Privacy  & GDPR Policy


Alexander Ross Holdings Limited & all subsidiary companies are committed to complying with the General Data Protection Regulation(GDPR) and the Data Protection Legislation. We understand that the privacy and security of your personal information is extremely important. In this privacy notice, 'Alexander Ross' will refer to all group companies as detailed in the 'Who are we' section.

We are committed to protecting your personal data and this privacy statement explains why and how we collect and process your personal data. It relates to personal data you share directly with us, data shared by others on your behalf or through publically held information. Where a third party has shared your information with us, we trust that they have informed you about the use of your data.

For the purpose of the Data Protection Legislation and this notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you.

Personal data is defined as any information relating to an identified or identifiable natural living person - a ‘data subject’. This privacy notice also provides information about your rights as a ‘data subject’

Our Data Protection Officer is responsible for ensuring that this notice is made available to you or a third party acting on your behalf, prior to Alexander Ross Holdings Limited collecting or processing your personal data. Our Data Protection Officer can be contacted on 01324 573410 or in writing at North Main Street, Carronshore, Falkirk, FK2 8HT.

All Employees and Staff of Alexander Ross Holdings Limited who interact with you as a data subject or when you ask us to process data for associated data subjects, are responsible for ensuring that this notice is drawn to your attention prior to any personal data being processed.

At Alexander Ross Holdings Limited, we will always be transparent about how and why we collect and process your personal data.

Who are we

When we say ‘Alexander Ross’ or ‘we’ or ‘us’ or ‘our’, we are generally referring to Alexander Ross Holdings Limited and the separate legal entities that make up our group businesses.

Alexander Ross Holdings Limited is a limited company registered in Scotland (SC104728). Registered Office North Main Street, Carronshore, Falkirk, FK2 8HT.

Alexander Ross Management Services Limited is a limited company registered in England & Wales (01536834). Registered Office, Condor House, 10 St Paul’s Churchyard, London, EC4M 8AL.

Unico Limited is a limited company registered in England & Wales (00861294). Registered Office, Condor House, 10 St Paul’s Churchyard, London, EC4M 8AL.

Montague Lloyd is a division of Unico Limited.

Scottish Fine Soaps Limited is a limited company registered in England & Wales (00671154). Registered Office, Condor House, 10 St Paul’s Churchyard, London, EC4M 8AL.

It will also include other business we may add to Alexander Ross Holdings Limited in the future.

Why does Alexander Ross collect and store your personal data?

We collect, process and store personal data in relation to individuals, data subjects associated with businesses, associated with not for profit charitable organisations, for our service suppliers, subcontractors and their associates, along with our contacts and individuals from other organisations.

Alexander Ross collects and stores personal data for a number of reasons, such as:

  • When you contact us by email, telephone, post or social media to enquire about our products.
  • To process your order & manage your account.
  • To communicate with you by post, email or phone.
  • To meet legal, regulatory and ethical responsibilities.

We are committed to ensuring that the information we collect, use and store, is appropriate, is not excessive, is accurate and up to date, is not retained for longer than required and does not constitute an invasion of your privacy.

We may process your personal data for the purposes of our own legitimate interests provided that those interests do not override any of your own interests, rights and freedoms which require the protection of personal data. This includes processing for marketing, business development, statistical and management purposes.

We may process your personal data for certain additional purposes with your consent, and in these limited circumstances where your consent is required for the processing of your personal data then you have the right to withdraw your consent to processing for such specific purposes.

Please note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data.

What personal data and information does Alexander Ross hold?

We collect information about you when you register with us or place an order for products. We also collect information when you voluntarily complete customer surveys or provide feedback. We do not store credit card details. Website usage information is collected using cookies. For further information on our use of cookies and tracking please see our Cookies Policy.

Who might Alexander Ross share your information with?

Internally: We may share data within Alexander Ross Holdings Limited where required for administrative purposes and for the provision of the products that you have requested from us.

Our Service Providers: We may pass your personal data on to third-party service providers contracted to Alexander Ross Holdings Limited in order to provide you with the products that you require. Through the contracts and security measures we put in place, any third parties that we may share your data with are obliged to keep your details secure and to use them only to fulfil the service they provide to you on our behalf. When they no longer need your data to fulfil this service, they will dispose of the details in line with Alexander Ross Holdings Limited’s procedures. If we wish to pass your sensitive personal data onto a third party we will only do so once we have obtained your explicit consent or for the fulfilment of a contract we hold with you, unless we are legally required to do otherwise.

Credit Reference Agencies: When you apply for a credit account with us we will make searches about you with credit reference agencies.

