GS1 UK LTD, a not for profit organisation, incorporated under the laws of England and Wales under company registration number 01256140, whose registered office is at Hasilwood House, Bishopsgate, London, EC2N 4AW (“GS1 UK” “We”).
GS1 UK’s data protection and privacy measures are governed by the (i) the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and any national implementing laws, regulations and secondary legislation, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998 (“Data Protection Legislation").
1. Introduction
2. Personal data and Basis for Collection
3. If you fail to provide personal data
4. How is your personal data collected?
5. Purposes for which GS1 UK will use your personal data
6. Change of purpose
7. How your personal data may be shared
8. How GS1 UK stores personal data
9. Personal Data Retention
10. Your Rights
11. Children
12. Complaints
13 Cookie Policy
14. Questions and Contact information
1. Introduction
This privacy policy sets out how GS1 UK uses and protects any information that you provide to GS1 UK (including information provided through the website www.gs1uk.org or other websites through which GS1 UK provides its services to you (“Websites”)).
GS1 UK is a not for profit organisation based in the UK which aims to help standardise supply chain processes through its standards and services (“Services”). As such GS1 UK may process personal data of its members, customers, contacts and visitors to its Websites.
2. Personal data and Basis for Collection
For the purpose of Data Protection Legislation, where personal data is provided directly to GS1 UK through use of the Website, email, or other means GS1 UK will be a data controller (as defined in the Data Protection Legislation) of such information. Where GS1 UK is provided with information only for the purpose of performing a contract or where GS1 UK cannot determine the use of such information, GS1 UK will be data processor (as defined in the Data Protection Legislation) of such information.
GS1 UK may collect, use, store and transfer different kinds of personal data about you which GS1 UK have grouped together as follows:
- Identity Data including names, username or similar identifier, title, job title, directorships.
- Contact Data including billing address, delivery address, email address and telephone numbers.
- Financial Data including bank account and payment card details.
- Transaction Data including details about payments to and from you and other details of products and services you have purchased from GS1 UK.
- Usage Data including information about how you use GS1 UK’s Services or submit an enquiry or query through the Websites.
- Marketing and Communications including your preferences in receiving marketing or surveys from us and our third parties and your communication preferences.
- Additional Information including additional information you chose to provide to us.
Unless you provide such information to us to customise the service we may provide to you, GS1 UK does not process any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor does GS1 UK collect any information about criminal convictions and offences.
3. If you fail to provide personal data
Where you fail to provide personal data when requested, GS1 UK may not be able to perform the contract it has or is trying to enter into. In this case, GS1 UK may have to cancel the Services but we will notify you if this is the case at the time.
4. How is your personal data collected?
GS1 UK use different methods to collect personal data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, e-mail or otherwise. This includes personal data you provide when you:
- apply for the Services;
- give us some feedback or complete a survey;
- request marketing to be sent to you; or
- create an account on our Websites.
- Third parties. We may receive personal data about you from various third parties, including your employer.
5. Purposes for which GS1 UK will use your personal data
Set out below is a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact dataprotection@gs1uk.org if you need details about the specific legal basis we are relying on to process your personal data.
| Purpose/Activity | Type of data | Lawful basis |
|---|---|---|
| To register you as a new customer or member and verify your identity when using log-ins | (a) Identity (b) Contact | Performance of a contract |
| To process and deliver the Services including: (a) Managing payments and charges (b) Collecting and recovering money owed to us (c) Contacting you and corresponding about the Services (d) to provide support to the services | (a) Identity (b) Contact (c) Financial (d) Transaction | Performance of a contract Necessary for our legitimate interests (to recover debts due to us) |
| To respond to queries and enquiries | (a) Identity (b) Contact | Legitimate interests (to offer similar services or offers) |
| To undertake any marketing to you | (a) Identity (b) Contact | Legitimate interests (to offer similar services or offers) |
| Business Performance – To manage our business performance and assess client satisfaction and improvement to our Services | (a) Identity Data (b) Individual Data | Legitimate interests (to improve the services we provide) |
| Events – To enable us to provide events to you which take into consideration your preferences | (a) Identity Data (b) Individual Data (c) Event Data | Legitimate interests (to tailor events) Consent |
6. Change of purpose
GS1 UK will only use your personal data for the purposes for which it was collected for, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact dataprotection@gs1uk.org.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
7. How your personal data may be shared
Personal data that GS1 UK collects in accordance with this Privacy Policy, may be shared as follows:
- with third party consultants selected by GS1 UK, such as survey providers, product checkers and logistic companies;
- with other international GS1 UK member organisations;
- where information is shared through public platforms in accordance with the provision of the services such as GEPIR or GS1 UK’s Coupon Issuer services;
- with marketplaces such as Amazon;
- where GS1 UK is under a duty to disclose your personal data to comply with any legal obligation, or to enforce or apply GS1 UK’s terms and conditions and other agreements;
- with third party debt recovery agencies;
- to protect the rights, property, or safety of GS1 UK and its customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and for compliance with laws; and
- with third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
8. How GS1 UK stores personal data
For secure storage, GS1 UK ensures that it stores your personal data within the UK.
GS1 UK may share your personal data with some third parties who are based outside the EEA. In this case, GS1 UK will ensure that the appropriate security measures and processing provisions are in place to protect your personal data.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
9. Personal Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Generally, we keep personal data in accordance with our internal retention procedures, which are determined in accordance with our regulatory obligations and good practice. These retention periods depend on the nature of the information, and are subject to change. If you have any questions in this regard, please contact us using the details below.
10. Your Rights
Under certain circumstances, you have rights under Data Protection Legislation in relation to your personal data. These include the right to:
- request access to your personal data;
- request correction of your personal data;
- request erasure of your personal data;
- object to processing of your personal data;
- request restriction of processing your personal data;
- request transfer of your personal data; and
- right to withdraw consent.
To exercise any of the above rights please email your request to: dataprotection@gs1uk.org.
Where you exercise your right to erasure or where information is deleted in accordance with GS1 UK’s retention policy, please note that after the deletion of your personal data, it cannot be recovered, so if you require a copy of this personal data, please request this during the period GS1 UK retains the data.
11. Children
The Website is not intended for children. GS1 UK will not knowingly collect any personal data from persons under the age of 18 and will immediately delete any such data subsequently so determined.
12. Complaints
If you would like to make a complaint in relation to how GS1 UK may have stored, used or processed your personal data, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). GS1 UK would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to this Privacy policy and your duty to inform us of changes
As and when necessary, changes to this privacy policy we will posted here. Where changes are significant, we may also email all our registered users with the new details, and where required by law, will we obtain your consent to these changes.
This Privacy Policy was last updated on 10 June 2021.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
13. Cookie Policy
To view all cookies that are used by www.gs1uk.org, their purpose and how they may affect you, please refer to the Cookie Policy. Note that you may choose to accept or deny cookies when visiting the website. If you opt to decline, you will be presented with the option again upon your next visit.
14. Questions and Contact information
For any questions or for further information, please contact: dataprotection@gs1uk.org