1.1 This is the Privacy Notice of the relevant company in contract or otherwise engaged with you (“we”, “us” or “our”), which includes subsidiaries and/or operations doing business under the following fictitious business names for Rentokil North America, Inc.: Rentokil North America, Inc. Ambius, Ehrlich Pest Control, Western Exterminator, Presto-X, Target Specialty Products, Steritech, Vector Disease Control International, SOLitude Lake Management, Vertex and as may also be included in the annual report: https://www.rentokil-initial.com/investors/annual-reports.aspx.
The company, which is the data controller, is a subsidiary of Rentokil Initial 1927 plc whose registered office is at Compass House, Manor Royal, Crawley, West Sussex, RH10 9PY. This Notice sets out how we collect and process your personal data and also provides certain information that is legally required and lists your rights in relation to your personal data.
1.2 This Privacy Notice relates to personal information that identifies “you” where you are a customer or potential customer, an individual who browses our website or an individual outside our organization with whom we interact. If you are a shareholder, an employee, supplier or otherwise engaged in work for us or applying to work for us, a separate privacy notice or data processing agreement applies to you instead.
1.3 We refer to this information throughout this Privacy Notice as “personal data” and section 3 sets out further detail of what this includes.
1.4 Please read this Privacy Notice to understand how we may use your personal data.
1.5 This Privacy Notice may vary from time to time so please check it regularly.
2-How To Contact Us
2.1 Data controller and contact details
2.1.1 For the purposes of relevant data protection legislation, we are a controller of your personal data and as a controller, we use the personal data we hold about you in accordance with this Privacy Notice. See section 11 for further details about the data protection legislation that may apply to you.
2.1.2 If you need to contact us in connection with our processing of your personal data, you can contact us in the following ways
(a) via your local customer services center or account manager, details of which you will find on your contract with us or on our website; or
(b) via your Local Privacy officer at email@example.com or 888-806-6908
(c) you can contact the Data Protection Officer directly using the details in paragraph 2.2 of this notice.
2.2 Data Protection Officer
You can contact our Data Protection Officer:
(a) by email at: firstname.lastname@example.org;
(b) by post to: Data Protection Officer, Rentokil Initial 1927 plc, Compass House, Manor Royal, Crawley, RH10 9PY.
3-Categories and Types of Personal Data We Collect and Where We Collect It From
3.1 Personal data is any data that enables us to identify you, either directly or indirectly, such as your name, address, telephone number, email address or the IP address of your computer.
3.2 The categories and types of personal data about you that we may collect are:
3.2.1 when you make an inquiry with us, visit our premises or visit our website:
(a) personal data, such as your name, address and telephone number, you provide or that is recorded when you write to us, visit us, email or call us;
(b) personal data that you enter via our website or portal such as PestNetOnline or OnBrand360®, including the contact details you supply when establishing a profile on our website;
(d) details of your visits to our website including but not limited to traffic data, location data, weblogs and other communication data; and
(e) CCTV or other equivalent technology may capture images of you and/or your vehicle when visiting our premises.
3.2.2 in relation to the services and products we provide:
(a) personal data that you provide in the course of instructing us to carry out the services and purchase and delivery of products requested from us, such as your name, address, telephone number and email details along with any personal financial information required to to handle orders and process payments thereof.
(b) personal data that, in the case of a business relationship, your employer provides about you in the course of instructing us to carry out the services requested from us, such as your name and contact details as a representative of the business;
(c) personal data, such as your name and financial position, from credit reference agencies;
(d) personal data from tracing agents in the event you fail to pay any invoice by the due date and we are unable to locate you using the contact details you have provided us with;
(e) personal data in the form of images or video footage that is taken at one of our locations or at your location if required for us to effectively carry out or assess and report on the services you have requested from us;
(f) personal data you provide if you complete customer care surveys from us.
3.2.3 in order to develop, personalize or promote our products and services:
(a) personal data obtained directly from you, such as your name and contact details and preferences relating to particular services and/or products;
(b) personal data, such as contact details, your interests and preferences and professional activity obtained from public or social media sources, such as LinkedIn, Facebook and Twitter;
(c) personal data gathered from data brokers or professional associations who may have sought your consent to share your personal data with us for the purposes of direct marketing or promotional related activities, such as your name, postal and/or email address and professional activity;
(d) personal data you provide such as your name and email address, if you enter into a competition, promotion or prize draw;
(f) details of your visits to our websites including but not limited to traffic data, location data, weblogs and other communication data.
3.3 We may also create personal data about you if you, for example, contact us by telephone to make a complaint about our services or goods, then we may record key details of the conversation so that we can take steps to address the complaint. This may include obtaining data concerning health. Data concerning health is considered a “Special Category of Data” and this Privacy Notice specifically sets out how we may process these types of personal data in paragraph 4.1.2.
4-How We Use Your Personal Data & Our Basis For Using It
4.1 Where we are relying on a basis other than consent
4.1.1 We will only process your personal data using one or more of the following lawful bases permitted under applicable data protection legislation. The table below also sets out the linked purposes for which we may use your personal information.
|Purposes for which we process your personal data||The basis on which we can do this (this is what the law allows)|
|In order to perform our contractual obligations to you. This would include our taking, processing and fulfilling orders you have placed for goods or services.||The processing is necessary in connection with any contract that you may enter into with us.|
|In order to comply with our own legal obligations, e.g. health and safety or tax legislation.||The processing is necessary for us to comply with the law.|
|In order to use your personal data in life or death situations and there is no time to gain your consent (e.g. in the event of an accident and we have to give your personal details to medical personnel).||The processing is necessary in order to protect the vital interests of an individual.|
|In order to operate our business, but otherwise than in performing our contractual obligations to you, for example:
Some of the processes we use to improve prospective and existing customer engagement and experience use automated technology, such as those enabled by artificial intelligence (AI) technology, but they don’t produce decisions which create legal or similarly significant effects for you. You can contact us if you’d like more details on how we use automated or AI-enabled technology to process your personal data.
|We have a legitimate interest in carrying out the processing, which is not overridden by your interests, fundamental rights or freedoms.
This includes our legitimate interest in:
4.1.2 In addition, in a limited number of circumstances we may lawfully process Special Categories of Data in certain ways. We set these out below along with the legal bases on which we process these Special Categories of Data:
5-Who Receives Your Personal Data
5.1 We may disclose your personal data to:
5.1.1 our group companies and affiliates who may process data on our behalf to enable us to carry out or improve our usual business practices. Any such disclosure will only be so that we can process your personal data for the purposes set out in this Privacy Notice;
5.1.3 legal and regulatory authorities who request your personal data or to report any potential or actual breach of applicable law or regulation;
5.1.4 external professional advisers such as accountants, auditors and lawyers, provided that they are under duties of confidentiality;
5.1.5 law enforcement agencies, courts or other relevant party, to the extent necessary for the establishment, exercise or defense of legal rights;
5.1.6 third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offenses or the execution of criminal penalties;
5.1.7 third parties which are considering or have decided to buy some or all of our assets or shares (including in the event of a reorganization, dissolution or liquidation); and
5.1.8 third party data controllers operating plugins or content (such as Facebook, Twitter, Instagram, Demandbase, Shopify) on our website or providing services that you choose to interact with (such as learning solutions by Fuse Universal Limited). In relation to these products and services you should familiarize yourself with the Privacy Notice of the relevant data controller for information about the scope of their data processing and implementation of your rights.
6-International Transfers of Personal Data
6.1 It is possible that personal data we collect from you may be transferred, stored and/or processed outside the country of origin such as those within the European Economic Area.
6.2 In connection with international transfers we ensure we apply the safeguards required by the country of origin such as:
6.2.1 using North America standard data protection contractual clauses between us and them; and/or
6.2. ensuring the recipient country has been deemed adequate for transfers by the applicable country of origin such as via a country ‘adequacy decision’ from the European Commission.
6.3. Transfer impact assessments are completed where the requirement is identified.
7-How Long Will We Store Your Personal Data For and How We Look After It
7.1 We will store your personal data for the time period which is appropriate in accordance with our data retention policy and using appropriate security measures. Please see section 13 to find our data retention periods that apply to you. The length of time set out in our retention policy is determined by one or more of the following criteria:
7.1.1 we are required to retain your personal data in order to comply with any legal requirements, such as under trade law, tax law or competition law;
7.1.2 where retention of your personal data is necessary to facilitate and support the original purpose for processing your personal data;
7.1.3 protection against any potential claims arising from the original purpose of processing; or
7.1.4 where we rely upon your consent to process your personal data and you continue to consent to the processing
7.2 If you would like details about how long we hold your data, please contact us using the contact details set out in section 2.
7.3 We keep the length of time that we hold your personal data for under review. These reviews take place annually.
7.4 We endeavor to take technical and organizational security measures to protect your personal data against unintentional or unlawful deletion, alteration or loss, and against unauthorized disclosure or unauthorized access. Our employees are accordingly committed to secrecy and privacy.
7.5 Please note that data protection and security safeguards are not always observed by other persons or organizations outside our area of responsibility. We have no technical influence on this. You are advised to always be vigilant and take the necessary measures to safeguard your own personal data where we have no influence.
8-Contractual Or Statutory Requirements On You To Provide Personal Data
8.1 In certain circumstances the provision of personal data by you is a requirement:
8.1.1 to comply with the law or a contract; or
8.1.2 necessary to enter into a contract.
8.2 It is your choice as to whether you provide us with your personal data necessary to enter into a contract or as part of a contractual requirement. If however, you do not provide your personal data then we may be unable to perform all or some of the services you expect under our contract with you. An example of this would be where we are unable to provide you with certain products or services as we do not have your full details, or where we cannot perform our contract with you because we rely on the personal data you provide in order to do so. Please see our terms and conditions for further details.
