Legal Information

Document Selection

Company Details Terms and Conditions Job Applicants Privacy Notice Data Protection Privacy CCTV & Surveillance Systems Modern Slavery Statement Tax Strategy Cookie Policy

J.W. Filshill Limited

Company Number
SC019246

Registered Office
Unit 1, Westway Business Park,
35 Porterfield Road,
Renfrew, PA4 8DJ

VAT Number
GB 262867235

Overview

Please be aware that your login details are private and personal.

They should not be disclosed or shared with any other parties as this may result in the suspension of your online account.

By placing an order with J.W. Filshill Ltd (hereafter referred to as the Company) you are accepting the terms and conditions shown below.

Minimum order is 35 outers.

All credits and discount terms are at the discretion of J.W. FIlshill Limited.

Receipt of Goods

Your signature on the delivery document is confirmation that you have checked and received the number of outers as stated.

Shortage in Delivery

Our driver must notify our office of the details at time of delivery. The Delivery Receipt Document must be amended and initialed by our driver. Once the driver has left your premises no responsibility for shortages will be accepted by the Company.

Overdue and unpaid accounts

When an account is not settled on the due date, we are unable to supply further goods on a credit basis until such time as the account is settled.

Interest at the rate of 2% per month will be charged to accounts once they become 7 days overdue.
The goods supplied by the Company remain our property until paid in full and we reserve the right to uplift our stock from debtors premises. We reserve the right to request in writing any customers account to be paid in full if the account exceed the credit terms.

PAYMENT BY CHEQUE WHICH ARE RETURNED EITHER REFER TO DRAWER OR PLEASE REPRESENT

It is the policy of of the Company to charge customers a handling charge should their payments be returned RD or RDPR. All sums outstanding to the Company will require to be paid within seven days of notification by us, that a dishonoured cheque has been received.

Barcode Reader Warranty

a. Seller’s hardware Products are warranted against defects in workmanship and materials for a period of twelve (12) months from the date of shipment, unless otherwise provided by Seller in writing, provided the Product remains unmodified and is operated under normal and proper conditions. Warranty provisions and durations on integrated installed systems, Product modified or designed to meet specific customer specifications (“Custom Products”), Product accessories, re-manufactured products, reconditioned or upgraded products, and software shall be as provided in the particular Product documentation in effect at the time of purchase or in the accompanying software license. Unless otherwise so provided: (i) warranty period for computer programs in machine-readable form included in a hardware Product, which are essential for the functionality thereof as specifically stated in the published Product specifications (‘Core Product Software’) will be coincident with the warranty period of the hardware Product. Software patches, bug fixes, updates or workarounds do not extend the original warranty period; and (ii) Accessories that contain a serial number, such as adaptors, cradles and certain power supplies (‘Serialized Accessories’) carry a warranty term of ninety (90) days from the date of shipment and non-serialized accessories, such as cables and product stands/holders (excluding consumables) are warranted for a period of thirty (30) days from date of shipment by Seller.

b. Products may be serviced or manufactured with parts, components, or sub-assemblies that originate from returned products and that have been tested as meeting applicable specifications for equivalent new material and Products.

c. The sole obligation of Seller for defective hardware Products is limited to repair or replacement (at Seller’s option) on a “return to service depot” basis with prior Seller authorization. Customer is responsible for shipment to the Seller and assumes all costs and risks associated with this transportation; return shipment to the Customer will be at Seller’s expense. Customer shall be responsible for return shipment charges for Product returned where Seller determines there is no defect (“No Defect Found”), or for Product returned that Seller determines is not eligible for warranty repair. No charge will be made to Buyer for replacement parts for warranty repairs. Seller is not responsible for any damage to or loss of any software programs, data or removable data storage media, or the restoration or reinstallation of any software programs or data other than the software, if any, installed by Seller during manufacture of the Product. Seller’s sole obligation for software that when properly installed and used does not substantially conform to the published specifications in effect when the software is first shipped by Seller, is to use commercially reasonable efforts to correct any reproducible material non conformity (as determined by Seller at its sole discretion) by providing Buyer with: (a) telephone or e-mail access to report non conformance so that Seller can verify reproducibility; (b) a software patch or bug-fix, if available, or a workaround to bypass the issue, if available; and (c) where applicable, replacement of damaged or defective external media, such as a CD-ROM disk, on which the software was originally delivered. Seller does not warrant that the use of the software will be uninterrupted, error-free, free of security vulnerabilities, or that the software will meet Buyer’s particular requirements. Purchaser’s sole and exclusive remedy for breach of this warranty is, at Seller’s option, to receive (i) suitably modified software, or part thereof, or (ii) comparable replacement software or part thereof.

d. The above warranty provisions shall not apply to any hardware or software Product (including Core Product software) (i) which has been repaired, tampered with, altered or modified, except by Seller; (ii) in which the defects or damage to such Product result from normal wear and tear, misuse, negligence, improper storage, water or other liquids, battery leakage, use of parts or accessories not approved or supplied by Seller, or failure to perform operator handling and scheduled maintenance instructions supplied by Seller; or (iii) which has been subjected to unusual physical or electrical stress, abuse, or accident, or forces or exposure beyond normal use within the specified operational and environmental parameters set forth in the applicable Product specification; nor shall the above warranty provisions apply to any expendable or consumable items, such as batteries, supplied with the Product.

