Data protection

Privacy Notice – ELA Container UK Limited (www.ela-container.uk)

1. Who we are (Controller)

ELA Container UK Limited ("we", "us", "our") is the controller for the personal data processed via this website. You can contact us at:

ELA Container UK Limited
Staddlethorpe Broad Lane
Gilberdyke
Brough
HU15 2TD
United Kingdom
Tel: +44 1724 608021
Website: https://www.ela-container.uk
Email: info@ela-container.uk

EU Representative

ELA Container GmbH
Zeppelinstr. 19-21
49733 Haren (Ems)
Email: info@container.de

2. Data Protection Contact

If you have questions about this notice or our data protection practices, please contact us at privacy@ela-container.uk.

3. Scope of this notice

This privacy notice explains how we collect, use, disclose and protect personal data when you visit www.ela-container.uk, contact us, purchase or rent our products and services, or otherwise interact with us, in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

The processing of personal data relating to EU citizens is carried out on the basis of Articles 13 and 14 of the EU-GDPR.

4. What personal data we collect

We may collect the following categories of personal data:

Identification and contact data: name, company, job title, email address, phone number, postal address.
Account and order data: customer numbers, order history, contract details, delivery addresses, invoices and payment status (we do not store full card numbers on our systems).
Website and device data: IP address, device identifiers, browser type, settings, pages viewed, links clicked, date/time, referrers, and approximate location (via IP).
Marketing preferences: your consent, subscription status, and interactions with our emails.
Correspondence data: content of enquiries, support tickets, surveys and feedback you provide.

5. How we obtain personal data

Directly from you: when you submit website forms, request quotes, create accounts, place orders, call or email us, visit our premises or meet us at events.
Automatically: through cookies and similar technologies when you use the site (see Cookies section).
From third parties: such as logistics partners, payment providers, lead generation platforms, and business directories, where lawful.

6. Purposes and lawful bases for processing

We only process personal data where we have a lawful basis under Article 6 UK GDPR. The main purposes and bases are:

Purpose	Lawful basis
Provide our products and services; manage enquiries, quotes, orders, deliveries and customer accounts.	Performance of a contract or to take steps at your request prior to entering into a contract (Art. 6(1)(b)); and our legitimate interests in efficient business operations (Art. 6(1)(f)).
Customer communication and support; responding to contact requests.	Performance of a contract (Art. 6(1)(b)) or legitimate interests (Art. 6(1)(f)).
Website operation, security and fraud prevention; diagnostics, analytics and logs.	Legitimate interests in ensuring security and improving our services (Art. 6(1)(f)); compliance with legal obligations (Art. 6(1)(c)).
Marketing, newsletters and event invitations.	Consent where required (Art. 6(1)(a)); legitimate interest in promoting our services to business contacts (Art. 6(1)(f)) in accordance with PECR.
Compliance with laws; record keeping (tax, accounting, product safety).	Legal obligation (Art. 6(1)(c)).
Protect and defend our rights; establish, exercise or defend legal claims.	Legitimate interests (Art. 6(1)(f)).

We do not intentionally collect special category data or criminal offence data via the website. If such data is provided inadvertently, we will delete it where feasible and appropriate.

7. Cookies and similar technologies

We use cookies and similar technologies to operate the website, remember your settings, analyse usage and improve our services. Where required, we obtain your consent via our cookie banner. You can change your preferences at any time through the cookie settings in your browser and our on-site cookie manager Usercentrics.

Cookie-Category: Marketing

Conversion Linker

Description of Service
This service stores click data to measure conversions effectively.

Processing Company
Google Ireland Limited
Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company:
https://support.google.com/policies/troubleshooter/7575787?hl=en

Data Purposes
This list represents the purposes of the data collection and processing.

Linking with other tools
Conversion Tracking
Measurements
Remarketing

Technologies Used
This list represents all technologies this service uses to collect data.

Cookies
Local storage

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

IP address
Usage data
Pages viewed
Referrer URL
Cookie information
Clicked advertisements
Click path
Clicks
Date and time of visit

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

Retention Period
The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes.

The data will be deleted as soon as they are no longer needed for the processing purposes.

