Privacy and data protection notice
Markes International Ltd. (Markes) recognises that privacy is important when communicating with customers, suppliers and other third parties. This notice explains how we collect, store, use and share personal data as governed by the EU General Data Protection Regulation (GDPR).
GDPR aims to prevent security breaches and the loss of personal data by any organisation that holds or processes data.
This notice is issued by Markes and is also applicable to the subsidiary companies: Markes International GmbH, Markes International, Inc., SepSolve Analytical Ltd, and Markes Instruments (Shanghai) Co., Ltd.
It is addressed to individuals outside our company with whom we interact.
Under GDPR Markes International Ltd is the Data Controller.
We are a specialist manufacturer of scientific instrumentation for the detection of trace-level volatile and semi-volatile organic compounds. We operate globally through a network of regional offices, the locations of which can be seen on the 'Contact us' page of our website.
Our Data Protection Officer (DPO) can be contacted at:
Markes International Ltd., Gwuan Elai Medi Science Campus, Llantrisant, CF72 8XL
What personal data do we collect?
The type and categories of personal data which we may collect include:
- Personal details: Name, address, account settings, email signature, etc.
- Contact details: Telephone number, email address, company name, etc.
- Device details: Device type, operating system, browser details, IP address, dates/times of connection to the site, and other technical communications information
- Payment details: Billing address, bank details, account-holder details, credit ratings, VAT number or equivalent, etc.
- Usage details: Registration details, details of content with which you interact, downloads, page views etc.
- Analytics: Location (through IP address), behaviour (based on cookies), etc. (for further information see below, under 'Cookies and similar technologies')
Markes will ensure that the personal data it collects will be adequate, relevant and not excessive for the purposes required. It will be kept accurate and up-to-date based on information provided, and to the best of our ability thereafter.
Sensitive personal information
Markes does not knowingly collect sensitive personal information (as defined under GDPR) from customers, suppliers or third parties, and you must not submit such information to us. Sensitive information inadvertently submitted to us will be processed so far as is necessary for the purposes of deleting it.
We do not intend to process personal data from any data subject under the age of 18, and we do not knowingly collect such data. If any such data comes to our attention we will delete it.
How do we collect your data?
Examples of sources from which we may collect your Personal Data include the following:
- When you provide it to us, e.g. where you contact us via email, telephone, web chat or by any other means. We do not record phone calls.
- In the ordinary course of our relationship with you, e.g. in the course of fulfilling supply of goods and services, whether for a fee or not.
- When you manifestly choose to make the data public by completing contact forms, including information collected via the website.
- From third parties who provide it to us (see below, 'Data received from third parties').
- When you visit our site or use any features or resources available on or through our site, your browser will automatically disclose certain information, some of which may constitute personal data (see below, 'Cookies and similar technologies').
- We may also create personal data about you, such as records of your interactions using our site and details of your account transactions if relevant.
Data received from third parties
From time to time we may receive information about you from third parties. These may be media partners, exhibitions, conferences, suppliers & other business partners. It is also possible that third parties with whom we have had no prior contact may provide us with information about you. Generally, this information will be your name and contact details, but may include additional information about you that they provide to us.
In some circumstances we will have a legitimate reason for processing the data even if you have not consented to sharing it, e.g. to fulfil an order process; where you have infringed (or potentially infringed) any of our legal rights; fraud prevention, etc.
If we receive information about you from a third party in error and/or we do not have a legal basis for processing that information, we will delete your information
How will we use your data?
We want to give you the best experience when interacting with Markes. The data we hold about you helps us provide you with the best possible service level and ensures that we are able to fulfil any contractual obligations. We will use your data for a number of reasons, including:
- To fulfil your request for information.
- To fulfil any contractual or pre-contractual obligations, for example, the supply of goods and services, whether for a fee or not.
- To fulfil any obligations under our sub-contract with a third party.
- To pay you or request payment for goods and services supplied.
- To ensure that our website, marketing emails or other communications are delivering valid and relevant content.
- Running and managing our business effectively and within the law.
- To prevent fraud or other criminal activity.
What is our legal basis for processing your data?
In line with the processing conditions set out under GDPR, Markes will process your data under one lawful condition:
· It is necessary for the purpose of our legitimate business interests (except if those interests are overridden by the interests, rights or freedoms of the data subjects which requires protection).
Markes will review all data processing regularly to ensure that our interests are not overridden by those of the data subjects.
In all cases data subjects have a number of rights which can be exercised regarding their data (see below, 'What are your individual rights?')
If we share your information (see below, 'Who else receives your information?'), it is on the basis of this same lawful condition.
What are your individual rights?
