CHOOSE
A DIFFERENT TERRITORY

Find your local EMR Metal Recycling scrap yard and start selling your waste metal to us today.

CUSTOMER AND WEBSITE
PRIVACY NOTICE

Welcome to EMR Group Limited's privacy notice for those using our collection or metal buying services, those purchasing from us and website visitors. EMR Group Limited is made up of different legal entities across the globe. This privacy notice is issued on behalf of EMR Group Limited so when we mention “EMR”, "we", "us" or "our" in this privacy notice, we are referring to the relevant company or companies in EMR Group Limited responsible for processing your data. EMR Group Limited is the controller and responsible for this website.

If you are applying for a job with us, you are subject to an additional privacy notice, which is available on our website.

EMR respects your privacy and is committed to protecting your personal data. This privacy notice explains how companies within EMR Group Limited use and protect any personal data that we collect about you and informs you of your privacy rights and how the law protects you.

  1. IMPORTANT INFORMATION AND WHO WE ARE
  2. THE DATA WE COLLECT ABOUT YOU
  3. HOW IS YOUR PERSONAL DATA COLLECTED
  4. HOW WE USE YOUR PERSONAL DATA
  5. DISCLOSURES OF YOUR PERSONAL DATA
  6. INTERNATIONAL TRANSFERS
  7. DATA SECURITY
  8. DATA RETENTION
  9. DO NOT TRACK
  10. YOUR LEGAL RIGHTS

Important information and who we are

Purpose of this privacy notice

This privacy notice aims to give you information on how EMR collects and processes your personal data through your use of our online and offline services, including any data you may provide through this website, in person at a yard, when you sign up for a customer account, to our newsletter or take part in a competition.

This website is not intended for children. We do not knowingly collect data relating to children.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Controller

EMR Group Limited is made up of different legal entities across the globe. This privacy notice is issued on behalf of EMR Group Limited so when we mention “EMR”, "we", "us" or "our" in this privacy notice, we are referring to the relevant company in EMR Group Limited responsible for processing your data. EMR Group Limited is the controller and responsible for this website.

Contact details

Should you wish to contact us, our contact details are as follows:

In the United Kingdom

Email: dpo@emrgroup.com

Post:

Company Secretary
EMR Group Limited
Sirius House
Delta Crescent
Westbrook
Warrington
WA5 7NS
England

You have the right to make a complaint at any time to the Information Commission the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the Commission, so please contact us in the first instance.

When you connect with us in other countries the relevant controller is as follows:

In the United States

Email: dpo@emrgroup.com

Post:

Legal Department
EMR (USA Holdings) Inc.
201 N. Front Street
Camden, NJ 08102
USA

In Europe

Email: dpo@emrgroup.com

Post:

Company Secretary
EMR Group Limited
Sirius House
Delta Crescent
Westbrook
Warrington
WA5 7NS
England

Changes to your personal data

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

We do not currently undertake any solely automated decision making using personal data.

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes title, first name, last name, and date of birth, identity document such as driver’s licence or passport.
  • Contact Data includes billing address, delivery address, email address and telephone numbers.
  • Financial Data includes bank account and payment card details.
  • Transaction Data includes details about payments to and from you and other details of the products and services you have purchased from us.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
  • Profile Data includes your username and password, transactions made by you, your preferences, feedback and survey responses.
  • Usage Data includes information about how you use our website and yard services.
  • Marketing and Communications Data includes your preferences in receiving marketing information from us and our third parties and your communication preferences.

We also collect, use and share anonymised Aggregated Data such as statistical or demographic data. Aggregated Data may be derived from your personal data but is not considered personal data in law, as this data does not directly or indirectly reveal your identity. For example, we may analyse the number of times you visit a yard to calculate the percentage of customers visiting a specific yard at a given time. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.

We do not intentionally collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. However, when you supply us with information about yourself (for example ID documents), or when we capture CCTV footage or photographs of you, incidental information about your race and ethnicity may be processed.

If you fail to provide personal data

Where we need to collect personal data by law or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter with you (for example, to provide you with services). In this case, we may have to cancel the service you have purchased from us but we will notify you if this is the case at the time.

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, e-mail, on a yard or otherwise. This includes personal data you provide when you:

  • create an account, either at a yard or on our website;
  • subscribe to our services or publications;
  • request marketing information be sent to you;
  • enter a competition, promotion or survey;
  • interact with us via our social media accounts; or
  • give us feedback.

Automated technologies or interactions.

As you interact with our website, we may automatically collect Technical Data about your browsing devices, browsing actions and patterns. When you visit, sell or deliver materials at one of our sites or yards, we may also automatically collect CCTV and Image Data through our CCTV systems and by taking photographs of you and/or your vehicle.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below.

