This Privacy Policy was last updated on 15th of May 2018

RBS IT SOLUTIONS LTD (We), incorporated under the laws of England and Wales under company registration number 07680985, whose registered office is at 29 Croft House Way, Morley, Leeds, England, LS27 8UA, UK. Our data protection and privacy measures are governed by the (I) the General Data Protection Regulation (EU 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation”).

1. Introduction

This privacy policy sets out how we use and protects any information that you provide to us (including information provided through the website https://peppish.com or other websites through which we provide our services to you).

We are based in the UK which aims to help standardise supply chain processes through our standards and services https://peppish.com As such we may process personal data of our members, customers, contacts and visitors to our Websites.

2. Personal data and Basis for Collection

For the purpose of Data Protection Legislation, where personal data is provided directly to us through use of the Website, email, or other means We will be a data controller (as defined in the Data Protection Legislation) of such information. Where we are provided with information only for the purpose of performing a service or where we cannot determine the use of such information, we will be data processor (as defined in the Data Protection Legislation) of such information.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data including names, username or similar identifier, title, job title, directorships.
  • Contact Data including billing address, delivery address, email address and telephone numbers.
  • Financial Data including bank account and payment card details.
  • Transaction Data including details about payments to and from you and other details of products and services you have purchased from us.
  • Usage Data including information about how you use our Services or submit an enquiry or query through the Websites.
  • Marketing and Communications including your preferences in receiving marketing or surveys from us and our third parties and your communication preferences.
  • Additional Information including additional information you chose to provide to us.

Unless you provide such information to us to customise the service we may provide to you, we do not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor does we collect any information about criminal convictions and offences.

3. If you fail to provide personal data

Where you fail to provide personal data when requested, we may not be able to perform the service you have or trying to enter into. In this case, we may have to cancel the Services but will notify you if this is the case at the time.

4. How is your personal data collected?

We use different methods to collect personal data from and about you including through:

Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by phone, and e-mail or otherwise. This includes personal data you provide when you:

  • apply for the Services;
  • give us some feedback or complete a survey; or
  • Create an account on our Websites.

5. How do we use your information?

Set out below is a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

What we use your personal information for Type of data Our explanation of Next’s legitimate interests

To register you as a new customer or member and verify your identity when using log-ins

(a) Identity
(b) Contact

Performance of a service

To process and deliver the Services including:
(a) Managing payments and charges
(b) Collecting and recovering money owed to us
(c) Contacting you and corresponding about the Services
(d) to provide support to the services

(a) Identity
(b) Contact
(c) Financial
(d) Transaction

Performance of a service Necessary for our legitimate interests (to recover debts due to us)

To respond to queries and enquiries

(a) Identity
(b) Contact

Legitimate interests (to offer similar services or offers)

To manage our business performance and assess client satisfaction and improvement to our Services

(a) Identity Data
(b) Individual Data

Legitimate interests (to improve the services we provide)

6. Change of purpose

We will only use your personal data for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact privacypolicy@peppish.com. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. Who we share your information with and why ?

Personal data that we collect in accordance with this Privacy Policy, may be shared as follows:

  • With our other international member organisations;
  • with marketplaces such as Amazon;
  • where we are under a duty to disclose your personal data to comply with any legal obligation, or to enforce or apply our terms and conditions and other agreements;
  • with third party debt recovery agencies;
  • To protect the rights, property, or safety of us and our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and for compliance with laws; and
  • With third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.

8. How we store personal data ?

For secure storage, we ensure that we store your personal data within the UK. We may share your personal data with some third parties who are based outside the EEA. In this case, we will ensure that the appropriate security measures and processing provisions are in place to protect your personal data. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, servicers and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

9. How long we keep your information ?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. These retention periods depend on the nature of the information, and are subject to change.

10. What are your rights ?

Under certain circumstances, you have rights under Data Protection Legislation in relation to your personal data. These include the right to:

  • request access to your personal data;
  • request correction of your personal data;
  • request erasure of your personal data;
  • object to processing of your personal data;
  • request restriction of processing your personal data;
  • request transfer of your personal data; and
  • Right to withdraw consent.

To exercise any of the above rights please email your request to: privacypolicy@peppish.com. Where you exercise your right to erasure or where information is deleted in accordance with our retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period we retain the data.

11. Children

The Website is not intended for children. We will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.

12. Complaints

If you would like to make a complaint in relation to how we may have stored, used or processed your personal data, you have the right to make a complaint at any time or simply send us an email at privacypolicy@peppish.com.

Changes to this Privacy policy and your duty to inform us of changes:
As and when necessary, changes to this privacy policy we will posted here. Where changes are significant, we may also email all our registered users with the new details, and where required by law, will we obtain your consent to these changes.
This Privacy Policy was last updated on 15th of May 2018.
It is important that the personal data we hold about you is accurate and current. Please keep us current. Please keep us informed if your personal data changes during your relationship with us.

13. Questions and Contact information

For any questions or for further information, please contact: privacypolicy@peppish.com.