Privacy Policy
Privacy Notice
1. INTRODUCTION
Hello, and thank you for stopping by. This Global Consumer Privacy Notice “Notice” explains how your Personal Data is collected, used and disclosed by TORQEN LTD and its subsidiaries, many of which operate under TORQEN, TOMEI by TORQEN UK or other store logos (hereinafter referred to collectively as, “TORQEN” or “we”, “our”, “us”).
2. USEFUL INFORMATION
We have included some information here that may be helpful to you as you read through the Notice.
Our Global Privacy and Data Protection Officer ensures that we are clear and fair about how we use your personal data and comply with any law that may affect your privacy. You can contact the Privacy Officer through email at: privacy@torqen.uk or by mail at: TORQEN, Unit 3 Quarry Court, Quarry Road, Pitstone, LU7 9GW, UK.
You are the consumer, data subject or individual. This can be someone who visits our website or stores, or purchases goods or services from us in person, via phone, in writing, or online. You may also be an owner or employee of a company that we conduct business with.
By personal data (also called data), we mean the information we have gathered about you, either because you’ve given it to us or we’ve collected or generated it. This is information that relates to and identifies you or can be used to identify you, like your name, email address, account data or digital identifiers, like IP address and cookies.
The data controller of your data is the TORQEN legal entity with which you conduct business or interact, many of which operate under TORQEN, TOMEI by TORQEN UK, or other store logos. This means that they decide how and why your personal data is processed.
Processing your data just means anything we do with it – collecting it, using it, storing it, sharing it, and deleting it.
3. SUMMARY CONSUMER PRIVACY NOTICE
We encourage you to read the full Consumer Privacy Notice below, but if you just need a quick view of how we collect and process your personal data, it’s available to you.
3.1 The personal data we collect
We collect and processes a range of data about you. This may include:
- Basic personal data
- Contact data
- Transaction data
- Digital data
- Website usage and other technical data
- Our insights about you based on analytics
- Financial data
- Biometric data
3.2 How we collect your personal data
We may collect or receive your personal data in a number of ways:
- From you directly
- From you indirectly
- From other people
- From monitoring devices
- From publicly available sources
- From sources outside our business
3.3 How we use your personal data
We will only use your personal data where we are permitted to do so by applicable law. We may
use your data:
- To communicate with you
- To provide our products and services to you and otherwise conduct our business
- To ensure we are paid
- For marketing and loyalty programs
- For research and development
- To address claims, issues or concerns
- For safety and security
- To comply with legal or regulatory obligations
- To make changes to our business
3.4 Cookies
When you log onto or browse one of our websites, we may use a cookie file which is stored on the hard drive of your computer. You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do.
3.5 Who has access to your personal data
Personal data may be stored in a range of different places, like your account file and in IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access your personal data to perform their job.
3.6 How we safeguard your personal data
We have technical and organizational measures in place to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorized disclosure and access. You also play a role in safeguarding your data online.
3.7 Cross border transfers of your personal data
Regardless of where you live, we will only transfer your data if we are confident that it will be appropriately safeguarded, for example by using contractual or other measures as required by law.
3.8 How long we retain your personal data
We will retain your personal data for as long as we need to in order to fulfill the purposes outlined in this Notice or as required by law. If we no longer have a business or lawful need to process your personal data, we will either delete or anonymize it where possible.
3.9 Your rights as a consumer
Depending on where you are located, you may have the right to require us to:
- Provide you with further details on how we use your data
- Provide you with a copy of data that we hold about you
- Transfer certain pieces of your data to another company in a common electronic format
- Correct any inaccuracies or incompleteness in the personal data we hold
- Delete any personal data that we no longer have a requirement to use
- Restrict or object to how we use your data
3.10 Challenging compliance and exercising your rights
You can contact privacy@torqen.uk, the legal entity with whom you interact, or your local regulatory authority if you have any questions or concerns about this Notice, or to exercise your rights.
3.11 Country specific information
We’ve added some country specific details about your rights and how to contact your local regulatory data protection authority.
4. FULL CONSUMER PRIVACY NOTICE
We are committed to protecting the privacy and security of all personal data, and to being transparent about how and why we collect and process your data. We update this Notice from time to time and encourage you to revisit to stay informed of how we are using personal data.
