Data Privacy Policy (EU GDPR and UK GDPR)

For Our Customers and Other Business Related Personal Data

Effective Date: 1 Jan 2020

Last Revision: 7 Jun 2021

Click on one of the links below to jump to listed sections:

  1. Who is responsible for processing your data? How can you contact us?
  2. What personal data do we collect and why?
  3. Who do we share your personal data with?
  4. Transfers of personal data outside the EU/European Economic Area
  5. Transfers of personal data outside the United Kingdom
  6. Your Rights
  7. Retention Period
  8. Annex 1 – List of DNOW's EU Affiliates

Who is responsible for processing your data? How can you contact us?

This Notice describes the actions DNOW L.P. and its EU and UK affiliates (together "DNOW", "Company", "we" or "us") take to protect the personal data that we process about our customer and other business related personal data. DNOW is committed to the protection of the personal data that we process about you in accordance with the data protection principles set out in the European Union General Data Protection Regulation ("GDPR") and the United Kingdom General Data Protection Regulation (“UK GDPR”).

If you are an individual associated with one of our customers or vendors, the relevant data controller is the DNOW EU or UK affiliate with which the company you are associated with does business. A list of each of DNOW's EU and UK affiliates and the relevant contact details for each are provided in Annex 1 to this Privacy Notice.

If you are a website user or associated with a prospective customer or vendor, the data controller is MacLean Electrical Group Limited, acting as European and UK representative of DNOW L.P., and can be contacted at privacy@dnow.com.

What personal data do we collect and why?

We may source, use and otherwise process your personal data in different ways. In all cases, we are committed to protecting the personal data of our business contacts.

In each of the sections listed below, we describe how we obtain your personal data and how we will treat it.

  • Section 2.1: Representatives of Our Existing or Prospective Customers and Vendors
  • Section 2.2: Visitors to Premises
  • Section 2.3: Website Visitors

2.1 Representatives of Our Existing or Prospective Customers and Vendors

A - Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly;
  2. from a company that employs you, if you are an employee of our customer, vendor, supplier, or another type of business contact;
  3. from DNOW affiliates;
  4. during networking events that we have either hosted, sponsored, or attended; and/or
  5. from publicly available sources (for example, your company website).

B - Personal data that we collect and process

We may collect the following categories of personal data relating to our corporate customers' employees, officers, authorised signatories, and other associated individuals. This may include:

  1. name;
  2. business address;
  3. business email address;
  4. business telephone number and/or
  5. job title.

C - Why do we collect your personal data and what are our lawful bases for it?

Representatives of our Existing or Prospective Customers or Vendors
Purpose/Activity Type of Data Lawful Basis for Processing, Including Basis of Legitimate Interest
To provide you products or services that are requested from us, or to receive services from you
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
Performance of a contract with you
Managing, operating and giving and receiving instructions in respect of the customer account you hold with us or our affiliates
  1. Identity
  2. Contact
  3. Profile
  4. Technical
Performance of a contract with you
To enable us to organise site visits between prospective customers and establish commercial relationships with customers
  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
Necessary for our legitimate interests (to keep our records updated and to provide customer service to customers)
  • Develop and improve our services to you and other customers;
  • Learn from the way you use and manage your customer account(s);
  • Operational and administrative purposes.
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services; understand the market in which we operate; management reporting. (including at an intra-group level)
The exercise or defence of legal claims, and/or
  1. Identity
  2. Contact
  3. Profile
Necessary for our legitimate interests (to exercise or defend legal claims)
Inform you of products, services and events that may be of interest to you by letter, telephone, messages, e-mail and other electronic methods
  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
Necessary for our legitimate interests (to develop our products/services and grow our business; promote our goods or services; management Reporting (including at an intra-group level)
Establish and manage our relationship with our customers and vendors
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
Necessary for our legitimate interests (Efficiently fulfil our contractual and legal obligations; Account Management; Understand the market in which we operate; management Reporting (including at an intra-group level)
Security
  1. Identity
  2. Contact
Necessary for our legitimate interests (managing security, risk and crime prevention; management Reporting (including at an intra-group level)
To manage our relationship with you which will include notifying you about changes to our terms or privacy policy
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
Necessary for our legitimate interests (to keep you informed about changes in our policy; to manage our relationship with you)

If you object to us using your contact details for these purposes, including direct marketing, please contact us at privacy@dnow.com.