Under GDPR and the method of lawful consent which we are using to process your data, you have the following rights:
How to exercise that right
|The right to be informed about the collection and use of your data. ||This privacy notice informs you about the collection & use of your data. It is available on our website and you may request a written copy of the notice from the DPO |
|You have the right to request access to your personal data ||Make a request for access, verbally or in writing, from the DPO |
|You have the right to rectification if you believe the personal data we hold is inaccurate ||Make a request for rectification, verbally or in writing from the DPO |
|Right to erasure (right to be forgotten) or to restrict processing ||Make a request verbally or in writing from the DPO. In some circumstances, e.g. order fulfilment, to comply with HMRC or similar, immediate erasure will not be possible. In this case you will be informed of the reasons |
|Right to object ||You have an absolute right to object to your data being used for direct marketing. Our marketing communications utilise easily found ‘opt-out’ buttons for this reason. Alternatively you may make an objection verbally or in writing to the DPO. |
| Rights relating to Automated Decision Making || We use Data Profiling on our website (See Our use of automated profiling) below. We only use data profiling as part of our marketing operations – which you may opt out of as explained above - we do not use it for any other automated decision making process |
Who else receives your data?
We share your data with a number of third parties in order to supply you with our services. These are our data processors, and we have contractual processing agreements in place with them that are reviewed on a regular basis. Only adequate, relevant and limited information is used for each purpose. Key data processors are:
We use Microsoft’s Office 365 as a third-party email provider to store emails you send us.
Our web developer and hosting company is Zarr Ltd. Our website automatically logs the IP address you use to access our website.
Excellence IT are our third-party IT service provider.
Google collects information including IP addresses and information from cookies through our use of Google Analytics on our website. Google Analytics is used for tracking the number of visits that our different web pages receive. We use this information for analytical purposes only.
For further information regarding cookies, see below ('Cookies and similar technologies')
We use Salesforce for our customer relationship management and marketing automation.
We use Creditsafe to assess credit and risk where we are entering into a financial arrangement with a third party.
Cleardata provides us with a document scanning service.
The Maltings (Cardiff, UK) provides us with a Document Management Service to store archived material that must be kept for statutory periods, i.e. HMRC, VAT records, etc.
We may share your information with our subsidiary companies where it is in our legitimate business interest to do so. We may share your information with other group companies if legally required to do so in the execution of our business.
Contact data for subsidiary companies and our parent company can be found on our website https://www.markes.com/Contact-Us.aspx
Other business partners
Where we have legitimate business interests, the personal data we have collected from you may be transferred to other companies outside the UK and the European Economic Area. We impose contractual obligations with these companies to ensure that our legitimate interests are not overridden by your interests, rights or freedoms. Examples of this would include:
- Where you have expressed an interest in purchasing goods and services and you are based in a territory where we work alongside a third-party distributor who would be responsible for sales & support in that territory.
- To prevent fraud, cyber-crime, or other criminal activity.
- In connection with the enforcement of our legal rights, e.g. debt collection, copyright or patent infringement etc.
- If required by law or otherwise needed in connection with legal proceedings.
- Any successor to all or part of our business.
How long will we keep your data?
We will retain your personal data only for as long as is necessary in connection with the purposes set out in this notice, unless applicable law requires a longer retention period (i.e. to comply with HMRC requirements or to defend/exercise any legal rights).
If there is no legislative requirement to retain your data, and you are not a customer of Markes or its subsidiaries, we will typically delete your personal data three years after your last contact with us.
Where is your data stored and how is it secured?
We take appropriate technical & organisational measures to secure your personal data and to protect it against unauthorised or unlawful use and accidental loss or destruction. These include:
- Secure company servers.
- The use of multi-level password protection.
- Data encryption where appropriate.
- Limiting access to data through appropriate authorisation & permission settings.
- A robust IT policy that is reviewed regularly.
- Participation in a regular penetration testing process.
- Secure sockets layer (SSL) technology on our website.
Transmission of information to us by email
Transmission of information over the internet may not be entirely secure. If you submit personal data to us in this way you do so entirely at your own risk, and Markes are not responsible for any liabilities, costs or any other form of loss suffered by you as a result of this decision.
Transfer of your personal information outside the European Economic Area (EEA)
Data that we share with key data processors listed above is stored on servers within the European Economic Area, apart from that stored by Google Inc., which is stored in the United States of America. Currently, USA is not subject to an adequacy decision by the European Parliament; however, Google has self-certified its compliance with the EU-US Privacy Shield https://www.privacyshield.gov/welcome, which is an approved mechanism under GDPR.
Data that is shared with other business partners may be shared outside the EEA where it is required for our legitimate business interest as detailed above (see 'Who else receives your data?').
Cookies and similar technologies
A ‘cookie’ is a data file that is sent from a website you visit to a browser to record information about users for various purposes.
You can reject some or all of the cookies we use on or via our website by changing your browser settings, but doing so can impair your ability to use our website or some (or all) of its features. For further information about cookies, including how to change your browser settings, please visit www.allaboutcookies.org, or see our cookies policy.
Please note that this privacy notice is reviewed periodically and may be amended from time to time. We will update this notice accordingly with a new effective date stated at the beginning of it.
If we make major changes to our privacy notice or intend to use your data for a new purpose other than the purposes for which we originally collected it, we will notify you by posting a notice on our website.
We’d like the chance to resolve any complaints you have, but you also have the right to complain to the UK data protection regulator (the ICO) about how we have used your personal data.