Top

Legal

 
 

Terms of website use

 

This page (together with the documents referred to on it) tells you the terms of use on which you may make use of our website www.reactorbrand.com (our site), whether as a guest or a registered user. Please read these terms of use carefully before you start to use the site. By using our site, you indicate that you accept these terms of use and that you agree to abide by them. If you do not agree to these terms of use, please refrain from using our site.

Information about us

www.ReactorBrand.com is a site operated by Brian Terry ("We") trading as Reactor Brand

We are a Sold Trader.

Accessing our site

Access to our site is permitted on a temporary basis, and we reserve the right to withdraw or amend the service we provide on our site without notice (see below). We will not be liable if for any reason our site is unavailable at any time or for any period.

From time to time, we may restrict access to some parts of our site, or our entire site, to users who have registered with us.

If you choose, or you are provided with, a user identification code, password or any other piece of information as part of our security procedures, you must treat such information as confidential, and you must not disclose it to any third party. We have the right to disable any user identification code or password, whether chosen by you or allocated by us, at any time, if in our opinion you have failed to comply with any of the provisions of these terms of use.

When using our site, you must comply with the provisions of our acceptable use policy.

You are responsible for making all arrangements necessary for you to have access to our site.  You are also responsible for ensuring that all persons who access our site through your internet connection are aware of these terms, and that they comply with them.  

Intellectual property rights

We are the owner or the licensee of all intellectual property rights in our site, and in the material published on it.  Those works are protected by copyright laws and treaties around the world.  All such rights are reserved. 

You may print off one copy, and may download extracts, of any page(s) from our site for your personal reference and you may draw the attention of others within your organisation to material posted on our site.  

You must not modify the paper or digital copies of any materials you have printed off or downloaded in any way, and you must not use any illustrations, photographs, video or audio sequences or any graphics separately from any accompanying text. 

Our status (and that of any identified contributors) as the authors of material on our site must always be acknowledged. 

You must not use any part of the materials on our site for commercial purposes without obtaining a licence to do so from us or our licensors.

If you print off, copy or download any part of our site in breach of these terms of use, your right to use our site will cease immediately and you must, at our option, return or destroy any copies of the materials you have made.

Reliance on information posted

Commentary and other materials posted on our site are not intended to amount to advice on which reliance should be placed.  We therefore disclaim all liability and responsibility arising from any reliance placed on such materials by any visitor to our site, or by anyone who may be informed of any of its contents. 

Our site changes regularly

We aim to update our site regularly, and may change the content at any time. If the need arises, we may suspend access to our site, or close it indefinitely. Any of the material on our site may be out of date at any given time, and we are under no obligation to update such material. 

Our liability

The material displayed on our site is provided without any guarantees, conditions or warranties as to its accuracy. To the extent permitted by law, we, other members of our group of companies and third parties connected to us hereby expressly exclude:

  • All conditions, warranties and other terms which might otherwise be implied by statute, common law or the law of equity.
  •  Any liability for any direct, indirect or consequential loss or damage incurred by any user in connection with our site or in connection with the use, inability to use, or results of the use of our site, any websites linked to it and any materials posted on it, including, without limitation any liability for:
  • loss of income or revenue;
  • loss of business;
  • loss of profits or contracts;
  • loss of anticipated savings;
  • loss of data;
  • loss of goodwill;
  • wasted management or office time; and

for any other loss or damage of any kind, however arising and whether caused by tort (including negligence), breach of contract or otherwise, even if foreseeable, provided that this condition shall not prevent claims for loss of or damage to your tangible property or any other claims for direct financial loss that are not excluded by any of the categories set out above.

This does not affect our liability for death or personal injury arising from our negligence, nor our liability for fraudulent misrepresentation or misrepresentation as to a fundamental matter, nor any other liability which cannot be excluded or limited under applicable law.

Information about you and your visits to our site

We process information about you in accordance with our privacy policy.  By using our site, you consent to such processing and you warrant that all data provided by you is accurate. 

Transactions concluded through our site

Contracts for the supply of [goods OR services OR information] formed through our site or as a result of visits made by you are governed by our terms and conditions of supply.

Uploading material to our site

Whenever you make use of a feature that allows you to upload material to our site, or to make contact with other users of our site, you must comply with the content standards set out in our acceptable use policy.  You warrant that any such contribution does comply with those standards, and you indemnify us for any breach of that warranty.  

Any material you upload to our site will be considered non-confidential and non-proprietary, and we have the right to use, copy, distribute and disclose to third parties any such material for any purpose. We also have the right to disclose your identity to any third party who is claiming that any material posted or uploaded by you to our site constitutes a violation of their intellectual property rights, or of their right to privacy.

