1.1 MetalTrack is a trading name of IceBlue Marketing and Design Limited (hereinafter referred to as "MetalTrack”) and complies with the principles of the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).
1.2 MetalTrack’s company policy and reputation has been built on our ability to keep client data confidential and secure.
1.3 This policy sets out the basis on which personal data collected from you, or that you provide to us will be processed by us. This policy is in addition to additional obligations relating to your personal data contained in the specific terms and conditions that you may enter into with us in respect of our delivery and your receipt of MetalTrack.
1.4 Your privacy and security are of primary importance to us and we are committed to safeguarding the privacy and security of our web based software users. We will always follow the principles set out above.
1.5 MetalTrack offers web based services. We reserve the right to add, remove, or edit any of these services. We strictly protect the security of your personal information within the confines of these domains and we honour your choices for their intended use.
1.6 We have safeguards in place (some of which are set out below) to protect your data from loss, misuse, unauthorised access, alteration, or destruction. All users should handle their own and other people’s personal and confidential information with care. We protect your data from disclosure, with the exception of matters where designated by law or court order.
2.1 Personal data is collected, stored, used, and transferred for the specific purposes or purposes for which you agreed to use the software and for those set out in this privacy statement.
2.1.1 MetalTrack collects user-submitted information, IP addresses, usage patterns, and the point in time when the user visits our websites or uses our services.
2.1.2 Any other data which we may require in order to provide you with the service that you have subscribed for and/or have engaged us to provide and for which we have a lawful basis for processing, including (but not limited to) those set out in paragraph 2.5 below.
2.2 The purposes of data storage and processing of personal data by MetalTrack are as follows:
2.2.1 The storage of data via our web based software is carried out for the purposes for which the software is being used.
2.2.2 for the running, debugging, maintenance, and/or optimisation of the service and/or to maintain customer relationships. Additionally, in some instances, we may also use personal data to send users information regarding update downloading, upgrades, enhancements, surveys, or advertisements.
2.2.3 for analysis of web or service usage (for purposes of debugging, maintenance, and optimization of service) shall never be done on a basis that reveals usage patterns of individual users, but it shall be done by aggregating data, anonymising individual identities. We will not share or disclose such details except as required by law or law enforcement.
3.1 Contractual basis: When you click the "accept” box you are agreeing to be bound by this Privacy Notice which is part of the T&C and together form the basis of our contractual relationship with you. Therefore, we may collect, hold and process your personal data on the basis that you have accepted our contractual terms by agreeing to this Privacy Notice and the T&Cs. For this reason, when we need to send you any notification regarding any change in the Privacy Notice or any communication regarding these documents we may send you an email including the relevant provisions, such as answering your queries, complaints, acknowledgement of how many points you have, activation messages, deletion request responses.
3.2 Consent: We collect, hold and process your personal data on the basis that you give us consent when you accept this Privacy Notice and choose the different options (defined above in "your communication preferences”). In other words, we set out what we are going to do with your data in this Privacy Notice.
You remain in control of the personal data you share with MetalTrack. You can change your preferences in at any time, by choosing whether you want to give consent to your data being processed for specific types of communication and / or communication channels. You can cancel your account at any time and your details and information will be deleted.
3.3 Necessary for the performance of the Contract
3.4 Legitimate interest: We may collect, hold and process your personal data on the basis of legitimate interest where it is necessary in order for us to fulfil our needs as a business and to be able to provide you with our services, and send you information about MetalTrack's features and updates.
NOTE: if you do not want to continue to receive these types of emails – notifications – you can opt-out at any time by sending an email to the following email address support@MetalTrack.co.uk
3.5 Vital interest: We may use your personal information to contact you if we reasonably believe that there is any urgent safety or product issue that we need to communicate to you because the processing of your personal data will prevent or reduce any potential harm to you. This type of notification is in your vital interest.
3.6 Legal Obligation: We may use and process your personal data to comply with our legal obligations such as HMRC requirements, if the Police requests it or to identify you as an individual if you contact us, or to verify the accuracy of your data.
3.7 The Company shall, as far as is reasonably practicable, ensure that all data is:
3.8 We will use your Personal Data as follows:
3.8.1 to enable us to provide the services which we have agreed to provide to you;
3.8.2 to alert you to any product and service changes and updated information; and
3.8.3 for our own administration purposes.
3.9 We shall not pass your Personal Data to any third party for marketing purposes unless you have provided us with your consent to do so.