EXCEPT FOR THE WARRANTY OF TITLE AND THE EXPRESS WARRANTIES STATED ABOVE, SELLER DISCLAIMS ALL WARRANTIES ON PRODUCTS FURNISHED HEREUNDER, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR USE. THE REMEDY SET FORTH IN THIS SECTION IS BUYER’S SOLE AND EXCLUSIVE REMEDY FOR WARRANTY CLAIMS, AND IS EXPRESSLY IN LIEU OF ALL OTHER REMEDIES THAT MAY BE AVAILABLE TO BUYER AT LAW OR IN EQUITY.

Errors and omissions excepted.

Contact

Telephone: 0141 883 7071
Fax: 0141 883 2224

Address: Unit 1,
Westway Park,
35 Porterfield Rd,
Renfrew
PA4 8DJ

Email: filshill@filshill.co.uk

1. Overview

1.1 Filshill Group takes the security and privacy of your data seriously. We need to gather and use information or ‘data’ about you as part of our recruitment process. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.

1.2 This policy applies to all job applicants, whether they apply for a role directly or indirectly through an employment agency. It is non-contractual.

1.3 We have separate policies and privacy notices in place in respect of employees, workers and contractors and customers.

1.4 We have measures in place to protect the security of your data in accordance with our Data Protection Policy. A copy of this can be attained by contacting us at filshill@filshill.co.uk.

1.5 The Company is a ‘data controller’ for the purposes of your personal data. This means that we determine the purpose and means of the processing of your personal data.

1.6 This policy explains how and why the Company will hold and process your information.

2. Data Protection Principles

2.1 Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:

be processed fairly, lawfully and transparently;
be collected and processed only for specified, explicit and legitimate purposes;
be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
be accurate and kept up to date;
not be kept for longer than is necessary for the purposes for which it is processed; and
be processed securely.

We are accountable for these principles and must be able to show that we are compliant.

3. Data collected for the purposes of recruitment activities

3.1 ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

3.2 This policy applies to all personal data whether it is stored electronically, on paper or on other materials.

3.3 Personal data might be provided to us by you, or someone else (such as a former employer, a recruitment or credit reference agency and criminal record checks from the Disclosure and Barring Service), or it could be created by us. Other than employment agencies, we will only seek personal information from third parties during the recruitment process once an offer of employment or engagement has been made to you and we will inform you that we are doing so. You are under no statutory or contractual obligation to provide personal information to the Company during the recruitment process, however, it may hamper your application if you cannot provide reasonably requested information.

3.4 We will collect and use the following types of personal data about you as part of our recruitment process:

your contact details, including your name, address, telephone number and personal e-mail address
personal information included in a CV, any application form, cover letter or interview notes
references
information about your right to work in the UK and copies of proof of right to work documentation
copies of qualification certificates
copy of driving licence or other vehicle licences relevant to the role
other background check documentation
details of your skills, qualifications, experience and work history with previous employers
information about your current salary level, including benefits and pension entitlements
your professional memberships
your identification documents including passport and driving licence and information in relation to your immigration status and right to work for us;
your images (whether captured on CCTV, by photograph or video); and
any other category of personal data which we may notify you of from time to time.

3.5 The Company may also collect, use and process the following special categories of your personal information during the recruitment process (as applicable):

whether or not you have a disability for which the Company needs to make reasonable adjustments during the recruitment process
information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation
information about criminal convictions and offences.

4. How we define processing

4.1 ‘Processing’ means any operation which is performed on personal data such as:

collection, recording, organisation, structuring or storage;
adaption or alteration;
retrieval, consultation or use;
disclosure by transmission, dissemination or otherwise making available;
alignment or combination; and
restriction, destruction or erasure.

This includes processing personal data which forms part of a filing system and any automated processing.

5. How will we process your personal data?

5.1 The Company will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act and the GDPR.

5.2 We will use your personal information in one or more of the following circumstances:

where we need to do so to take steps prior to entering into a contract with you, or to enter into a contract with you
where we need to comply with a legal obligation
where it is necessary for our legitimate interests (or those of a third party), and your interests or your fundamental rights and freedoms do not override our interests.

