Alliance (“the Company”) is committed to respecting and protecting privacy and personal data in line with the Data Protection Act 1998 and General Data Protection Regulation 2016. The Company respects its duty to process such data fairly, lawfully and in a transparent manner. This policy outlines how we use the information we collect, how you can instruct us to limit the use of such information and the systems we have in place to safeguard data security and individual rights to privacy.
Who are we?
Alliance Disposables has been established across the UK since 1999 and is now one of the market leaders in England, Wales and Scotland in the provision of Janitorial, Hygiene and Kitchen Supplies to the Hospitality, Catering and Healthcare sectors. We operate nationally as Alliance National, via 11 local branches as Alliance Local, and using our online platform Alliance Online.
What type of information is collected from you?
Alliance is committed to collecting only the data necessary for us to provide the best possible service to our customers. This includes personal information such as names, email addresses, postal addresses and telephone numbers necessary for us to fulfil the requested service and to communicate with you on matters of legitimate business interest.
How is your information used?
Alliance is committed to ensuring that your personal data is used on a fair and lawful basis. The information provided to us will be used to process requests including the delivery of goods and services, fulfillment of catalogue request and provision of other relevant marketing materials in order to keep you informed. From time to time the company may use aggregate information in order to improve the services we offer. In such cases no information which could be used to identify an individual will be used.
Alliance is committed to respecting the privacy and data rights of individuals in line with the General Data Protection Regulation (GDPR). We recognise the right of any individual to opt in or out of communications, including altering marketing preferences, at any time.
The accuracy of the information we hold is important to us. The Company endeavors to hold only accurate data that is necessary for a service.
Alliance respects the right of the individual to contact the Information Commissioners Office, the UK’s independent authority set up to uphold information rights in the public interest, in the event of any concerns.
Who has access to your information
On occasion carefully selected subcontractors, who act as Data Processors, are used to manage the marketing and transactional data of our online customer base for the purpose of ensuring we post our relevant mailers to our customer base. In such cases Alliance continues to act as the Data Controller and is committed to ensuring that all subcontractors are compliant with GDPR regulations and that appropriate confidentiality agreements are in place.
Alliance will not disclose an individual’s data to third parties for the purpose of acting as Data Controller without obtaining the individual’s consent to share such information. In cases where such consent does not exist, information will only be disclosed by the Company it is required to do so by law.
Transfer of Data Outside of the European Economic Area
Alliance operates within the European Economic Area with our headquarters located in Crewe, England. In the event that personal data needs to be transferred to a country outside of the EEA for customers supply in the normal course of business, Alliance will liaise with customers to ensure that the transfer of data from exporters to importers is appropriate.
Subject Access Requests
The Company respects the rights of an individual to ask for a copy of the information that we hold about them. Any such requests will be carried out in line with the guidance outlined in the General Data Protection Regulation 2016. Data subject access requests will be managed by one of our company directors in cooperation with the Company’s assigned data protection officer, Andrew Reddy.
Alliance will endeavor to work with the data retention requests of individuals and respects the ‘right to be forgotten’. In the absence of specific data retention policies being provided, Alliance will ensure personal data is deleted within 18 months of it no longer being required for normal business operations. The system has automated removal of redundant information after 18 months or within 48 hours if requested.
The Company’s cyber security is managed by an external provider, Greystone, and we have full time employees in this area.
Alliance takes online security very seriously. In operating our Alliance Online platform, our priority has always been to ensure that all transactions made are highly secure and that customers feel confident that their data remains safe. For this reason, we have opted for Sage Pay as a secure online payment system. All transaction information passed between Alliance Online and the Sage Pay system is encrypted using 128-bit SSL certificates. No cardholder information is passed unencrypted and any messages sent to customer’s servers from Sage Pay are signed using MD5 hashing to prevent tampering. Customers can be completely assured that no information they pass to Sage Pay's servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Alliance do not store any credit card data on our servers, we simply collect, or capture the credit card details in a secure environment and securely send these to Sage Pay.
You can tell whether a page is secure as 'https' will replace the 'http' at the front of the www.allianceonline.co.uk in your browser address window. A small locked padlock will also appear in your browser - you will see this when you enter your personal and credit card details at our secure checkout.
If you click on the padlock you can view our certificate information including who the certificate was issued by and the valid to & from dates.
To order products on allianceonline.co.uk, you need to have cookies enabled. If you do not wish to enable cookies, you will still be able to browse the site and use it for research purposes. Most web browsers have cookies enabled.
Please note that cookies cannot harm your computer. We do not store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors, or to determine relevant related products to show you when you are browsing in order to enhance your experience.
To make full use of the online shopping and personalised features on allianceonline.co.uk, your computer, tablet or mobile phone will need to accept cookies, as we can only provide you with certain personalised features of the website by using them.
Our cookies do not store sensitive information such as your name, address or payment details: they simply hold the 'key' that, once you are signed in, is associated with this information. However, if you would prefer to restrict, block or delete cookies from allianceonline.co.uk, or any other website, you can use your browser to do this.
Responsibilities for the Implementation
All staff are expected to respect privacy requirements and appropriately handle personal data on behalf of the company. These responsibilities must be maintained at all times including outside of normal business hours and beyond termination of employment in order to respect individuals’ right to privacy.
The Company’s assigned data officer for the purpose of GDPR compliance is Andrew Reddy.
Any breach of responsibilities related to data protection and privacy will be handled by the senior management team.
Overall responsibility for this policy and its implementation lies with the Directors.
This policy will be reviewed annually or in line with developments in knowledge and changes in relevant privacy legislation.