In this Notice we cover:
4.1 The personal data we collect
4.2 How we collect your personal data
4.3 How we use your personal data
4.4 Cookies
4.5 Who has access to your personal data
4.6 How we safeguard your personal data
4.7 Cross border transfers of your personal data
4.8 How long we retain your personal data
4.9 Your rights as a consumer
4.10 Challenging compliance and exercising your rights
4.11 Country specific information
4.1 The personal data we collect
Personal data marked with an asterisk (*) may be considered special category or sensitive data.
We collect and processes a range of data about you. This may include:
Basic personal data like your name and if you are a business client your employer and job title.
Contact data like your telephone number and shipping, billing or email address. It may also include any records related to your contact with us, such as the phone number or email address you contacted us from.
Transaction data related to activities you carry out at our physical locations, online services or in the course of carrying out other services we provide to you.
Digital data like your Internet Protocol (IP) address, preferences, operating system and browser type, behavioural and browsing data.
Website usage and other technical data, like details of your visits to our websites, marketing communications and whether you open them or click on links, or data collected through cookies and other tracking technologies.
Our insights like information about products or services we think you may be interested in based on our analytics and customer profiling.
Financial data* like payment related data, bank account details or data required to perform a credit check if you have payment terms with us.
Biometric data* like a recording of your image that may be captured on CCTV if you visit one of our stores or your voice if we record a call when you contact us.
Any other personal data relating to you that you may provide in the course of your business interactions with us.
4.2 How we collect your personal data
We may collect or receive your personal data in a number of ways:
From you directly during the account sign up or application process, or when you interact with us.
From you indirectly when you use our products and services and interact with our website and other online platforms.
From other people like your employer, business associates or beneficiaries of our products and services if you are conducting a business to business interaction with us.
From monitoring devices like CCTV, telephone logs and recordings. We will do our best to make it clear to you that your data is being collected at that time.
From publicly available sources, like company websites or other public platforms like LinkedIn where you have made your data available.
From sources outside our business, which may include other business entities within our group of companies or other strategic business partners
4.3 How we use your personal data
We will only use your personal data where we are permitted to do so by applicable law.
If you live or do business in the United Kingdom (UK) or European Economic Area (EEA), the use of personal data must be justified under one of a number of legal bases. The principal legal bases that justify our use of your personal data are:
- Contract performance: Where your data is necessary to enter into or perform our contract with you
- Legal obligation: Where we need to use your data to comply with our legal obligations
- Legitimate interests: Where we use your data to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights
- Legal claims: Where your data is necessary for us to defend, prosecute or make a claim against you, us or a third party
- Consent: Where you have consented to our use of your data
Regardless of where you live or do business, we may use your data for the following purposes:
To communicate with you
- To contact you for your views on our products and services
- To notify you about important changes or development to our business, products or services
- Where available, to communicate with you in your preferred language UK/EEA Legal bases: Contract performance, legitimate interests
To provide our products and services to you and otherwise conduct our business
- To process your order and manage your account
- To provide you with personalized online experience and tailored communications
- For record keeping purposes
UK/EEA Legal bases: Contract performance, legal claims, legitimate interests
To ensure we are paid
- To process credit card, e-transfer, cheque or other types of direct payments made to us
- To assess the risk of extending you credit through a payment plan
- If you fail to pay us per our contractual terms, to recover what we are owed through debt
collection agencies or taking other legal action
- To issue payments or credit to you as required
UK/EEA Legal bases: Contract performance, legal claims, legitimate interests
For marketing and loyalty programs
- To allow you to participate in our reward programs or loyalty schemes
- To allow you to participate in our roadside assistance program (Canada only)
- To allow us to manage our warranty program
- To keep you informed about the products and services that we offer
UK/EEA Legal bases: Contract performance, legitimate interests; consent
We will provide you with the option to unsubscribe from or opt-out of further marketing communication on any electronic communication sent to you.
For research and development
- To understand how you interact with our stores, shops or website so that we can makeimprovements and service you better
- To understand what you and people or businesses like you require so that we can meet your needs as a consumer
UK/EEA Legal bases: Legitimate interests
We will provide you with the option to unsubscribe from or opt-out of further use of your data for research purposes, or will anonymize your data so that you are unidentifiable.