5.3 We need all the types of personal information listed under section 3.3 above, to enable us to take steps to enter into a contract with you, and to enable us to comply with our legal obligations. In some cases, we may also use your personal information where it is necessary to pursue our legitimate interests (or those of a third party), provided that your interests or your fundamental rights and freedoms do not override our interests. Our legitimate interests include: pursuing our business by employing employees, workers and contractors; managing the recruitment process; conducting due diligence on prospective staff and performing effective internal administration.

We can process your personal data for these purposes without your knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.

If you choose not to provide certain personal information when requested, we may not be able to process your job application properly or at all, we may not be able to enter into a contract with you, or we may be prevented from complying with our legal obligations. You may also be unable to exercise your statutory rights.

6. Examples of when we might process your personal data

6.1 The purposes for which we are processing, or will process, your personal information are to:

manage the recruitment process and assess your suitability for employment or engagement
decide to whom to offer a job
comply with statutory and/or regulatory requirements and obligations, e.g. checking your right to work in the UK
comply with the duty to make reasonable adjustments for disabled job applicants and with other disability discrimination obligations
ensure compliance with your statutory rights
ensure effective HR, personnel management and business administration
monitor equal opportunities
enable us to establish, exercise or defend possible legal claims

6.2 We will only process special categories of your personal data in certain situations in accordance with the law. For example, we may use information about your disability status to consider whether we need to provide appropriate adjustments during the recruitment process, for example whether adjustments need to be made during a test or interview or should you be successfully employed.

6.3 We can process special categories of your personal data if we have your explicit consent. If we asked for your consent to process a special category of personal data then we would explain the reasons for our request prior to any processing of the special categories of your personal data taking place. You do not need to consent and can withdraw consent later if you choose by contacting by contacting us at filshill@filshill.co.uk.

6.4 We do not need your consent to process special categories of your personal data when we are processing it for the following purposes, which we may do:

where it is necessary for carrying out rights and obligations under employment law;
where it is necessary to protect your vital interests or those of another person where you/they are physically or legally incapable of giving consent;
where you have made the data public;
where processing is necessary for the establishment, exercise or defence of legal claims; and
where processing is necessary for the purposes of occupational medicine or for the assessment of your working capacity.

6.5 We may process information about your health and information about any criminal convictions and offences where we have your explicit written consent. In this case, we will first provide you with full details of the personal information we would like and the reason we need it, so that you can properly consider whether you wish to consent or not. It is your choice whether to consent and you may withdraw your consent at any time.

6.6 Where the Company processes other special categories of personal information, i.e. information about your racial or ethnic origin, religious or philosophical beliefs and sexual orientation, this is done only for the purpose of equal opportunities monitoring in recruitment and in line with our Data Protection Policy. Personal information that the Company uses for these purposes is either anonymised or is collected with your explicit written consent, which can be withdrawn at any time. It is your choice whether to provide such personal information.

6.7 We may also occasionally use your special categories of personal information, and information about any criminal convictions and offences, where it is needed for the establishment, exercise or defence of legal claims.

6.8 We do not take automated decisions about you using your personal data or use profiling in relation to you.

6.9 We will retain your personal information for as long as is necessary to fulfil the purposes for which it was collected and processed. If your application for employment or engagement is unsuccessful, the Company will generally hold your personal information for 6 to 18 months after the end of the relevant recruitment exercise or receipt of a speculative application. But this is subject to: (a) any minimum statutory or other legal, tax, health and safety, reporting or accounting requirements for particular data or records, and (b) the retention of some types of personal information for up to six years to protect against legal risk, e.g. if they could be relevant to a possible legal claim in a tribunal, or civil court.

6.10 If your application for employment or engagement is successful, personal information gathered during the recruitment process will be retained for the duration of your employment or engagement and thereafter in accordance with our Data Protection Policy for Employees, Workers and Contractors.

6.11 Personal information which is no longer to be retained will be securely and effectively destroyed or permanently erased from our IT systems and we will also require third parties to destroy or erase such personal information where applicable.

6.12 In some circumstances we may anonymise your personal information so that it no longer permits your identification. In this case, we may retain such information for a longer period.

7. Sharing your personal data

7.1 Your personal data may be shared internally for the purposes of the recruitment exercise with the HR Department, members of the recruitment team, managers within the department that has the vacancy and IT staff, if access to your personal information is necessary for the performance of their roles.

7.2 Sometimes we might share your personal data with group companies or our contractors and agents to carry out our obligations under our contract with you or for our legitimate interests.

