Drive System Design Privacy Notice
At Drive System Design, we recognise the importance of protecting personal and confidential information in all we do and are committed to processing your data securely and transparently.
The purpose of this privacy notice is to inform you about what personal information we collect and process about our clients, job applicants, suppliers, and web-site visitors. It describes how we collect, use, retain and disclose the personal information that we hold, as well as your rights in relation to this information.
Who we are
We are an award-winning engineering consultancy specialising in the design, development and control of future transmission and driveline systems. In GDPR terms we are primarily a Data Controller meaning that we determine the means and purpose of processing personal data that we collect for the purposes of conducting our business. Our contact details are:
- HR&QHSE Manager
- Drive System Design
- Unit B Berrington Road
- Sydenham Industrial Estate
- Leamington Spa
- CV31 1NB
- Registered no: 06304697
Data protection principles
In relation to your personal data, we will:
- Process it fairly, lawfully and in a clear, transparent way.
- Collect your data only for specified and specific purposes.
- Only collect the minimum information we need to meet the purpose.
- Only use it in the way that we have told you about.
- Ensure it is correct and up to date.
- Keep your data for only as long as we need it.
- Process it securely, reducing the risk of it being lost or stolen.
Legal Basis for processing your information
We will only process your information if we have a lawful reason to do so. We make sure that you know how we use your information and to tell you about your rights.
We rely on the following specific conditions in Articles 6 and 9 of the GDPR to process your information:
6(1) (f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
What information we may collect about you
Personal data means any information capable of identifying an individual. It does not include anonymized data. We may process certain types of personal data about you as follows:
- Identity Data may include your first name, last name, username, title, company, and job role.
- Contact Data may include your company address, company email address and telephone numbers.
- Transaction Data may include account details such as orders and payments between us.
- Technical Data may include your login data, IP address, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access the Site.
- Usage Data may include information about how you use our website, products, and services.
- Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
- Job Application Data may include your name and CV information.
We may also process Aggregated Data from your personal data, but this data does not reveal your identity and as such is not personal data. An example of this is where we review your Usage Data to work out the percentage of website users using a specific feature of our site. If we link the Aggregated Data with your personal data so that you can be identified from it, then it is treated as personal data.
Where we are required to collect personal data by law, or under the terms of the contract between us and you, if you do not provide us with that data when requested, we may not be able to fulfil the contract (for example, to deliver the Services to you). If you don’t provide us with the requested data, we may have to cancel your order for the Services. If we do, we will notify you at that time.
How we use your information
- To enable us to provide our services.
- To process financial transactions where required.
- To comply with any associated regulatory requirements
How we collect your information
We collect personal data about you through a variety of different methods including:
- Direct Interactions: e.g., when you subscribe to our newsletter on our site; request a contact, resources or marketing be sent to you; apply for a position with us or supply us with goods or services.
- Automated technologies or interactions: e.g., we may automatically collect Technical Data about your equipment, browsing actions and usage patterns by using cookies, server logs and similar technologies.
Sensitive/Special categories of data
We do not collect special category data.
Protecting your information
Drive System Design is committed to keeping your information secure and protected against accidental loss or disclosure, destruction, and abuse. We have implemented security access controls and operational processes to guard against such.
The UK GDPR regulates the processing of personal information. Strict principles govern our use of information and our duty to ensure it is kept safe and secure. Drive Design Systems Ltd. is registered with the Information Commissioners Office (ICO).
Where we share your data with our approved connected parties, we provide written instructions to them to ensure that your data is held securely and in line with GDPR requirements.
Who we share your information with
Your data will be shared within the Company where it is necessary for staff to undertake their duties in the provision of the Services to you.
We do not share your information with any other Third Parties, other than approved connected parties such as parent or associate companies, in particular:
- Hinduja Tech Limited, our parent company, based in India.
- DSD Inc, our associate company, based in the USA.
How long we keep your information for
In line with data protection principles, we only keep your data for as long as necessary. Retention periods can vary depending on why we need your data. Please contact us for information regarding retention periods for specific data items.
How you can access the information held about you, and your rights
Under the UK GDPR, a person may request access to information (with some exemptions) that is held about them by an organisation. This is called a Data Subject Access Request (DSAR). There is no fee for this unless a request is unfounded or excessive, particularly if it is repetitive. In that case, a reasonable fee may be charged.
To submit a DSAR, please email to hr@drivesystemdesign.com
Your rights in relation to your personal information are:
- The right to be informed.
- The right of access.
- The right for any inaccuracies to be corrected.
- The right to have information deleted.
- The right to restrict the processing of the data.
- The right to portability.
- The right to object to the inclusion of any information.
- The right to regulate any automated decision-making and profiling of personal data.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. There will be no consequences for withdrawing your consent. However, in some cases we may continue to use the data where so permitted by having a legitimate reason for doing so.
Data Breaches under the UK GDPR
Under the GDPR we have a duty to report certain types of breach to the Information Commissioner’s Office (ICO). If the breach creates a risk to your rights and freedoms, we will notify you without undue delay and the ICO within 72 hours of becoming aware of the breach, where possible.
If the breach is likely to bring a high risk of adversely affecting your rights and freedoms, we will also inform you without undue delay.
Contacting us if you have a complaint or concern
We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention. You can submit a complaint through to us at:
- HR&QHSE Manager
- Drive System Design
- Unit B Berrington Road
- Sydenham Industrial Estate
- Leamington Spa
- CV31 1NB
- OR
Following your complaint, if you are still dissatisfied with our decision you may wish to contact the Information Commissioner’s Office (ICO), who is the supervisory authority in the UK for data protection matters. If you think your data protection rights have been abused or breached in any way by us, you are able to make a complaint to the ICO at https://ico.org.uk/concerns/.
Or by post, telephone, or email:
- Information Commissioner's Office
- Wycliffe House
- Water Lane
- Wilmslow
- Cheshire
- SK9 5AF
- Telephone: 0303 123 1113
Email: casework@ico.org.uk.