Owen Mumford Limited (“us” or “we“) are committed to protecting and respecting the privacy of all individuals we deal with, including our website visitors, customer, suppliers, enquirers and anyone else we encounter in our business.
This Policy sets out information about how we use, store and transfer personal data obtained as a result of your visiting our website at www.owenmumford.com (the “Website”) or otherwise in connection with our business.
If you have not already read our Website Terms and Conditions, please do so by clicking here
We are the data controller of the personal data referred to in this Policy. We are a company registered in England and Wales under company number 01257871, and our registered office address is Brook Hill, Woodstock, Oxfordshire OX20 1TU. We are VAT registered under number GB195 9293 07.
Full details are set out in the relevant sections of this Policy below, but in summary:
Information We May Collect from You
We may collect and process the following data about you:
Your personal data may be provided to us by someone other than you, with whom you and we are both connected (e.g. a distributor in your territory, someone with whom you and we are both collaborating, or your employer if we are doing business with them and they need us to liaise with you), or may be gathered by us in our market research if you have a public profile at a corporate entity with whom we do business or wish to do business.
If you are a family member or otherwise associated with one of our employees, then that employee may provide us with your personal data (such as your name and contact details) in connection with company benefits or our duties as an employer. For example, you could be nominated as a driver of a company car, identified as an emergency contact, identified in an expression-of-wishes form in relation to death-in-service benefits, or identified as a co-parent in a paternity leave application.
We may also collect, use and share special categories of personal data (for example about your physical or mental health) if you give this information to us.
IP Addresses and Cookies
Where We Store Your Personal Information
All information you provide to us or that we collect from you is stored on our secure servers or on the servers of our respective hosting service providers, which we may change from time to time. We may share your personal data with other Owen Mumford group companies, or our service providers as described below, and our or their servers may be located outside the EEA. Therefore, the information that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our group companies or suppliers (for example, in order for the most appropriate member of our group to process and respond to your enquiry).
Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it to that applying within the EEA by ensuring that at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.
The transmission of information via the internet is not completely secure. Although we will use our best endeavours to protect your personal data, we cannot guarantee the security of your data transmitted to the Website and any transmission is at your own risk. Once we have received your information, we will use suitable procedures and security features to try to prevent unauthorised access.
Uses Made of the Information
We (and where applicable our group companies) use information held about you in the following ways:
If we use your data for marketing purposes, we will: i) where required by law, inform you before collecting your data and request your consent or provide you with the opportunity to opt out; and ii) in any event stop doing so on request. You can exercise your right to prevent such processing by contacting us at email@example.com or by clicking “unsubscribe” on any marketing emails you receive from us.
Disclosure of Your Information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, from time to time. For example, group companies may share hosted servers for the storage of their data. Likewise, personal data may be shared between group companies to achieve organisation-wide goals (for instance, ensuring that the appropriate group company is able to respond to your enquiry).
We may disclose your personal information to our third party service providers, in particular those:
We do not allow our appointed data processors to use your personal information for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
We may disclose your personal information if all or the relevant part of our business is acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
We may disclose your personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms of Service or any other terms or agreements.
Some of our group companies, and the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an “adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
We may automatically direct any enquiry you send to us to the most appropriate team within our group of companies based on the location of your IP address. We do this automatically, and without human intervention, to enable us to process and deliver a response to your enquiry within a shorter timeframe and to improve our efficiency at responding to your enquiry. This does not affect your legal rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
Purposes for Which We Process Your Data and the Legal Basis for Doing So
We have set out below, in table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where more than one basis has been set out in the table below.
|Purpose/Activity||Type of Data||Legal Basis for Processing, including Basis of Legitimate Interest|
|To ensure that content from the Website is presented in the most effective manner for you and for your computer||Information that you provide by filling in forms on the Website or otherwise by contacting us using the Contact form provided on the Website, and details of your visits to the Website including, but not limited to, traffic data, location data, files downloaded, weblogs and other communication data.||(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business, to inform our marketing strategy, for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); and
(b) Necessary to comply with a legal obligation
|To correspond with you and to address any queries you may raise through our Website or otherwise or otherwise correspond in connection with any actual or potential business relationship we may have with you||Contact information, including information that you provide by filling in forms on the Website or otherwise by contacting us, and copies of your correspondence with us.