We will not be responsible, or liable to any third party, for the content or accuracy of any materials posted by you or any other user of our site.

We have the right to remove any material or posting you make on our site if, in our opinion, such material does not comply with the content standards set out in our acceptable use policy.

Viruses, hacking and other offences

You must not misuse our site by knowingly introducing viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful. You must not attempt to gain unauthorised access to our site, the server on which our site is stored or any server, computer or database connected to our site. You must not attack our site via a denial-of-service attack or a distributed denial-of service attack. 

By breaching this provision, you would commit a criminal offence under the Computer Misuse Act 1990. We will report any such breach to the relevant law enforcement authorities and we will co-operate with those authorities by disclosing your identity to them. In the event of such a breach, your right to use our site will cease immediately.

We will not be liable for any loss or damage caused by a distributed denial-of-service attack, viruses or other technologically harmful material that may infect your computer equipment, computer programs, data or other proprietary material due to your use of our site or to your downloading of any material posted on it, or on any website linked to it.

Linking to our site

You may link to our home page, provided you do so in a way that is fair and legal and does not damage our reputation or take advantage of it, but you must not establish a link in such a way as to suggest any form of association, approval or endorsement on our part where none exists. 

You must not establish a link from any website that is not owned by you. 

Our site must not be framed on any other site, nor may you create a link to any part of our site other than the home page. We reserve the right to withdraw linking permission without notice. The website from which you are linking must comply in all respects with the content standards set out in our acceptable use policy.

If you wish to make any use of material on our site other than that set out above, please address your request to brian+permission[at]reactorbrand.com.

Links from our site

Where our site contains links to other sites and resources provided by third parties, these links are provided for your information only.  We have no control over the contents of those sites or resources, and accept no responsibility for them or for any loss or damage that may arise from your use of them.  

Jurisdiction and applicable law

The English courts will have exclusive jurisdiction over any claim arising from, or related to, a visit to our site although we retain the right to bring proceedings against you for breach of these conditions in your country of residence or any other relevant country.  

These terms of use and any dispute or claim arising out of or in connection with them or their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales.

Variations

We may revise these terms of use at any time by amending this page. You are expected to check this page from time to time to take notice of any changes we made, as they are binding on you. Some of the provisions contained in these terms of use may also be superseded by provisions or notices published elsewhere on our site.

Your concerns

If you have any concerns about material which appears on our site, please contact brian+twu[at]reactorbrand.com.

Thank you for visiting our site.

Privacy Policy

 

Reactor Brand ("We") are committed to protecting and respecting your privacy.

This policy (together with our terms of use and any other documents referred to therein) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.  Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998 (the Act), the data controller is Reactor Brand of 16 Englands Field, Bodenham.

Information we may collect from you

We may collect and process the following data about you:

  • Information that you provide by filling in forms on our site reactorbrand.com (our site). This includes information provided at the time of registering to use our site, subscribing to our service, posting material or requesting further services. We may also ask you for information [when you enter a competition or promotion sponsored by Reactor Brand, and] when you report a problem with our site.
  •  If you contact us, we may keep a record of that correspondence.
  • We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
  • Details of transactions you carry out through our site and of the fulfilment of your orders.
  • Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access.
  • IP addresses

We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration and to report aggregate information to our advertisers. This is statistical data about our users' browsing actions and patterns, and does not identify any individual.

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. For detailed information on the cookies we use and the purposes for which we use them see our Cookie Policy.

Where we store your personal data

The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff maybe engaged in, among other things,  the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted [using SSL technology]. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Uses made of the information

We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To allow you to participate in interactive features of our service, when you choose to do so.
  • To notify you about changes to our service.

We may use your data, but do not permit selected third parties to use your data.

If you are an existing customer, we will only contact you by electronic means (e-mail or SMS) with information about goods and services similar to those which were the subject of a previous sale to you.

If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please contact The Data Protection Compliance Officer who is responsible for ensuring compliance with the Data Protection Act and with this policy. That post is held by (Brian Terry, brian+data[at]reactorbrand.com). Any questions or concerns about the operation of this policy should be referred in the first instance to the Data Protection Compliance Officer.

We do not disclose information about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in SW1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers' wishes by displaying their advertisement to that target audience.

