Neras Tech Cold Chain Solutions (“we,” “our,” “us”) are the Data Controller for the purposes of the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulation (“GDPR”) (law as of 25 May 2018) in respect of the personal information which we hold about you.
At Neras Tech, we are committed to protecting and respecting your privacy.
This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time, so please check this page occasionally to ensure that you’re happy with any changes and for us to continue to hold your data on file. By using our website, you agree to be bound by this Policy.
Any questions regarding this policy and our privacy practices should be sent by email to marketing@nerastech.com or by writing to Neras Tech Cold Chain Solutions, [Insert Address]. Alternatively, you can telephone (+44 0) [Insert Number].
Neras Tech Cold Chain Solutions
We are Neras Tech Cold Chain Solutions, a leading provider of advanced cold chain solutions. We help businesses ensure temperature compliance, protect assets, and optimize energy management. Neras Tech is a registered company with [Insert Registration Number]. The registered address for our operations is [Insert Address].
How We Collect Your Information?
We obtain information about you when you use our website, for example, when you contact us about our cold chain solutions, sign up for our client or support services, or register for updates on our products and services.
What Type of Information Do We Collect?
The personal information we collect may include your name, address, email address, IP address, and information regarding what pages are accessed and when.
How is Your Information Used?
We may use your information to:
- Notify you of changes to our cold chain solutions and services
- Send you communications that may be of interest, such as product updates, Neras Tech news, or event information.
- Request your feedback on the services we provide
We review our retention periods for personal information on a regular basis. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any applicable contract, you hold with us.
Who has Access to your Information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Your Choices
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our products and service updates, Neras Tech news, or event information, then you can select your preferences by ticking the relevant boxes situated on the form through which we collect your data.
We will not contact you for marketing purposes by email, phone, or text message unless you have given your prior consent. You can change your marketing preferences at any time by contacting us via email: marketing@nerastech.com or telephone on +44 (0) 141 810 2828. If you are already on our mailing list and would like to be removed, please select the unsubscribe link at the bottom of an email that you receive from us.
How you can Access and Update your Information
The accuracy of your information is important to us. We’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or any of the other information we hold is inaccurate, or out of date, please email us at marketing@nerastech.com or by writing to Neras Tech, 80 Johnstone Avenue, Hillington Industrial Estate, Glasgow, UK, G52 4NZ. Alternatively, you can telephone +44 (0) 141 810 2828.
You have the right to ask for a copy of the information Neras Tech holds about you; please make your request by contacting us using any of the contact information provided within this policy.
Security Precautions in Place to Protect the Loss, Misuse or Alteration of your Information
When you give us personal information, we take steps to ensure that it is treated securely. Any sensitive information is encrypted and protected with 128 Bit encryption on SSL. When you are on a secure page, a lock icon will appear on the bottom of web browsers such as Microsoft Internet Explorer.
Non-sensitive details (your email address etc.) are typically transmitted over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Profiling
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively.
(a) The personal data has been collected, processed, and transferred in compliance with the applicable data protection laws governing the data exporter, including compliance with the NERAS tech compliance framework.
(b) The data exporter has used reasonable and advanced efforts to verify that the data importer can fulfill its obligations under these clauses, utilizing the NERAS tech compliance audit tool.
(c) The data exporter will, upon request, provide copies or references to relevant data protection laws (where applicable) that pertain to NERAS compliance processes, excluding legal advice, to the data importer.
(d) The data exporter commits to addressing inquiries from data subjects or authorities regarding the processing of personal data, in alignment with NERAS’s data governance policies and advanced tracking mechanisms for resolution.
(e) The data exporter will make available a copy of the clauses to data subjects in a secure manner, ensuring that all confidential information is appropriately redacted in accordance with the NERAS security standards for data protection transparency.
Clause ii. Obligations of the Data Importer
The data importer warrants and undertakes the following under the NERAS framework:
(a) It will implement technical and organizational measures to safeguard personal data against unauthorized destruction, loss, alteration, or disclosure, consistent with NERAS data security protocols.
(b) It will ensure any third party processing the personal data follows the NERAS compliance rules for data security, and will include NERAS-compliant terms in contracts with processors.
