Welcome to EMR Group Limited's privacy notice for those using our collection or metal buying services, those purchasing from us and website visitors. EMR Group Limited is made up of different legal entities across the globe. This privacy notice is issued on behalf of EMR Group Limited so when we mention “EMR”, "we", "us" or "our" in this privacy notice, we are referring to the relevant company or companies in EMR Group Limited responsible for processing your data. EMR Group Limited is the controller and responsible for this website.
If you are applying for a job with us, you are subject to an additional privacy notice, which is available on our website.
EMR respects your privacy and is committed to protecting your personal data. This privacy notice explains how companies within EMR Group Limited use and protect any personal data that we collect about you and informs you of your privacy rights and how the law protects you.
Purpose of this privacy notice
This privacy notice aims to give you information on how EMR collects and processes your personal data through your use of our online and offline services, including any data you may provide through this website, in person at a yard, when you sign up for a customer account, to our newsletter or take part in a competition.
This website is not intended for children. We do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Controller
EMR Group Limited is made up of different legal entities across the globe. This privacy notice is issued on behalf of EMR Group Limited so when we mention “EMR”, "we", "us" or "our" in this privacy notice, we are referring to the relevant company in EMR Group Limited responsible for processing your data. EMR Group Limited is the controller and responsible for this website.
Contact details
Should you wish to contact us, our contact details are as follows:
In the United Kingdom
Email: dpo@emrgroup.com
Post:
Company Secretary
EMR Group Limited
Sirius House
Delta Crescent
Westbrook
Warrington
WA5 7NS
England
You have the right to make a complaint at any time to the Information Commission the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Commission, so please contact us in the first instance.
When you connect with us in other countries the relevant controller is as follows:
In the United States
Email: dpo@emrgroup.com
Post:
Legal Department
EMR (USA Holdings) Inc.
201 N. Front Street
Camden, NJ 08102
USA
In Europe
Email: dpo@emrgroup.com
Post:
Company Secretary
EMR Group Limited
Sirius House
Delta Crescent
Westbrook
Warrington
WA5 7NS
England
Changes to your personal data
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We do not currently undertake any solely automated decision making using personal data.
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
We also collect, use and share anonymised Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may analyse the number of times you visit a yard to calculate the percentage of customers visiting a specific yard at a given time. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not intentionally collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, when you supply us with information about yourself (for example ID documents), or when we capture CCTV footage or photographs of you, incidental information about your race and ethnicity may be processed.
If you fail to provide personal data
Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with services). In this case, we may have to cancel the service you have purchased from us but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, e-mail, on a yard or otherwise. This includes personal data you provide when you:
Automated technologies or interactions.
As you interact with our website, we may automatically collect Technical Data about your browsing devices, browsing actions and patterns. When you visit, sell or deliver materials at one of our sites or yards, we may also automatically collect CCTV and Image Data through our CCTV systems and by taking photographs of you and/or your vehicle.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below.
Technical Data from the following parties:
Identity and Contact Data from data brokers or aggregators such as Experian, Oblong, the Companies House and the Electoral Register
We will only use your personal data where a lawful basis allows us to. Most commonly, we will use your personal data in the following circumstances:
Performance of a Contract. Where use of your information is necessary to provide you with EMR Group Limited Services under a contract, for example the relevant Terms of Service.
Legitimate Interest. Where use of your information is necessary for our legitimate interest and where the use is not outweighed by your rights and interests. Below are some examples of such interests:
Legal Obligation
Where use of your information is necessary to comply with laws and regulations such as those relating to anti-bribery and corruption and anti-money-laundering, the Scrap Metal Dealers Act and complying with requests from government bodies or courts or responding to litigation.
With Consent.
We may ask for your consent to process your information in a certain way. Where we rely on this basis, you have the right to withdraw your consent at any time.
Generally, we do not rely on consent as a lawful basis for processing your personal data other than in relation to sending direct marketing communications to you via post, email, WhatsApp or text message. You have the right to withdraw consent from marketing at any time using the methods outlined under ‘Opting out’.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the lawful bases we rely upon to do so. We have also identified what our legitimate interests are where appropriate.
Promotional offers from us
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant to you (we call this marketing).
You will receive marketing communications from us if you have consented to marketing communications when you entered a competition or registered for a promotion or requested information from us, used our services and, in each case, you have not opted out of receiving that marketing.
