Privacy Policy

Introduction

This web page has been written to provide you with information about how we are handling or intend to handle personal data. It sets out the basis on which any personal data we collect, create, or otherwise obtain from or about people will be processed by us. Please read it carefully to understand our views and practices regarding personal data and how we will treat it.

Scope

This document concerns personal data we use relating to visitors to our website and to our customers, and prospective customers and suppliers. It does not relate to personal data we use relating to employees – privacy information about employees is contained in our employee handbook.

Data Protection Compliance Management Policy Statement

The Board of Directors and management of Stationery & Office Supplies are committed to compliance with all relevant data protection legislation and will formally delegate appropriate powers and responsibilities to its personnel to ensure that it is fully able to comply with the data protection legislation and our own defined standards in the field of data protection and information governance.  Information about how to contact us is contained on our website.

Data Protection Officer

We have appointed a Data Protection Officer who can be contacted at 21-25 Beechwood Ave., Kingston 5, on +1 (876) 926-5688 or +1 (876) 926-2649 or by emailing Privacy@sosjm.com.

Information We Hold and Use

SOS collects and uses information about customers and prospective customers and suppliers including:

• Name, address, telephone number, email address, job title, records of meetings, communication or other contact, products and services people express an interest in, instructions people give to us and orders they place with us,
• Comments left on our blogs and contact us forms, and feedback you give to us, including by phone, email, post, or when you communicate with us via social media interests and hobbies people tell us about or that we note through public information that we think might be useful to help us build a commercial relationship with them.
• We might collect audio and video recordings if you leave us voice mail messages on our equipment, attend virtual meetings or visit our premises where we use CCTV equipment.
• Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on).
• Information provided to us for payment purposes such as bank account and payment card details;
• Information from other sources such as our retail partners, specialist companies that provide customer information (like credit reference agencies, fraud prevention agencies, claims databases, marketing and research companies) and social media providers as well as information that is publicly available.

Uses of Personal Data

SOS uses personal data for the following purposes:

1. Managing enquiries, sales opportunities and leads, and proactive business development activities. Types of data: names, contact details, notes from conversations.  Lawful basis for processing: our legitimate interests of running a commercial enterprise. Disclosures: SaaS system providers.  Retention: up to 7 years following the end of commercial relationship.
2. Managing relationships with prospective, actual, and former customers and suppliers and others who we think may benefit or be of interest to our business including creating and maintaining customer records and to keep in regular contact with them.  Types of data: names, contact details, notes from conversations.  Lawful basis for processing: our legitimate interests of running a commercial enterprise. Disclosures: SaaS system providers.  Retention: Data is retained for at least 7 years following the end of commercial relationships.
3. Marketing our products and services, obtaining feedback, product development, research and events including the use of direct marketing by email, phone, social media, and traditional mail to raise awareness of products, services, and events that we believe may be of interest to them.  Types of data: names, contact details, communications preferences, products of interest, purchase history.  Lawful basis for processing: marketing is pursuant to our legitimate interests of running a commercial enterprise.  We may only send direct marketing emails on the basis of consent.  Disclosures:  SaaS system providers, mailing fulfilment companies, marketing agencies.  Retention:  up to 7 years following the end of commercial relationship.
4. Managing projects, client instructions, customer relationships, and the delivery of our services including handling consultations and support requests and warranties.   Types of data: names, contact details, communications preferences, products of interest, purchase history.  Lawful basis for processing: our legitimate interests of running a commercial enterprise and for some aspects, fulfilling contracts with our customers.  Disclosures:  SaaS system providers, building, services and utilities subcontractors.  Retention:  up to 7 years following the end of project.
5. Financial management and audit and regulatory requirements including invoicing, chasing debts, making payments etc..  Types of data:  names, contact details, financial details, purchase history, notes from conversations.  Lawful basis for processing: is pursuant to our legitimate interests of running a commercial enterprise and for some aspects, our legal obligations set out in company law and other laws.  Disclosures:  SaaS system providers, credit control and debt collection agencies.  Retention:  7 years following the end of commercial relationship.
6. Managing our website.  Types of data: we collect various items of information from visitors to our website including their IP address, nature of their device and operation system. We may also collect geolocation data derived from their IP address and any information submitted in data collection forms.  We use several cookies on our website for the purpose of improving the performance and functionality of our website and tailoring its content to best suit the interests of our visitors.  Lawful basis for processing: is pursuant to our legitimate interests of running a commercial enterprise.  Disclosures:  SaaS system providers, website development and marketing agencies.  Retention:  up to 2 years.
7. To set up and administer your account. To make available our services to you, process your orders for our products or services and ensure goods and services are delivered to the address specified. To take payment from you or give you a refund.  Types of data:  names, contact details, login history, pages visited.  Lawful basis for processing: is pursuant to our legitimate interests of running a commercial enterprise.  Disclosures:  SaaS system providers.  Retention:  7 years following the end of commercial relationship.
8. To help us understand more about you as a customer, the products and services you consume, and the way you consume them, so we can serve you better.  Types of data:  names, contact details, purchase history, notes from conversations, browsing habits.  Lawful basis for processing: is pursuant to our legitimate interests of running a commercial enterprise.  Disclosures:  SaaS system providers, marketing agencies.  Retention:  7 years following the end of commercial relationship.
9. To help us ensure that our customers are genuine and to prevent fraud and security incidents.  Types of data:  browsing history, IP address, geo-location.  Lawful basis for processing: is pursuant to our legitimate interests of information security.  Disclosures:  SaaS system providers, security agencies.  Retention:  up to 3 years.

International Transfers

We may transfer personal data out of Jamaica.  Whenever we arrange for international transfers of data, we will ensure that arrangements are in place to provide suitable safeguards for the people whose information we transfer. When we appoint overseas data processors, we check that suitable arrangements are in place and permitted mechanisms are in place.

Your Rights

You have certain rights set out in the data protection law including the right to request access to and rectification or erasure of personal data that we hold about you; a right to object to and to a restriction of our processing of your personal data.  Where we process your personal data based on consent, you have the right to withdraw your consent at any time.  You can exercise these rights at any time by contacting our Data Protection Officer as set out above.