Privacy policy

Recycling Management Limited (“We”) are committed to protecting and respecting your privacy. This policy (together with our terms of use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. For the purpose of the Data Protection Act 1998 (the Act), the data controller is Recycling Management Limited of Trevor Street Industrial Estate, Trevor St, Birmingham B7 5RG.

Information we may collect from you

 

We may collect and process the following data about you:

If you contact us, we may keep a record of that correspondence.

Details of your visits to our site and the resources that you access.

Disclosure of your information

 

We may disclose your personal information to any member of our group, which means our subsidiaries as defined in section 1159 of the UK Companies Act 2006.

Access to information

 

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes to our privacy policy

 

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

 

Cookies, Analytics and Traffic Data
Cookies are small text files which are transferred from our websites, applications or services and stored on your device. We use cookies to help us provide you with a personalised service, and to help make our websites, applications and services better for you.
 
Our cookies may be session cookies (temporary cookies that identify and track users within our websites, applications or services  which are deleted when you close your browser or leave your session in the application or service) or persistent cookies (cookies which enable our websites, applications or services  to “remember” who you are and to remember your preferences within our websites, applications or services  and which will stay on your computer or device after you close your browser or leave your session in the application or service).

We use the following different types of cookies:

Strictly necessary cookies These are cookies which are needed for our websites, applications or services to function properly, for example, these cookies allow you to access secure areas of our website or to remember what you have put into your shopping basket.

Performance cookies and analytics technologies
These cookies collect information about how visitors and users use our websites, applications and services, for instance which functionality visitors use most often, and if they get error messages from areas of the websites, applications or services. These cookies don’t collect information that identifies a visitor or user. All information these cookies collect is aggregated and therefore anonymous. We only use these cookies to improve how our website, applications and services work.

Functionality cookies
These cookies allow our websites, applications and services to remember choices you make (such as your user name, language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts and other parts of web pages that you can customise. They may also be used to provide services you have asked for. The information these cookies collect may be anonymised and they cannot track your browsing activity on other websites.

Targeting or advertising cookies
These cookies are used to deliver adverts more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They are usually placed by advertising networks with the website operators’ permission. They remember that you have visited a website and this information is shared with other organisations such as advertisers. Quite often targeting or advertising cookies will be linked to site functionality provided by the other organisation.

Web beacons and parameter tracking 
We also use cookies and similar software known as web beacons to count users who have visited our website after clicking through from one of our advertisements on another website or in emails and to collect details of any products or services purchased. These web beacons collect limited information which does not identify particular individuals. It is not possible to refuse the use of web beacons. However, because they are used in conjunction with cookies, you can effectively disable them by setting your browser to restrict or block cookies. 

IP Address and traffic data
We keep a record of traffic data which is logged automatically by our servers, such as your Internet Protocol (IP) address, device information, the website that you visited before ours and the website you visit after leaving our site. We also collect some site, application and service statistics such as access rates, page hits and page views. We are not able to identify any individual from traffic data or site statistics. 
Find out more about the individual cookies and analytics technologies that we use.

 

 

 

 

GDPR

Information to be provided where personal data are collected from the data subject

  1. Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information:
    1. the identity and the contact details of the controller and, where applicable, of the controller’s representative;
    2. the contact details of the data protection officer, where applicable;
    3. the purposes of the processing for which the personal data are intended as well as the legal basis for the processing;
    4. where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party;
    5. the recipients or categories of recipients of the personal data, if any;
    6. where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available.
  2. In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing:
    1. the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
    2. the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability;
    3. where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
    4. the right to lodge a complaint with a supervisory authority;
    5. whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether the data subject is obliged to provide the personal data and of the possible consequences of failure to provide such data;
    6. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  3. Where the controller intends to further process the personal data for a purpose other than that for which the personal data were collected, the controller shall provide the data subject prior to that further processing with information on that other purpose and with any relevant further information as referred to in paragraph 2.
  4. Paragraphs 1, 2 and 3 shall not apply where and insofar as the data subject already has the information.

