your request is particularly complex or you have made several requests. In this
case, we will notify you and keep you updated.

​

9. Data security

We have put in place appropriate security measures to prevent personal information from being
accidentally lost, used or accessed unlawfully, altered or disclosed. We limit access to your
personal information to those who have a genuine business need to access it. Those processing
your information will do so only in an authorised manner and are subject to a duty of
confidentiality.
We also have procedures to deal with suspected data security breaches. We will notify you and
any applicable regulator of a suspected data security breach where we are legally required to do
so.

If you want detailed information from Get Safe Online on how to protect your information and your
computers and devices against fraud, identity theft, viruses and many other online problems,
please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading
businesses.

10. How to complain

We hope that we can resolve any query or concern you may raise about our use of your personal
information.

The applicable data protection laws also give you the right to lodge a complaint with a supervisory
authority in the European Union (or European Economic Area) state where you work, normally
live or where any alleged infringement of data protection laws occurred.

The UK supervisory authority is the Information Commissioner who may be contacted at
https://ico.org.uk/concerns or by telephone: 0303 123 1113.
For EU supervisory authorities, their contact details can be found here:
https://edpb.europa.eu/about-edpb/about-edpb/members_en.

11. Changes to this privacy policy

Our privacy policy was last updated in August 2022. Historic versions can be obtained by
contacting us. We keep this document under regular review and any changes we make to it will
be, where appropriate, notified to you by email.

12. Contact details

If you have any questions about this privacy policy or our privacy practices, please contact us in
the following ways:
Full name of legal entity: Tool Raptors Ltd (09662094)
Email address: sales@toolraptors.co.uk
Postal address: Sticle, Castle Road, Pencader, SA39 9AN
Telephone number: +44 (0) 01491 527025