This is a fair processing notice addressed specifically to our perspective and existing clients, suppliers and financial institutions we might use to perform our contract. We have a separate fair processing notice to different categories of people we hold personal data on, please contact Ronly’s DPO for more information.
Company name – RONLY LIMITED, having its number 06253273, incorporated on 21 May 2007, having its address at 3rd Floor 201, Haverstock Hill, London, NW3 4QG (hereinafter referred to as “we”, “us”, “company” or “data controller”). Contact details are firstname.lastname@example.org, number is +44(0)20 7433 0400. Data Protection Officer is Elena Armashova, In-House Legal Counsel at Ronly Limited, at email@example.com, direct phone is +44(0)20 74330460.
We are a data controller for the purposes of the General Data Protection Regulation, but we can also process your data or transfer it to data processors on basis of a legal contract with them.
The categories of personal data concerned are as follows: identification data (your name, address, phone number, e-mail, position in the company), credit and bank history, reputation.
We will process your personal data in the following ways, including, but not limited to: collecting, recording, organising, storing, using, disclosing, disseminating.
You need to provide us with your data for such purposes as: a) having a commercial relationship with you and being able to perform a contract with you (for example, if you bought from us, we will not be able to deliver), b) administering the contract we have entered into with you, c) conducting internal business management and planning, including accounting and auditing, d) conducting performance reviews, managing performance and determining performance requirements; e) preventing fraud; f) compliance with anti-money laundering law, 3rd party bank compliance requests, Ronly’s internal “know your client” procedures; g) dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work.
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
The nature of processing: we need to process your personal data for the purpose of trading in commodities markets.
The legitimate basis for our using, storing or processing of your personal data is as follows: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; processing is necessary for compliance with a legal obligation to which the controller is subject; processing is necessary for the purposes of the legitimate interests pursued by the controller.
If we are storing, using or processing your personal data on the legal basis of legitimate interest, this legitimate interest will be for us either to perform a contract or if you requested us not to contact you, to move your personal details to a blacklist.
The categories of your personal data recipients would mainly be for the purposes of performing commodities sale and purchase contracts with you (recipients include, but are not limited to charterers, banks, inspection companies, our subsidiaries, representative offices and holding companies, trading partners).
We shall provide you with a copy of the personal data undergoing processing. For any further copies requested by you, we may charge a reasonable fee based on administrative costs. Where the request is made by electronic means, and unless otherwise requested, the information shall be provided in a commonly used electronic form.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will store your personal data for the period of performing our contract with us, for the period until you withdraw your consent or for 3 years after our last business relationship with you (last shipment or payment or bid/offer), whichever is longer.
We are required to provide your data to data processors, such as insurance companies, our trade partners or suppliers, charterers, banks within EU or outside of the EU (EEA) for purposes of performing a contract between us and you on the basis of the EU and England and Wales Law.
If we transfer your data to the countries considered non-adequate by the data protection legislation, we would enter into an EU Model Contract with such data controller or processor. We will endeavour and use all efforts to comply with Articles 44-50 of the General Data Protection Regulation when transferring your data. To receive a copy of any contracts with processors or controllers outside of the EU, please contact DPO of Ronly.
All of our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
We do not use any automated decision-making, profiling or automated processing.
Data security: We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties requiring it for a business purpose. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Your rights in connection with personal information. Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
- To file a complaint with the local data protection authority, Information Commissioner’s Office https://ico.org.uk/.
If we are using your consent as a lawfulness basis for processing, you have a right to withdraw your consent at any time, by e-mailing either Director Ashley Beale or In-house Legal Counsel and Data Protection Officer Elena Armashova.
We would need your explicit and freely given consent to contact you for marketing purposes and to process your data.