Owen Mumford Limited (“us” or “we“) are committed to protecting and respecting the privacy of all individuals we deal with, including our website visitors, customer, suppliers, enquirers and anyone else we encounter in our business.
This Policy sets out information about how we use, store and transfer personal data obtained as a result of your visiting our website at www.owenmumford.com (the “Website”) or otherwise in connection with our business.
If you have not already read our Website Terms and Conditions, please do so by clicking here
We are the data controller of the personal data referred to in this Policy. We are a company registered in England and Wales under company number 01257871, and our registered office address is Brook Hill, Woodstock, Oxfordshire OX20 1TU. We are VAT registered under number GB195 9293 07.
Full details are set out in the relevant sections of this Policy below, but in summary:
we normally receive your personal data from you, but sometimes it might be from a third party with whom you and we are both connected (e.g. if you are referred to us by one of our distributors, or if you are a family member of one of our employees who has nominated you as a beneficiary for benefits purposes or as a driver of a company car);
we use your personal data to deliver our services, conduct our business, keep appropriate records and meet our legal obligations;
we only provide your personal data to third parties for our business purposes or as permitted by law. We don’t share your data with third party advertisers;
we store personal data for specified retention periods;
you have legal rights in relation to your personal data which you can exercise on request;
you can contact us to enquire about any of the contents of this Policy.
Information We May Collect from You
We may collect and process the following data about you:
information that you provide to us by filling in forms on the Website or otherwise by contacting us using the Contact form provided on the Website -this information may include your name, address, date of birth, email address and any other information you provide to us when contacting us for any other reason;
information that you provide to us if you ask us to provide you with other marketing communications such as information about our products or services;
records of your correspondence (if any) with us;
information provided to us if we have some other commercial or business relationship with you or with your employer (for example, a supply, purchase, distribution or referral relationship). This could include your contact details (name, job title, email address, postal address, telephone number), any related communications, and any related documents (such as contracts, purchase orders and invoices, proposal, etc.);
information relating to payments we make to you or receive from you (payments data), which may include your contact details, your payment account details and the transaction details. We do not typically collect or process credit or debit card details, which are instead collected by our nominated payment processing service provider; and
information relating to any visit you make to our premises, such as your vehicle registration number, contact details, role, the purpose of your visit, together with CCTV images or footage if you enter any secure area where CCTV is used
Your personal data may be provided to us by someone other than you, with whom you and we are both connected (e.g. a distributor in your territory, someone with whom you and we are both collaborating, or your employer if we are doing business with them and they need us to liaise with you), or may be gathered by us in our market research if you have a public profile at a corporate entity with whom we do business or wish to do business.
If you are a family member or otherwise associated with one of our employees, then that employee may provide us with your personal data (such as your name and contact details) in connection with company benefits or our duties as an employer. For example, you could be nominated as a driver of a company car, identified as an emergency contact, identified in an expression-of-wishes form in relation to death-in-service benefits, or identified as a co-parent in a paternity leave application.
We may also collect, use and share special categories of personal data (for example about your physical or mental health) if you give this information to us.
IP Addresses and Cookies
Where We Store Your Personal Information
All information you provide to us or that we collect from you is stored on our secure servers or on the servers of our respective hosting service providers, which we may change from time to time. We may share your personal data with other Owen Mumford group companies, or our service providers as described below, and our or their servers may be located outside the EEA. Therefore, the information that we collect from you may be transferred to, and stored at, a destination outside the EEA. It may also be processed by staff operating outside the EEA who work for us or for one of our group companies or suppliers (for example, in order for the most appropriate member of our group to process and respond to your enquiry).
Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it to that applying within the EEA by ensuring that at least one of the following safeguards is implemented:
Your personal data will be transferred to a country that has been assessed by the European Commission to provide an adequate level of protection for personal data. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
Where we use service providers, we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
Where we use a service provider based in the US, it will be covered by the Privacy Shield which requires it to provide a similar level of protection to that in Europe to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data outside the EEA.
The transmission of information via the internet is not completely secure. Although we will use our best endeavours to protect your personal data, we cannot guarantee the security of your data transmitted to the Website and any transmission is at your own risk. Once we have received your information, we will use suitable procedures and security features to try to prevent unauthorised access.
Uses Made of the Information
We (and where applicable our group companies) use information held about you in the following ways:
to ensure that content from the Website is presented in the most effective manner for you and for your computer;
to correspond with you to address any queries you may raise or otherwise in connection with our relationship with you;
to carry out our obligations arising from any contracts entered into between you and us;
to make and receive payments;
to administer our business and operations, and our commercial relationships with those with whom we do business;
to use data analytics to improve the Website, products/services, marketing, customer relationships and experiences; and
to provide you with information regarding our products or services that you request from us or which we feel may interest you, including, if consent is required by law, where you have consented to be contacted for such purposes;
to bring and defend legal claims; and
for our record-keeping and hosting purposes and in connection with the back-up and restoration of our systems.