Technical Data from the following parties:

  • (advertising networks based inside or outside the EU; and
  • search information providers such as Google based inside or outside the EU.

Identity and Contact Data from data brokers or aggregators such as Experian, Oblong, the Companies House and the Electoral Register

How we use your personal data

We will only use your personal data where a lawful basis allows us to. Most commonly, we will use your personal data in the following circumstances:

Performance of a Contract. Where use of your information is necessary to provide you with EMR Group Limited Services under a contract, for example the relevant Terms of Service.

Legitimate Interest. Where use of your information is necessary for our legitimate interest and where the use is not outweighed by your rights and interests. Below are some examples of such interests:

  • improving our services and developing new ones
  • recognizing and better understanding our users, including across platforms
  • conducting security and fraud prevention activities
  • marketing and promoting our content and services
  • building and managing business relationships
  • conducting compliance and risk management activities
  • providing and managing access to our systems.

Legal Obligation

Where use of your information is necessary to comply with laws and regulations such as those relating to anti-bribery and corruption and anti-money-laundering, the Scrap Metal Dealers Act and complying with requests from government bodies or courts or responding to litigation.

With Consent.

We may ask for your consent to process your information in a certain way. Where we rely on this basis, you have the right to withdraw your consent at any time.

Generally, we do not rely on consent as a lawful basis for processing your personal data other than in relation to sending direct marketing communications to you via post, email, WhatsApp or text message. You have the right to withdraw consent from marketing at any time using the methods outlined under ‘Opting out’.

Purposes for which we will use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the lawful bases we rely upon to do so. We have also identified what our legitimate interests are where appropriate.

Promotional offers from us

We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which services and offers may be relevant to you (we call this marketing).

You will receive marketing communications from us if you have consented to marketing communications when you entered a competition or registered for a promotion or requested information from us, used our services and, in each case, you have not opted out of receiving that marketing.

Third-party marketing

We do not share your information with third parties for their marketing purposes.

Opting out

You can ask us to stop sending you marketing messages at any time by:

  • following the opt-out links on any marketing message sent to you
  • replying ‘STOP’ to any marketing text message sent to you
  • using the marketing preferences update form on our website
  • by contacting us at marketing@emrgroup.com at any time.

California “Shine the Light” Law

Under California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, California residents with whom we have an established business relationship are entitled to request and receive, free of charge, once per calendar year, certain information about the customer information we shared, if any, with other businesses for their own direct marketing uses in the previous calendar year.

To request a copy, please contact us at dpo@emrgroup.com.

Change of purpose

We will only use your personal data for the purposes for which we have collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at dpo@emrgroup.com.

Where it is required or permitted by law we may process your personal data without your knowledge or consent.

Disclosures of your personal data

We may have to share your personal data with the parties set out below:

  • Service providers acting as processors based in the UK and Europe who provide IT, marketing and system administration services.
  • Professional advisers acting as controllers including lawyers, bankers, auditors and insurers
  • HM Revenue & Customs, regulators and other authorities
  • Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets.

Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business which affects how your data is processed this notice will be updated.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party processor service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International transfers

We share your personal data within EMR Group Limited when necessary. This may involve transferring your data outside the UK or European Economic Area (EEA).

We ensure your personal data is protected by requiring all our group companies to follow the same rules when processing your personal data and we ensure appropriate safeguards are in place.

Some of our external third party supplies are based outside the UK or European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the UK and EEA.

Whenever we transfer your personal data out of the UK or EEA, we ensure appropriate safeguards are in place such as standard contractual clauses.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a business need to know.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so.

Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In many cases, this means that personal data will be retained for the duration of the time that we provide services to you and then for a reasonable time thereafter in order to manage any problems, process any returns, manage our relationship with you, defend any claims, for tax purposes and/or for any other record keeping purposes. This period is typically a period of around 6 years from your last interaction with us.

Do Not Track

This website does not currently take any action when it receives a Do Not Track request. Do Not Track is a privacy preference that you can set in your web browser to indicate that you do not want certain information about your webpage visits collected across websites when you have not interacted with that service on the page. For details, including how to turn on Do Not Track, visit www.donottrack.us.

Your legal rights

If you are a UK or an EU resident, you have the following rights under data protection laws in relation to your personal data.

  • The right to be informed about the personal data we hold about you and what we do with it;
  • The right of access to the personal data we hold about you;
  • The right for inaccuracies in the personal data we hold about you, however they come to light, to be corrected. This is also known as ‘rectification’;
  • The right to have your personal data deleted in some circumstances. This is also known as ‘erasure’;
  • The right to restrict the processing of your personal data;
  • The right to transfer the personal data we hold about you to another party. This is also known as ‘portability’;
  • The right to object to the processing of your personal data;
  • The right to refuse to be subject to any automated decision-making and profiling of your personal data; and
  • The right to make a complaint to our organisation, or to the Information Commission, if you are unhappy with how we process your personal data. A complaint to the ICO can be  raised online at: Make a complaint | ICO.

