Menu
Search
Show prices tax inclusive Show prices tax exclusive
Show prices tax inclusive
Search store Close
Shopping cart Close

You have no items in your shopping cart.

All Categories
    Menu Close

    Privacy Notice

    Onnec Group Privacy Notice

    1. Introduction

    Onnec Group (“we”, “our”, “us”) is committed to protecting your personal information and respecting your privacy rights. This Privacy Notice explains how we collect, use, disclose, transfer, and safeguard your personal information when you interact with us, in accordance with:

    • The UK General Data Protection Regulation (UK GDPR)
    • The Data Protection Act 2018
    • Where applicable, the EU General Data Protection Regulation (EU GDPR)
    • The Privacy and Electronic Communications Regulations 2003 (PECR).

    We are a “Data Controller” in respect of the personal information we collect and process about you. Our appointed Data Protection Officer (DPO) is responsible for overseeing our compliance with data protection laws.

    1. Definitions

    • Personal Data: Any information relating to an identified or identifiable individual (e.g. name, address, email, phone number, identification numbers, location data, online identifiers).
    • Special Category Personal Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health data, genetic data, biometric data (for identification purposes), or data concerning an individual’s sex life or sexual orientation.
    • Processing: Any operation performed on personal data (e.g. collection, storage, use, disclosure, transfer, erasure).
    • Controller: The entity determining the purposes and means of processing personal data.
    • Processor: A third party engaged by us to process personal data on our behalf.

    1. Categories of Personal Data We Collect

    We may collect and process the following categories of personal data:

    • Contact Information: Name, address, email address, phone number.
    • Account Information: Username, password, authentication details.
    • Payment Information: Billing details and financial transaction records (if applicable).
    • Usage Data: Information about how you use our website, portals, and services (e.g. IP address, browser type, device identifiers, log files, cookies, and similar technologies).
    • Business Information: Information you provide when engaging with our services, contracts, or events.
    • Special Category Data: Only collected where strictly necessary and permitted by law (e.g. health and safety information, access requirements).

    1. How We Collect Personal Data

    We collect personal data through the following methods:

    • Direct interactions (e.g. emails, phone calls, forms, customer support).
    • Online forms, registrations, and service portals.
    • Automated technologies (e.g. cookies, analytics, tracking technologies).
    • Third-party providers and partners where lawful and appropriate.

    1. Lawful Basis for Processing

    We process your personal data only when there is a lawful basis under Article 6 UK GDPR, including:

    • Contractual Necessity: To enter into or perform a contract with you.
    • Legal Obligation: To comply with applicable laws and regulatory requirements.
    • Legitimate Interests: For purposes such as service improvement, fraud prevention, and marketing (balanced against your rights).
    • Consent: Where you have explicitly consented (e.g. marketing communications).
    • Vital Interests: To protect your life or that of another individual.

    For special category data, we rely on additional lawful grounds under Article 9 UK GDPR (e.g. explicit consent, employment law obligations, protection of vital interests, establishment/defence of legal claims).

    1. Purposes of Processing

    We use personal data for the following purposes:

    • Service Delivery: To provide, manage, and improve our services and solutions.
    • Customer Support: To respond to enquiries, requests, and provide assistance.
    • Business Operations: To manage accounts, payments, contracts, and business relationships.
    • Marketing & Communications: To send newsletters, service updates, offers, and other communications (with the ability to opt-out).
    • Compliance & Risk Management: To comply with laws, regulations, audits, and ISO/IEC standards.
    • Security & Fraud Prevention: To protect our systems, data, and users from unauthorised access or misuse.

    1. Disclosure of Personal Data

    We may share your personal data under the following conditions:

     

    • Service Providers & Processors: Third-party vendors and partners who provide services (e.g. IT hosting, marketing, analytics). They act only under our instructions and must protect your data.
    • Business Transfers: In the event of a merger, acquisition, or sale of assets.
    • Legal & Regulatory Authorities: Where required to comply with laws, regulations, or legal proceedings.
    • Group Companies: Other Onnec entities within our corporate group, subject to appropriate safeguards.

    1. International Data Transfers

    Where personal data is transferred outside the UK or EEA, we ensure it is protected by appropriate safeguards, such as:

    • The UK International Data Transfer Agreement (IDTA)
    • The EU Standard Contractual Clauses (SCCs) with the UK Addendum
    • Where applicable, reliance on adequacy decisions recognised by the UK Government or European Commission.

    Specific processors used by Onnec include (but are not limited to):

    • HubSpot (USA & Ireland) – CRM and marketing software.
    • Sopro (UK & international) – Marketing services.
    • Intact Software (UK) – ERP and data management.

