Privacy Notice - General users, clients & suppliers Issue 1 Rev 0

INTRODUCTION

Rigging Services Direct Ltd (RSDL) takes your privacy very seriously and we acknowledge that you care about how your information is collected, processed, used and transferred. Our Privacy Notice is intended to set out your rights and answer any queries you may have about your personal data. If you need more information, please contact our Data Protection Officer (DPO): dpo@riggingservices.co.uk

If you have entered into a contract with RSDL, the controller of your data will be RSDL and/ or companies stated in your contract and any additional consent you give us. In all other circumstances, the controller of your data will be RSDL.

Our personal information handling policy and procedures have been developed in line with the requirements of the 1995 European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (in force from 25 May 2018) and applicable United Kingdom law.

1. WHAT INFORMATION DO WE COLLECT?

From clients and individual persons:

Personal data is information that relates to an individual who can be identified from it, whether or not in conjunction with other available information.

We collect and process personal data about you when you interact with us and when you purchase goods and services from us. The personal data we process and retain includes:

• Your name

• Your username and password

• Your home or work address, email address and/or phone number

• Your job title

• Your payment and delivery details

• Billing and delivery addresses and credit card details, where you make purchases from us

• Information related to the browser or device you use to access our website

• Internet browser and operating system

• Any other information you provide

The personal and commercial data we collect and process from our clients and suppliers is processed and retained in order to manage our contractual relationships. These activities may also be managed by RSDL Partners, e.g. Financial Services, Technical Services, IT Support, Auditors.

The supplier personal data we process and retain includes:

• Your name

• Your user name and password (if applicable)

• Your home or work address, email and/or phone number. I

• Your job title/occupation

• Purchasing documentation and other records

• Legal documents and agreements

• Your bank details for payments

• Qualifications

• Information related to the browser or device you use to access our website;

• Internet browser and operating system;

• Any other information you provide

2. HOW DO WE USE THIS INFORMATION AND WHAT IS THE LEGAL BASIS FOR THIS USE?

We will not sell your data to any third party.

We process the personal data listed in paragraph 1 above on the following legal basis, as required to establish and fulfil a contract with you, for example, if you make a purchase from us or enter into an agreement to provide or receive products, materials and services. This may include verifying your identity, taking/making payments, communicating with you, providing customer services and arranging the delivery or other provision of products or services. We require this information to enter into a contract with you and are unable to do so without it;

• To comply with applicable law and regulations;

• In accordance with our legitimate interests in protecting RSDL’S legitimate business interests and legal rights, including but not limited to, use in connection with legal claims, compliance, regulatory and investigative purposes (including disclosure of such information in connection with legal process or litigation);

• With your express consent to respond to any comments or complaints we may receive from you, and/or in accordance with our legitimate interests including to investigate any complaints received from you or from others, about our website or our products or services;

• We may use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;

• To monitor use of our websites and online services. We may use your information to help us check, improve and protect our products, content, services and websites, both online and offline, in accordance with our legitimate interests;

• If you provide a credit or debit card, we may also use third parties (such as POS payment providers) to check the validity of the sort code, account number and card number you submit, to prevent fraud, in accordance with our legitimate interests and those of third parties;

• We may monitor any customer account to prevent, investigate and/or report fraud, terrorism, misrepresentation, security incidents or crime, in accordance with applicable law and our legitimate interests;

• In circumstances where you contact us by telephone, calls may be recorded for quality, training and security purposes, in accordance with our legitimate interests; and

• We may use your information to invite you to take part in market research or surveys.

• We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.

3. WITH WHOM AND WHERE WILL WE SHARE YOUR PERSONAL DATA?

We may share your personal data within RSDL and our Partners, to process it for the purposes of conducting our business, administration and to purchase or deliver products or services where elements of these are provided by other than those with which you have directly contracted.

We may also share your personal data with third parties, such as:

• Our professional advisors such as our auditors and external legal and financial advisors

• Our approved suppliers, business partners and sub-contractors; and/or

• Search engine and web analytics

We will control any third-party employed by RSDL, including those outside the EEA to ensure that sufficient confidentiality and security is maintained for your personal data. Contracts are in place which provide warranties for confidentiality, security and compliance data security international standards for transfer of personal data.