This information may include your name, address, date of birth, email address and any other information you provide to us when contacting us (including any special categories of personal data).
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to address our customers’ concerns and queries);
(d) Necessary for our legitimate interests, namely properly administering our business and communications, and developing our relationships with interested parties.
|To carry out our obligations arising from any contracts entered into between you and us||
Contact information, including information that you provide by filling in forms on the Website or otherwise by contacting us, and copies of your correspondence with us. This information may include your name, address, date of birth, email address and any other information you provide to us when contacting us (including any special categories of personal data).
Documents featuring personal data, such as purchase orders, proposals,, contracts and the like.
|Performance of a contract with you|
|To make and receive payments||Contact details, payment account details and transaction details, including associated documents and correspondence.||(a) Performance of a contract with you; or
(b) Necessary for our legitimate interests (to make and receive payments)
|To use data analytics to improve the Website, products/services, marketing, customer relationships and experiences||Information relating to your visits to the Website including, but not limited to, traffic data, location data, files downloaded, weblogs and other communication data.||Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy)|
|To provide you with information regarding our products or services, news or updates that you request from us or which we feel may interest you||Information that you provide by filling in forms on the Website, at trade shows or otherwise, or by contacting us, or information which we receive from third parties, and copies of your correspondence with us. This information may include your name, address, and email address.||(a) Necessary for our legitimate interests (to develop our products/services and grow our business); or
(b) your consent, where required by law.
|Ensuring visits to our premises are properly documented and safe, ensuring the integrity of secure areas.||Visitor information, such as vehicle registration number, contact details, role, the purpose of your visit, together with CCTV images or footage if you enter any secure area where CCTV is used.||Necessary for our legitimate interests (ensuring the safety and security of our premises).
Necessary to comply with legal obligations in relation to health and safety.
|To carry out our duties as an employer, and to administer benefits offered to our employees.||Information relating to our employees’ families, next-of-kin or nominated beneficiaries.||Necessary for our legitimate interests (administering benefits packages).
Necessary to comply with legal obligations.
|Record-keeping and hosting, back-up and restoration of our systems||Any personal data||Necessary for our legitimate interests (ensuring the resilience of our IT systems and the integrity and recoverability of our data).|
|For the purposes of bringing and defending legal claims||Any personal data||Necessary for our legitimate interests (being able to conduct and defend legal claims to preserve our rights and those of others).|
|For the purposes of legal compliance (e.g. maintaining tax records, product sales records)||Any personal data||Necessary to comply with a legal obligation|
Where we have a legal basis to use your personal data without consent (as we have described above), this policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent, you consent to our use of that personal data for the purposes covered by the specific consent that you have given. For example, in some circumstances we may have asked for your consent to processing your personal data for marketing purposes.
As mentioned above we may send and present you with marketing information about us such as news, events and products and services which we think may be of interest to you.
We will not provide your personal data to third parties so they can use your personal data for marketing purposes.
Security of Information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and where they are subject to a duty of confidentiality.
Retaining Your Information
We will retain the information we receive and collect about you for a period which is reasonably required for us to use it in accordance with this Policy or in accordance with our legal rights and obligations.
You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office (ICO) at ico.org.uk for a fuller explanation of your rights. In summary:
The Website may contain links to and from the websites of our partner networks, advertisers, or other third parties, including links to our social media pages hosted by third-party providers, such as LinkedIn, Facebook, Twitter, Google and YouTube. If you follow a link to any of these websites, please note that these websites are operated by third parties and have their own privacy policies governing the use of any personal data you submit through them. We do not accept any responsibility or liability for the use of your personal data by those third parties or under or in connection with those privacy policies. Please check those policies before you submit any personal data through those websites.
If you have any concerns about material which appears on the Website, or any questions or comments regarding this Policy, please contact us at firstname.lastname@example.org or by recorded delivery to our postal address at Brook Hill, Woodstock, Oxford, OX20 1TU, United Kingdom or use the “Contact” form on the Website at by clicking here.
Last update December 2018.