NYMAS Group Privacy Policy
Last updated: 25 April 2024
Our commitment to you
This privacy policy is issued by NYMAS Group (“we”, “our” or “us”) and is addressed to individuals accessing and using our website and our services (“you”, “your”).
At NYMAS Group we understand the importance of trust in our relationships with you. We therefore take our legal responsibilities regarding your personal data as set out in the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended (PECR) very seriously.
Personal data is any information that identifies you, for example your name, your email address, phone number or IP address.
We want you to understand what personal information we may collect about you when you interact with NYMAS Group via our website www.nymas.co.uk, or by contacting our colleagues via email or telephone.
Please read this privacy policy carefully as it contains important information about who we are, what personal data we collect and how we use it in connection with your interactions with us. It also contains details as to our obligations and your rights.
This privacy policy explains:
Who the Data Controller is;
What personal information we collect about you;
On what basis we use your personal information;
The activities for which we process your personal data;
How long we keep your personal information;
With whom we may share your personal information;
Information about international transfers;
How we protect your personal information;
Your rights regarding your personal information;
What to do if you don’t want to provide us with your personal information;
Methods to contact us if you have any concerns or questions;
Changes to this privacy statement from time to time.
Who is the Data Controller?
NYMAS Group, a corporate partnership, whose partners are FA & JF Co Ltd (company number 08361741), Amaryllis House Ltd (company number 08364729) and Nymack Ltd (company number 08361501) with registered offices at Royce House, Royce Avenue, Billingham, TS23 4BX, registered in England and Wales, is the controller of your personal data.
What personal information do we collect?
We collect your personal information through your interaction with our colleagues, and specifically we collect the following personal information when you interact with this website via:
Our “Contact” form:
Identity Data: your full name, your organisation
Contact Data: your email address, your preferred contact number
Communications Data: your reason for the enquiry and any information provided by you in your message to us, which may include Health Data (if provided by you)
Our “Careers” section:
Identity data: your full name
Contact data: your email address
Communications Data: the type of role you are looking for, your CV
In addition, for all interactions with our website we collect Technical Data such as device and online identifiers as set out in the Cookie Policy which can be found on our website.
On what basis do we use your personal information?
To collect, use, store and transfer your personal data, we have to ensure that there is a lawful basis for this. The individual lawful bases that may apply are set out below:
Consent: you have specifically given us permission, provided that we have informed you on what you are consenting to, that your consent is freely given and unambiguous;
Contractual obligations: we require your personal data for the performance of a contract (for example contacting you in relation to the delivery of an order)
Legitimate interests: we require your personal data to enable us to run our business, which we can only do where we have assessed that risk to your personal data is limited; (for example to make you aware of information relating to products or services that you currently buy on a regular basis from us)
Compliance with legal or regulatory obligations applicable to us: it is important to us that we are able to comply with laws, regulations and guidance, as well as other valid requests or demands for data as set out here.