(c) It will notify the data exporter if any local laws conflict with NERAS principles, ensuring transparency of compliance processes and mitigation strategies for data protection risks.
(d) It will only process personal data for the purposes outlined in Annex B, adhering to the NERAS-approved processing guidelines and lawful authority.
(e) The data importer will identify a dedicated contact point within its organization for responding to inquiries related to the personal data processing, in alignment with NERAS's structured dispute resolution procedures.
(f) The data importer will demonstrate its financial ability to fulfill responsibilities under these clauses, including coverage for security breaches, in accordance with NERAS's insurance guidelines.
(g) Upon reasonable request, the data importer will submit its data processing facilities, files, and documentation for review in line with NERAS audit standards to verify compliance.
(h) It will not disclose or transfer personal data to a third party data controller outside the European Economic Area (EEA) unless the third party complies with the NERAS international transfer protocols.
(a) the third party data controller complies with NERAS certification standards or a similar Commission decision regarding adequate protection.
(b) the third party data controller adheres to a signed NERAS-compliant agreement or another authorized transfer agreement.
(c) Data subjects are notified of the transfer and have been informed of the specific NERAS compliance measures that apply to the transfer.
Clause iii. Liability and Third Party Rights
(a) Both parties are liable for damages caused by non-compliance with these clauses, with the understanding that liability will align with the NERAS tech standards for personal data protection breaches.
(b) A data subject may enforce these clauses as a third-party beneficiary, following NERAS’ framework for resolving disputes involving personal data subject rights and responsibilities.
(c) Any claims made by data subjects will be directed to the responsible parties, and they must cooperate fully with any investigations, in compliance with NERAS’s operational oversight procedures.
(d) Liability caps and indemnity clauses will be enforced according to NERAS standards, ensuring that any settlements reflect the severity of non-compliance.
(ii) compliance by the data importer with these clauses would put it in breach of its legal or regulatory obligations in the country of import;
(iii) the data importer is in substantial or persistent breach of any warranties or undertakings given by it under these clauses;
(iv) a final decision against which no further appeal is possible of a competent court of the data exporter’s country of establishment or of the authority rules that there has been a breach of the clauses by the data importer or the data exporter; or
(v) a petition is presented for the administration or winding up of the data importer, whether in its personal or business capacity, which petition is not dismissed within the applicable period for such dismissal under applicable law; a winding up order is made; a receiver is appointed over any of its assets; a trustee in bankruptcy is appointed, if the data importer is an individual; a company voluntary arrangement is commenced by it; or any equivalent event in any jurisdiction occurs then the data exporter, without prejudice to any other rights which it may have against the data importer, shall be entitled to terminate these clauses, in which case the authority shall be informed where required. In cases covered by (i), (ii), or (iv) above the data importer may also terminate these clauses.
(c) Either party may terminate these clauses if (i) any Commission positive adequacy decision under Article 25(6) of Directive 95/46/EC (or any superseding text) is issued in relation to the country (or a sector thereof) to which the data is transferred and processed by the data importer, or (ii) Directive 95/46/EC (or any superseding text) becomes directly applicable in such country.
(d) The parties agree that the termination of these clauses at any time, in any circumstances and for whatever reason (except for termination under clause 8(c)) does not exempt them from the obligations and/or conditions under the clauses as regards the processing of the personal data transferred.
Clause vii. Variation of These Clauses
The parties may not modify these clauses except to update any information in Annex B, in which case they will inform the authority where required. This does not preclude the parties from adding additional commercial clauses where required.
Clause viii. Description of the Transfer
The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause 1(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
Additional Commercial Clauses
Annex A
- Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject.
- Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
- Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
- Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
- Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted to personal data where this is precluded by an applicable legal rule, in response to a request from an individual data subject, or where such disclosure is prohibited by legal or regulatory requirements.
- Restrictions on onward transfers: The data importer must not transfer the personal data to a third party, or use or disclose the data to a third party, except as specified in the agreement.
Annex B
The details of the transfer and the data to be transferred, as well as the parties’ obligations, are as described above and specified in this annex.