Disclosure of your information

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

We may disclose your personal information to third parties:

  • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
  • If Reactor Brand or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  •  If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or terms and conditions of supply and other agreements; or to protect the rights, property, or safety of Reactor Brand, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise the right at any time by contacting  The Data Protection Compliance Officer who is responsible for ensuring compliance with the Data Protection Act and with this policy.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

Access to information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request may be subject to a fee of £10 to meet our costs in providing you with details of the information we hold about you.

Changes to our privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

Contact

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to brian+data[at]reactorbrand.com

Further information

Here is our GDPR compliance statement

 

Data Protection Policy

 

Policy statement

1.1    Everyone has rights with regard to how their personal information is handled. During the course of our activities we will collect, store and process personal information about our staff, and we recognise the need to treat it in an appropriate and lawful manner.

1.2    The types of information that we may be required to handle include details of current, past and prospective employees, suppliers, customers, [OTHER] and others that we communicate with. The information, which may be held on paper or on a computer or other media, is subject to certain legal safeguards specified in the Data Protection Act 1998 (the Act) and other regulations. The Act imposes restrictions on how we may use that information. 

1.3    This policy does not form part of any employee's contract of employment and it may be amended at any time. Any breach of this policy will be taken seriously and may result in disciplinary action.

2.    Status of the policy

2.1    This policy sets out our rules on data protection and the legal conditions that must be satisfied in relation to the obtaining, handling, processing, storage, transportation and destruction of personal information.

2.2    The Data Protection Compliance Officer is responsible for ensuring compliance with the Act and with this policy. That post is held by (Brian Terry, brian+data[at]reactorbrand.com). Any questions or concerns about the operation of this policy should be referred in the first instance to the Data Protection Compliance Officer.

2.3    If you consider that the policy has not been followed in respect of personal data about yourself or others you should raise the matter with your line manager or the Data Protection Compliance Manager.

3.    Definition of data protection terms

3.1    Data is information which is stored electronically, on a computer, or in certain paper-based filing systems.

3.2    Data subjects for the purpose of this policy include all living individuals about whom we hold personal data. A data subject need not be a UK national or resident. All data subjects have legal rights in relation to their personal data.

3.3    Personal data means data relating to a living individual who can be identified from that data (or from that data and other information in our possession).  Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal).

3.4    Data controllers are the people who or organisations which determine the purposes for which, and the manner in which, any personal data is processed.  They have a responsibility to establish practices and policies in line with the Act. We are the data controller of all personal data used in our business.

3.5    Data users include employees whose work involves using personal data.  Data users have a duty to protect the information they handle by following our data protection and security policies at all times.

3.6    Data processors include any person who processes personal data on behalf of a data controller. Employees of data controllers are excluded from this definition but it could include suppliers which handle personal data on our behalf.

3.7    Processing is any activity that involves use of the data.  It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it.  Processing also includes transferring personal data to third parties.

3.8    Sensitive personal data includes information about a person's racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition or sexual life, or about the commission of, or proceedings for, any offence committed or alleged to have been committed by that person, the disposal of such proceedings or the sentence of any court in such proceedings.  Sensitive personal data can only be processed under strict conditions, and will usually require the express consent of the person concerned.

4.    Data protection principles

Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:

(a)    Processed fairly and lawfully.
(b)    Processed for limited purposes and in an appropriate way.
(c)    Adequate, relevant and not excessive for the purpose.
(d)    Accurate.
(e)    Not kept longer than necessary for the purpose.
(f)     Processed in line with data subjects' rights.
(g)    Secure.
(h)    Not transferred to people or organisations situated in countries without adequate protection.

5.    Fair and lawful processing

5.1    The Act is intended not to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the data subject. The data subject must be told who the data controller is (in this case Brian Terry), who the data controller's representative is (in this case the Data Protection Compliance Officer), the purpose for which the data is to be processed by us, and the identities of anyone to whom the data may be disclosed or transferred.

5.2    For personal data to be processed lawfully, certain conditions have to be met. These may include, among other things, requirements that the data subject has consented to the processing, or that the processing is necessary for the legitimate interest of the data controller or the party to whom the data is disclosed. When sensitive personal data is being processed, more than one condition must be met. In most cases the data subject's explicit consent to the processing of such data will be required.

6.    Processing for limited purposes

Personal data may only be processed for the specific purposes notified to the data subject when the data was first collected or for any other purposes specifically permitted by the Act. This means that personal data must not be collected for one purpose and then used for another. If it becomes necessary to change the purpose for which the data is processed, the data subject must be informed of the new purpose before any processing occurs.

7.    Adequate, relevant and non-excessive processing

Personal data should only be collected to the extent that it is required for the specific purpose notified to the data subject. Any data which is not necessary for that purpose should not be collected in the first place.