In order to process your application we will supply your personal information to credit reference agencies (CRAs) and they will give us information about you, such as about your financial history. We do this to assess creditworthiness and product suitability, check your identity, manage your account, trace and recover debts and prevent criminal activity. We will also continue to exchange information about you with CRAs on an ongoing basis, including about your settled accounts and any debts not fully repaid on time. CRAs will share your information with other organisations. The identities of the CRAs, and the ways in which they use and share personal information, are explained in more detail at http://www.experian.co.uk/crain/index.html

Other organisations and individuals: If required by law, under any code of practice we are bound by or where we are asked to by a public or regulatory authority, such as Police or HMRC.

How long does Alexander Ross keep your personal data ?

We will only retain your personal data for as long as necessary to fulfil the purposes for which it is collected.

When assessing what retention period is appropriate for your personal data, we take into consideration:

  • the requirements of our business;
  • any statutory or legal obligations; 
  • the purposes for which we originally collected the personal data;
  • the lawful grounds on which we based our processing;
  • the types of personal data we have collected;
  • the amount and categories of your personal data; and
  • whether the purpose of the processing could reasonably be fulfilled by other means.

International transfers of your personal data

As part of our processing activities described in this privacy notice, we may share and transfer your personal information to service suppliers which sit outside of the EEA. Your data will continue to be subject to the appropriate safeguards set out in law and protected by the model clauses and contracts approved by the ICO.

Your rights as a Data Subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

Right to be informed: You have the right to be informed about our Privacy Notice and Data Protection Policy before we collect your personal data 

Right of Access: You have the right to request access to the personal data held by us as a Data Controller. You do this by submitting a ‘Subject Access Request’

Right of Rectification: You have the right to request that we correct any personal data we hold where it is inaccurate or incomplete

Right to be forgotten: In certain circumstances, you have the right to ask us to delete and erase the personal data we hold about you, such as:

  • You consider that we no longer require the information for the purpose for which it was obtained
  • We are using that information with your consent and you have withdrawn your consent
  • You have objected to our use of your personal information
  • Our use of your personal information is contrary to law or our other legal obligations

Right to restrict processing: You have the right to restrict us processing your personal data where certain conditions apply, such as:

  • Where you question the accuracy of your personal data we are processing
  • Where we no longer need the personal data but you do not wish us to delete it need us to keep it for potential future reference

Right to data portability: You have the right to ask us to transfer the data we hold electronically about you in to another organisation

Right to object: You have the right to object to certain types of processing of personal data, such as direct marketing

Rights related to automated decision making and profiling: If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.

You have the right to judicial review: in the event that Alexander Ross refuses your request under rights of access, we will provide you with a reason as to why.

You also have the right to complain as outlined here (link to complaints section).

Complaints

We hope that you will not need to complain about how your personal data is being processed by Alexander Ross or by third parties associated in delivering our products, or how your complaint has been handled. If you want to, you have the right to lodge a complaint directly with the supervisory authority and our Data Protection Officer.

The details for each of these contacts are:

Data Protection Officer, Alexander Ross Holdings Limited, North Main Street, Carronshore, Falkirk, FK2 8HT.

UK Data Protection Regulator, The Information Commissioner’s Office (‘ICO’), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or email https://ico.org.uk/concerns/

Can I find out about the personal data that Alexander Ross holds about me?

Alexander Ross, at your request, can confirm what information we hold about you and how it is processed. If Alexander Ross does hold personal data about you, you can request the following information:

Identify the contact details of the person or organisation that has determined how and why to process your data.

Contact details of the data protection officer, where applicable.

The purpose of the processing as well as the legal basis for processing.

If the processing is based on the legitimate interests of Alexander Ross Holdings Limited or a third party, information about those interests.

The categories of personal data collected, stored and processed.

Recipient(s) or categories of recipients that the data is/will be disclosed to.

If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely. The EU has approved sending personal data to some countries because they meet a minimum standard of data protection. In other cases, we will ensure there are specific measures in place to secure your information.

How long the data will be stored.

Details of your rights to correct, erase, restrict or object to such processing.

Information about your right to withdraw consent at any time.

How to lodge a complaint with the supervisory authority.

Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.

The source of personal data if it wasn’t collected directly from you.

Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.

What forms of ID will I need to provide in order to access this?

Alexander Ross accepts the following forms of ID when information on your personal data is requested:

Passport or driving licence and bank statement or utility bill (dated within the last 3 months).

We will normally respond to your request within one month of it being received. However, in some cases, we may need to extend this to three months. We will always write to you within one month of receiving your original request to tell you if this is the case.

A copy of your personal data is usually provided free of charge. However, we can charge a ‘reasonable fee’ where we find that the data requested is excessive or unfounded and in particular if the request is a repetitive one.

Security

We are serious about taking the appropriate measures to protect your personal data. 

Our staff and service providers are all trained on confidentiality, data protection and security when they join Alexander Ross and on a regular basis whilst employed by us. We limit access to our buildings to those who require access – using passes and other technology. We also have a risk framework in place including the appropriate policies and procedures required to keep your data secure. We apply controls and access restrictions across all of our technology platforms and review and test these at regular intervals.

Policy Change

This policy was last updated on 5th January 2024.