To address claims, issues or concerns
- To investigate concerns or complaints about or from our employees or customers
- To respond to and defend against legal claims
UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims
For safety and security
- We may use CCTV and other location and recording devices for safety purposes
- We conduct monitoring to protect our customers, employees, authorized visitors, and property
- We may use server log data for security purposes, like detecting intrusions into our network
UK/EEA Legal bases: Legitimate interests, legal obligations, legal claims
To comply with legal or regulatory obligations
- To comply with lawful requests by public authorities, disclosure requests, or where otherwise required or authorized by applicable laws, court orders, government regulations, or
regulatory authorities whether within or outside your country UK/EEA Legal bases: Legal obligations; legal claims; legitimate interests
To make changes to our business
- At any time, we may sell, transfer or assign any or all of our rights to any part of our business, including our interests, rights or obligations regarding your account with us. If we do so, we
may share your personal data with prospective purchasers, transferees or assignees.
UK/EEA Legal bases: Legitimate interests.
There may be unique circumstances where we must process your personal data in the vital interest
of you or another person, or in the public interest. Where we process special categories of data, we
will ensure that we do so only for the allowed legal bases.
4.4 Cookies
When you log onto or browse one of our websites, we may collect data about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies help us to improve our website and to deliver a better and more personalized experience to you. This data is used to analyse trends, to administer the website you are visiting, to track movement around the website and to gather general demographic data about our visitor base. Cookies identify you as a number – no other personally identifiable data will be collected through them.
You can choose to disable cookies by modifying your web browser, however you may be unable to access certain parts of our websites if you do so.
There are four types of cookies that we may use:
- Essential cookies, that help us to distinguish each user of our websites and allow our websites to function as they should
- Functional cookies remember any preferences you’ve set or purchases you’ve made and are there to improve your online experience
- Analytics cookies are analytical cookies that collect anonymous data about how visitors use the website, allowing us to make improvements to ensure our websites are easy to use
- Advertisement cookies are used to provide visitors with customized advertisements based on the websites you’ve visited and how you have interacted with the websites. These cookies
also allow us to track who has visited our website by clicking on our affiliate links
Our advertisers or other third party websites where we post content, like LinkedIn or Twitter, may also use cookies over which we have no control. Please check out the privacy notice on their websites for information about how they use cookies and otherwise manage your personal data.
4.5 Who has access to your personal data
Personal data will be stored in a range of different places, like your account file and other IT systems. Access to files and systems is limited to our employees and the employees of service providers who have a need to access them to perform their role.
Internal access
We take the security of your personal data seriously. We have appropriate policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed by our employees except as required for their job.
- Our group of companies may share your personal data internally to any legal entity within our group of companies
- Sales and Marketing team members who may require access to your personal data to perform general sales, marketing and account management functions- Front Line Workers who may interact with you in person if you visit one of our stores or call our customer service numbers
- Information Technology team members who may require access to your personal data to perform general information technology functions, such as to provide IT support to you,
administration of IT systems and monitoring, analytics, to support the investigation of consumer or employee concerns, or for other purposes as described in this Notice.
- Others, like employees supporting the finance, audit, legal, or other functions, if access to
the data is necessary for the performance of their job
Service providers
Where we engage service providers to process personal data on our behalf, we only use service providers who limit their processing to the purpose described in the agreement and implement appropriate technical and organizational measures to meet the privacy requirements of the jurisdiction in which they are providing the service, and our requirements.
- IT platforms who own or manage the platforms that we use, like for customer management and sales management
- IT services who may perform data analytics and infrastructure provisioning
- Website service providers who perform web hosting, web analytics and integration and other website activities necessary for the purposes described in this Notice
- Order fulfillment service providers from who we ship products you have purchased direct to you, or the couriers used to make the delivery or otherwise fulfill our obligations set our in our agreement with you
- Customer Service providers may be used to support our web chat (where available), issue ticketing or other customer support as required to meet the needs of our customers
- Marketing providers may manage marketing emails, opt-outs or other marketing related activities
- Payment networks who manage our secure payment platform and credit card processing
Third parties
We may share your personal data with our affiliates and partner networks to enable them to serve you better. We may also share your data with a third party in the context of a sale of some or all our business. In those circumstances the data will be subject to confidentiality arrangements.