Third-party marketing
We do not share your information with third parties for their marketing purposes.
Opting out
You can ask us to stop sending you marketing messages at any time by:
California “Shine the Light” Law
Under California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, certain information about the customer information we shared, if any, with other businesses for their own direct marketing uses in the previous calendar year.
To request a copy, please contact us at dpo@emrgroup.com.
Change of purpose
We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo@emrgroup.com.
Where it is required or permitted by law we may process your personal data without your knowledge or consent.
We may have to share your personal data with the parties set out below:
Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business which affects how your data is processed this notice will be updated.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processor service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We share your personal data within EMR Group Limited when necessary. This may involve transferring your data outside the UK or European Economic Area (EEA).
We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data and we ensure appropriate safeguards are in place.
Some of our external third party supplies are based outside the UK or European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the UK and EEA.
Whenever we transfer your personal data out of the UK or EEA, we ensure appropriate safeguards are in place such as standard contractual clauses.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a business need to know.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In many cases, this means that personal data will be retained for the duration of the time that we provide services to you and then for a reasonable time thereafter in order to manage any problems, process any returns, manage our relationship with you, defend any claims, for tax purposes and/or for any other record keeping purposes. This period is typically a period of around 6 years from your last interaction with us.
This website does not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us.
If you are a UK or an EU resident, you have the following rights under data protection laws in relation to your personal data.
If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 (the “CCPA”):
For information on the categories of personal data we have collected about you in the twelve (12) months prior to the effective date of this privacy notice, the categories of sources for such personal data, the business purposes for collecting such personal data and with whom we share such personal data, please refer to the sections titled “The data we collect about you,” “How is your personal data collected?,” “Purposes for which we will use your personal data” and “Disclosures of your personal data,” respectively.
If you wish to exercise any of the rights set out above, please contact us at dpo@emrgroup.com. When contacting us via phone, please reference this privacy notice.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you are a California resident, you may submit a request as frequently as you would like, but we are not required to respond to requests to provide personal data to you more than twice in any 12-month period.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
If you are a California resident, you may make a request to exercise any of your rights under the CCPA on behalf of your minor child. You may also designate an authorized agent to make a request to know or delete on your behalf.
If you are a California resident, you have the right to:
Changes to this privacy notice
Any changes to this privacy notice will be posted to this website so you are always aware of the information we collect and how we use it. Accordingly, please refer back to this website frequently as this privacy notice may change.
HEAD OFFICE
Sirius House
Delta Crescent
Warrington
WA5 7NS
United Kingdom
| Purpose / Activity | Type of data | Lawful basis for processing including basis of legitimate interest |
|---|---|---|
| To register you as a new customer | (a) Identity (b) Contact |
Performance of a contract with you |
| To process and deliver your transaction including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us (c) Fulfil payments owed to you |
(a) Identity (b) Contact (c) Financial (d) Transaction |
(a) Performance of a contract with you (c) Performance of a contract with you |
| To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey |
(a) Identity (b) Contact (c) Profile (d) Marketing and Communications |
(a and b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services) |
| To enable you to partake in a prize draw, competition or complete a survey | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications |
(a) Necessary for our legitimate interests (to study how customers use our products and services, to develop them and grow our business) or on the basis of your consent |
| To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | (a) Identity (b) Contact (c) Technical |
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) |
| To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you | (a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical |
On the basis of your consent |
| To use data analytics to improve our website, services, marketing, customer relationships and experiences | (a) Technical (b) Usage |
On the basis of your consent |
| To make suggestions and recommendations to you about goods or services that may be of interest to you | (a) Identity (b) Contact (c) Technical (d) Usage (e) Profile |
Necessary for our legitimate interests (to develop our services and grow our business) |
| Recording of phone calls |
(a) Identity (b) Contact (c) Financial (d)Transaction (e)Usage |
Necessary for our legitimate interests (monitor call centre employee performance, improve our customer service offering) |
| AI Powered transcription & sentiment analysis |
(a) Identity (b) Contact (c) Financial (d)Transaction (e)Usage |
Necessary for our legitimate interests (monitor call centre employee performance, improve our customer service offering) |
| To operate CCTV and capture photographs of sellers and their vehicles at our sites and yards to protect our staff, sites and assets and to prevent, detect and investigate crime |
(a) Identity |
Necessary for our legitimate interests (to protect our staff, sites and assets and to prevent, detect and investigate crime) |