We are Purestream Industries Limited (“Purestream”), and we’re responsible for the personal information we collect and use in connection with our services. Under data protection laws, this makes us the “data controller.”

Throughout this notice, when we use terms like “we,” “us,” “our,” or just “Purestream,” we’re referring to Purestream Industries Limited.

Purestream Industries Limited is part of OCU Group, which means we align our data protection governance with OCU Group and other companies within the Group. It also means that we share data within the Group.

Our company registration details are:

• Purestream Industries Limited is a company incorporated in England & Wales.

• Registration number: 14075534

• Registered office: Artemis House, 6 - 8 Greek Street, Stockport, United Kingdom, SK3 8AB

In the UK, the Information Commissioner’s Office (ICO) is our data protection supervisory authority. Here are our details:

• Data Controller Name: Purestream Industries Limited

• ICO Registration Reference: ZB711276

We also maintain separate data protection registrations for other companies within OCU Group. If you’d like to know who they are, you can contact our Privacy & Data Protection Team.

If you ever have a question about how we’re handling your personal information or want to exercise a right regarding your data, you can contact our Data Protection Officer (DPO).

Postal Address

Data Protection Officer

OCU Group Limited

Artemis House

6–8 Greek Street

Stockport

SK3 8AB

Email: dpo@ocugroup.com

Phone: +44 (0)161 248 9922

We’ll talk more about your specific rights later on in this notice, things like requesting a copy of your personal information or asking us to delete it. But if at any point you want to exercise one of these rights, just get in touch using the details above.

Our website and our services are not intended for children, and we do not knowingly collect personal data relating to children. If you are under the age of 16, please obtain consent from your parent or guardian before submitting any personal data to us. If you’re a parent or guardian and believe your child has provided us with their personal data without your consent, please contact us, and we’ll do our best to erase that information or unsubscribe them.

We’re committed to upholding your privacy and protecting the information we hold. Data protection laws continue to evolve, and so do we, in fact our privacy notice may be updated from time to time to reflect new laws, regulations, or how we use your personal information. The version displayed here is always the most up-to-date.

We encourage you to re-visit this notice now and then, so you’re aware of any relevant updates we’ve made.

Under the UK GDPR, personal information means:

“Any information relating to an identified or identifiable natural person (‘data subject’).”

That’s quite a broad scope, and it can be anything from a name or email address to more technical data like your IP address. Essentially, if it’s information that can identify you (directly or indirectly), it’s personal data.

We only collect personal information that is appropriate, lawful, and relevant to our relationship with you. Below are categories of data we may collect:

Identity Information: May include name, title, date of birth, national insurance details, or other official identity data.

Contact Information: May include email address, telephone number, postal address, and social media handles.

Technical Data: Internet Protocol (IP) address, browser type and version, time zone settings, location, and other technology on the devices you use to access our website or services.

Marketing & Communications Data: Information about your communication preferences, such as how and when you’d like us to contact you.

Work and role specific information: If you’re an employee, a contractor, or part of a contracting organisation, we’ll process personal information that is relevant to your role and work.

Location Data: If you enable location services on your device and use certain features, we may use this to provide location-based services (e.g., showing you site offices near you or other relevant content).

Transactional & Financial Information: If you or the organisation you work for purchase from us or we issue invoices, we may collect billing addresses, payment details, and transaction logs.

Special Categories of Personal Information: Typically, we do not process special category data (like health or biometric data) unless it is for a specific purpose (e.g., recruitment or handling an internal HR matter) and we’re legally allowed to do so.

Criminal Data or Background Checks: There may be instances (e.g., safeguarding requirements) where we process criminal background checks or “DBS” checks in the UK. We only do so where strictly necessary and in accordance with local law.

Further Information About Interactions: We may collect details of reviews, comments, or other content you submit. We may also have situational or process specific privacy notices that we provide, and we’ll provide those as and when you engage with us.

You’re welcome to browse our website without registering or submitting your personal information if that suits you better.

1. Personal Information You Voluntarily Provide

• When you visit our websites or use our online platforms, we use cookies to help tailor your experience. For details, see our Cookie Policy.

• When you sign up for newsletters or other mailing lists.

• When you contact us via phone, email, or social media.

• When you attend events or training sessions we organise

• When you appear in photos or videos that we take

• When you apply for a job or send us your CV.

