Privacy Policy

We’re Aura Brand Solutions Limited. We provide a range of branding and image management services for commercial and public sector organisations that are described in more detail on our website in the What We Do section.

Our registered office is Freemantle Road, Lowestoft, Suffolk, NR33 0EA, United Kingdom. Our Registered company number is 02984457.

We are part of a group of companies owned and operated by Supersine Duramark Group Limited, which is registered at Freemantle Road, Lowestoft, Suffolk, NR33 0EA, United Kingdom under company number 00226536.

We operate from the locations shown on the Contact page of our website.

We are a data controller of your personal data and act as a data processor for our clients and their partners in the capacity of providing the services they have contracted to us.

We have a designated Data Protection Lead ("DPL") who oversees our compliance with data protection law. You can contact the DPL using the details below or by writing to the above address, marking it for the attention of the DPO or going to our Contact page.

All the companies named above are registered with the Information Commissioner’s Office (ICO) in the UK and details can be checked at the ICO website - https://ico.org.uk/

Data Protection Registration Numbers:

Personal information that we’ll process in connection with all of our products and services, if relevant, includes:

• Your first and last name, job title, company name, billing/delivery address, email and telephone number.
• Vehicle information, such as make and model and registration number used to carry out and record the completion of installation or repair works as instructed by you or our clients’ on your behalf.
• For your security, we'll also keep an encrypted record of your login credentials if you use one of our online services or portals.
• Details of your interactions with us through our contact centres, via our sales team, online or by using one of our services. For example, we collect notes from our conversations with you, details of activities in relation to sales process, details of any complaints or comments you make, survey responses, details of orders you’ve placed, items viewed or added to your basket (if using our online ordering), web pages you visit and how and when you contact us.
• Current and previous positions, current and previous companies you represent, publicly available professional information about you.
• Payment card information — we do not store this information. Payments may be processed over the phone at the time of transaction, or provided by you directly to a third-party payment processor such as PayPal or Stripe on our ordering site.
• Your image and vehicle registration number may be recorded on CCTV when you visit one of our sites.
• To deliver the best possible web experience, we collect technical information (using services like Google Analytics) about your internet connection and browser as well as the country where your computer is located, IP address, the web pages viewed during your visit, the links you clicked on, which site you came from to ours, and any search terms you entered. Learn more about this in our Cookie Policy.
• Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.

Special category (sensitive) data: We do not collect any special category personal data about you as defined under UK GDPR Article 9. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic and biometric data. We also do not collect any information about criminal convictions or offences.

We’ll collect personal information from the following general sources:

• When you visit any of our websites, and use your account to buy products and services, on the phone, by email or online.
• When you create an account with us.
• When you request a quotation for or make an enquiry about a product or service by phone, by email, via an online form, directly to one of our sales staff or at an event.
• When you engage with us on social media.
• When you contact us by any means with queries, complaints, etc.
• When you book any kind of appointment with us or book to attend an event, for example a vehicle installation slot or graphics application training course.
• When you choose to complete any surveys we send you.
• When you comment on or review our products and services.
• When you enter any prize draws or competitions.
• When you fill in any forms. For example, when you sign up to newsletters or other marketing communications. If an accident happens on a site where we are carrying out works or a warranty claim is submitted, a Partner may collect your personal data.
• When you’ve given a third-party permission to share with us the information they hold about you. For example, you have engaged an intermediary (e.g. design agency, building contractor, vehicle repairer) to organise the purchase and delivery of the products or services from us.
• We collect data from publicly-available sources (such as business directories, your company website) when you have given your consent to share information or where the information is made public as a matter of law.
• When you use our car parks, facilities and offices, which usually have CCTV systems operated for the security of both customers and partners. These systems may record your image during your visit.

Legal grounds for processing your personal information

The law on data protection sets out several different reasons (the legal basis) for which a company may collect and process your personal data. We will only use your personal data when legally permitted.

We will not resell your personal data at any time or pass it to third parties for any other purpose than those listed below.

Depending on the relationships we have or wish to have with you, the most common reasons and legal grounds for use of your personal data that we use are:

• Where we need to for the performance of the contract between us (UK GDPR Art. 6(1)(b)).
• Where it is necessary for us to pursue our legitimate interests (or those of a third party) in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests (UK GDPR Art. 6(1)(f)).
• Where we need to comply with a legal or regulatory obligation (UK GDPR Art. 6(1)(c)).
• Where we collect and process your personal data with your consent, usually via a tick-box opt-in (UK GDPR Art. 6(1)(a)).

