ROCK are committed to protecting and respecting your privacy.
In the event that you provide information through our website this policy sets out the basis it will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
What information we may gather
We may collect the following information from you:
- Name and job title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information relevant to customer surveys and/or offers
This could be collected through:
- Information that you provide by filling in forms on our site (http://www.rock.co.uk/). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information when you enter a competition or promotion sponsored by ROCK and when you report a problem with our site.
- If you contact us, we may keep a record of that correspondence.
- We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
How we use the information gathered
We use the information gathered about you in a variety of ways:
- To keep our internal record keeping up to date
- To improve our products and services
- To periodically send you promotional emails about new products, special offers or other information which we think you may find interesting, where you have consented to be contacted for such purposes.
- From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may use the information to customize the website according to your interests.
- To carry out obligations arising from any contracts entered into between you and us
- To notify you about changes to our service.
How we protect your information gathered
We are committed to keeping your information secure. We take reasonable steps to protect data from unauthorized access or disclosure by implementing suitable physical, electronic and managerial procedures.
Cookies are small pieces of information that are transferred to your browser and stored on your computer’s hard drive.
Please note that cookies can't harm your computer. You can manage these small files yourself using the help available with the browser you are using to access the Internet. Typically, you can find these settings in the Tools or Options tab of your browser, under the heading ‘Privacy’.
We're giving you this information as part of our initiative to comply with recent legislation, and to make sure we're honest and clear about your privacy when using our website.
There are two types of cookie you may encounter.
First party cookies: these are our own cookies with our domain name.
When you visit ROCK.co.uk, we may place a number of cookies in your browser. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. You can find out more about each cookie by viewing our current cookie list. We update this list quarterly, so there may be additional cookies that aren’t yet listed.
Each cookie serves one of four different purposes:
1. Essential cookies
These first party cookies allow you to use a feature of ROCK.co.uk, such as:
- Staying logged in
2. Analytics cookies
These cookies track information about how ROCK.co.uk is being used so that we can make improvements and report our performance. We might also use analytics cookies to test new ads, pages, or features to see how users react to them. Analytics cookies may either be first party cookies or third party cookies.
3. Preference Cookies
These first party cookies store your ROCK.co.uk preferences, such as:
- Language preference
4. Ad targeting cookies
These third party cookies are placed by advertising platforms or networks in order to:
- Deliver ads and track ad performance
- Enable advertising networks to deliver ads that may be relevant to you based upon your activities (this is sometimes called “behavioural” or “targeted” advertising)
Third party cookies: these are cookies using a third party domain name.
We do not use any third party cookies.
Links to other third party websites
ROCK is not responsible for the privacy policies of third party sites linked to from our site, such as partners, customers and social networking services.
the Right to Object
We acknowledge that one of the main rights of the individual (data subject) under the GDPR, is the right to object. The data subject has the right to object to:
- Processing based on legitimate interests or for the performance of a task in the public interest / exercise of official authority (including profiling);
- Direct marketing (including profiling); and
- Processing for the purposes of scientific / historical research and statistics.
We will only process personal data for the performance of a legal task or for our legitimate interests. A data subject must have an objection on “grounds relating to his or her particular situation”. Should we receive such an objection, we will immediately stop processing the data unless:
- There are demonstrable, compelling and legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject, or
- The processing is for the establishment, exercise or defence of legal claims.
We will cease to process any data for the purpose of direct marketing as soon as we receive any objection to doing so. We acknowledge that there are no further circumstances under which there are any exemptions or grounds to refute this objection.
We are committed that the processing and storage of any personal data and/or sensitive personal data provided by you or about you, is at all times handled in accordance with the Data Protection Act 1998 (DPA) and the General Data Protection Regulation (GDPR).
Under the DPA you have the right to request that we do not use your personal data for marketing purposes.
You can do this in one of two ways:
- Whenever you are asked to fill in a form on the website, you can click the box to indicate that you do not want the information to be used by anybody for direct marketing purposes.
- if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at firstname.lastname@example.org
Further to this, the GDPR provide the following rights to the data subject to who the personal and/or sensitive personal data relates:
- The right to be informed – Through this privacy notice we inform you what information we may gather, how we may use it and your rights.
- The right of access – If an individual makes a written request, we will inform them within one month, free of cost; whether any personal data is being processed, a description of the nature of the data and the reason why it is being processed, along with whether it will be given to any other organizations or people.
- The right to rectification – Where we are informed that any personal data is either inaccurate or incomplete, within one month we will amend our records accordingly and advise any third parties to whom, with your agreement, this data has been shared with.
- The right to erasure – If requested by the data subject, we will stop processing and erase data; where it is no longer necessary in relation to the purpose it was collected, the data subject withdraws consent, the data subject objects to processing (and there is no overriding legitimate interest for continuing processing), if the personal data was found to be unlawfully processed (in breach of GDPR), or where data has to be erased in order to comply with a legal obligation.
- The right to restrict processing – We will restrict processing of personal data where requested. In this instance we will store the personal data, but not process this any further. We will only retain enough information about the data subject to ensure the restriction is respected in the future.
- The right to data portability - We acknowledge the right of the data subject to obtain and re-use their personal data for their own purposes.
- Rights in relation to the automated decision making and profiling – We acknowledge the data subject’s rights in this area, however ROCK are exempt from this as per article 22 of the GDPR as we do not use any form of automated decision making or profiling.
We will not sell, distribute or lease your personal information to third parties unless we have your prior consent or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
Access to information
The Data Protection Act 1988 gives you the right to access information held about you by us. If you would like a copy of the information held on you please write to: ROCK, 27-28 Old Field Road, Bocam Park, Pencoed, CF35 5LJ.
Should any subject access requests submitted be manifestly unfounded or excessive, then ROCK may (in line with GDPR) either; charge a reasonable fee (taking into account the administrative costs of providing the information) or refuse to respond. Where a decision is taken to refuse to respond to a request, the individual will be provided with an explanation for the decision along with details of their rights to complain to the supervisory authority and to a judicial remedy. This will be provided without undue delay and at latest within one month from receipt of the request.
This policy was last updated: July 2018