This policy applies to all CJ Retail Solutions customers, suppliers and business contacts.
In its everyday business operations, CJ Retail Solutions makes use of a variety of data about identifiable individuals, including data about:
Current, past and prospective employees
Guests and customers
Users of its websites
In collecting and using this data, CJ Retail Solutions is subject to a variety of legislation controlling how such activities may be carried out and the safeguards that must be put in place to protect it.
The purpose of this policy is to set out the relevant legislation and to describe the steps CJ Retails Solutions is taking to ensure that it complies with it.
This control applies to all systems, people and processes that constitute the organisation’s information systems, including directors, employees, suppliers and other third parties who have access to CJ Retail Solutions systems.
CJ Retail Solutions is strongly committed to protecting your personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals or by others. We may use personal data provided to us for any of the purposes listed in this privacy statement.
Under the EU General Data Protection Regulation (GDPR) and UK Data Protection Laws personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Who We Are
CJ Retail Solutions are experts inRetail Display & POP Installation, Store Audits,Retail Display Maintenance, Field Marketing & StoreDevelopment and Digital POS Implementation,CJ Retail Solutions is a trade name of CJ Services UK LIMITEDregistered in England Company No. 3332205.
How we use your data
CJ Retail Solutions processes personal data for a number of different reasons, and the means of collection, lawful basis of processing, use, disclosure, and retention periods for each purpose may differ. The retention periods for your data can be viewed upon request and found in our Data Management and Retention policy.
In order for us to provide you with our services we need to collect personal data for the purpose of correspondence, delivery of the services and billing. In any event, we are committed to ensuring that the information we collect, and use is appropriate for this purpose. The lawful basis for processing this data is for the purposes of a contract.
We may also use your data for marketing purposes to keep you up to date with activities that may be of interest to you, we may also send newsletters and magazines.
We will not market to you without consent if that is the lawful basis we process the data under. You can withdraw consent at any time. To withdraw consent, you can send an email firstname.lastname@example.org click the unsubscribe link at the bottom of any email you receive, and you will be immediately removed from any future emails.
CJ’s may also process some data in the legitimate interest of the business, this information has been through a legitimate interest balancing test to ensure the data is not a risk ‘to the rights and freedoms’ of you as the data subject.
When collecting and using personal data, our policy is to be transparent about why and how we process it. The types of personal data we process are shown below:
• Employee information;
• Recruitment Applicants;
• Supplier Contacts;
• Business Contacts;
• Visitors to our website;
• Visitors to our offices;
• Visitors to us at trade shows and events;
• Individuals whose personal data we obtain whilst providing services to our customers;
• Others who contact us.
The security of this data is taken very seriously, our information security management system is independently certified as complying with the requirements of ISO/IEC 27001: 2013. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the controls we have in place to ensure the data we hold is secure.
We will only share personal data with others when we are legally permitted to do so. When sharing data, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
The data subject also has rights under the GDPR. These consist of:
1.The right to be informed
2.The right of access
3.The right to rectification
4.The right to erasure
5.The right to restrict processing
6.The right to data portability
7.The right to object
8.Rights in relation to automated decision making and profiling.
Each of these rights are supported by appropriate procedures within CJ Retail Solutions that allow the required action to be taken within the timescales stated in the GDPR.
These timescales are shown in Table 1.
Data Subject Request
The right to be informed
When data is collected (if supplied by data subject) or within one month (if not supplied by data subject)
The right of access
Within one month
The right to rectification
Within one month
The right to erasure
Within one month
The right to restrict processing
Without undue delay
The right to data portability
Within one month
The right to object
On receipt of objection
Rights in relation to automated decision making and profiling.
will not be kept for longer than is necessary. Marketing data will be kept for
as long as the consent is not withdrawn or three years after the last positive
communication (i.e. no links have been clicked on a marketing email). Records
with financial data will be retained for seven years. Personal data may
be processed on the basis that CJ Retail Solutions has a legal obligation to
perform such processing and has statutory retention periods of seven years.
You can request information on our retention periods by emailing our Data
Protection Officer DPO@CJretailsolutions.co.uk.
You are entitled to implement any of your rights above by writing to the Data Privacy Officer atData Privacy Officer, CJ Retail Solutions,Stuart Road, Manor Park, Runcorn, Cheshire, WA7 1TS, or emailingDPO@CJretailsolutions.co.uk.Under GDPR guidelines CJ retail solutions are not required to have a Data Protection Officer however we have appointed a person to deal with any requests to enact individual rights.Michele Walker is the named CJ Retail Solutions point of contact.
There are some cases in which a data subject would not be lawfully within their rights to enact some of the individual rights. An example of this would be an employee requesting to ‘be forgotten’. In this case the employee data is required to be processed for the employee to have a contract of employment and receive their salary. The legal basis for this processing is contractual and therefore an employee cannot make a request for erasure of their information.
We require proof of your identity before we can disclose personal data.A scan / copy of your passport, driving licence or a recent utility bill with your name and address on it will be accepted as proof.
If you would like further information on the information within this privacy notice please contact Michele Walker onDPO@Cjretailsolutions.co.ukor you can call her on +44 (0) 1928 597777.
Alternatively if you would like to contact the supervisory authority for the UK they can be found at: