Back to Start Page
This Website Privacy Notice ("Notice") describes to those individuals that interact with Draken, either through the website or otherwise, how and why Draken processes their personal data and what rights they have in relation to their personal data.
A. What is this notice and why should you read it?
a. This Notice explains how and why Draken uses personal data about those individuals who purchase goods or services from us, supply goods or services to us, visit our websites (collectively the “Website”), or otherwise communicate or engage with us (referred to as “you”).
b. You should read this Notice, so that you know what we are doing with your personal data. Please also read any other privacy notices that we give you, that might apply to our use of your personal data in specific circumstances in the future.
B. Draken’s data protection responsibilities
a. “Personal data” is any information that relates to an identifiable natural person. Your name, address and contact details are all examples of your personal data, if they identify you.
b. The term “process” means any activity relating to personal data, including, by way of example, collection, storage, use, consultation and transmission.
c. Draken is a so-called "controller" of your personal data. This means that we make decisions about how and why we process your personal data and, because of this, we are responsible for making sure it is used in accordance with data protection laws.
C. What types of personal data do we collect and where do we get it from?
a. We collect different types of personal data about you when you visit our Website, purchase something from us or otherwise communicate or engage with us. We also obtain some personal data from other sources and create some personal data ourselves.
b. If any of the personal information you have given to us changes, such as your contact details, please inform us without delay.
c. We collect your personal information from various sources. The different types of personal information that we collect and the sources we collect it from, can be reviewed in more detail in Schedule 1.
D. What do we do with your personal data and why?
a. We process your personal data for particular purposes in connection with your use of Website, the provision of services or goods from us to you, your communication or other engagement with us and the management and administration of our business.
b. We are required by law to always have a so-called “lawful basis” (i.e. a reason or justification) for processing your personal data. The purposes for which we process your personal data and the relevant lawful basis on which we rely for that processing, can be reviewed in more detail in Schedule 2.
c. Please note that where our processing of your personal data is either:
i. necessary for us to comply with a legal obligation;
Or ii. necessary for us to take steps, at your request, to potentially enter into a contract with you, or to perform it, and you choose not to provide the relevant personal data to us, we may not be able to enter into or continue our contract or engagement with you.
d. We may also convert your personal data into statistical or aggregated form to better protect your privacy, or so that you are not identified or identifiable from it. Anonymised data cannot be linked back to you. We may use it to conduct research and analysis, including to produce statistical research and reports. For example, to help us understand and improve the use of our Website.
E. Sensitive Information and Supplier data
a. Except in relation to certain suppliers, we do not process ‘special categories of personal data’ and/or sensitive personal data (together, “Sensitive Information” – as set out in Schedule 1). This refers to sensitive or special categories of personal data which we are required to process with more care, according to applicable laws.
b. In addition to the processing activities described above, for certain suppliers, we may conduct background checks for identity, fraud protection and money laundering purposes. Some of these checks may include the processing of personal data related to supplier directors or senior officers. These checks will either be conducted on the lawful basis of it being necessary to comply with a legal requirement or (where no such legal requirement exists), it being necessary for our legitimate business interests.
c. Where the processing of supplier data does include the processing Sensitive Personal Data, this will either be only on the lawful basis of having obtained explicit consent or that it is necessary to establish, exercise or defend a legal claim.
F. Who do we share your personal data with, and why?
a. Sometimes we need to disclose your personal data to other people.
b. We are part of Draken group, which includes a number of companies and operations globally. Therefore, we will need to share your personal data with other companies for our general business management purposes and, in some cases, to meet our customer needs where providing services across branches/locations and/or for authorisations/approvals with relevant decision makers, reporting and where systems and services are provided on a shared basis.
c. Access rights between members of the Draken group are limited and granted only on a need to know basis, depending on job functions and roles.
d. Where any Draken group companies process your personal data on our behalf (as our processor), we will make sure that they have appropriate security standards in place to make sure your personal data is protected.
e. From time to time we may ask third parties to carry out certain business functions for us, such as the administration of our Website and IT support. These third parties will process your personal data on our behalf (as our processor). We will disclose your personal data to these parties so that they can perform those functions. Before we disclose your personal data to these third parties, we will seek to ensure that they have appropriate security standards in place to protect your personal data. Examples of these third party service providers include our outsourced IT systems software and maintenance, back up, and server hosting providers.
f. In certain circumstances, we will also disclose your personal data to third parties who will receive it as controllers of your personal data in their own right for the purposes set out above, where the relevant disclosure is in relation to:
i. services provided to you or us by a third party acting independently to Draken but which has a relationship with Draken, for example certain payment fraud checking services;
ii. the purchase or sale of our business (or part of it) in connection with a share or asset sale, for which we may disclose or transfer your personal data to the prospective seller or buyer and their advisors;
and iii. the disclosure of your personal data in order to comply with a legal obligation, to enforce a contract or to protect the rights, property or safety of our employees, customers or others.
g. We have set out below a list of the categories of recipients with whom we are likely to share your personal data:
i. IT support, Website and data hosting providers and administrators;
ii. payment processors in relation to purchases you make with us;
iii. consultants and professional advisors including legal advisors and accountants;
iv. courts, court-appointed persons/entities, receivers and liquidators;
v. business partners and joint ventures;
and vii. governmental departments, statutory and regulatory bodies including (in the UK) the Department for Work & Pensions, Information Commissioner’s Office, the police and Her Majesty’s Revenue and Customs.
B. Where in the world is your personal data transferred to?
a. As part of a global organisation, Draken may transfer your personal data to recipients (either internally or externally, as set out above) that are established in jurisdictions other than your own. Please be aware that the data protection laws in some jurisdictions may not provide the same level of protection to your personal data as is provided to it under the laws in your jurisdiction.
b. If any disclosures of personal data referred to above require your personal data to be transferred from within to outside the European Economic Area, we will only make that transfer if:
i. the country to which the personal data is to be transferred ensures an adequate level of protection for personal data;
ii. we have put in place appropriate safeguards to protect your personal data, such as an appropriate contract with the recipient;
iii. the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you;
or iv. you explicitly consent to the transfer.
C. How do we keep your personal data secure?
a. We will take specific steps (as required by applicable data protection laws) to ensure we take appropriate security measures to protect your personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
D. How long do we keep your personal data for?
a. We will only retain your personal data for a limited period of time and for no longer than is necessary for the purposes for which we are processing it for. This will depend on a number of factors, including:
i. any laws or regulations that we are required to follow;
ii. whether we are in a legal or other type of dispute with each other or any third party;
iii. the type of information that we hold about you;
and iv. whether we are asked by you or a regulatory authority to keep your personal data for a valid reason.
E. How do we communicate with you?
a. We will use your personal data to communicate with you:
i. in relation to any purchases you make with us;
ii. to administer our relationship with you;
iii. to respond to any questions or complaints that you may have;
and iv. to invite you to take part in market research or request feedback on our products and services.
b. From time to time and with your opt-in consent (if required), we will provide you with information about our products, services, promotions and/or offers which may be of interest to you. Such communications will be sent either by email, text, post or telephone.
c. If you do not wish to receive such communications, you can refuse to give your consent (where your consent is required) or opt-out at any time by either following the instructions within the communication or by contacting us using the details below.
a. Find out about cookies here.
G. What are your rights in relation to your personal data and how can you exercise them?
a. Where our processing of your personal data is based on your consent (please see the tables above), you have the right to withdraw your consent at any time. If you do decide to withdraw your consent we will stop processing your personal data for that purpose, unless there is another lawful basis we can rely on – in which case, we will let you know.
b. Where our processing of your personal data is based on the legitimate interests (please see the tables above), you can object to this processing at any time. If you do this, we will need to show either a compelling reason why our processing should continue, which overrides your interests, rights and freedoms or that the processing is necessary for us to establish, exercise or defend a legal claim.
c. Where we are processing your personal data for direct marketing purposes, you have the right to object to that processing.
d. You have the right to (subject to applicable laws and certain limitations):
i. access your personal data and to be provided with certain information in relation to it, such as the purpose for which it is processed, the persons to whom it is disclosed and the period for which it will be stored;
ii. require us to correct any inaccuracies in your personal data without undue delay;
iii. require us to erase your personal data;
iv. require us to restrict processing of your personal data;
v. receive the personal data which you have provided to us, in a machine readable format, where we are processing it on the basis of your consent or because it is necessary for your contract with us (please see the tables above) and where the processing is automated;
and vi. object to a decision that we make which is based solely on automated processing of your personal data (however, we do not currently conduct any such decision making).
e. You also have the right to lodge a complaint with the relevant Supervisory Authority (which is the Information Commissioner’s Office in the UK, for example).
H. Updates to this Notice
a. We may update this notice from time to time to reflect changes to the type of personal data that we process and/or the way in which it is processed. In the event of a material change which affects the processing of your personal data, we will notify you. We also encourage you to check this notice on a regular basis.
I. Where can you find out more?
a. If you want more information about any of the subjects covered in this privacy notice or if you would like to discuss any issues or concerns with us, you can contact us: using this form.