Where we rely on legitimate interests, we have carried out a balancing assessment to confirm those interests are not overridden by your rights and freedoms. You have the right to object to processing on this basis — see Your Rights below.

Generally, we do not rely on consent as a legal ground other than in relation to sending some marketing communications to you where we are not relying on our legitimate interest to do so.

Where we do use consent, you have the right to withdraw it at any time using the instructions found in all relevant communications or using the details in the contact us section below.

There may be uses that are permitted based on other grounds; where this is the case we will use reasonable endeavours to identify the ground and communicate it you as soon as possible after becoming aware of the new basis.

Purposes for processing your personal data

To manage business relations based on our legitimate interest. If you are a representative of our current/potential client, supplier, business partner or investor, we may process your personal data as outlined in "Personal information we collect about you?" section above, to develop and/or maintain business relations and communications with us, to engage a new business with the company you represent, to provide you with the status/details/other information about our works and services, to organise the approval, processing and signing of contracts, orders, invoices and other contractual documentation, to promote our new products, works and services, to confirm the high level of our works and services, to invite you to meetings, events and organise them.

To manage all sales stages and activities relevant to the processing of any quotations, product/service enquiries, orders or appointments, that you make by using our websites, by telephone, by email, other written communication, or via our sales staff. We do this based on the performance of a contract with you and our legal obligations in relation to financial record keeping, etc. If we don’t collect your personal data for these purposes, we won’t be able to process your request to provide pricing or delivery of the goods of services you require.

For example, your details may need to be passed to a third party (e.g. courier service provider or installation subcontractor) to supply or deliver the product or service that you ordered, and we may keep your details for a reasonable period afterwards to fulfil any contractual obligations such as refunds, guarantees and so on.

Customer service and support to respond to your queries, refund requests and complaints. Handling the information you send enables us to respond. We may also keep a record of these to inform any future communication with us and to demonstrate how we communicated with you throughout. We do this based on our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.

To administer and protect our business, our website and your account (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). We do this for our legitimate interests for running our business in the provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise.

For example, by checking your password when you log in and using automated monitoring of IP addresses to identify possible fraudulent log-ins from unexpected locations.

To provide the most interesting and relevant content to you on our websites and improve our products/services, marketing, customer relationships and experiences, we’ll use data we hold about your order history, your activity on our website (data analytics), your preferred products and so on. We do so on the basis legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy.

For example, we might display a list of items you’ve recently looked at or offer you recommendations based on your purchase history and any other data you’ve shared with us.

To administer any of our prize draws or competitions which you enter, based on your consent given at the time of entering.

To send you survey and feedback requests to help improve our product and services. These messages will not include any promotional content and do not require prior consent when sent by email or text message. We do this based on our legitimate interests to help make our products and services more relevant to you, study how customers use our products/services, to develop them and grow our business.

Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences or unsubscribing using the links providing in these communications.

To build a rich picture of who you are and what you like, and to inform our business decisions, we’ll combine data captured from third parties and data from publicly-available sources as we have described in the "Personal information we collect about you?" section above. We’ll do this based on our legitimate business interest.

For example, by combining this data and in some instances using automated decision making, will help us personalise your experience and decide which content to share with you. We also use anonymised data from customer order histories to identify trends in product use and report on operational data relating to our clients’ assets (areas of damage to vehicles, branding audits, etc).

To protect our customers, premises, assets and partners from crime, we operate CCTV systems at our sites and offices which record images for security. We do this based on our legitimate business interests.

To process payments and to prevent fraudulent transactions. We do this based on our legitimate business interests. This also helps to protect our customers from fraud.

If we discover any criminal activity or alleged criminal activity through our use of CCTV, fraud monitoring and suspicious transaction monitoring, we will process this data for the purposes of preventing or detecting unlawful acts. We aim is to protect the individuals we interact with from criminal activities.

To send you communications required by law or which are necessary to inform you about our changes to the services we provide you.

For example, updates to this Privacy Notice, product recall notices, and legally required information relating to your orders.

These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.

To comply with our contractual or legal obligations to share data with law enforcement.