8.    Accurate data

Personal data must be accurate and kept up to date. Information which is incorrect or misleading is not accurate and steps should therefore be taken to check the accuracy of any personal data at the point of collection and at regular intervals afterwards. Inaccurate or out-of-date data should be destroyed.

9.    Timely processing

Personal data should not be kept longer than is necessary for the purpose. This means that data should be destroyed or erased from our systems when it is no longer required.

10.    Processing in line with data subject's rights

Data must be processed in line with data subjects' rights. Data subjects have a right to:

(a)    Request access to any data held about them by a data controller.
(b)    Prevent the processing of their data for direct-marketing purposes.
(c)    Ask to have inaccurate data amended.
(d)    Prevent processing that is likely to cause damage or distress to themselves or anyone else.
(e)    Object if your personal data is being processed unlawfully (e.g. if the data are retained for longer than necessary for the purpose for which they were collected)

 If you wish to exercise these rights please email us at brian+data[at]reactorbrand.com.

11.    Data security

11.1    We must ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data, and against the accidental loss of, or damage to, personal data. Data subjects may apply to the courts for compensation if they have suffered damage from such a loss.

11.2    The Act requires us to put in place procedures and technologies to maintain the security of all personal data from the point of collection to the point of destruction. Personal data may only be transferred to a third-party data processor if he agrees to comply with those procedures and policies, or if he puts in place adequate measures himself.

11.3    Maintaining data security means guaranteeing the confidentiality, integrity and availability of the personal data, defined as follows:

(a)    Confidentiality means that only people who are authorised to use the data can access it.

(b)    Integrity means that personal data should be accurate and suitable for the purpose for which it is processed.

(c)    Availability means that authorised users should be able to access the data if they need it for authorised purposes. Personal data should therefore be stored on our central computer system instead of individual PCs

11.4    Security procedures include:

(a)    Entry controls. Any stranger seen in entry-controlled areas should be reported.

(b)    Secure lockable desks and cupboards. Desks and cupboards should be kept locked if they hold confidential information of any kind. (Personal information is always considered confidential.)

(c)    Methods of disposal. Paper documents should be shredded. Floppy disks and CD-ROMs should be physically destroyed when they are no longer required.

(d)    Equipment. Data users should ensure that individual monitors do not show confidential information to passers-by and that they log off from their PC when it is left unattended.

12.    Dealing with subject access requests

A formal request from a data subject for information that we hold about them must be made in writing. A fee is payable by the data subject for provision of this information. Any member of staff who receives a written request should forward it to [their line manager OR the Data Protection Compliance Officer] immediately.

13.    Providing information over the telephone

Any member of staff dealing with telephone enquiries should be careful about disclosing any personal information held by us. In particular they should:

(a)    Check the caller's identity to make sure that information is only given to a person who is entitled to it.
(b)    Suggest that the caller put their request in writing if they are not sure about the caller's identity and where their identity cannot be checked. 
(c)    Refer to [their line manager OR the Data Protection Compliance Officer] for assistance in difficult situations. No-one should be bullied into disclosing personal information.

14.    Monitoring and review of the policy

14.1    This policy is reviewed annually by Brian Terry. Recommendations for any amendments are reported to Brian Terry.

14.2    We will continue to review the effectiveness of this policy to ensure it is achieving its stated objectives.

 

Cookie Policy

 

Reactor Brand ("We", “Our”, “Us”)

INFORMATION ABOUT OUR USE OF COOKIES

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. By continuing to browse the website, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. We use the following cookies:

  • Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  •  Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

Changes to our cookie policy

Any changes we may make to our cookie policy in the future will be posted on this page.

Contact

QUESTIONS, COMMENTS AND REQUESTS REGARDING THIS COOKIE POLICY ARE WELCOMED AND SHOULD BE ADDRESSED TO BRIAN+DATA[AT]REACTORBRAND.COM.

Anti-spam

 

We hate unsolicited commercial e-mail as much as you do. Also known as Spam or junk e-mail, it is a disservice to the Internet community.

We fully endorse and comply with the requirements of the CAN-SPAM Act of 2003 (Controlling the Assault of Non-Solicited Pornography and Marketing Act), and all other applicable unsolicited commercial e-mail laws.

If you subscribe to electronic newsletters or other communications from us or our website, you will always have an option to unsubscribe immediately.

If you have additional questions, comments or concerns, please contact us by sending an e-mail to brian+antispam[at]reactorbrand.com and providing us with information relating to your concern.

You may also mail your concerns to us at the following address:

ReactorBrand.com
16 Englands Field
Bodenham
HR1 3JL

Please note that the content of this page can change without prior notice.