The activities for which we use your personal data as a Data Controller:
| Activity | DataType(s) | Lawful Basis/Bases |
| Our day-to-day operations (customers) | Identity Data, Contact Data, and Communications Data | We have a legitimate interest to process this data to carry out our core business activities. We also rely on contractual obligations to fulfil the contracted goods deliveries. The transactions are typically on a business-to-business basis. |
| Our day-to-day operations (suppliers) | Identity Data, Contact Data, and Communications Data | We have a legitimate interest to process this data to carry out our core business activities. We also rely on contractual obligations to fulfil the contract with our suppliers. The transactions are typically on a business-to-business basis. |
| Responding to your enquiries or requests for a quote submitted by you via the “Contact” section | Identity Data, Contact Data, and Communications Data | We have a legitimate interest to ensure that we can handle your request in a way that meets your expectations. We may also rely on our contractual obligations if your enquiry is in relation to a contract with us. |
| Recruitment | Identity Data, Contact Data, and Communications Data | We have a legitimate interest to ensure that the recruitment process is followed and that we can grow our business. |
| Marketing | Marketing Data | We may send marketing materials to you and process your marketing preferences on the basis of your consent or our legitimate interests. Please note that you can at all times unsubscribe from any of our newsletter that you have subscribed to by either clicking on the unsubscribe link or by contacting: marketing@nymas.co.uk |
| To customise, administer and improve our website, troubleshoot and analyse data of website visits | Technical Data | We have a legitimate interest to provide our website visitors with the best possible user experience. |
| To comply with valid requests from regulators or other official bodies of authority, and for litigation case management and evidentiary purposes. | All types of data as described above | To comply with our legal and regulatory obligations, including but not limited to HMRC and for our legitimate interests to manage legal proceedings and to defend us against possible civil claims or regulatory enforcement action. |
| We may need to share your personal data with members of our group and third parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency. In such cases information will be anonymised where possible and only shared where necessary | Identity Data, Contact Data, Marketing Data, Communications Data |
Depending on the circumstances: To comply with our legal and regulatory obligations, including but not limited to the Companies Act 2006 and TUPE, as relevant. In other cases, for our legitimate interests or those of a third party, i.e. to protect, realise or grow the value in our business and assets. |
| Protecting the security of systems and data | Technical Data |
To comply with our legal and regulatory obligations, including but not limited to PECR. We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests or those of a third party, and to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us. |
| Protecting our premises for the purpose of crime prevention by way of the use of Closed Circuit Television (CCTV) | Identity Data | We have a legitimate interest to ensure the safety and welfare of our colleagues and to protect the assets of our business. |
The activities for which we use your personal data as a Data Processor:
| Activity | DataType(s) | Lawful Basis/Bases |
| Deliveries to end-consumers | Identity Data, Contact Data, and Communications Data | We are a Data Processor for a number of our business partners who are the Data Controllers for this personal data and who share the personal data with us to enable us to deliver goods directly to end-consumers on the Data Controllers’ behalf. We have appropriate contractual arrangements with the Data Controllers in place that govern the processing of this personal data. |
How long will we keep your personal information?
We adhere to the principles of data avoidance and data economy. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated herein or as provided for by various storage periods provided for by law. After discontinuation of the respective purpose or expiration of these deadlines, the corresponding data will be routinely and in accordance with the statutory provisions blocked or deleted.
In connection with legal action or a regulatory investigation involving NYMAS Group or any of our companies in our group we will always keep your personal information for the period required by law and where we need to do so. Otherwise, we keep your personal information where you have contacted us with a question or request, for as long as necessary to allow us to respond to your question or request.
Taking into consideration all our legal obligations to retain information for contract, audit, regulatory and tax purposes, we also regularly review the length of time we retain your personal data and consider the purpose or purposes for which we hold it.
Sharing your personal information
Where permitted or required by law, we may share your personal information with trusted third parties such as:
| Category | Examples | Main Purpose |
| Professional advisers | Insurers, legal advisers, | To enable us to resolve a claim made by you or in which you have been involved |
| Fractional Directors | CFO, Marketing Director | To enable the advisor to provide appropriate business advice and make decisions |
| Auditors | Annual statutory accounts auditor | To enable auditors to verify authenticity of information provided |
| HR Service providers | Payroll Bureau, Compliance advisory, | To allow the provider to carry out their contracted services |
| Third parties in connection with re-organisation of our business | Prospective buyer | To share relevant information to enable us to continue services during and after corporate transaction |
| Law Enforcement Authorities | Police | For any vital interest to address health concerns or to prevent crime |
In the event that your personal data is shared with third parties, we ensure that this is shared safely and securely, and that it is limited to the personal data that is strictly required for the purpose.
International transfers
We are based in the United Kingdom (UK), and we typically do not transfer your personal data outside the UK and EEA.