If you are a business, we may share your contact data like company phone and address (but not your email) with the third parties with which we have a relationship, so they may offer you the services they already provide to us, like uniforms or stationary. We do not sell your data.
You can opt-out of this disclosure of your personal data by contacting us as described in Section 10 – Challenging Compliance and Exercising Your Rights, but it may mean that we can’t provide you with the service you are requesting.
4.6 How we safeguard your personal data
We have technical and organizational measures in place, including but not limited to policies, physical, and technical safeguards, all designed to protect the personal data collected from accidental
or unlawful destruction, loss, alteration, unauthorized disclosure and access.
You can also help us to protect your personal data. If you receive an email that looks like it is from us asking for your personal data, do not respond. We will never request your password, username,
credit card data through email. You should never share your login credentials or password with anyone. Even though we have put mechanisms and procedures in place for the protection of your personal data that are considered effective, because there are bad actors out there, no data transmission (including over the internet or on any website) can be guaranteed to be secure.
4.7 Cross border transfers of your personal data
As a global company, we cannot limit our processing of your personal data to the country where you are based. Your personal data may be transferred outside the country where you are based but only if certain conditions are met.
If you are based in the UK or EEA, your data may be transferred to countries outside the UK or EEA, only if we are confident that the same data protection safeguards that we deploy will be deployed, for example we may take contractual or other measures to ensure that your personal data is protected in accordance with applicable data protection laws.
If you are based in Quebec, you should know that your data may be transferred outside of Quebec for processing, including storage and hosting. The transfer will be preceded by a formal or informal assessment of privacy protection, taking into consideration a number of factors like the sensitivity of the data, the purposes for which it is to be used, the protection measures (including contractual) that would apply to it, and the data protection principles applicable in the jurisdiction.
Data collected within the scope of Website use are hosted by OVH - https://www.ovh.co.uk/aboutus, whose servers are located in the European Union, Canada and the United States. As such, your Data may be transferred outside of the European Union, to the United States for hosting purposes. By using the Website, you agree to your Data being transferred to those servers.
4.8 How long we retain your personal data
Unless a longer retention period is required by law, we will keep your personal data for as long as we need to in order to fulfill the purposes outlined in this Notice. Generally, this means we will keep your personal data so we can respond to your requests when you interact with us in any way, to provide you with products and services or to send you updates on our products and services for as long as you want us to. We are required to keep some records for a longer period of time to meet our legal obligations. When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymize it in accordance with our retention processes wherever possible. We will only use anonymization where we have a reasonable need to retain the data
4.9 Your rights as a consumer
We have summarized your rights in this section and added additional details by country in the “Country specific information” section at the end of this document. You may have the right to require
us to:
- Provide you with further details on how we use your data
- Provide you with a copy of data that we hold about you
- Transfer certain pieces of your data to another company in a common electronic format
- Correct any inaccuracies or incompleteness in the personal data we hold
- Delete any personal data that we no longer have a requirement to use
- Restrict or object to how we use your data
Because your rights vary based on where you are located, if you contact us to exercise any of these rights, we will ask for identification and check your entitlement. We do our best to respond within a month, however it may take us longer than a month if your request is complex. We may also ask you for clarification about your request to speed up our response and to make sure that we meet your needs. If we expect our response to take more than a month, we will let you know. We do not discriminate against consumers who exercise their rights.
In some instances, we may refuse to comply with your request. For example, where the data relates to another individual or where an exception applies, like legal privilege. Remember, if you are a
business customer, we can only share data we hold that is about you as an individual, not business data. If we refuse your request, we will inform you of the reason. You can challenge our refusal.
We want to keep your data accurate and up to date, so if you think any personal data that we hold about you is incorrect or incomplete, please contact us.
