This is our privacy notice in relation to all parties who are not AIS staff or AIS Group members or product suppliers with membership and trading agreements. The policy is in line with the new data protection legislation (known as General Data Protection Regulation - GDPR) with effect from 25th May 2018.
The policy includes:
Associated Independent Stores Limited (AIS Ltd) based at Cranmore Park, Cranmore Avenue, Shirley, Solihull, B90 4LF is primarily a member Buying Group although with other business interests such as property rental and as an events venue for Conferences, Meetings and Exhibitions. It is committed to protecting the data it collects and using it fairly in relation to its business interests and applies the current laws, which are known as the General Data Protection Regulation (GDPR).
Data obtained through any of the above entities of AIS Ltd can be shared within the Group as per the "How we process your data" section of this policy.
Your privacy is protected by law. This section explains how this works.
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside AIS Ltd. The law says we must have one or more of these reasons:
A legitimate interest is when we have a business or commercial reason to use your information in our normal course of business and as verified by our legitimate interest assessment (although even then it must not unfairly go against what is right and best for you).
We will primarily hold business related information, although that may include some personal data about you, including for example your name, address, telephone/mobile number(s) and email address.
If we are running an event or training course that you, or any of your teams, are personally attending, then we may collect more sensitive data such as dietary requirements or access needs if applicable
Examples of the sources of data we collect about you or your company:
AIS Ltd or one of its subsidiaries or associated businesses may collect the following information about you:
GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties. We may process your personal data for the following purposes, if relevant:
We process this data on the basis of our legitimate interest to run AIS Ltd in an efficient and proper way. This includes managing our financial position, planning, audit, communications, business capability and to exercise our rights set out in agreements and contracts. We also process your personal data where required to comply with laws and regulations that apply to us.
AIS Ltd has various data and security policies in place to ensure the safe-keeping of the data that we collect. Staff are trained and regularly updated to ensure they are treating your data within the guidelines of this notice.
Data is stored securely within AIS Ltd’s systems to prevent unauthorised access. To deliver products and services to you, it is sometimes necessary for AIS Ltd to share your data outside of the European Economic Area.
This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws. If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers.
There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn't an over-riding legitimate business need.
Unless we explain otherwise to you, we'll hold your personal information based on the following retention periods for personal data:
We will treat your personal information as private and confidential, but may share it with each other and disclose it outside of the AIS Ltd group of companies if:
Please note that where we have a relationship with a third party involving your data, we will have a signed data controller/processor agreement with them.
You have the right to ask us to provide you with access to and rectification or erasure of your personal data providing there isn’t a legitimate business need by virtue of your business with AIS Ltd. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.
You have the right to object to certain purposes for processing.
If you wish to stop us from providing you with marketing or information communications then you can opt out at any time by ticking the appropriate boxes within an email or mailing or by contacting us directly.
If you have any questions about how AIS Ltd use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by either of the following means:
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
Any changes we make to this policy in the future will be communicated to you by email or letter. The full notice (as it currently stands) is available on request via the above email address.
In the event that we believe there is a serious breach to our systems or data we will inform the Information Commissioner's Office within 72 hours and will inform the affected parties as soon as practically possible thereafter.
This policy was last updated in May 2018.