Last updated: June 11, 2019
If you do not agree to the following policy you may wish to cease viewing / using this website, and or refrain from submitting your personal data to us.
- Visitors means any person who visits integratedretail.co.uk, as well as any other websites that Vestcom uses and where a link to this policy is included (“the Websites”); and
- Subscribers means any person who is subscribed to the software services that we offer “(the Services”), either through a paid subscription or a trial.
Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, Vestcom, Vestcom UK, iRexM3 or Integrated Retail
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
Key principles of GDPR:
Definition of Personal Data
When we use the term ‘Personal Data’ we mean any information that relates to an identified or identifiable natural person. This includes the obvious data such as a name, business role, business address, email address and phone number, but does not include sensitive information, or data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons.
Third party websites
Responsibility of our Subscribers
We process personal data of our Subscribers’ data subjects only as instructed by these Subscribers. If you are an individual who interacts with a Subscriber using our Services (such as a customer of one of our Subscribers) and would either like to amend your information or no longer wish to be contacted by one of our Subscribers, please contact the Subscriber that you interact with directly.
Our Website and Services are not directed to children under 13, and we do not knowingly collect or store any Personal Data about persons under the age of 13. If we learn that we have collected Personal Data of a child under 13, we will take steps to delete such information from our files as soon as practicable.
Information you provide to us
When you use our Website to download a whitepaper, request a trial or ask any other information, you will be asked to provide contact details and Personal Data which we will then use to deliver the requested information/ service.
If you are using or accessing our Services, whether in connection with a paid subscription or a free trial, we may ask for specific information, such as your name, address, e-mail address and phone number for us to be able to perform our obligations under the terms of these Services. In addition, we may need your payment details to be able to process the payment of your subscription fee.
Technologies used by us
As part of our Services, we use various technologies such as “session” and “persistent” cookies (small data files that we transfer to your computer), web beacons (tiny image files on web pages that communicate information about the page viewer to the beacon owner), log data, and third-party analytics services to collect and analyze information about Visitors or Subscribers.
We use “session” cookies to keep you logged in while you use our Services, to better understand how you interact with our Services, and to monitor aggregate usage and web traffic information on our Services.
We use “persistent” cookies to recognize you each time you return to our Website or Services. For example, we create a persistent cookie that includes some basic information about you, like your most recent search. We use this persistent cookie to remember your preferences and, if you create an account, to make your user experience consistent after you register.
Web beacons, tags and scripts may be used on our Websites, our Services, in e-mails or other electronic communications we send to you. These technologies help us in understanding how our Websites and Services are used, what other websites our visitors have visited and when an email is being opened and acted upon.
Our servers automatically record information (Log Data) created by your use of the Website or Services. Log Data may include information such as your IP address, browser type, operating system, the referring web page, web pages visited, location, your mobile carrier, your computer or mobile device type, search terms and cookie information. We receive Log Data when you interact with our Website or Services, for example, when you visit our websites, sign into our Services, or interact with our email notifications.
Information that we receive from third parties
We may sometimes obtain Personal Data about you from third parties (e.g., Facebook, Twitter, Google) and use it to re-market our Services or provide a more tailored experience with our Services.
How we use the information we collect
We use your personal data for the following purposes:
- To send you communications or documents you have indicated you wish to receive (such as offers, demonstrations, whitepapers, newsletters, marketing materials);
- To call you to ask you if you have any questions about the products or information that you have requested from us;
- To communicate with you via email, telephone, text (SMS), postal services, social media and websites and update you with Vestcom and iRexM3 related news and information or to tell you about products or services that may be of interest to you, if you allow us to do so;
- To respond to your questions or requests for additional information;
- To set up a trial or regular account for our Services;
- To provide our Services to you;
- To manage our customer relationship with you and to provide you with customer support;
- To process payments to us;
- To get a better understanding on how you browse our Website so that we can optimize your searches;
- To research and analyze your use of or interest in our Services and those products and services offered by others;
- To analyze the effectiveness of our Services;
- To help you find the most relevant information by customizing our Services to optimize your experience;
- To perform any additional purposes explicitly described to you at the time of collection and for which we received your consent.
Legal grounds for processing (for individuals residing in European Economic Area (EEA))
If you are an individual residing in the EEA we can only process your personal data if we have a lawful ground to do so (known as Lawful Basis). Depending on the processing activity, we can process your personal data on the following grounds:
- In order to comply with our obligations under an agreement we concluded, for example for the provision of our Services;
- Where you have freely given your active explicit consent have not revoked this consent;
- Where we are pursuing a legitimate interest, which is not outweighed by your fundamental rights or freedoms.
- Pursuant to legal obligation under EU law or the law of a member state of the EU, or in very exceptional cases to protect your vital interests.