If we use your data for marketing purposes, we will: i) where required by law, inform you before collecting your data and request your consent or provide you with the opportunity to opt out; and ii) in any event stop doing so on request. You can exercise your right to prevent such processing by contacting us at email@example.com or by clicking “unsubscribe” on any marketing emails you receive from us.
Disclosure of Your Information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006, from time to time. For example, group companies may share hosted servers for the storage of their data. Likewise, personal data may be shared between group companies to achieve organisation-wide goals (for instance, ensuring that the appropriate group company is able to respond to your enquiry).
We may disclose your personal information to our third party service providers, in particular those:
who are our advisers, such as insurers, legal or professional advisers, to take advice and manage legal disputes;
who provide us with hosting services;
who provide us with analytics services in relation to the use of the Website;
who provide us with email, marketing and customer relationship management services;
who work for us as consultants or freelance personnel, where their duties involve handling the relevant personal information;
who provide us with logistics and fulfilment services;
who provide us with payment processing services;
who provide us with fraud protection, credit risk reduction or debt recovery services; or
who are designated by you for purposes designated by you (for example, if you ask to be introduced to one of our distributors in our region).
We do not allow our appointed data processors to use your personal information for their own purposes. We only permit them to use your personal data for specified purposes, in accordance with our instructions and applicable law.
We may disclose your personal information if all or the relevant part of our business is acquired by a third party, in which case personal data held by us about our customers will be one of the transferred assets;
We may disclose your personal information if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms of Service or any other terms or agreements.
Some of our group companies, and the third parties to whom we may transfer your personal data, discussed above, may be located outside the EEA or may transfer your personal data to their own service providers located outside the EEA. If so, then we will ensure that transfers by our appointed data processors will only be made lawfully (e.g. to countries in respect of which the European Commission has made an “adequacy decision”, or with appropriate safeguards such as the use of standard clauses approved by the European Commission or the use of the EU-US Privacy Shield). You may contact us if you would like further information about these safeguards.
Automated decision-making takes place when an electronic system uses personal information to make a decision without human intervention.
where it is necessary to enable us to deliver decisions within a shorter time frame and improve efficiency, and appropriate measures are in place to safeguard your rights; and
in limited circumstances, with your explicit written consent and where appropriate measures are in place to safeguard your rights.
We may automatically direct any enquiry you send to us to the most appropriate team within our group of companies based on the location of your IP address. We do this automatically, and without human intervention, to enable us to process and deliver a response to your enquiry within a shorter timeframe and to improve our efficiency at responding to your enquiry. This does not affect your legal rights.
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making, unless we have a lawful basis for doing so and we have notified you.
Purposes for Which We Process Your Data and the Legal Basis for Doing So
We have set out below, in table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data on more than one legal basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where more than one basis has been set out in the table below.
Purpose/ActivityType of DataLegal Basis for Processing, including Basis of Legitimate Interest
To ensure that content from the Website is presented in the most effective manner for you and for your computerInformation that you provide by filling in forms on the Website or otherwise by contacting us using the Contact form provided on the Website, and details of your visits to the Website including, but not limited to, traffic data, location data, files downloaded, weblogs and other communication data.(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business, to inform our marketing strategy, for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); and
(b) Necessary to comply with a legal obligation
To correspond with you and to address any queries you may raise through our Website or otherwise or otherwise correspond in connection with any actual or potential business relationship we may have with youContact information, including information that you provide by filling in forms on the Website or otherwise by contacting us, and copies of your correspondence with us.
This information may include your name, address, date of birth, email address and any other information you provide to us when contacting us (including any special categories of personal data).(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to address our customers’ concerns and queries);
(d) Necessary for our legitimate interests, namely properly administering our business and communications, and developing our relationships with interested parties.
To carry out our obligations arising from any contracts entered into between you and us
Contact information, including information that you provide by filling in forms on the Website or otherwise by contacting us, and copies of your correspondence with us. This information may include your name, address, date of birth, email address and any other information you provide to us when contacting us (including any special categories of personal data).
Documents featuring personal data, such as purchase orders, proposals,, contracts and the like.
