UK WEBSITE PRIVACY POLICY


ENWA Water Technology AS (a company incorporated under the laws of Norway) (Company number 981335961) (“we”, “us”, “our”, “the Company”) respects your privacy and is committed to protecting your personal data. Our registered office in Norway is at Norder Kullerød 9, 3241 Sandefjord, Norway (telephone +47 33 48 80 50). Our registered UK branch trades as ENWA Water Technology AS (UK) and operates from The Engine Block, Units 5, 6, and 7 The Sidings, Merrylees Industrial Estate, Desford, Leicestershire, LE9 9FE. We operate the UK part of our website http://www.enwa.co.uk (“the Website”). This Website Privacy Policy applies to the personal data we collect from the Website.

This Website Privacy Policy will provide you with information about how we look after your personal data when you visit and use our Website (regardless of where you visit it from) including any data you may provide through the Website. It will also tell you about your privacy rights and how the law protects you.

Please note that this privacy policy relates only to the treatment and use of personal data arising from your visiting the Website. For other types of processing carried out by us, we operate the following policies:

Data Protection Policy Data Retention Policy and schedules for customer and employee data Privacy Notice for Customers, Suppliers and contacts Privacy Notice for Employees, Consultants and workers (including job applicants)
The Company is the data controller of your personal data and is therefore responsible for your personal data.

Glenn Simpson, UK Country Manager is ultimately responsible for overseeing questions in relation to this Website Privacy Policy. If you have any questions, including any requests to exercise your legal rights, please contact him using the contact details below.

Data protection principles
We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.

2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.

4. Accurate and kept up to date.

5. Kept only as long as necessary for the purposes we have told you about.

6. Kept securely.

The personal data we collect
Personal data means any information about an individual from which that person can be identified. We may collect and process the following data about you:

Information about you that you give us
The information you give us may include your name, address, name of your organisation, e-mail address and phone number and any message that relates to your enquiry. This may be given by you in order to:
a. Make an enquiry when using the contact details section of our Website;
b. Submit a job application or job enquiry when you submit details using the contact details provided in the Contacts & Careers section of the Website
c. Request details regarding our training courses and CPD seminars

Information collected by us automatically
We may automatically collect information about you such as technical information regarding your visits to our Website including, but not limited to, the Internet Protocol (IP) address used to connect your computer to the Internet, geographical location, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
It may also include information about your visit(s) to our Website including the full Uniform Resource Locators (URL), clickstream to, through and from our Website (including date and time), job vacancies you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call us.
Personal data does not include data where your identity has been removed or which not associated with or linked to your personal data (anonymous data).

IP addresses and Cookies
Our Website uses cookies to collect non-personal statistics about users of our Website to see how they use our Website and to help us improve it. Such information will include how long a user spends on our Website, which location they are from, which pages are viewed etc.

You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you log on to our Website.
How we use your personal data

We will only use your personal information we collect about you as follows:

Information that you give us
We may use the information you give to us to:
a. Respond to your enquiries as requested by you and in accordance with our legitimate interests;
b. Provide you with information that you request in accordance with our legitimate interests;
c. Undertake any contract we form with you; and
d. Comply with our legal obligations.

 Information collected by us automatically
We may use the information we automatically collect to:

a. Ensure that content from our Website is presented in the most effective manner for you and for your computer as is in our legitimate interest;
b. Administer and monitor our Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes so as to allow us to provide you with the best possible service and experience as is in our legitimate interest to do so; and
a. Keep our Website safe and secure as is in our legitimate interest.

Storage of your personal data
All of the information you provide to us is stored on our secure Customer Relationship Management system which is located in Norway and therefore within the European Economic Area, which is subject to the EU General Data Protection Regulation 2016 (GDPR).

Who has access to your personal data?
Your information may be accessed internally within the Company by authorised members of the sales, administrative or marketing teams when required in accordance with our legitimate interests or need to perform our contract with you.

Sharing and transfer of your personal data
We do not share the data that you supply to us via our Website with any third parties save for our IT consultants and website producers, and then only for the purposes of improving or developing our Website.

We require third parties to respect the security of your data and to treat it in accordance with the law and/or our instructions or as part of our regulatory or insurance obligations.

Security
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, the access to and use of the personal data that we collect is restricted to those employees who need the personal data to perform a specific job role or activity. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data retention
We have in place a data retention policy which sets out the criteria we adopt for retaining your personal information. Please contact Glenn Simpson, UK Country Manager using the contact details below if you would like to obtain a copy of our retention policy.

The criteria we take into account when deciding how long we retain personal information and the Company will have regard to the following:
The purpose for which we hold the Personal Data;
The amount, nature and sensitivity of the Personal Data;
The potential risk of harm from unauthorised use or disclosure of such Personal Data;
What alternative means we have for achieving our purposes;
The legal limitation periods for bringing claims and whether we need the Personal Data to bring or defend any proceedings;
Any legal or regulatory requirements for the retention of Personal Data;
What our insurance terms require in relation to the retention of Personal Data;
Any specific requests to hold such Personal Data from a Data Subject;
Satisfying any legal, accounting or reporting requirements;
Whether we need to hold on to such Personal Data to assist us with the performance of our services or the performance of a contract; and/or
Any orders for preservation of evidence, including Personal Data.