Transparent information, communication and modalities for the exercise of the rights of the data subject

  1. 1The controller shall take appropriate measures to provide any information referred to in Articles 13and 14 and any communication under Articles 15 to 22 and 34 relating to processing to the data subject in a concise, transparent, intelligible and easily accessible form, using clear and plain language, in particular for any information addressed specifically to a child. 2The information shall be provided in writing, or by other means, including, where appropriate, by electronic means. 3When requested by the data subject, the information may be provided orally, provided that the identity of the data subject is proven by other means.

 

  1. 1The controller shall facilitate the exercise of data subject rights under Articles 15to 222In the cases referred to in Article 11(2), the controller shall not refuse to act on the request of the data subject for exercising his or her rights under Articles 15 to 22, unless the controller demonstrates that it is not in a position to identify the data subject.

 

  1. 1The controller shall provide information on action taken on a request under Articles 15to 22 to the data subject without undue delay and in any event within one month of receipt of the request. 2That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. 3The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay. 4Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.
  2. If the controller does not take action on the request of the data subject, the controller shall inform the data subject without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
  3. 1Information provided under Articles 13and 14 and any communication and any actions taken under Articles 15 to 22 and 34 shall be provided free of charge. 2Where requests from a data subject are manifestly unfounded or excessive, in particular because of their repetitive character, the controller may either:
    1. charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
    2. refuse to act on the request.

3The controller shall bear the burden of demonstrating the manifestly unfounded or excessive character of the request.

  1. Without prejudice to Article 11, where the controller has reasonable doubts concerning the identity of the natural person making the request referred to in Articles 15to 21, the controller may request the provision of additional information necessary to confirm the identity of the data subject.

 

  1. 1The information to be provided to data subjects pursuant to Articles 13and 14 may be provided in combination with standardised icons in order to give in an easily visible, intelligible and clearly legible manner a meaningful overview of the intended processing. 2Where the icons are presented electronically they shall be machine-readable.

 

  1. The Commission shall be empowered to adopt delegated acts in accordance with Article 92for the purpose of determining the information to be presented by the icons and the procedures for providing standardised icons.

 

Right of access by the data subject

  1. The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information:
    1. the purposes of the processing;
    2. the categories of personal data concerned;
    3. the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
    4. where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
    5. the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
    6. the right to lodge a complaint with a supervisory authority;
    7. where the personal data are not collected from the data subject, any available information as to their source;
    8. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
  2. Where personal data are transferred to a third country or to an international organisation, the data subject shall have the right to be informed of the appropriate safeguards pursuant to Article 46relating to the transfer.
  3. 1The controller shall provide a copy of the personal data undergoing processing. 2For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs. 3Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.
  4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

Right to erasure (‘right to be forgotten’)

  1. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
    1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
    2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
    3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
    4. the personal data have been unlawfully processed;
    5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
    6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
  2. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
  3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary:
    1. for exercising the right of freedom of expression and information;
    2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3);

 

  1. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  2. for the establishment, exercise or defence of legal claims.

Right to object

  1. The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions. 2The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
  2. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the latest at the time of the first communication with the data subject, the right referred to in paragraphs 1 and 2 shall be explicitly brought to the attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, the data subject may exercise his or her right to object by automated means using technical specifications.

 

 Company specific data guidelines

  1. At all times We are committed to ensuring the data of our individual employees is held on our internal server and encrypted using an MD5 facility.
  2. Personal data is given freely by the individual at the time of joining the Company and is held locally for as long as is required by the Company, with a further 5 years post-exit. At any time the individual can ask to see what information the Company holds and has the right to make alterations to any data deemed to be factually incorrect.  Contested Data that is held during dispute will be monitored and resolved using a third party.
  3. We take our commitment to Health & Safety extremely seriously and in doing so are required to use CCTV throughout our operating sites. At all times the CCTV are in operation and employees are subject to being monitored and recorded for their own personal safety.  At no time can an employee request the CCTV be disconnected and all captured images fall under the sole responsibility and ownership of the Company.  CCTV images are held on-site and can be used if required to prosecute any member of staff seen to be contravening the Company Health & Safety Policies.
  4. Suppliers and sub-contracted workers visiting site and carrying out works will also be subject to the CCTV policy as above.

 

  1. Supplier data shall be held as per the Company guidelines and treated as per the policies relating to individual employees. Any Supplier that wishes to exercise their right to erasure can do so by contacting the appropriate individuals within the Company.