4.1 The Company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed.
4.2 When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it without delay.
4.3 The DPO will instruct specific members of staff to periodically review the data being held by the Company and to review whether or not it is still required to be held. This review will take place on an annual basis or, on an ad hoc basis should any issues be identified.
4.4 If your Personal Data changes, please notify us in writing at MetalTrack, Finch House, 28/30 Wolverhampton Street, Dudley, DY1 1DB or emailing us at email@example.com.
4.5 We will update your Personal Data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.
5.1 Data subjects may make subject access requests ("SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why. The responsibility of responding to any SAR shall be that of the DPO. If you wish to contact us for these purposes, please email us at support@MetalTrack.co.uk.
5.2 Data subjects wishing to make a SAR may do so in writing, using the Company’s Subject Access Request Form, or other written communication.
5.3 SARs should be addressed to the Company’s Data Protection Officer at Price Pearson Limited, Finch House, 28-30 Wolverhampton Street, Dudley, West Midlands DY1 1DB.
5.4 Responses to SARs shall normally be made within one month of receipt, however this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.
5.5 All SARs received shall be handled by the Company’s Data Protection Officer.
5.6 The Company does not charge a fee for the handling of normal SARs. However, the Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to a data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
5.7 Data subjects have the right to require the Company to rectify any of their personal data that is inaccurate or incomplete.
5.8 The Company shall rectify the personal data in question, and inform the data subject of that rectification, within one month of the data subject informing the Company of the issue. The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
5.9 In the event that any affected personal data has been disclosed to third parties, those parties shall be informed of any rectification that must be made to that personal data.
5.10 The website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
5.11 Data subjects have the right to request that the Company erases the personal data it holds about them in the following circumstances:
5.12 Unless the Company has reasonable grounds to refuse to erase personal data, all requests for erasure shall be complied with, and the data subject informed of the erasure, within one month of receipt of the data subject’s request.
5.13 The period can be extended by up to two months in the case of complex requests. If such additional time is required, the data subject shall be informed.
5.14 In the event that any personal data that is to be erased in response to a data subject’s request has been disclosed to third parties, those parties shall be informed of the erasure (unless it is impossible or would require disproportionate effort to do so).
6.1 We may disclose your Personal Data and/or Billing Information to any member of our group, which means our subsidiaries if we have received your consent to do so or if we have to do so in order to need to do so in order to carry out our contractual duties with you.
6.2 We may disclose your Personal Data and/or Billing Information to third parties only in the following limited situations:
6.2.1 If MetalTrack or substantially all of its assets are acquired by a third party, in which case personal data held by MetalTrack may be transferred to the entity acquiring MetalTrack; or
6.2.2 If we are under a duty to disclose or share your Personal Data in order to comply with any legal or regulatory obligation, or in order to enforce any of our agreements; or
6.2.3 To protect the rights, property, or safety of MetalTrack, our customers, or third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
7.1 All personal data breaches must be reported immediately to the Company’s Data Protection Officer.
7.2 If a personal data breach occurs and that breach is likely to result in a risk to the rights and freedoms of data subjects (e.g. financial loss, breach of confidentiality, discrimination, reputational damage, or other significant social or economic damage), the Data Protection Officer must ensure that the Information Commissioner’s Office is informed of the breach without delay, and in any event, within 72 hours after having become aware of it.
7.3 In the event that a personal data breach is likely to result in a high risk (that is, a higher risk than that described under Part 7.2) to the rights and freedoms of data subjects, the Data Protection Officer must ensure that all affected data subjects are informed of the breach directly and without undue delay.
7.4 Data breach notifications shall include the following information:
8.2 When you visit our site, we may also log your IP address, a unique identifier for your computer or other access device.
9.1 We are registered as a data controller with the UK Information Commissioner's Office.
9.2 Our data protection registration number is Z9940633
9.3 The Information Commissioner regulates compliance with the Data Protection Act. See details at end of the contact page.
10.1 This Privacy Statement is effective as of 25 May 2018.
10.2 We reserve the right to change this Privacy Statement at any time. If we materially change this Privacy Statement, we will either notify you by email (sent to the e-mail address specified in your account) or post a prominent notice on our Website.
10.3 Any changes are effective as of the date we post them on the privacy statement page of our Website. We encourage you to periodically review this Privacy Statement.
11.1 We are registered in England and Wales under registration number 03366651, and our registered office is at Finch House, 28-30 Wolverhampton Street, Dudley, West Midlands DY1 1DB.
11.2 Our principal place of business is at 6 Church Street, Kidderminster DY10 2AD
Amended as of 1 November 2019