For example, when a court order is submitted to share data with law enforcement agencies or a court of law.

Marketing Communications:

You will receive relevant marketing communications from us if you have:

(i) requested information from us or purchased goods or services from us based on legitimate interest; or

(ii) if you provided us with your details and ticked the opt-in box at the point of entry of your details for us to send you marketing communications based on consent; and

(iii) in each case, you have not opted out of receiving that marketing.

Our email marketing activities are conducted in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and the UK GDPR. For business-to-business communications, we may rely on the soft opt-in exemption where you have previously expressed interest in or purchased our services. We will not share your personal data with any third party for their own marketing purposes.

You can ask us to stop sending you marketing messages at any time by using the unsubscribe link on these communications or emailing us with your request at marketing@aurabrands.com at any time.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.

Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide some of the products and services you’ve asked for.

We use a variety of security measures, including encryption and authentication tools, to help protect and maintain security, integrity and availability of your information.

Although data transmission over the Internet or website cannot be guaranteed to be secure, we and our business partners work hard to maintain physical, electronic and procedural safeguards to protect your information in accordance with applicable data protection requirements. Our main security measures are:

• tightly restricted personal access to your data for those employees, agents and contractors other third parties on a 'need to know' basis and for the communicated purpose only and subject to a duty of confidentiality;
• transferred collected data only in encrypted form;
• archive data stored in minimised or pseudonymised and encrypted form;
• firewalled IT systems to prohibit unauthorised access e.g. from hackers;
• permanently monitored access to IT systems to detect and stop misuse of personal data.

If you have a personal password which enables you to access certain parts of our websites or any other portal, app or service we operate, do not forget your responsibility for keeping this password confidential. We ask you not to share your password with anyone.

We may have to share your personal data with the following third parties for the purposes listed in the section above - How do we use your personal data and why?

• Business partners (for example, courier service providers, installation sub-contractors), or others who are a part of providing your products and services or operating our business.
• Other organisations and businesses that provide services to us, such as debt recovery agencies, backup and server hosting providers, IT software and maintenance providers, document storage providers, and suppliers of other back-office functions.
• Third-party payment processors — currently PayPal and Stripe — who process payments on our behalf. We do not store payment card data ourselves.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions that require reporting of processing activities in certain circumstances.
• Professional advisers, including lawyers, bankers, auditors and insurers, who provide consultancy, banking, legal, insurance and accounting services.
• Third parties to whom we sell, transfer, or merge parts of our business or our assets.

We require all third parties to whom we transfer your personal data to respect its security and treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes to fulfil the service they provide you on our behalf and in accordance with our instructions.

We are based in the UK. Where your personal information is transferred to and stored in countries outside the UK, we will ensure that suitable safeguards are in place in accordance with UK GDPR Chapter V. The safeguards we rely upon for international transfers include:

UK International Data Transfer Agreements (IDTAs) — as issued by the ICO, for transfers to countries without UK adequacy status. Where transfers are also subject to EU GDPR, we use the UK Addendum to EU Standard Contractual Clauses (SCCs).

Transfers to countries that have received an adequacy decision from the UK Secretary of State (including EEA member states and countries listed under the UK adequacy regulations) require no further safeguards. Other appropriate safeguards as permitted under UK GDPR Article 46, including binding corporate rules where applicable, may also be used.

You can request further information about the specific safeguards applied to any international transfer by contacting our Data Protection Lead using the details below.

Please note that the EU-US Privacy Shield framework, which appeared in a previous version of this policy, was invalidated by the Court of Justice of the European Union in July 2020 and is no longer a valid transfer mechanism. All transfers previously relying on Privacy Shield have been transitioned to the mechanisms described above.

Where we’re relying upon your consent to process personal data, you can withdraw this at any time by contacting us using the details below.

You should tell us so that we can update our records using the details in the Contact section of our website. We’ll then update your records if we can.

We’re unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.

We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.

We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. For instance, we may do this to decide whether to offer you a product or service, to determine the risk of doing so, the price we will offer, whether to offer you credit, and what terms and conditions to offer you.

We'll do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent. Where we carry out automated decision-making that produces a legal or similarly significant effect on you, you have the right under UK GDPR Article 22 to request human review of the decision, to express your point of view, and to contest the outcome. Please contact our Data Protection Lead to exercise this right.