9-Your Rights in Relation to Your Personal Data
9.1 Subject to applicable law including relevant data protection laws, in addition to your ability to withdraw any consent you have given to our processing your personal data (see section 4.2.3), you may have a number of rights in connection with the processing of your personal data, including:
9.1.1 the right to request access to your personal data that we process or control;
9.1.2 the right to request rectification of any inaccuracies in your personal data or, taking into account the purposes of our processing, to request that incomplete data is completed;
9.1.3 the right to request, on legitimate grounds as specified in law:
(a) erasure of your personal data that we process or control; or
(b) restriction of processing of your personal data that we process or control;
9.1.4 the right to object, on legitimate grounds as specified in law, to the processing of your personal data;
9.1.5 the right to receive your personal data in a structured, commonly used, machine-readable format and to have your personal data transferred to another controller, to the extent applicable in law; and
9.1.6 the right to lodge complaints regarding the processing of your personal data with the relevant supervisory body; and
9.1.7 – the right to opt out of the sale of your personal information.
If you would like to exercise any of the rights set out above, please click here or contact us using the contact details set out in section 2.
10-Links to Other Websites
10.1 This Notice only sets out how we will collect and use your personal data. If you link to another website from our website, you should remember to read and understand that website’s Privacy Notice as well. We are not responsible for any use of your personal data that is made by unconnected third party websites.
11.1 This Notice sets out our global approach to data protection. We cannot list all applicable data protection legislation globally as it is changing constantly. The Notice is primarily based on the requirements of the General Data Protection Regulation ‘GDPR’.
11.2 If you believe that we are not addressing your privacy rights, then please contact us using the contact details set out in section 2. Further to contacting us, if you are still not satisfied with how we manage your personal data then you should contact your country data protection supervisory authority. See paragraph 9.1.6 about how to do this within North America.
12-Third Party Data Processors
12.1 Your personal data will be shared with third-party processors we use to help us with our business operations. We only use third party processors who comply with data protection standards and who implement appropriate security and privacy controls. Examples of the categories of third party data processors we use include but are not limited to the following:
(a) Credit Reference Agencies;
(b) Marketing Systems;
(c) Payment Processing Systems;
(d) Health and Safety Management Systems;
(e) Route Management Systems;
(f) Customer Communication Systems;
(g) Debt Management;
(h) Order fulliflment Systems;
(i) Analytics and APIs (Application Programming Interfaces) tools provided by various companies (such as Google) to help with service delivery technology and functionality of websites.
13-Data Retention Periods
13.1 Click here to view the retention periods for documents that contain information that applies to customers, suppliers, prospective customers, prospective employees, visitors to our premises and/or websites.
13.2 Rentokil uses reasonable endeavors to ensure business operations do not retain documents for longer than the stated retention period, unless there are justifiable reasons for extending such as legal disputes.
13.3 Note that periods may vary in regions to reflect any country-specific data retention requirements.
13.4 Employees can find additional details in the Document Retention Policy available on the Group intranet.
13.5 Further details can be obtained via the Data Privacy team at email@example.com.
14-Marketing Permission and Preferences
14.1 We will automatically contact you with regard to your services, products or bill payments. We will contact you for feedback about our products and services; if you do not want to give us feedback then please let us know by opting out via your local customer service representative.
14.2 With your permission we will use your contact details to share with you information about other services, products, offers or other news that may be of interest to you.
14.3 Where we have permission to market to you, then from time to time, we may contact you by mail, telephone, email, and other electronic messaging services (such as text, voice, sound or image messages) with information about our products and services.
14.4 Managing your Marketing Preferences
14.4.1If you would like to change your marketing preferences at any time you can do this in the following ways:
(a) Locate any email sent from us and click “Update Email Preferences” located at the footer of the email (you may still receive vital service emails that are related to your contract);
(b) Alternatively please contact your local branch and ask for the marketing team who can help you and provide information on what the different subscription types mean.
15-Privacy By Design
15.1 We apply Privacy by Design principles throughout our processing lifecycle. Controls are implemented to ensure that personal data processed is necessary for each specific purpose, subject to storage limitations and only made available to those who need it. We operate in accordance with a Privacy by Design and Default Policy based on the following principles:
- Being proactive and not just reactive by identifying and mitigating risks before they become an issue.
- The highest level of data protection should be the default setting.
- Privacy must be considered as early as the design stage and embedded into any associated processes.
- Use of privacy controls should not sacrifice usability, functionality or security.
- Personal information must be kept adequately protected at every stage – from design to deletion/anonymisation.
- The business seeks to be transparent about how personal data is used.
- The business wants users to trust our approach to managing personal data.
Updated publication: 25th January 2022
Serving Your Pest Needs for Over 35 Years Across Georgia