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.


2.2 Visitors to our Premises

A - Sources of personal data

We may obtain your personal data from you directly and from our systems’ records.

B - Personal data that we collect and process

We may collect the following categories of personal data:

  1. name;
  2. business contact details;
  3. organisation;
  4. role; and/or
  5. image (for example, from CCTV cameras at our premises).
C - Why do we collect your personal data and what are our lawful bases for it?
Visitors to our Premises
Purpose/Activity Type of Data Lawful Basis for Processing, Including Basis of Legitimate Interest
Security
  1. Identity
  2. Contact
Necessary for our legitimate interests (Managing security, risk and crime prevention)
Maintain records of visitors to our premises
  1. Identity
  2. Contact
  3. Job Title
  4. Organisation
Necessary for our legitimate interests (Management Reporting)

If you object to us using your contact details for these purposes, please contact us at privacy@dnow.com.


2.3 Website Visitors

A - Sources of personal data

We may obtain your personal data from the following sources:

  1. from you directly (for example, at the time of subscribing to any services offered on our website[s], including but not limited to email mailing lists, interactive services, posting material or requesting further goods or services);
  2. from your device or browser; and/or
  3. if you contact us, we may keep a record of that correspondence.
B - Personal data that we collect and process

We may collect the following categories of personal data:

  1. name;
  2. username;
  3. email address;
  4. operating system;
  5. browser type;
  6. cookie data (for more information, please see our Cookie Notice);
  7. preferences regarding online marketing; and/or
  8. IP address.
C - Why do we collect your personal data and what are our lawful bases for it?
Website Visitors
Purpose/Activity Type of Data Lawful Basis for Processing, Including Basis of Legitimate Interest
To register you as a new customer
  1. Identity
  2. Contact
Performance of a contract with you
To process and deliver your order including managing payments, fees and charges
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing and Communications
Performance of a contract with you
To process and deliver your order including collecting and recover money owed to us
  1. Identity
  2. Contact
  3. Financial
  4. Transaction
  5. Marketing and Communications
Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include asking you to leave a review or take a survey
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To manage our relationship with you which will include notifying you about changes to our terms or privacy policy
  1. Identity
  2. Contact
  3. Profile
  4. Marketing and Communications
Necessary for our legitimate interests (to keep you informed about changes in our policy; to manage our relationship with you)
To enable you to partake in a prize draw, competition or complete a survey
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
  1. Identity
  2. Contact
  3. Technical
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
  1. Identity
  2. Contact
  3. Profile
  4. Usage
  5. Marketing and Communications
  6. Technical
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
  1. Technical
  2. Usage
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To notify you of / send materials we think may be of interest
  1. Identity
  2. Contact
Necessary for our legitimate interests (to provide marketing materials to you); or
To make suggestions and recommendations to you about goods or services that may be of interest to you
  1. Identity
  2. Contact
  3. Technical
  4. Usage
  5. Profile
Necessary for our legitimate interests (to develop our products/services and grow our business)

If you object to us using your contact details for these purposes, including direct marketing, please contact us at privacy@dnow.com.

Where we use cookies or similar technologies to fulfil these purposes, we will seek your prior consent where required to do so by law.

Where we use your email to communicate marketing information to you, we will seek your prior consent where required to do so by law.

Who do we share your personal data with?

We do not sell your personal data to third parties.

DNOW EU and UK Affiliates

We may share your personal data with other DNOW EU and UK affiliated entities (see the list in Annex 1).

Our Service Providers

We may disclose information about you to organisations that provide a service to us, on the understanding that they will keep the information confidential and will comply with the GDPR and other relevant data protection laws.