We retain personal information regarding you or your use of the products or services for as long as your Account or contract is active or for as long as needed to provide you with the goods and services.

We also retain personal information for as long as necessary to achieve the purposes described in this Privacy Policy, for example, to comply with our legal obligations, to protect us in the event of disputes and to enforce our agreements and to protect our and others’ interests.

The precise periods for which we keep your personal information vary depending on the nature of the information and why we need it. Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

• For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
• For as long as we provide goods and/or services to you and then for as long as someone could bring a claim against us; and/or
• Retention periods in line with legal and regulatory requirements or guidance.

For example, the period we keep your contact details is dependent on where and how it was used — if on an invoice, records are typically retained for 6 years from the end of the relevant accounting period for financial and tax auditing purposes (in line with HMRC requirements and the Limitation Act 1980). Conversely the period for which we keep a response to a customer survey you complete would be significantly less.

If information is used for two purposes, we will retain it until the purpose with the latest period expires; but we will stop using it for the purpose with a shorter period once that period expires.

We restrict access to your information to only those persons who need to use it for the relevant purpose.

Please note that during the operation of our business, we collect and maintain aggregated, anonymised or de-personalised information which we may retain indefinitely. When your information is no longer needed, it may be treated this way, or securely erased or destroyed.

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not.

• The right to be informed about the processing of your personal information
• The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
• The right to object to processing of your personal information
• The right to restrict processing of your personal information
• The right to have your personal information erased (the “right to be forgotten”)
• The right to request access to your personal information and to obtain information about how we process it
• The right to move, copy or transfer your personal information to another organisation (“data portability”)
• The right to request human review of, express your point of view on, and contest any decision made about you solely by automated means that has a legal or similarly significant effect on you (UK GDPR Article 22).

To exercise any of these rights please contact our Data Protection Lead using the details at the bottom of this policy. Please detail the rights you are wishing to exercise so we can send you any appropriate forms (e.g. Subject Access Request Form) and further instructions.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally, it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Our products and services are directed at businesses and business professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately, and we will take steps to delete it promptly.

You have the right to complain to Aura Brand Solutions about how we (or one of the third parties we list above) are using your personal data, you also have the right to complain directly to the Information Commissioner’s Office which enforces data protection laws in the UK: https://ico.org.uk.

If you are located in the European Economic Area, you may also have the right to lodge a complaint with the data protection supervisory authority in your country of residence. We would, however, welcome the opportunity to address your concerns directly before you contact the ICO.

You can contact us using the details at the end of this policy.

This privacy notice applies to personal information processed by or on behalf of Aura Brand Solutions for all products and services, and instances where we collect your personal data as a customer, prospect, supplier, partner or visitor to our website.

We use cookies and similar technologies. Our Cookie Policy describes what we do in that regard. 

We also process contact data for our clients and clients’ other service providers. They tell us what to do with this information, and we follow their instructions (i.e. as their data processor) in order to provide the services they have contracted with us (e.g. delivery site contacts for the shipping of goods or coordinating installation services). If you are a supplier or customer of one of our clients, you should also check its privacy policy to see how it manages your data.

If you are a client and we process personal data on your behalf, see our Data Protection Policy Statement to learn more about how we process data you give us on your instructions or with your permission.

If you are an employee, worker or contractor, this policy does not apply and you should refer to our separate Employer Privacy Policy available from the HR department or on our corporate intranet.

We may change this privacy policy from time to time by updating this page to reflect changes in the law and/or our privacy practices. When we make changes, we’ll update the “Effective Date” at the top of the Privacy Policy and post it on our sites. If we make material changes to it or the ways we process personal information, we’ll notify you (by, for example, prominently posting a notice of the changes on our sites before they take effect or directly sending you a notification).

We encourage you to check back periodically to review this Privacy Policy for any changes since your last visit or interactions with us. This will help ensure you better understand your relationship with us, including the ways we process your personal information.

If you have questions, comments or complaints about this Privacy Policy or our privacy practices or if you would like to exercise your rights and choices please email our Data Protection Lead (“DPL”) at dataprotection@aurabrands.com or write to us at the address below:

Attention: Data Protection Lead, Aura Brand Solutions, Freemantle Road, Lowestoft, Suffolk, NR33 0EA, UK