- Maintenance tips & tricks
- 4-season garden care advice
- News from the gardening world
- Innovations & new product launches
Ask the Experts on 0800 669 6325 Mon - Fri 9am-5pm - Sat 10am-4pm or Contact Us
Ask the Experts on 0800 669 6325 Mon - Fri 9am-5pm - Sat 10am-4pm or Contact Us
INFORMATION NOTICE
pursuant to Article 13 of Regulation (EU) 2016/679
General Data Protection Regulation
By means of this information notice (“Notice”), the Data Controller, as defined below, wish to inform You on the purposes and methods of the processing of Your personal data and on the rights that Regulation (UE) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“GDPR”) entrust You.
1. Who is the Data Controller
The data controller is STIGA Ltd (“Stiga” or the “Data Controller”), with registered office in Unit 8 Bluewater Estate, Bell Close, Plympton, Devon, PL7 4JH. You can contact us at customerservices@mountfieldlawnmowers.co.uk.
Stiga Ltd is a company part of the Group Stiga which appointed a Data Protection Officer (“DPO”), that You may contact for the exercise of Your rights, as well as for asking any further information, at the following addresses: STIGA S.p.A, DPO office, e-mail: dpo@stiga.com.
2. Which personal data we process
Pursuant to a specific request by you, and for the purposes outlined in article 3 of this Notice, the Data Controller processes the following personal data:
The processing of your personal data is necessary for the recruitment process, including, but not limited to, the review of your CV and the set-up of interviews, aimed to the possible establishment of a working relationship.
3. Purposes of processing and legal basis
The legal basis for the processing of your data is, therefore, taking steps at the request of the data subject before entering into a contract, according to Article 6, first paragraph, letter b), of the GDPR; therefore, your consent is not necessary to allow the processing.
As far as your health data is concerned, the legal basis for their processing is your consent.
4. Nature of the personal data processing and consequences of a refusal
The processing of your data, also regarding your health, is a mandatory requirement for the recruitment process. Therefore, your refusal to provide such personal data will result in the impossibility for the Data Controller to manage the same.
5. Data Retention
The Data Controller will process your personal information, for the purposes indicated above, for as long as it is necessary for the management of the recruitment process. Your CV will be stored by Stiga for three years following receipt, and it will be deleted thereafter.
6. Methods by which your personal data will be processed
Your personal data will be processed, according to the provisions of the GDPR, using paper, computerized and telematic tools, for the purposes indicated above and with adequate methods to guarantee their security and confidentiality in accordance to Article 32 of the GDPR.
7. To which subjects your personal data may be communicated and who may get to know them
For the purposes described in paragraph 3 above, your personal data will be disclosed to employees, external consultants and, in general, Stiga’s personnel, who will act as a person authorized to the processing of personal data, specifically appointed as internal delegates.
In addition, Your personal data will be processed by the following third parties:
The above subjects shall act, in some cases, as autonomous data controller, in other cases as data processors specifically appointed by the Data Controller according to Article 28 of the GDPR. You may request a list of our data processors at the contact details indicated at article 1 above.
Your personal data will not be disclosed to the public.
8. Your rights as a data subject
Managing Your Information - Right of access
Article 15 of the GDPR: the right to obtain from the data controller confirmation as to whether your personal data is being processed, and, where that is the case, access to the personal data and the following information (also by receiving a copy of the same):
Rectification of Inaccurate or Incomplete Information - Right of rectification
Article 16 of the GDPR: the right to obtain, without undue delay, the rectification of inaccurate personal data or the integration of the same;
Erasure - Right to erasure
Article of the 17 GDPR: the right to obtain from the controller the erasure of Your personal data without undue delay, if:
If you no longer want us to use your information, you can request that we erase your personal data. Please note that if you request the erasure of your personal data, we may retain and use your personal data to the extent necessary to comply with our legal obligations or for the performance of a duty carried out in the public interest or the exercise of official authority vested in the Data Controller, or for the establishment, exercise or defence of legal claims. For example, we may keep some of your information for tax, legal reporting and auditing obligations.
Restriction of processing - Right to restriction on processing
Article 18 of the GDPR: the right to obtain from the controller restriction of processing if:
Data Access and Portability - Right of portability
Article 20 of the GDPR: the right to receive, in a structured format, commonly used and readable by an automatic device the personal data concerning yourself provided to the Data Controller and the right to transmit the same to another data controller without impediment, if the processing is based on consent and is made by automated means. Furthermore, the right to obtain that your personal data is transmitted directly from the Data Controller to another data controller if this is technically feasible.
Complaints
File a complaint to the competent data protection authority by sending a notice to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF or to the Data Protection Supervisory Authority of your habitual residence, place of work or place of the alleged infringement.
The above rights may be exercised by contacting the Data Controller and the DPO at the contact details indicated in previous article 1. Please note that we may ask you to verify your identity before taking further action on your request.