7.3 We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

7.4 We may utilise / contact external parties to;

Conduct pre employment reference and employment background checks
Obtain a Criminal Record Check
Obtain an employment reference
Undertake substance screening
Obtain professional advice such as legal and occupational health advice
Comply with Regulatory and external audit services

7.5 We do not send your personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of your data will be explained.

8. Protecting your personal information

8.1 The Company has in place, measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.

8.2 Where your personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes.

8.3 The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.

9. Your rights in connection with your personal information

9.1 As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

request access to your personal information – this is usually known as making a data subject access request
request rectification of your personal information – this enables you to have any inaccurate or incomplete personal information we hold about you corrected
request the erasure of your personal information – this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
restrict the processing of your personal information – this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy you can apply for its use to be restricted while the application is made.
object to the processing of your personal information – this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground
data portability – this gives you the right to request a copy of your data and to transfer your personal information to another data controller.

9.2 If you wish to exercise any of these rights, please contact us at filshill@filshill.co.uk. We may need to request specific information from you in order to verify your identity and check your right to access the personal information or to exercise any of your other rights. This is a security measure to ensure that your personal information is not disclosed to any person who has no right to receive it.

9.3 In the limited circumstances where you have provided your consent to the processing of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. This will not, however, affect the lawfulness of processing based on your consent before its withdrawal. If you wish to withdraw your consent, please email filshill@filshill.co.uk.

9.4 If you believe that the Company has not complied with your data protection rights, you have the right to make a complaint to the Information Commissioner’s Office (ICO) at any time. The ICO is the UK supervisory authority for data protection issues. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and obligations.

1. Overview

1.1 JW Filshill Limited and its subsidiaries take the security and privacy of data seriously. We need to gather and use information or ‘data’ as part of our business and to manage our relationships. We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and, for so long as it has effect in the UK, the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security. The 2018 Act and GDPR are together referred to in this policy as the ‘Data Protection Legislation’). We have a duty to notify you of the information contained in this policy.

1.2 The Company may collect personal data in relation to job applicants, customers, employees workers and consultants, suppliers and other business contacts. Copies of our specific policies and privacy notices for these may, if they are relevant to you, be obtained by contacting us at filshill@filshill.co.uk.

1.3 The Company is a ‘data controller’ for the purposes of personal data. This means that we determine the purpose and means of the processing of personal data.

1.4 This notice explains how the Company will hold and process information. It explains your rights as a data subject.

1.5 This notice can be amended by the Company at any time. It is intended that this notice and our full Data Protection Policy are fully compliant with the Data Protection Legislation. If any conflict arises between those laws and this policy, the Company intends to comply with the Data Protection Legislation.

2. Data Protection Principles

2.1 Personal data must be processed in accordance with six ‘Data Protection Principles.’ It must:

be processed fairly, lawfully and transparently;
be collected and processed only for specified, explicit and legitimate purposes;
be adequate, relevant and limited to what is necessary for the purposes for which it is processed;
be accurate and kept up to date. Any inaccurate data must be deleted or rectified without delay;
not be kept for longer than is necessary for the purposes for which it is processed; and
be processed securely.

We are accountable for these principles and must be able to show that we are compliant.

3. How we define personal data

3.1 ‘Personal data’ means information which relates to a living person who can be identified from that data (a ‘data subject’) on its own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

3.2 This policy applies to all personal data whether it is stored electronically, on paper or on other materials.

3.3 This personal data might be provided to us by the individual concerned, or someone else or it could be created by us.

3.4 We will collect and use the following types of personal data about you:

Name, address and telephone contact details
E-mail address
Bank account details
VAT registration details
Other tax and duty registration details
‘Know Your Customer’ identification check details including ID proof
CCTV images if you visit our site or operate in the vicinity of one of our vehicles
Data in relation to credit checks and commercial references
Web browsing analytics data
IP address
Mobile device ID

4. How we define special categories of personal data

4.1 ‘Special categories of personal data’ are types of personal data consisting of information as to:

racial or ethnic origin;
political opinions;
religious or philosophical beliefs;
trade union membership;
genetic or biometric data;
health;
sex life and sexual orientation; and
criminal convictions and offences.

We do not hold any of these special categories of personal data for customers.

5. How we define processing

5.1 ‘Processing’ means any operation which is performed on personal data such as:

collection, recording, organisation, structuring or storage;
adaption or alteration;
retrieval, consultation or use;
disclosure by transmission, dissemination or otherwise making available;
alignment or combination; and
restriction, destruction or erasure.

This includes processing personal data which forms part of a filing system and any automated processing.