Personal data may be shared with government authorities and/or law enforcement officials if required for legitimate reasons, if mandated by law or if needed for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers who will process it on behalf of RSDL for the purposes above. Such third parties include, but are not limited to, providers of Website hosting & maintenance, financial support, IT, auditing and identity checking.

In the event that our business or any part of it is sold or integrated with another business, your details will be disclosed to our advisers and those of any prospective purchaser and will be passed to the new owners of the business.

4. HOW LONG WILL YOU KEEP MY PERSONAL DATA?

We will not keep your personal information for any purpose for longer than is necessary and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

Where you are a customer or a supplier, we will keep your information for the length of any contractual relationship you have with us and after that as required to comply with statutory requirements, e.g. Financial information, retention of job records, including Purchase orders, EC Declarations of Conformity, Reports of Thorough Examination and Test Reports.

Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.

In the case of any contact you may have with our customer services team, we will retain those details for as long as is necessary to resolve your query and for a minimum of two weeks after the query is closed.

We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. N.B. In some circumstances, legislation may require RSDL to hold certain information for specific periods other than those listed above.

5. WHERE IS MY DATA STORED?

The personal data that we collect from you may be transferred and stored inside and outside the European Economic Area (“EEA”). It may also be processed by authorized staff operating outside the EEA who work for us, or on our behalf, or for one of our Partners, in which case the country's data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place. See also Section 3. Further information may be obtained from our Privacy Team.

6. WHAT ARE MY RIGHTS IN RELATION TO MY PERSONAL DATA?

You have the right to ask us not to process your personal data for marketing purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data, clicking the unsubscribe button on any communication we have sent to you or by contacting us in writing to: dpo@riggingservices.co.uk

Where you have consented to us using your personal data, you can withdraw that consent at any time. You may also have the right, with some exceptions and qualifications, to have your personal information erased, e.g. inaccurate or unlawful information processed and stored. Such applications must be made in writing to dpo@riggingservices.co.uk

You also have the right, with some exceptions and qualifications, to ask us for access to, and/or provide a copy of any personal data we hold about you, and we must respond within one month of the request. Normally this service will be provided free of charge but, according to the GDPR, we have the right to make a charge in certain circumstances e.g. Complex, or large amounts of data being required. Data request applications must be made in writing to dpo@riggingservices.co.uk

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format.

If the information we hold is inaccurate or incomplete, you have the right to request that it is corrected, completed or removed. Such requests should be made in writing to dpo@riggingservices.co.uk

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. In some circumstances you can ask us to erase your personal data (a) by withdrawing your consent for us to use it; (b) if it is no longer necessary for us to use your personal data; (c) if you object to the use of your personal data and we don't have a good reason to continue to use it; or (d) if we haven't handled your personal data in accordance with our obligations. Such complaints must be made in writing to: dpo@riggingservices.co.uk

7. WHERE CAN I FIND MORE INFORMATION ABOUT RSDL’S HANDLING OF MY DATA?

Should you have any queries questions regarding this Privacy Notice, including the processing of your personal data or wish to exercise your rights you should contact RSDL’s Privacy Team using this email address: dpo@riggingservices.co.uk If you are not satisfied with our response, you can contact the Information Commissioner's Office: https://ico.org.uk/

We are happy to accept telephone enquiries relating to GDPR issues, but please note that any enquiries or other requirements for action by RSDL must be confirmed by email, before we can continue, both for our records and to prevent unauthorized access to your data.

8. WHAT IF THERE ARE CHANGES TO OUR GDPR POLICY?

Our intention is to maintain a stable, long-term GDPR Policy. However, from time to time, there may be the need to consider changes to the GDPR Policy. Minor changes which have little or no direct impact on you may be introduced without notice. However, if the changes are expected to have a major effect, we shall email you and/or publish them on our website, well in advance of the introduction of the changes, explaining the likely impact on you, if any.