GDPR Compliance Statement

 

Introduction

The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Founded on the fundamentals of privacy by design and a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st Century brings with it broad use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU, affording individuals stronger, more consistent rights to access and control their personal information.

Our Commitment

ReactorBrand (‘we’ or ‘us’ or ‘our’) are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise the requirement and importance of updating and expanding this program to meet the demands of the GDPR and the UK’s Data Protection Bill.

ReactorBrand are dedicated to safeguarding the personal information under our remit and to developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation plans for the GDPR have been summarised in this statement and includes the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

How We are Preparing for the GDPR

ReactorBrand already have a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR by 25th May 2018. Our preparation includes: -

  •  Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
  • Policies & Procedures - implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: -
    • Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
    • Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
    • Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possibility. Our procedures are robust and have been disseminated to all employees, who are aware of the reporting lines and steps to follow. 
    • International Data Transfers & Third-Party Disclosures – where Reactor Brand stores or transfers personal information outside the EU, we have robust procedures and safeguarding measures in place to secure, encrypt and maintain the integrity of the data. Our procedures include a continual review of the countries with sufficient adequacy decisions, as well as provisions for binding corporate rules; standard data protection clauses or approved codes of conduct for those countries without. We carry out strict due diligence checks with all recipients of personal data to assess and verify that they have appropriate safeguards in place to protect the information, ensure enforceable data subject rights and have effective legal remedies for data subjects where applicable.
    • Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 1-month timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
    • Legal Basis for Processing - we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we are also maintaining records of our processing activities, ensuring that our obligations under Article 30 of the GDPR are met.
    • Privacy Notice/Policy – we have revised our Privacy Notice to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
    • Obtaining Consent - we have revised our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
    • Direct Marketing - we have revised the wording and processes for direct marketing, including clear opt-in mechanisms for marketing subscriptions; a clear notice and method for opting out and providing unsubscribe features on all subsequent marketing materials.
    • Data Protection Impact Assessments (DPIA) – where we process personal information that is considered high risk, involves large scale processing or includes special category/criminal conviction data; we have developed stringent procedures and assessment templates for carrying out impact assessments that comply fully with the GDPR’s Article 35 requirements. We have implemented documentation processes that record each assessment, allow us to rate the risk posed by the processing activity and implement mitigating measures to reduce the risk posed to the data subject(s).
    • Processor Agreements – where we use any third-party to process personal information on our behalf (i.e. Payroll, Recruitment, Hosting etc), we have drafted compliant Processor Agreements and due diligence procedures for ensuring that they (as well as we), meet and understand their/our GDPR obligations. These measures include initial and ongoing reviews of the service provided, the necessity of the processing activity, the technical and organisational measures in place and compliance with the GDPR.
    • Special Categories Data - where we obtain and process any special category information, we do so in complete compliance with the Article 9 requirements and have high-level encryptions and protections on all such data. Special category data is only processed where necessary and is only processed where we have first identified the appropriate Article 9(2) basis or the Data Protection Bill Schedule 1 condition. Where we rely on consent for processing, this is explicit and is verified by a signature, with the right to modify or remove consent being clearly signposted.
       

Data Subject Rights

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via our website of an individual’s right to access any personal information that Reactor Brand processes about them and to request information about: -

  • What personal data we hold about them
  • The purposes of the processing
  • The categories of personal data concerned
  • The recipients to whom the personal data has/will be disclosed
  • How long we intend to store your personal data for
  •  If we did not collect the data directly from them, information about the source
  • The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Information Security & Technical and Organisational Measures

ReactorBrand takes the privacy and security of individuals and their personal information very seriously and are taking every reasonable measure and precaution to protect and secure the personal data that we process. We have dedicated information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures, including measures such as SSL, access controls, password policy and encryptions.

GDPR Roles and Employees

Reactor Brand have designated Brian Terry as our Data Protection Officer (DPO)/Appointed Person and have appointed a data privacy team to develop and implement our roadmap for complying with the new data protection Regulation. They are responsible for promoting awareness of the GDPR across the organisation, assessing our GDPR readiness, identifying any gap areas and implementing the new policies, procedures and measures.

We utilise a GDPR checklist designed by our DPO to assess each business activity, function and process and to ensure that we have a company-wide approach to meeting the new standards and requirements.

Reactor Brand understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. We have implemented an employee training program specific to the which will be provided to all employees prior to May 25th, 2018, and forms part of our induction and annual training program.

If you have any questions about our preparation for the GDPR, please contact our DPO.