6. How will we store and process personal data?

6.1 The Company will process personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act.

6.2 We will use personal data for:

Performing the contracts formed between us and you (which may include providing our business services including sourcing and supplying wholesale products to retailers and other contracts)
complying with any legal obligations; or
if it is necessary for our legitimate interests (or for the legitimate interests of someone else). However, we can only do this if the individual’s interests and rights do not override ours (or theirs). Individuals have the right to challenge our legitimate interests and request that we stop this processing. See details of your rights in section 11 below.

These legitimate interests include: the sale of products and delivery of our services to our customers, the investigation, process and/or defence of potential or actual complaints and legal proceedings; the proper processing of financial transactions for the purposes of our business including credit checking and debt recovery; and the marketing and promotion of our products and services.

6.3 We can process personal data for these purposes without the individuals knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.

6.4 Other situations in which we will process your personal information include to make you aware of special promotions and other business opportunities specific to your contract.

6.5 The company will hold data in accordance with our internal policies. A copy of this can be obtained from filshill@filshill.co.uk. We will only hold data for as long as necessary for the purposes for which we collected it and this will be deleted within 12 months of the purpose it was collected for no longer being required. Thereafter we will store any personal information securely and dispose of it appropriately once it is no longer required.

6.6 If you choose not to provide us with certain personal data you should be aware that we may not be able to carry out certain parts of the business relationship between us. For example, if you do not provide us with your bank account details we may not be able to pay you. It might also stop us from complying with certain legal obligations and duties.

6.7 We do not take automated decisions about you using your personal data or use profiling in relation to you.

7. Sharing personal data

7.1 Personal data may be shared internally between departments where it is necessary for the performance of our business but will not be shared in a way incompatible with the purpose(s) for which it was originally obtained.

7.2 Sometimes we might share personal data with group companies, suppliers or our contractors and agents to carry out our obligations under our contracts or for our legitimate interests. For example; Credit Referencing, to comply with regulatory and external audit services, to obtain professional advice such as legal.

7.3 We require those companies to keep personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process our data for the lawful purpose for which it has been shared and in accordance with our instructions.

7.4 We may share your personal information with other third parties, for example in the context of the possible sale or restructuring of the whole or a part of the Company’s business. In this situation we will, so far as possible, share anonymised data with the other parties before the transaction completes. Once the transaction is completed, we will share your personal data with the other parties if and to the extent required under the terms of the transaction.

7.5 We may also need to share your personal information with a regulator or to otherwise comply with the law. This may include making returns to HMRC, and disclosures to shareholders.

7.6 We do not send personal data outside the European Economic Area. If this changes you will be notified of this and the protections which are in place to protect the security of the data will be explained.

8. Protecting personal information

8.1 The Company has in place, measures to protect the security of personal information. It has internal policies, procedures and controls in place to try and prevent personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to personal information to those employees, workers, agents, contractors and other third parties who have a business need to know in order to perform their job duties and responsibilities.

8.2 Where personal information is shared with third parties, we require all third parties to take appropriate technical and organisational security measures to protect personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process personal information for specified purposes and in accordance with our written instructions and we do not allow them to use personal information for their own purposes.

9. How to deal with data breaches

9.1 We have robust measures in place to minimise and prevent data breaches from taking place. Should a breach of personal data occur we must take notes and keep evidence of that breach. If the breach is likely to result in a risk to the rights and freedoms of individuals then we must also notify the Information Commissioner’s Office within 72 hours.

9.2 If you are aware of a data breach we request that you contact a Director immediately to inform us, and that you keep and make available to us any evidence you have in relation to the breach.

10. Subject access requests

10.1 You can make a ‘subject access request’ (‘SAR’) to find out the information we hold about you. This request must be made in writing.

10.2 We must respond to SAR requests within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.

10.3 There is no fee for making a SAR. However, if the request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to the request.

11. Data subject rights

11.1 You have the right to information about what personal data of yours we process, how and on what basis as set out in this policy.

11.2 You have the right to access your own personal data by way of a subject access request (see above).

11.3 You have the right to correct any inaccuracies in your personal data by contacting our Information Technology Manager.

11.4 You have the right to request that we erase personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected.

11.5 While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do this contact our Information Technology Manager.

11.6 You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that you rights and interests outweigh our own and you wish us to stop.