Performance of a contract with you
To make and receive paymentsContact details, payment account details and transaction details, including associated documents and correspondence.(a) Performance of a contract with you; or
(b) Necessary for our legitimate interests (to make and receive payments)
To use data analytics to improve the Website, products/services, marketing, customer relationships and experiencesInformation relating to your visits to the Website including, but not limited to, traffic data, location data, files downloaded, weblogs and other communication data.Necessary for our legitimate interests (to define types of customers for our products and services, to keep the Website updated and relevant, to develop our business and to inform our marketing strategy)
To provide you with information regarding our products or services, news or updates that you request from us or which we feel may interest youInformation that you provide by filling in forms on the Website, at trade shows or otherwise, or by contacting us, or information which we receive from third parties, and copies of your correspondence with us. This information may include your name, address, and email address.(a) Necessary for our legitimate interests (to develop our products/services and grow our business); or
(b) your consent, where required by law.
Ensuring visits to our premises are properly documented and safe, ensuring the integrity of secure areas.Visitor information, such as vehicle registration number, contact details, role, the purpose of your visit, together with CCTV images or footage if you enter any secure area where CCTV is used.Necessary for our legitimate interests (ensuring the safety and security of our premises).
Necessary to comply with legal obligations in relation to health and safety.
To carry out our duties as an employer, and to administer benefits offered to our employees.Information relating to our employees’ families, next-of-kin or nominated beneficiaries.Necessary for our legitimate interests (administering benefits packages).
Necessary to comply with legal obligations.
Record-keeping and hosting, back-up and restoration of our systemsAny personal dataNecessary for our legitimate interests (ensuring the resilience of our IT systems and the integrity and recoverability of our data).
For the purposes of bringing and defending legal claimsAny personal dataNecessary for our legitimate interests (being able to conduct and defend legal claims to preserve our rights and those of others).
For the purposes of legal compliance (e.g. maintaining tax records, product sales records)Any personal dataNecessary to comply with a legal obligation
Where we have a legal basis to use your personal data without consent (as we have described above), this policy fulfils our duty to process personal data fairly and lawfully and in a manner that you would expect given the nature of our relationship with you, by giving you appropriate notice and explanation of the way in which your personal data will be used.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent, you consent to our use of that personal data for the purposes covered by the specific consent that you have given. For example, in some circumstances we may have asked for your consent to processing your personal data for marketing purposes.
As mentioned above we may send and present you with marketing information about us such as news, events and products and services which we think may be of interest to you.
We will not provide your personal data to third parties so they can use your personal data for marketing purposes.
Security of Information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know it. They will only process your personal data on our instructions and where they are subject to a duty of confidentiality.
Retaining Your Information
We will retain the information we receive and collect about you for a period which is reasonably required for us to use it in accordance with this Policy or in accordance with our legal rights and obligations.
You have rights under data protection law – they are complex, and subject to exemptions, and you can read guidance from the Information Commissioner’s Office (ICO) at ico.org.uk for a fuller explanation of your rights. In summary:
the right to access: you have the right to confirmation as to whether or not we process your personal data and, where we do, to access the personal data, together with certain additional information;
the right to rectification: you have the right to have any inaccurate or incomplete personal data about you rectified or completed;
the right to erasure: in some circumstances you have the right to the erasure of your personal data (for example, if the personal data is no longer needed for the purposes for which it was processed or if the processing is for direct marketing purposes);
the right to restrict processing: you have the right to restrict the processing of your personal data to limit its use. Where processing has been restricted, we may continue to store your personal data and will observe the restrictions on processing except to the extent permitted by law;
the right to object to processing: you have the right to object to our processing of your personal data on the basis of legitimate interests (discussed above) or for direct marketing purposes and if you do so we will stop processing your personal data except to the extent permitted by law. For example, if you have given your consent to receive team updates or other marketing communications, but have changed your mind, you have the ability to opt out from receiving such communications going forward by contacting us using the details provided below or by clicking the relevant link in any communications you receive.
the right to data portability: you have the right to receive your personal data from us if the legal basis for our processing is the performance of a contract with you, and such processing is carried out by automated means; and
the right to complain to a supervisory authority: if you consider that our processing of your personal data is unlawful, you have a legal right to lodge a complaint with the ICO.
The Website may contain links to and from the websites of our partner networks, advertisers, or other third parties, including links to our social media pages hosted by third-party providers, such as LinkedIn, Facebook, Twitter, Google and YouTube. If you follow a link to any of these websites, please note that these websites are operated by third parties and have their own privacy policies governing the use of any personal data you submit through them. We do not accept any responsibility or liability for the use of your personal data by those third parties or under or in connection with those privacy policies. Please check those policies before you submit any personal data through those websites.
If you have any concerns about material which appears on the Website, or any questions or comments regarding this Policy, please contact us at firstname.lastname@example.org or by recorded delivery to our postal address at Brook Hill, Woodstock, Oxford, OX20 1TU, United Kingdom or use the “Contact” form on the Website at by clicking here.
Last update December 2018.