If you are a California resident, you have the following rights under the California Consumer Privacy Act of 2018 (the “CCPA”):

  • Right to know what personal data is collected, used, disclosed or sold.
  • Right to delete personal data.
  • Right to opt-out of the sale of personal data.
  • Right not be discriminated against for exercising your rights.

For information on the categories of personal data we have collected about you in the twelve (12) months prior to the effective date of this privacy notice, the categories of sources for such personal data, the business purposes for collecting such personal data and with whom we share such personal data, please refer to the sections titled “The data we collect about you,” “How is your personal data collected?,” “Purposes for which we will use your personal data” and “Disclosures of your personal data,” respectively.

If you wish to exercise any of the rights set out above, please contact us at dpo@emrgroup.com. When contacting us via phone, please reference this privacy notice.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

If you are a California resident, you may submit a request as frequently as you would like, but we are not required to respond to requests to provide personal data to you more than twice in any 12-month period.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

If you are a California resident, you may make a request to exercise any of your rights under the CCPA on behalf of your minor child. You may also designate an authorized agent to make a request to know or delete on your behalf.

If you are a California resident, you have the right to:

  • Request to know what personal data we collect, use, disclose or sell. Specifically, you may request that we disclose the following to you:
  • The categories of personal information we have collected about you.
  • The categories of sources from which we collect the personal data.
  • The business or commercial purpose for collecting or selling personal data.
  • The categories of third parties with whom we share personal data.
  • The specific pieces of personal data we have collected about you.
  • If we sell your personal data or disclose your personal data for a business purpose, you may request that we disclose to you:
    • The categories of personal data that we collected about you.
    • The categories of personal data that we sold about you and the categories of third parties to whom the personal data was sold, by category or categories of personal information for each third party to whom the personal data was sold.
    • The categories of personal data that we disclosed about you for a business purpose.
  • We do not sell your personal data.
  • Request deletion of any personal data we collected from you.
  • If it is necessary for us to maintain the personal data for certain purposes, we are not required to comply with your deletion request. If we determine that we will not delete your personal data when you request us to do so, we will inform you and tell you why we are not deleting it.
  • Opt-out of the sale of your personal data to any third parties.
  • We do not sell your personal data. Not be discriminated against because you exercised any of your rights under the CCPA.

Changes to this privacy notice

Any changes to this privacy notice will be posted to this website so you are always aware of the information we collect and how we use it. Accordingly, please refer back to this website frequently as this privacy notice may change.

HEAD OFFICE

Sirius House
Delta Crescent
Warrington
WA5 7NS
United Kingdom

Purpose / Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer (a) Identity
(b) Contact
Performance of a contract with you
To process and deliver your transaction including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(c) Fulfil payments owed to you
(a) Identity
(b) Contact
(c) Financial
(d) Transaction

(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)

(c) Performance of a contract with you

To manage our relationship with you which will include:
(a) Notifying you about changes to our terms or privacy policy
(b) Asking you to leave a review or take a survey
(a) Identity
(b) Contact
(c) Profile
(d) Marketing and Communications
(a and b) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products and services)
To enable you to partake in a prize draw, competition or complete a survey (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(a) Necessary for our legitimate interests (to study how customers use our products and services, to develop them and grow our business) or on the basis of your consent
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (a) Identity
(b) Contact
(c) Technical
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (a) Identity
(b) Contact
(c) Profile
(d) Usage
(e) Marketing and Communications
(f) Technical
On the basis of your consent
To use data analytics to improve our website, services, marketing, customer relationships and experiences (a) Technical
(b) Usage
On the basis of your consent
To make suggestions and recommendations to you about goods or services that may be of interest to you (a) Identity
(b) Contact
(c) Technical
(d) Usage
(e) Profile
Necessary for our legitimate interests (to develop our services and grow our business)
Recording of phone calls

(a) Identity

(b) Contact

(c) Financial

(d)Transaction

(e)Usage

Necessary for our legitimate interests (monitor call centre employee performance, improve our customer service offering)
AI Powered transcription & sentiment analysis

(a) Identity

(b) Contact

(c) Financial

(d)Transaction

(e)Usage

Necessary for our legitimate interests (monitor call centre employee performance, improve our customer service offering)
To operate CCTV and capture photographs of sellers and their vehicles at our sites and yards to protect our staff, sites and assets and to prevent, detect and investigate crime

(a) Identity
(b) CCTV and Image Data
(c) Transaction

Necessary for our legitimate interests (to protect our staff, sites and assets and to prevent, detect and investigate crime)