Depending on computer systems utilised by third parties with whom your personal data may be shared from time to time, your personal data may be transferred to organisations and stored in countries outside of the UK or EEA. We have appropriate contractual arrangements in place with relevant third parties to ensure that in case of such transfers of your personal data to countries outside the UK or EEA, your personal data is protected to the same high standard as required under the UK GDPR and Data Protection Act 2018.
Protecting your personal information
We use a variety of technical and organisational security measures such as time limited PC passwords, physical access fobs and two-factor authentication on relevant systems (EG: Oracle NetSuite, Sharepoint system) to help protect your personal information from unauthorised access, use, disclosure, alteration or destruction in line with applicable data protection and privacy laws.
Before we share your personal information with third parties, we will put in place a written agreement which commits the third party to keep your information confidential, and to put in place appropriate security measures to keep your information secure.
In addition, we have relevant internal policies and procedures in place and our colleagues are aware and ensure that that your personal data is handled safely and securely.
Please note that the transmission to us of information via the internet or a mobile phone network connection may not be completely secure and any transmission is at your own risk.
Your rights regarding your personal information
You have several rights regarding the processing of your personal data. You have the right:
- To withdraw consent: If you have consented to receive email alerts from us with news and updates or have engaged in any other activity with us for which we have asked you for your consent, you have the right to withdraw your consent at any time. In respect of the news and update email alerts, you can withdraw your consent by using the “Unsubscribe” option in the email or you can contact us on marketing@nymas.co.uk to notify us of any withdrawal of consent.
- Of access to your personal data: You have a legal right to see a copy of the personal data that we keep about you, subject to certain exemptions.
- To rectify inaccurate or incomplete personal data: You can ask us to correct any data which is inaccurate or incomplete.
- Of erasure of your personal data: you can ask us to delete your personal information (with the exception of us being required to keep it to comply with a legal obligation).
- To restrict processing of your personal data: We will retain enough information to enable the restriction but will not process any further personal data, until and unless we lift the restriction (of which you will be informed).
- To object to processing of your personal data: you can stop or prevent us from using your data (in cases where we are using it with your consent or for our legitimate interests).
- To move, copy or transfer your personal data (data portability): Please contact us if you would like us to transfer your personal data electronically to another organisation.
Please note that the above-mentioned rights, with the exception of the right to withdraw your consent (in general) and to object to processing of your personal data (for the purpose of email alerts), are not absolute. Under certain conditions, we may refuse to comply with your request to exercise the above-mentioned rights. If we refuse your request, you will be informed of the reasons for refusal.
In accordance with applicable data protection legislation, we follow security procedures when we process your personal data. We may therefore request proof of your identity before disclosing certain information to you or acting on any rights requests.
We will respond to your rights request within one calendar month of receipt of all documents required to fulfil your request (for example valid ID). In cases where the request is complex or if you make several requests, we may require up to two additional months but we will ensure that we will inform you of this within the first month of a validly received rights request.
What if you do not want to provide us with your personal information?
Where you are given the option to share your personal information with us, you can always choose not to do so.
If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations. This could mean that you may be unable to make use of the services and products offered by us.
Complaints
You always have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) if you have any concerns with regard to the way in which we process your personal data. Their contact details can be found on their website www.ico.org.uk or by telephone: 0303 123 1113.
We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Contact Us
If you have any questions or requests regarding this privacy policy, or if you would like to exercise your rights, please contact NYMAS Group using the contact information below:
Royce House, Royce Avenue, Billingham, TS23 4BX
Tel +44 (0)1642 710 719
Email: sales@nymas.co.uk
Alternatively, you can contact our Data Protection Manager by emailing: marketing@nymas.co.uk.
Updates to this privacy policy
This privacy policy was last updated on 25 April 2024 and may be amended again in whole or in part, at any time and without prior notice. You should review this Privacy Policy (including the Cookies Policy) regularly as we may amend it from time to time, and as you are bound by any changes we make to this policy from the date of the change. We will post any amendments on our website to keep you up to date.