11.7 You have the right to object if we process your personal data for the purposes of non-relevant direct marketing.

11.8 You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.

11.9 With some exceptions, you have the right not to be subjected to automated decision-making.

11.10 You have the right to be notified of a data security breach concerning your personal data.

11.11 In most situations we will not rely on consent as a lawful ground to process personal data. If we do however request consent to the processing of personal data for a specific purpose, you have the right not to consent or to withdraw consent later. To withdraw consent contact our Marketing Manager. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

11.12 You also have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on their rights and obligations.

12. Contact details

If you have any queries about this policy, you should contact:

Finance Director

J.W. Filshill Limited
Unit 1, Westway Business Park,
35 Porterfield Road,
Renfrew, PA4 8DJ

Telephone: 0141 883 7071

Fax: 0141 883 2224

Email: filshill@filshill.co.uk

1. Policy Statement

1.1 We believe that CCTV and other surveillance systems have a legitimate role to play in helping to maintain a safe and secure environment for all our staff and visitors. However, we recognise that this may raise concerns about the effect on individuals and their privacy. This policy is intended to address such concerns. Images recorded by surveillance systems are personal data which must be processed in accordance with data protection laws. We are committed to complying with our legal obligations and ensuring that the legal rights of staff, relating to their personal data, are recognised and respected.

1.2 This policy is intended to assist staff in complying with their own legal obligations when working with personal data. In certain circumstances, misuse of information generated by CCTV or other surveillance systems could constitute a criminal offence.

2. Definitions

2.1 For the purposes of this policy, the following terms have the following meanings:

CCTV: means fixed and domed cameras designed to capture and record images of individuals and property.

Data: is information which is stored electronically, or in certain paper-based filing systems. In respect of CCTV, this generally means video images. It may also include static pictures such as printed screen shots.

Data subjects: means all living individuals about whom we hold personal information as a result of the operation of our CCTV (or other surveillance systems).

Personal data: means data relating to a living individual who can be identified from that data (or other data in our possession). This will include video images of identifiable individuals.

Data controllers: are the people who, or organisations which, determine the manner in which any personal data is processed. They are responsible for establishing practices and policies to ensure compliance with the law. We are the data controller of all personal data used in our business for our own commercial purposes.

Data users: are those of our employees whose work involves processing personal data. This will include those whose duties are to operate CCTV cameras and other surveillance systems to record, monitor, store, retrieve and delete images. Data users must protect the data they handle in accordance with this policy and our Data Protection Policy.

Data processors: are any person or organisation that is not a data user (or other employee of a data controller) that processes data on our behalf and in accordance with our instructions (for example, a supplier which handles data on our behalf).

Processing: is any activity which involves the use of data. It includes obtaining, recording or holding data, or carrying out any operation on the data including organising, amending, retrieving, using, disclosing or destroying it. Processing also includes transferring personal data to third parties.

Surveillance systems: means any devices or systems designed to monitor or record images of individuals or information relating to individuals. The term includes CCTV systems as well as any technology that may be introduced in the future such as automatic number plate recognition (ANPR), body worn cameras, unmanned aerial systems and any other systems that capture information of identifiable individuals or information relating to identifiable individuals.

3. About this policy

3.1 We currently use CCTV cameras to view and record individuals on and around our premises and vehicles. This policy outlines why we use CCTV, how we will use CCTV and how we will process data recorded by CCTV cameras to ensure we are compliant with data protection law and best practice. This policy also explains how to make a subject access request in respect of personal data created by CCTV.

3.2 We recognise that information that we hold about individuals is subject to data protection legislation. The images of individuals recorded by CCTV cameras in the workplace are personal data and therefore subject to the legislation. We are committed to complying with all our legal obligations and seek to comply with best practice suggestions from the Information Commissioner’s Office (ICO).

3.3 This policy covers all employees, directors, officers, consultants, contractors, freelancers, volunteers, interns, casual workers, zero hours workers and agency workers and may also be relevant to members of the public.

3.4 This policy is non-contractual and does not form part of the terms and conditions of any employment or other contract. We may amend this policy at any time. The policy will be regularly reviewed to ensure that it meets legal requirements, relevant guidance published by the ICO and industry standards.

3.5 A breach of this policy may, in appropriate circumstances, be treated as a disciplinary matter. Following investigation, a breach of this policy may be regarded as misconduct leading to disciplinary action, up to and including dismissal.

4. Personnel responsible

4.1 The board of directors have overall responsibility for ensuring compliance with relevant legislation and the effective operation of this policy. Day-to-day operational responsibility for CCTV cameras and the storage of data recorded is the responsibility of the IT and Security staff.

5. Reasons for use of CCTV and surveillance systems

5.1 We currently use CCTV on and around our site as outlined below. We believe that such use is necessary for legitimate business purposes, including:

(a) to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime;

(b) for the personal safety of staff, visitors and other members of the public and to act as a deterrent against crime;

(d) to assist in day-to-day performance management, including ensuring the health and safety of staff and others;

(e) to assist in the effective investigation and/or resolution of disputes which arise in the course of disciplinary or grievance proceedings;

(f) to assist in the defence of any civil litigation, including employment tribunal proceedings;

(g) to track lost or disputed deliveries;

(h) traffic incident investigation, parking and driving performance control; and

(i) staff training.