    1. Data Security

    We apply a layered security model to protect your personal data, including:

    • Technical Measures: Encryption, access controls, firewalls, monitoring, vulnerability scanning.
    • Organisational Measures: Data protection policies, ISO/IEC 27001 certified controls, staff training, audit trails.
    • Physical Measures: Secure facilities, restricted access areas, CCTV.

    In the event of a personal data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours, and affected individuals without undue delay, where legally required.

    1. Data Retention

    We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

    When data is no longer required, we securely delete or anonymise it in accordance with our Data Retention & Disposal Policy.

    Specific retention periods may vary depending on the type of data (e.g. contracts, HR records, financial data) and will be defined in the referenced policy.

    1. Your Data Protection Rights

    Under the UK GDPR, EU GDPR (where applicable), and Data Protection Act 2018, you have the following rights:

    • Right of Access: To obtain confirmation of whether we process your personal data and to access a copy of that data.
    • Right to Rectification: To have inaccurate or incomplete data corrected.
    • Right to Erasure (“Right to be Forgotten”): To request deletion of your personal data, where lawful grounds exist.
    • Right to Restrict Processing: To request restriction of our processing of your personal data in certain circumstances.
    • Right to Data Portability: To receive your personal data in a structured, commonly used, machine-readable format and to transfer it to another controller where feasible.
    • Right to Object: To object at any time to processing carried out on the basis of legitimate interests or for direct marketing purposes.
      • You have the right to object at any time to the processing of your personal data for direct marketing purposes. If you exercise this right, we will stop processing your data for such purposes without delay.
    • Rights in Relation to Automated Decision-Making and Profiling: To not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects.

    To exercise any of these rights, please contact us at: compliance@onnecgroup.com.
    We may need to verify your identity before fulfilling your request.

    You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you are dissatisfied with our response.

    1. Cookies and Tracking Technologies

    We use cookies and similar technologies to enhance user experience, analyse website traffic, and support our marketing and analytics activities.

    • Essential Cookies: Required for the operation of our website.
    • Performance & Analytics Cookies: To understand how visitors use our services.
    • Functionality Cookies: To remember user preferences and settings.
    • Targeting/Advertising Cookies: To deliver relevant marketing communications.

     

    You will be presented with a cookie consent banner when you first visit our website. You can manage your preferences or withdraw consent at any time via the cookie management tool, or by adjusting your browser settings.

    1. Digital Marketing & Analytics Providers

    We may use carefully selected third-party service providers for marketing and analytics, including:

    • Sopro – Digital marketing services (ICO Registration: ZA346877).
    • Intact Software (UK) Ltd – ERP and data management solutions.
    • HubSpot – CRM, analytics, and marketing software (data may be transferred to the USA under SCCs/UK Addendum safeguards).

    The legal basis for such processing is our legitimate interest in promoting our services, unless consent is required under PECR, in which case we will obtain consent before sending you direct marketing.

    You may opt out of marketing communications at any time by using the unsubscribe link in emails or by contacting us.

    1. International Data Transfers (Marketing & Analytics)

    Where marketing and analytics providers transfer your personal data outside the UK/EEA, we ensure lawful safeguards are in place:

    • Adequacy Decisions (where applicable).
    • Standard Contractual Clauses (SCCs) with UK Addendum.
    • UK International Data Transfer Agreement (IDTA).

    We regularly review our suppliers to ensure continued compliance with these transfer mechanisms.

    1. Changes to this Privacy Notice

    We may update this Privacy Notice from time to time in response to legal, technical, or business developments.

    When changes are made:

    • The “Last Updated” date will be amended.
    • Significant changes will be communicated via our website and, where appropriate, directly to you.

     

    This Privacy Notice is formally reviewed at least annually.

    1. Contact Information

    If you have any questions, concerns, or wish to exercise your rights in relation to this Privacy Notice, please contact:

    Andrew Janes

    Data Protection Officer
    Onnec Group
    2nd Floor, Farringdon Point, 33 Farringdon Rd, London EC1M 3JF
    Email: compliance@onnecgroup.com

     

    You also have the right to raise concerns with the Information Commissioner’s Office (ICO):
    Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
    www.ico.org.uk

    If you are based in the European Economic Area (EEA), you also have the right to lodge a complaint with your local Data Protection Authority (DPA) in addition to, or instead of, contacting the ICO.

    Information
    My Account
    Customer service
    Payment options
    Powered by nopCommerce
    Designed by Nop-Templates.com
    Copyright © 2025 Onnec Ireland Ltd. All rights reserved.