We may share your information with the following types of service providers:

  1. technical support providers who assist with our website and IT infrastructure;
  2. third party software providers, including 'software as a service' solution providers, where the provider hosts the relevant personal data on our behalf;
  3. professional advisers such as solicitors, accountants, tax advisors, auditors and insurance brokers;
  4. providers that help us generate and collate reviews in relation to our goods and services;
  5. our advertising and promotional agencies and consultants and those organisations selected by us to carry out marketing campaigns on our behalf; and/or
  6. providers that help us store, collate and organise information effectively and securely, both electronically and in hard copy format, and for marketing purposes.
Company Mergers and Takeovers

We may transfer your personal data to potential purchasers and their advisors, subject to appropriate confidentiality obligations, in the event we decide to dispose of all or parts of our business. We may also transfer your personal data to entities which we acquire, subject to appropriate confidentiality obligations, in the event that we incorporate a new entity into DNOW.

Transfers of personal data outside the EU/European Economic Area

If and when transferring your personal data outside the European Economic Area (“EEA”), we will only do so using one of the following safeguards:

  1. the transfer is to a non-EEA country which has had an adequacy decision rendered for that country by the EU Commission;
  2. the transfer is covered by a contractual agreement, which covers the GDPR requirements relating to transfers to countries outside the EEA; or
  3. the transfer is to an organisation which has Binding Corporate Rules approved by an EU data protection authority.

International transfers within DNOW are governed by EU Commission-approved Standard Contractual Clauses
for Controllers and, where relevant, for Processors.

We may also transfer your data to third-party vendors outside the EU, such as our customer relationship management (CRM) systems providers. Where we do so, the Standard Contractual Clauses or other safeguards approved by the European Commission are in place to safeguard that personal data.

You may request a copy of these agreements by contacting us at privacy@dnow.com.

Transfers of personal data outside the United Kingdom

If and when transferring your personal data outside the United Kingdom, we will only do so using one of the following safeguards:

  1. the transfer is to the to a country which has had an adequacy decision rendered for it by the UK ICO;
  2. the transfer is covered by a contractual agreement, which covers the UK GDPR requirements relating to transfers to countries outside the UK; or
  3. the transfer is to an organisation which has Binding Corporate Rules approved by the UK ICO.

International transfers within DNOW are governed by UK ICO-approved Standard Contractual Clauses
Controllers and, where relevant, for Processors.

We may also transfer your data to third-party vendors outside the UK, such as our customer relationship management (CRM) systems providers. Where we do so, the Standard Contractual Clauses or other safeguards approved by the European Commission are in place to safeguard that personal data.

You may request a copy of these agreements by contacting us at privacy@dnow.com.

Your Rights

The EU GDPR and the UK GDPR provide you with certain rights in relation to the processing of your personal data, including to:

  • Request access to personal data about you (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you, and to check that we are lawfully processing it.
  • Request rectification, correction, or updating to any of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  • Request personal data provided by you to be transferred in machine-readable format ("data portability").
  • Request erasure of personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove personal data where you have exercised your right to object to processing (see below).
  • Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you (e.g. if you want us to establish its accuracy or the reason for processing it).
  • Object to the processing of your personal data in certain circumstances. This right may apply where the processing of your personal data is based on the legitimate interests of Company, as explained above, or where decisions about you are based solely on automated processing, including profiling.

These rights are not absolute and are subject to various conditions under:

  • protection under pending or potential litigation and applicable preservation as allowed under law;
  • applicable data protection and privacy legislation; and
  • the laws and regulations to which we are subject.

Where processing of your personal data is based on consent, you may withdraw your consent at any time.

If at any time you decide that you do not want to be contacted for any purpose or if you would like to exercise any of your rights as set out above, you can contact us at privacy@dnow.com.

Retention Period

We will keep and Process your Personal Data only for as long as is necessary for the purposes for which it was collected in connection with your relationship with us, unless we have a legal right or obligation to retain the data for a longer period, or the data is necessary for the establishment, exercise or defence of legal claims.

Annex 1 – List of DNOW's EU Affiliates

Company Name Country
NOW Netherlands B.V. Netherlands
NOW Norway AS Norway
DNOW UK Limited United Kingdom
MacLean Electrical Group Limited United Kingdom

Please contact privacy@dnow.com for any data privacy issues or questions.