Privacy Policy
1. Introduction
DS Smith recognises the importance of transparent and responsible use of your personal information and is committed to protecting your personal information. This Privacy Policy (“Policy”) explains how DS Smith handles your personal information when you get in touch with us as a customer, prospect, supplier, partner, business contact, participant of our event, user of any of our websites, subscriber of our marketing communications or someone else getting in touch with us.
DS Smith (“we”, “us”, “our”) refers to DS Smith Plc with its registered office at 1 Paddington Square, London, United Kingdom, W2 1DL and its subsidiaries and affiliates. You can also contact us by email at data.protection@dssmith.com.
DS Smith may collect personal information from you as part of our business activities including through your use of our websites, when you contact or request information from us, request a quote, buy from us, sell to us, engage our services, provide services to us, attend our events, subscribe to our marketing communications or as a result of your engagement with us.
The following are the categories of personal information that we collect from you:
- Basic information and contact details such as your full name and title, the company you work for, your title or position, address, telephone numbers and e-mail address;
- (estimated) seniority, buying motivation and influence on buying decisions of key contact persons;
- if you create an online account - your username, password;
- Financial information, such as bank account details and other payment details;
- Technical information collected through cookies and other tracking technologies, such as information from your visits to our websites or digital platforms, browsing and device usage information, or in relation to electronic materials and marketing communications we send to you;
- Information you provide to us for the purposes of attending our events or visiting our sites, including access and dietary requirements;
- your marketing preferences (subject to receiving your express consent where required by applicable law);
- any personal information contained in your request, enquiry or comment; and
- Any other personal information which you may provide to us.
We place great importance on the responsible collection of personal information, which we may collect directly and indirectly.
We will collect personal information from you directly when you:
- contact us or make an enquiry or request a quote;
- fill a form on any of our websites;
- register on any of our websites or digital platforms;
- wish to attend or have attended any of our events;
- wish to visit or have visited any of our sites or offices;
- subscribe to our electronic materials and marketing communications;
- make a tender or pitch your business to us;
- represent your company in dealing with us as a customer or supplier;
- use or visit our websites or digital platforms;
- interact with us directly.
As part of our operations, we may obtain personal information indirectly from various sources, such as from trusted third-party service providers, public authorities, regulators or law enforcement bodies. Where you have made your contact information available on your organisation's website, we may utilise this information to contact you. In situations where we enter into a contractual arrangement, your personal information may be furnished in a secure and confidential manner. We may also access publicly available sources, such as LinkedIn, as well as gather information from other third-party sources following all applicable legal requirements.
DS Smith may use your personal information for purposes described in this Policy or communicated to you. We may use information about you for the following purposes:
- to respond and/or deal with your request or enquiry;
- for internal record-keeping;
- to contact you (directly, either by the Company or any of its affiliates, or through a partner or agent) by e-mail or phone for the above reasons;
- subject to your consent where required under applicable laws, to carry out direct marketing and/or e-mail marketing that you have subscribed to or requested;
- where necessary as part of any restructuring of the Company, or sale of any business or assets of the Group;
- to perform any contract the Group has with you;
- to maintain and improve our websites;
- to control access to our premises and for security purposes;
- for legal, regulatory, governance and risk management purposes, including establishing, exercising or defending our legal rights, complying with legal and regulatory obligations; and
- to communicate with you and to keep you updated on relevant information or announcements.
We use cookies and similar technologies from third parties for various purposes, including analytics, marketing, and improving website functionality. These technologies allow us to analyse site usage, optimise our services, and conduct marketing activities such as retargeting, which enables us to show relevant ads to users who have previously visited our site as they browse other websites. These services may connect data to your browser or device. Please read our cookies policy here.
You can opt out of personalized advertising by adjusting your settings on these platforms, using your browser's cookie settings, or installing the Google Analytics Opt-out Browser Add-on available here.
Your data may be accessed and/or deleted via Google's my activity page . If you choose to opt out, you may not be able to use the full functionality of this website.
The legal basis on which we may rely to process your personal information include:
- On some occasions, we process your personal information with your consent (for example, when you agree that we may place cookies or process information that you input into our website e.g forms, surveys).
- On other occasions, we process your personal information when we need to do this to fulfil a contract with you (for example, for billing purposes) or where we are required to do this by law (for example, to comply with governmental record-keeping obligations).
- We also process your personal information when it is in our legitimate interests to do so and when these interests are not overridden by your data protection rights (including, for example, when we share personal information with our affiliates).
- We may also process your personal information to comply with a legal or regulatory obligation.
DS Smith is a multinational business comprising various subsidiaries spread across different countries. Consequently, your personal information may be shared with or processed by one or more entities within DS Smith.
Your personal information may also be made available to third parties such as:
- suppliers, service providers such as auditors and professional advisers;
- telecommunication, IT hosting and IT maintenance providers;
- insurers and financial managers;
These third parties may use information about you to perform their functions on our behalf. The Company has put in place various security and data privacy measures, including with such third parties, in order to protect your personal information.
We may disclose specific information upon lawful request by government authorities, law enforcement and regulatory authorities, where required or permitted by law, and for tax or other purposes. Personal information may also be released to third parties in response to legal processes, and when required to comply with laws, or to enforce our agreements, corporate policies, and terms of use, or to protect the rights, property or safety of the Group, our employees, agents, customers, and others, as well as to parties to whom you authorise us to release your personal information.
We will not sell your personal information to any third party.
Some transfers of personal information have been explained above. Individuals within the European Economic Area (“EEA”) should be aware that recipients of their personal information, within the Group or third parties (as set out in this notice), may not be located within the EEA but instead located in countries which may not have equivalent protection for personal information to that within the EEA. In that case, steps will be taken to protect your personal information in compliance with applicable law. For example, data will be adequately protected by standard contractual clauses, an appropriate Data Privacy Framework certification or a vendor's Processor Binding Corporate Rules.
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected. The retention of your personal information by us will be in accordance with our retention policy and applicable data protection legislation. We will securely destroy or erase your personal information at the end of the applicable retention period.
Some of the personal information that we maintain will be kept in paper files, while other personal information will be included in computerised files and electronic databases.
We have put appropriate technical and organisational measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
You have a range of rights over your personal information. You can:
- request access: you have the right to ask us for a copy of the personal information we hold about you;
- request rectification: you can ask us to rectify your personal information you think is inaccurate or to complete your personal information you think is incomplete;
- object to processing: you have the right to object to the processing of your personal information in certain circumstances including opting out of direct marketing;
- Restrict processing: you have the right to ask us to limit the way we use your personal information;
- request erasure: you have the right to ask us to erase your personal information in certain circumstances;
- request your personal information to be ported: you have the right to ask that we send you or another entity the personal information we hold on you;
- lodge a complaint with your local data protection supervisory authority if you feel your rights have been infringed.
You may only exercise some of the rights above in limited circumstances, determined by the legal basis for collecting your personal data.
Please contact us at data.privacy@dssmith.com if you would like to exercise any of your privacy rights.
We update this Privacy Policy regularly to reflect changes in the way we process your personal information. Please check our website regularly for any updates.
July 2024