Privacy Policy
Last updated: April 2024
AIS Group – Privacy Policy
Introduction
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information about who we are and how and why we collect, store, use and share your personal data, when you or your organisation engage with us for the provision of services, or where you browse one of our websites. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
Who are we?
When we say ‘we’ or ‘us’ in this policy, we are referring to the companies that make up the AIS Group (the Group). The companies that currently make up the Group are:
Associated Independent Stores Limited (‘AIS’_) whose registered address is Cranmore Park Cranmore Avenue, Shirley, Solihull, West Midlands, B90 4LF
Cenpac (AIS) Ltd (‘Cenpac’) whose registered address is Cranmore Park Cranmore Avenue, Shirley, Solihull, West Midlands, B90 4LF
AIS Property Ltd (‘AIS Property’) whose registered address is Cranmore Park Cranmore Avenue, Shirley, Solihull, West Midlands, B90 4LF
Cranmore Park Ltd (‘Cranmore Park’) whose registered address is Cranmore Park Cranmore Avenue, Shirley, Solihull, West Midlands, B90 4LF
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit
Key Terms
The following key terms and references used in this policy:
Data subject | The individual who the personal data relates to, for the purposes of this policy can be Member, representatives of Members, Suppliers, Event Organisers, Tenants or Users. |
Event Attendee | Individual or corporate entity attending an INDX trade show or another event organised and/or hosted by either AIS or Cranmore Park.
|
Member | Individual or corporate entity (including sole traders) in business as an independent retailer who has engaged us to leverage from our buying power and our network of Suppliers, that interacts with either AIS or Cenpac.
|
Personal data | Any information relating to an identified or identifiable individual |
Supplier | Individual or corporate entity supplying us and our network of Members with products and services, that interacts with either AIS, Cenpac or Cranmore Park.
|
Tenant | Individual or corporate entity to whom AIS Property leases property.
|
User | Individual user or browser of our website(s):
|
You, your | Data subject who this policy applies to. |
Personal data we collect about you
We may collect a variety of information about you depending on what the status of our relationship with you is. We have summarised the different kinds of personal data collected for each of the categories of Data Subject that this policy applies to:
1) Members or Representatives of Members:
Identity Data: includes full name, job title, organisation, username.
Contact Data: includes email address, billing address and delivery address, telephone number and online presence.
Financial Data: includes bank account and payment card details.
Marketing Data: includes preferences in receiving marketing communications from us or third parties.
Profile Data: image, feedback, your contact history, your username and password, purchases or orders made by you.
Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
Usage Data: information about how you use our services, our website, IT, communication and other systems.
2) Suppliers and representatives of Supplier:
Identity Data: includes full name, job title, username.
Contact Data: includes email address, billing address and delivery address, telephone number and online presence.
Profile Data: image, feedback, your contact history.
Financial Data: includes bank account information.
Profile Data: image, feedback, your contact history, contact history, username and password, purchases or orders made by you.
Marketing Data: includes preferences in receiving marketing communications from us or third parties.
Transaction Data: includes details about payments to and from you to our Members.
3) Event Attendees:
Identity Data: includes full name, job title.
Contact Data: includes email address and telephone number, online presence.
Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us..
Marketing Data: includes preferences in receiving marketing communications from us or third parties.
Profile Data: image, feedback, your contact history, contact history, username and password, purchases or orders made by you
4) Tenants:
Identity Data: includes full name, job title.
Contact Data: includes email address and telephone number, online presence.
Marketing Data: includes preferences in receiving marketing communications from us or third parties.
Profile Data: image, feedback, your contact history, your username and password, purchases or orders made by you.
Transaction Data: includes details about payments to and from you and other details of products and services you have purchased from us.
5) Users:
Technical Data: includes your computer’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, the device type, operating system, unique device identifiers, device settings, and geo-location data.
Usage Data: information about how you use our services, our website, IT, communication and other systems.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
We do not collect any “Special Categories” of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
We collect and use this personal data for the purposes described in the section ‘How and why we use your personal data’ below. If you do not provide personal data we ask for, it may delay or prevent us from providing services to your organisation, or engaging you or your organisation to provide services to us.