This list is not exhaustive and other purposes may be or become relevant.

6. Monitoring

6.1 CCTV monitors much of the interior and exterior of our premises (including warehouses, shops, checkouts, entrances, aisles, corridors, the canteen, loading and secure picking areas, goods-in) 24 hours a day and this data is continuously recorded.

6.2 Camera locations are chosen to minimise viewing of spaces not relevant to the legitimate purpose of the monitoring. As far as practically possible, CCTV cameras will not focus on private homes, gardens or other areas of private property.

6.3 CCTV monitors the interior and exterior of our fleet of vehicles.

6.4 Images are monitored by authorised personnel as required 24 hours a day.

7. How we will operate CCTV or Surveillance Systems

7.1 Where CCTV cameras are placed in the workplace, we will ensure that signs are displayed at the entrance of the surveillance zone to alert individuals that their image may be recorded. Such signs will contain details of the organisation operating the system, the purpose for using the surveillance system and who to contact for further information, where these things are not obvious to those being monitored.

7.2 Live feeds from CCTV cameras will only be monitored where it is reasonably necessary for the security and management of the business.

7.3 We will ensure that recorded images are only viewed by approved members of staff whose role requires them to have access to such data. This may include managers and HR staff involved with disciplinary or grievance matters. Recorded images will only be viewed by those authorised to do so. Staff using surveillance systems will be given appropriate training to ensure they understand and observe the legal requirements related to the processing of relevant data.

8. Use of data gathered by CCTV or surveillance systems

8.1 In order to ensure that the rights of individuals recorded by the CCTV system are protected, we will ensure that data gathered from CCTV cameras is stored in a way that maintains its integrity and security. This may include encrypting the data, where it is possible to do so.

8.2 We may engage data processors to process data on our behalf. We will ensure reasonable contractual safeguards are in place to protect the security and integrity of the data.

9. Retention and erasure of data gathered by CCTV or surveillance systems

9.1 Data recorded by our surveillance systems will be stored on secure internal servers. Data from CCTV cameras will not be retained indefinitely but will be permanently deleted once there is no reason to retain the recorded information. Exactly how long images will be retained for will vary according to the purpose for which they are being recorded. For example, where images are being recorded for crime prevention purposes, data will be kept long enough only for incidents to come to light. In all other cases, recorded images will be kept for no longer than 62 days.

9.2 At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.

9.3 Video clips relating to specific incidents may be retained for longer periods where required as specified in our Data Protection Policy (eg for investigations in relation to disciplinary or legal disputes or Health and Safety incidents).

10. Use of additional surveillance systems

10.1 Prior to introducing any new surveillance system, including placing a new CCTV camera in any workplace location, we will carefully consider if they are appropriate.

10.2 Consideration will be given as to whether new surveillance cameras are necessary and proportionate in the circumstances and whether they should be used at all or whether any limitations should be placed on their use.

10.3 We will consider the nature of the problem that we are seeking to address at that time and whether the surveillance camera is likely to be an effective solution, or whether a better solution exists. In particular, we will consider the effect a surveillance camera will have on individuals and therefore whether its use is a proportionate response to the problem identified.

10.4 No surveillance cameras will be placed in areas where there is an expectation of privacy (for example, in changing rooms, toilets) unless, in very exceptional circumstances, it is judged by us to be necessary to deal with very serious concerns.

11. Covert Monitoring

11.1 We will never engage in covert monitoring or surveillance (that is, where individuals are unaware that the monitoring or surveillance is taking place) unless, in highly exceptional circumstances, there are reasonable grounds to suspect that criminal activity or extremely serious malpractice is taking place and, after suitable consideration, we reasonably believe there is no less intrusive way to tackle the issue.

11.2 In the unlikely event that covert monitoring is considered to be justified, it will only be carried out with the express authorisation of the Managing Director. The decision to carry out covert monitoring will be fully documented and will set out how the decision to use covert means was reached and by whom. The risk of intrusion on innocent workers will always be a primary consideration in reaching any such decision.

11.3 Only limited numbers of people will be involved in any covert monitoring.

11.4 Covert monitoring will only be carried out for a limited and reasonable period of time consistent with the objectives of making the recording and will only relate to the specific suspected illegal or unauthorised activity.

12. Ongoing review of CCTV and surveillance systems use

12.1 We will ensure that the ongoing use of existing CCTV cameras in the workplace is reviewed periodically to ensure that their use remains necessary and appropriate, and that any surveillance system is continuing to address the needs that justified its introduction.