4.10 Challenging compliance and exercising your rights
You can make a request to exercise your privacy rights, ask any questions about this Notice or challenge our compliance with applicable privacy laws by contacting the Global Privacy and Data
Protection Officer at privacy@torqen.uk or in writing to: TORQEN, Unit 3 Quarry Court, Quarry Road, Pitstone, LU7 9GW, UK
You have the right to contact your local regulatory authority, but we would like to have the opportunity to address your concern before you do. We have provided you with the details of key
privacy regulators for each country in the “Country specific information” section below.
4.11 Country specific information
Further information about data protection practices, consumer rights and contact information for privacy regulatory authorities is included below for each of the countries in which we operate.
Exercising your rights may be subject to legal or contractual restrictions or regulatory exceptions.
UK / EEA
Your rights
The right of access to your personal data. This enables you to receive a copy of the personal data we hold about you.
The right to rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
The right to erasure of your personal data. This enables you to ask us to delete or remove personal data in the following circumstances where the personal data is no longer necessary for the purpose for which it was collected or where we may have processed your data unlawfully.
The right to restrict processing of your personal data. This enables you to ask us to suspend the processing of your personal data while we review a request to update inaccurate data or while you establish, exercise or defend legal claims.
The right to data portability of your personal data to you or to a service provider in a structured, commonly used, machine-readable format.
The right to object to processing (including profiling) of your personal data where we are relying on a Legitimate Interest (or those of a service provider) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
The right not to be subject to a decision based solely on automated processing, including profiling. You can express your point of view and contest the decision.
The right to object to direct marketing at any time by following the opt-out links on any marketing message sent to you or by contacting us.
The right to withdraw consent at any time. If you have given us consent in the past but subsequently change your mind, you can withdraw your consent at any time.
Exercising your rights should be free of charge, however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
Privacy Regulators
UK – Information Commissioners Office at https://ico.org.uk/global/contact-us; or
EEA – The data protection authority in the European Economic Area where you are located
Your rights
General description of privacy rights
The right to access the personal data we hold and process about you, although there may be some exceptions to what we must provide.
The right to correct inaccurate personal data maintained by us.
The right to submit a request for deletion of personal data under certain circumstances, although there may be legal or other reasons that we will retain your data.
The right of restriction or limitation of processing for the purpose of targeted advertising and to the processing of sensitive data.
The right to data portability, where possible in a readily useable format that allows you to transmit this data to another entity without hindrance.
The right to opt-out of the sale of personal data or sharing with third parties.
The right against automated decision making, to be provided with information about the logic involved in automated decision-making processes and a description of the likely outcome of the process.
Privacy Regulators
California – California Privacy Protection Agency
Colorado – Attorney General
Connecticut – Attorney General
Virginia – Attorney General
Utah – Attorney General
Canada
Your rights
The right to access information regarding the existence, use, and disclosure of personal data held about you.
The right to challenge accuracy and completeness of the information we have provided, and have it amended as appropriate can also be exercised.
The right to be forgotten or deletion is not directly provided in PIPEDA, however the general “limited retention” principle states that personal data that is no longer required to fulfil the identified purposes should be destroyed, erased, or made anonymous.
The right to object to direct marketing is an indirect provision. Generally speaking, we cannot require you to consent to use of your personal data for secondary marketing purposes. In addition, Canada has a strict “anti-spam” law that applies to “commercial electronic message” sent to you and allows you to opt-out of receiving these messages.
The right to withdraw consent to the collection, use and disclosure of personal data. We will inform you of
the consequences of withdrawing consent, if any, when you make the request.
If you are a resident of Quebec, as of September 23, 2023.
The right to data portability in a structured, commonly used technological format.
The right to be informed of decisions made exclusively by automated decisioning and to ask for the personal data used to render the decision, the reasons for the decision, and the right to have the personal data used corrected. You can also ask us to have a person review the decision.
The right to take-down, de-indexing and re-indexing if the dissemination of your personal data contravenes the law or a court order.
The right to deactivation of identification, location or profiling functions when technologies (like cookies) are used to collect personal data.
Privacy Regulators
Canada – Office of the Privacy Commissioner of Canada at https://www.priv.gc.ca/en/contact-the-opc/;
Quebec – Commission d’accès à l’information du Québec at https://www.cai.gouv.qc.ca/english/; or
Other Provinces – The privacy commissioner of your province