• When you or your organisation purchases something from us.

• When you submit personal data to us for any other reason.

2. Personal Information Provided by Others

• Sometimes we receive your data from third parties (e.g., marketing agencies, credit reference agencies).

• If you apply for a job, we may get references from previous employers.

• We may also obtain publicly available information from sources like Companies House or professional networking sites.

Lawful Basis

Data protection law requires that we have a lawful basis for processing your personal information. If you’d like more details about a specific processing activity, just ask. Below are some common ways we process your data, our lawful basis, and how we respect your rights:

Processing Type: Website Communication (Email, Forms, Telephone)

Data Category: Contact Data

Lawful Basis: Contractual Obligation / Legitimate Interest

Specific Purpose & Respect for Your Rights: To respond to queries or provide requested information (e.g., via “Contact Us” forms). Without processing this data, we can’t address your request. You can ask us to stop contacting you at any time, though it may affect our ability to follow up on your query or service needs.

Processing Type: Customer Relationship Management (CRM)

Data Category: Identity & Contact Data

Lawful Basis: Legitimate Interest

Specific Purpose & Respect for Your Rights: We maintain a secure CRM system to keep track of Clients, suppliers, and partners, including contact form submissions. You can ask to see what we hold about you, request corrections, or ask us to remove it unless we need to keep it for legal or contractual reasons.

Processing Type: Email Marketing

Data Category: Identity & Contact Data

Lawful Basis: Legitimate Interest (existing customers), Consent (others)

Specific Purpose & Respect for Your Rights: If you’re an existing Client, we may send relevant updates about our products/services under legitimate interest. If you’re not yet a Client (e.g., you sign up to our newsletter), we rely on consent, unless it’s clear to us that our relationship is of a business-to-business nature. You can unsubscribe or opt out at any time.

Processing Type: Promotional Images & Video

Data Category: Identity Data

Lawful Basis: Consent, Legitimate interests

Specific Purpose & Respect for Your Rights: We may occasionally feature images or videos (e.g., from events) on our website. If you are clearly identifiable, we will seek your consent before using your photo. You can withdraw consent at any time or opt out on the spot. If photos or footage is of a whole room or crowd, we’ll rely on our legitimate interests as the lawful basis.

Processing Type: Website Analytics (Statistics & Usage)

Data Category: Technical & Usage Data

Lawful Basis: Consent (for non-essential cookies), Legitimate Interest (for essential cookies)

Specific Purpose & Respect for Your Rights: We use analytics tools, often called cookies and other tracking information to understand how visitors use our site. We request consent for any non-essential cookies. You can manage or withdraw cookie preferences at any time.

Processing Type: Marketing Engagement Metrics

Data Category: Identity, Contact, Technical & Usage

Lawful Basis: Consent

Specific Purpose & Respect for Your Rights: With your consent (e.g., cookie acceptance, email open tracking), we monitor interactions with our website, emails, or social channels to tailor future communications and improve marketing effectiveness. You can revoke consent or opt out of marketing at any time.

Processing Type: Administrative Purposes & Group Operations

Data Category: Identity, Contact, Financial, etc.

Lawful Basis: Legitimate Interest

Specific Purpose & Respect for Your Rights: We may share certain website-generated information within our Group (or with service providers) for business continuity, IT hosting, invoice management, or similar operational needs. This includes ensuring the site functions properly and your data remains consistent across our internal systems.

Processing Type: Job Roles & Recruitment (through our dedicated Careers site)

Data Category: Identity, Contact, (Special Category if relevant)

Lawful Basis: Contractual Obligation / Legitimate Interest

Specific Purpose & Respect for Your Rights: If you apply for a job via our website, we process your application details (e.g., CV). We will share your details with our Recruitment and HR teams to see if there are suitable roles. You can ask us not to share further, though it may affect your application. We only process special category data if required for the role/law.

Processing Type: Security & Safety

Data Category: Identity, Technical, Usage

Lawful Basis: Legal Obligation / Legitimate Interest

Specific Purpose & Respect for Your Rights: We may process personal information for security monitoring, fraud prevention, and threat detection (e.g., IP logs, suspicious activity flags). We also use CCTV at our physical sites and could reference relevant footage if necessary to investigate incidents or for compliance.

Processing Type: Sharing Information with Auditors & Authorities

Data Category: Identity, Contact, Financial, Special Category

Lawful Basis: Legal Obligation

Specific Purpose & Respect for Your Rights: If required by law, we share data with regulators (e.g., HMRC, ICO) or in connection with legal proceedings (e.g., fraud investigations). We only disclose the minimum necessary to comply with these obligations.

When You Provide Consent

If we rely on consent, you can withdraw it at any time. Any processing done up to that point remains lawful.

When We Rely on Legitimate Interest

We do a legitimate interest assessment to ensure our interests do not override your fundamental rights and freedoms.

Use Permitted Under Applicable Laws

Sometimes, we might process personal data without your knowledge or consent where it is required or permitted by law.

We may share your personal information with trusted third-party processors or recipients to deliver the services or products you request. This could include:

• Other OCU Group companies (including international colleagues, where relevant)

• Vendors and service providers offering services including, IT support, hosting, auditing, legal advice, payment or delivery services, marketing.

• Regulatory bodies or law enforcement where required (e.g., to aid investigations or meet legal obligations)

• Potential buyers or investors if we sell or integrate parts of our business

We conduct due diligence on third parties to ensure they meet our standards and will only process personal data in accordance with our instructions.

Third-Party Links

Our website may contain links to external sites that we don’t control. If you follow a link to a third-party site, their privacy policy will apply, not ours. We encourage you to read their policies carefully.

Sometimes, our data processors or group entities are outside the UK, so your personal information may be transferred internationally. We safeguard these transfers and will generally use these mechanisms:

• Adequacy decisions (where the recipient country is deemed by the UK to have adequate data protection), or

• Standard contractual clauses approved by the UK authorities.

We also perform due diligence to ensure these partners follow strict data protection standards.

Unauthorised Access

We have put in place security measures to protect your information from unauthorised access, alteration, or disclosure. However, no system is entirely foolproof, and sending data electronically is always at your own risk.

Specific Access

We limit access to your personal data to employees, agents, and contractors who need it to do their jobs and who are under confidentiality obligations.

Vulnerabilities

We have procedures to detect, manage, and notify relevant parties of any personal data breaches, where required by law.

We retain your personal information only as long as necessary to fulfil the purposes for which it was collected, including any legal or regulatory requirements. When deciding the retention period, we consider:

• Amount, nature, and sensitivity of the data

• Potential risk of harm from unauthorised use or disclosure

• The reasons for processing and whether they can be achieved by other means

If you’d like specifics about our retention schedules, feel free to contact us.

If you live in the UK or EEA or in other locations around the world, you most likely have the following rights, in any case, we recognise and respect the following rights which we apply to the personal information we process:

1. Right of Access

   Request a copy of your personal data (a “Subject Access Request”).
   

2. Right to Rectification

   Ask us to correct any inaccuracies or complete missing details.
   

3. Right to Erasure (“the right to be forgotten”)

   Ask us to delete data if there’s no lawful basis to keep it.
   

4. Right to Restrict Processing

   In certain cases, ask us to stop using your data for a period of time.
   

5. Right to Portability

   Request a structured, machine-readable copy of certain data to transfer to another organisation.
   

6. Right to Object

   Object to processing that relies on legitimate interest or direct marketing.
   

7. Right to Withdraw Consent

   If we rely on consent, you can withdraw it any time.
   

8. Right to Object to Automated Decision-Making, Including Profiling

    If any automated decisions produce legal or similarly significant effects.

If you want to exercise any of these rights, just reach out to us via the contact methods above. We’ll address your request within the timelines required by law.

We aim to handle your personal information responsibly, but if you feel we’ve fallen short:

1. Contact Us First

   Please email or write to our DPO so we can try to resolve your complaint.

2. Right to Lodge a Complaint

   If you’re unhappy with our response, you can complain to the Information Commissioner’s Office (ICO) in the UK.

ICO Contact Details

Postal Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Web: https://ico.org.uk/make-a-complaint/

Telephone: 0303 123 1113

If you have any queries about this Privacy Notice or want to know more about how we handle your personal data, please contact our DPO using the details provided. We’ll do our best to give you the information and reassurance you need.

This Privacy Notice is effective as of June 2025. We may update it now and then, and we’ll post any changes here so you’re always aware of the current version.