13. Requests for disclosure

13.1 We may share data with other group companies and other associated companies or organisations, for example shared services partners where we consider that this is reasonably necessary for any of the legitimate purposes set out above in 5.1 above

13.2 No images from our CCTV cameras will be disclosed to any other third party (other than the police), without express permission being given by a Director. Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced.

13.3 In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.

13.4 We will maintain a record of all disclosures of CCTV footage.

13.5 No images from CCTV will ever be posted online or disclosed to the media.

14. Subject Access Requests

14.1 Data subjects may make a request for disclosure of their personal information and this may include CCTV images (data subject access request). A data subject access request is subject to the statutory conditions from time to time in place and should be made in writing, in accordance with our Data Protection Policy or Customer Privacy Notice.

14.2 In order for us to locate relevant footage, any requests for copies of recorded CCTV images must include the date and time of the recording, the location where the footage was captured and, if necessary, information identifying the individual.

14.3 We reserve the right to obscure images of third parties when disclosing CCTV data as part of a subject access request, where we consider it necessary to do so.

15. Complaints

15.1 If any member of staff has questions about this policy or any concerns about our use of CCTV, then they should speak to their line manager or the Security Manager.

15.2 Where this is not appropriate, or matters cannot be resolved informally, employees should use our formal grievance procedure.

16. Requests to prevent processing

16.1 We recognise that, in rare circumstances, individuals may have a legal right to object to processing and in certain circumstances to prevent automated decision making (see Articles 21 and 22 of the General Data Protection Regulation). For further information regarding this, please refer to our Data Protection Policy or Customer Privacy Notice.

Company Overview & Structure

JW Filshill Limited is a family owned independent wholesale business operating primarily throughout Scotland and the North of England but with an element of international trade.

Company Policy

JW Filshill Limited is committed to acting ethically and with integrity in all our business dealings and to ensuring that our practices combat modern slavery (as defined in the Modern Slavery Act 2015). This includes all forms of compulsory labour, human trafficking or commercial exploitation of individuals.

We have a zero-tolerance approach to modern slavery and we are committed to ensuring that modern slavery is not taking place anywhere within our own business or in that of any of our supply chain. We require that our suppliers and partners are equally committed to combating modern slavery. We achieve this by implementing and enforcing effective systems and controls.

We engage with a large number of suppliers and distributors throughout the UK and rest of the world and, whilst these organisations are not owned or controlled by JW Filshill, we require that there is no slavery or human trafficking in any of our supply chain.

Preventative Actions

JW Filshill continue to evolve and refine our efforts to ensure that modern slavery risk is not present in our business and supply chain. Our current controls include –

We have carried out a risk assessment of our supply chain to identify any potential risk areaschecking that all Filshill Group employees have approval to work in the UK and are remunerated in accordance with UK legislation and HMRC requirements.

We have developed our Company Policy on Modern Slavery and have communicated it to all employees.

We review the Modern Slavery Statement of our supplier base and if necessary collect questionnaires from our key suppliers to gain an understanding of the steps they have taken within their businesses or to identify risks that need to be further investigated.

Responsibility

The JW Filshill Board of Directors has overall responsibility for ensuring that we comply with the requirements of the Modern Slavery Act 2015.

Signed on behalf of the JW Filshill Board

Simon Hannah
CEO

Financial Year ending Jan 31 2024

This tax strategy publication is prepared in accordance with Section 16(2) of Schedule 19 of the Finance Act 2016 (the schedule) for the JW Filshill Group, comprising of JW Filshill Limited and all subsidiary undertakings (including Differentiator Brands Limited and JW Filshill International Limited).

It was prepared in relation to the financial year ending 31 January 2024, and will remain in effect until it is superseded.

The Group is a responsible business and endeavours to calculate and pay all necessary taxes in an accurate, timely and responsible manner.

Planning and Risk

The Group has a very low appetite for any risks associated with UK taxation (as defined in Section 15 of the Schedule) and therefore the necessary processes and controls are in place to ensure that all taxes are identified, calculated and settled correctly and all corporate decisions are made against that framework. The Group looks to claim relevant reliefs and incentives but does not engage in any aggressive/ artificial planning or advice.

Managing UK Tax Risks

The Group’s tax risks are identified and managed by the Board of Directors of JW Filshill Limited with input from professional tax advisors where there is significant uncertainty or complexity in relation to a risk. The overall responsibility for reviewing and updating this strategy, the Groups processes and controls and certifying compliance rests with the Chief Financial and Operating Officer, who is also the Senior Accounting Officer.

Working with HMRC

The Group aims to have an open, collaborative and transparent relationship with HMRC at all times.