Sharing of Information
Information that we share with third parties
Non-personally identifiable information
In order to provide and improve our Services, we may use and disclose to our service providers and analytics partners non-personally identifiable information which we collect, including cookie data and Log Data. We retain the right to use, at our reasonable discretion, any information, in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred.
Social network sharing
When you use any social network sharing function in connection with the Services (for example, sharing on Twitter or LinkedIn), your sharing activity will be processed through a third party’s site or service. These third parties’ privacy policies, not ours, govern the collection and use of the information collected on those sites or networks, including Personal Data.
User-Generated Content (UGC)
Some parts of our Services allow Subscribers to submit and view UGC. UGC includes such things as posting a question, an answer or a blog post. When you post UGC, other Subscribers will be able to see certain information about you, such as your username or handle. You should be aware that any Personal Data you submit in UGC can be read, collected, distributed or used by other Subscribers and could be used by third parties to send you unsolicited messages. We are not responsible for the Personal Data you choose to include in the UGC you provide through the Services.
Protecting ourselves and our Subscribers
We may release Personal Data when we believe that doing so is appropriate to comply with applicable laws, regulations or legal requests; to enforce or apply our policies and guidelines; to initiate, render, bill, and collect amounts owed to us; to protect our rights or property; to protect the safety of our Subscribers; to address fraud, security or technical issues; to prevent or stop activity that we consider to be illegal or unethical; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay. Without limiting the generality of the foregoing, we may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Information about our Subscribers is a business asset of Vestcom. Consequently, information about our Subscribers, including Personal Data, may be disclosed as part of any merger or acquisition involving Vestcom, the creation of a separate business to provide some or all the Services, the sale or pledge of Vestcom’s assets, as well as in the event of an insolvency, bankruptcy or receivership.
Your rights in relation to your personal data
Your individual rights
Under the GDPR your rights are as follows. You can read more about your rights in details here;
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with the GDPR.
Unsubscribing to Vestcom Communications:
You may unsubscribe at any time from receiving non-Service related communications from Vestcom through your account settings or through the instructions included in the communication.
Right to access, rectify, transfer (for individuals residing in EEA)
You have the right to access your Personal Data at any time and to receive a copy of the personal data undergoing processing. You can require us to rectify your personal data modified if it is not correct. You can also ask us to receive your data in a commonly used electronic form Right to object to further processing (for individuals residing in EEA)
If we are processing your personal data on the basis of a legitimate interest you may object to the processing activity. Upon receipt of an objection we will cease the processing activity unless we can demonstrate a legitimate ground which overrides your interests, or that the processing is necessary for the establishment, exercise or defense of legal claims.
Right to erasure and to restrict processing (for individuals residing in EEA)
If there is no longer a reason for us to process your personal data or if we don’t have a legal ground for the processing you can require us to delete your personal data. We will take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law. You can also require us to restrict the processing of your data if such processing is unlawful or if there is a dispute about the accuracy of the data.
How to invoke your rights
We may ask you to provide certain information to verify your identity.
How we protect your personal data
We treat your Personal Data as private, confidential information and we strive to ensure that Personal Data under our control, regardless of format, is protected and kept secure at all times. Please be aware, however, that no method of transmitting information over the Internet or of storing information is completely secure. Accordingly, we cannot absolutely guarantee the protection of any information shared with us.
Location of data
Your Personal Data may be stored on servers located in a country other than where you reside. Personal Data is always subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental authorities and law enforcement agencies in those jurisdictions. When the data concerns personal data of data subjects from the EEA, we will provide for an adequate level of protection of this data.
Retention of data
When we have no further need to process your personal data in line with the purpose for which we received it, we will delete it unless we are legally required to keep it. This may in any event be the case if you terminate your agreement for the Services. If deletion is not possible we will anonymise it in a way that it cannot be reversed. If anonymising is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
E.U./U.S. PRIVACY SHIELD
Privacy Shield Principles
All personal data that Vestcom International Inc. receives from the individuals residing in the EEA shall be processed in accordance with the Privacy Shield Principles.
Accountability for Third Parties
We may transfer personal data to third parties for processing on our behalf. We will ensure that such data may only be processed for limited and specified purposes consistent with the consent provided by you. In addition, any such third-party processor will process the data with the same level of protection as the protection provided by us including adherence to the EU/US Privacy Shield Principles to the extent it relates personal data that is transferred from the EEA. We remain liable for any failure of the third party to do so unless we can prove that we are not responsible.
The Federal Trade Commission has jurisdiction over Vestcom International Inc’s compliance with the E.U./U.S. Privacy Shield Framework.
If you are from outside the European Economic Area
Vestcom International, Inc.
2800 Cantrell Road
Little Rock, AR 72202
If you are from inside the European Economic Area
The Old Forge, Market Square,
Toddington, LU5 6BP
Resources & further information