Your rights

You have the right to:

Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party.
If you wish to exercise any of your above rights, please send a written request to us at the address listed at the end of this privacy notice, addressed for the attention of Glenn Simpson, UK Country Manager.
Where we have relied on your consent for the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. You may withdraw your consent by emailing glenn.simpson@enwa.com


Other websites and links
Our Website may contain links or addresses to other websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third party websites and are not responsible for their privacy notices or for the content, accuracy or opinions express in such websites. We do not investigate, monitor or check third party websites for accuracy or completeness and the inclusion of any linked website on or through our Website does not imply approval or endorsement by us of the linked website.

If you decide to leave our Website and access these third party websites, plug-ins and/or applications you do so at your own risk. We encourage you to read the privacy notice of every website you visit.

Changes to this Website Privacy Policy
This version was last updated in July 2018.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Contact Details
We have appointed Glenn Simpson, UK Country Manager, as the person responsible for data protection issues within the UK. Glenn can be contacted by writing to: ENWA Water Technology AS (UK), The Engine Block, Units 5, 6, and 7 The Sidings, Merrylees Industrial Estate, Desford, Leicestershire, LE9 9FE. Telephone numbers: 0771 574 9754 or 01530 830354. Email: glenn.simpson@enwa.com

Complaints
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


PRIVACY NOTICE FOR CUSTOMERS, SUPPLIERS AND CONTACTS


What is the purpose of this document?
The Company is committed to protecting the privacy and security of your personal information.
This privacy notice describes how we collect and use personal information about you. It provides you with certain information that must be provided under the General Data Protection Regulation (GDPR) and the Data Protection Act (2018) (DPA).


This Privacy Notice is relevant to you if you are a contact from one of our customers or suppliers or a contact that may do business with the Company from time to time. As a result, from time to time we may collect certain personal information about you.


The Company is a "data controller". This means that we are responsible for deciding how we hold and use personal information about you.
The Company’s contact details are as follows:


ENWA Water Technology AS (a company incorporated under the laws of Norway) (Company number 981335961), Nordre Kullerød 9, 3241 Sandefjord, Norway whose UK branch is ENWA Water Technology AS (UK), The Engine Block, Units 5,6 and 7 The Sidings, Merrylees Industrial Estate, Desford, Leicestershire, LE9 9FE.
Data protection principles


We will comply with data protection law. This says that the personal information we hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.

3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.


The kind of information we hold about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We will collect, store, and use the following categories of personal information about you:

Your name

Your business email address

Your work address

Your job title

Your business telephone number (which may include your mobile number)

Your LinkedIn profile and details

Details of communications we may have with you on the telephone (including SMS messages), in person or by email


How is your personal information collected?
We will normally collect information about you from our day-to-day business dealings and communications with you. Any personal information collected will generally only relate to you as a contact/customer/supplier of the Company


How we will use information about you
We will only use your personal information we collect about you to contact you in accordance with our legitimate interests as a business and to perform any contract we may have with you or your business or otherwise to comply with our legal obligations. We may need to use your personal information to defend or bring legal proceedings. We will also use your personal information to keep a record of our communications (by telephone, email or face-to-face) as part of our legitimate interests.

If you fail to provide personal information
If you fail to provide information when requested, we may not be able to communicate with you or transact business with you or your business.

Automated decision-making
You will not be subject to any automated decision-making.

Data sharing
We may have to share your data with third parties. We will only do so if this is part of our legitimate interests, if requested by you, if part of performing our contract with you, if required as part of defending or pursuing legal proceedings, or if required by law.
We require third parties to respect the security of your data and to treat it in accordance with the law.

Data security
We have put in place measures to protect the security of your information.
Third parties will only process your personal information on our instructions and where they have agreed to treat the information confidentially and to keep it secure.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Data retention
How long will you use my information for?
We will only keep your personal information for as long as is necessary for the purposes for which we have collected it. We operate a Data Retention Policy that sets out the criteria we consider when retaining personal data. The criteria will vary dependant on the information we keep but generally data will be retained on the following criteria:
 

How long we need to keep such information for the purposes of our legitimate interests (to record meetings, appointments and communications with you) and/or for the purposes of performing any contract with your business. 

Any limitation periods existing for pursuing any claims against us or in respect of claims we may need to bring. 

Any periods otherwise prescribed by law.


Your individual rights
Under certain circumstances, by law you have the right to:
Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you  want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact Glenn Simpson, UK Country Manager at the UK address above or by email on: glenn.simpson@enwa.com or Connie Simpson on connie.simpson@enwa.com

No fee usually required
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Person responsible for data protection in the Company
We have appointed Glenn Simpson, UK Country Manager to oversee data protection compliance within the Company. If you have any questions about this privacy notice or how we handle your personal information, please contact Glenn Simpson at the Company’s address appearing above. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Changes to this privacy notice
We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.
If you have any questions about this privacy notice, please contact Glenn Simpson or Connie Simpson on the contact details contained within this Privacy Notice.