How your personal data is collected
We collect some of this personal data directly from you in person for example at one of our events, by telephone, email and/or via our website. However, we may also collect information:
from publicly accessible sources, eg Companies House LinkedIn and other publicly accessible websites;
from third parties such as lead generation companies.
from cookies on our website—for more information on our use of cookies, please see our cookie policy: Aistores.co.uk
How and why we use your personal data
Under data protection law, we can only use your personal data if we have a lawful basis eg:
for our legitimate interests or those of a third party.
where you have given consent;
to comply with our legal and regulatory obligations; or
for the performance of a contract with you or to take steps at your request before entering into a contract. or
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal data for and why.
What we use your personal data for | Lawful basis | Type of data |
Providing services to you as a Member or a Tenant, or to the organisation that you represent as a Member or a Tenant. | To perform our contract with you or to take steps at your request before entering into a contract. For our legitimate interest, i.e. to carry out our services. | Identity Contact Financial Profile Marketing Transaction |
Engaging you as a Supplier or the organisation you represent as a Supplier to provide services to us or to our Members or Tenants | To perform our contract with you or to take steps at your request before entering into a contract
For our legitimate interest, i.e. to provide our services to Members | Identity Contact Financial Profile Marketing Transaction |
Providing our event services to you as an Event Attendee | To perform our contract with you or to take steps at your request before entering into a contract For our legitimate interest, i.e. to provide our event services | Identity Contact Financial Marketing Profile |
Carrying out marketing of our services to Members, Event Attendees and Suppliers | Where you have provided us with your consent For our legitimate interest, i.e. to develop and grow our business | Identity Contact Marketing |
Preventing and detecting fraud against you or us | For our legitimate interest, ie to minimise fraud that could be damaging for you and/or us | Identity Contact Financial |
To enforce legal rights or defend or undertake legal proceedings, or to provide information required relating to audits, enquiries or investigations by regulatory bodies. | To comply with our legal and regulatory obligations; For our legitimate interests, ie to protect our business, interests and rights to comply with our legal and regulatory obligations | Identity Contact Profile Financial |
Operational reasons, such as improving efficiency, training quality control and security of our website. | For our legitimate interests , ie to be as efficient as we can so we can deliver the best service to you at the best price | Identity Contact Technical Usage
|
Statistical analysis to help us manage our business | For our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you at the best price | Technical Usage |
Marketing
We will use your personal data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services or to send your our newsletter.
We may need your consent to send you marketing information, in which case we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by using the ‘unsubscribe’ link in emails or by emailing membership@aistores.co.uk We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our websites may become inaccessible or not function properly. For more information about the cookies we use, please see the cookie policies embedded within our various websites.
Who we share your personal data with
We routinely share personal data with:
other members of our Group so that we can provide you with a high quality, personalised and tailored service (including relevant marketing) across our Group;
third parties we use to help deliver our services, eg payment service providers and delivery companies;
other third parties we use to help us run our business, eg marketing agencies or website hosts and IT and systems administrators, event management portal;
third parties approved by you, eg social media sites you choose to link your account to or third party payment providers;
our bank.
We only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data.
We or the third parties mentioned above occasionally also share personal data with:
our external auditors, eg in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations;
our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;
law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations;
other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations.
Where your personal data is held
Personal data may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above.
How long your personal data will be kept
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Please contact us: dataprotection@aistores.co.uk if you want further information about how long we will retain your personal data.
Transferring your personal data out of the UK or the EEA
We may share your personal data with external third parties based outside the UK.
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data; or
Where we use certain service providers, we may use specific contracts approved for use in the UK which give personal data the same protection it has in the UK.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Your rights
You have the following rights, which you can exercise free of charge:
Access | The right to be provided with a copy of your personal data |
Rectification | The right to require us to correct any mistakes in your personal data |
Erasure (also known as the right to be forgotten) | The right to require us to delete your personal data—in certain situations |
Restriction of processing | The right to require us to restrict processing of your personal data in certain circumstances, eg if you contest the accuracy of the data |
Data portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
To object | The right to object: —at any time to your personal data being processed for direct marketing (including profiling); —in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims |
Not to be subject to automated individual decision making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
The right to withdraw consents | If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn |
For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below).
How to contact us
If you have any questions about this policy or would like to exercise any of your rights, please:
provide enough information to identify yourself and any additional identity information we may reasonably request from you; and
let us know what right you want to exercise and the information to which your request relates.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data. We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with the Information Commissioner, who may be contacted using the details at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.
This policy was last updated in February 2024. If we make changes to it, then we will take appropriate steps to bring those changes to your attention.