Transfer to Third Countries
This service may forward the collected data to a different country. Please note that this service might transfer the data to a country without the required data protection standards. Below you can find a list of countries to which the data is being transferred. For more information regarding safeguards please refer to the provider's privacy policy or contact the provider directly.

United States of America
Singapore
Chile
Taiwan

Data Recipients
In the following the recipients of the data collected are listed.

Google Ireland Limited
Google LLC

Click here to read the privacy policy of the data processor:
https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains:
https://safety.google/privacy/privacy-controls/

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: Session

Google Ads

Description of Service
This is an advertising service. This service can be used to show personalised or non-personalised advertisement to users.

Processing Company
Google Ireland Limited
Gordon House, 4 Barrow Street, Dublin D04 E5W5, Ireland

Data Purposes
This list represents the purposes of the data collection and processing.

Advertisement
Analytics
Providing Service
Statistics

Technologies Used
This list represents all technologies this service uses to collect data.

Cookies
Tracking Pixel

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Ads viewed
Cookie ID
Date and time of visit
Device information
Geographic location
IP address
Search terms
Impressions
Online identifiers
Browser information
Referrer URL
Interaction data

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The data will be deleted as soon as they are no longer needed for the processing purposes. Log data is anonymised after 9 months and cookie information is anonymised after 18 months.

United States of America
Chile
Singapore
Taiwan

Data Recipients
In the following the recipients of the data collected are listed.

Alphabet Inc.
Google LLC
Google Ireland Limited

Click here to read the privacy policy of the data processor:
https://business.safety.google/privacy/

Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies

Click here to opt out from this processor across all domains:
https://safety.google/privacy/privacy-controls/

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: 396 days

Google Analytics

Description of Service
This is a web analytics service. With this, the user can measure the advertising return on investment "ROI" as well as track user behaviour with websites and applications.

Processing Company
Google Ireland Limited
Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

Data Purposes
This list represents the purposes of the data collection and processing.

Marketing
Analytics

Technologies Used
This list represents all technologies this service uses to collect data.

Cookies
Pixel
JavaScript

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Click path
Date and time of visit
Device information
Location information
IP address
Pages visited
Referrer URL
Browser information
Hostname
Browser language
Browser type
Screen resolution
Device operating system
Interaction data
User behaviour
Visited URL
Cookie ID

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The retention period depends on the type of the saved data. Each user can choose how long Google Analytics retains data before automatically deleting it.

Singapore
Chile
Taiwan
United States of America

Data Recipients
In the following the recipients of the data collected are listed.

Google Ireland Limited
Alphabet Inc.
Google LLC

Click here to read the privacy policy of the data processor:
https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains:
https://tools.google.com/dlpage/gaoptout?hl=de

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: 731 days

Initial Traffic Source

Description of Service
Service to obtain the initial source of website traffic. The data is contained in the cookies ‘ga4initialTrafficSource’ and ‘ga4SessionTrafficeSource’.

Data Purposes
This list represents the purposes of the data collection and processing.

Obtain initial traffic source

Technologies Used
This list represents all technologies this service uses to collect data.

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

utmcsr=SOURCE
utmcmd=MEDIUM
utmccn=CAMPAIGN
utmcct=CONTENT
utmctr=TERM/KEYWORD

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6(1)(a) GDPR

Data will be deleted as soon as it is no longer required for processing purposes.

United States of America

Data Recipients
In the following the recipients of the data collected are listed.

Salesforce, Inc.
ELA Container GmbH
Alphabet Inc.

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: 731 days

Salesforce

Description of Service
This is a customer relationship management (CRM) service.

Processing Company
Salesforce.com, Inc.
Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States of America

Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company:
https://www.salesforce.com/form/other/privacy-request/

Data Purposes
This list represents the purposes of the data collection and processing.

Advertisement
Responding requests and inquiries from customers

Technologies Used
This list represents all technologies this service uses to collect data.

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Actions of users of the services
Browser type
Device identifiers
Device information
Files viewed
Location information
Internet service provider
IP address
Mobile application information
Operating system information
System configuration information
Usage data
User agent
Date and time of request
Pages viewed
Search queries

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The data will be deleted as soon as they are no longer needed for the processing purposes.

United States of America

Data Recipients
In the following the recipients of the data collected are listed.

Salesforce, Inc.

Click here to read the privacy policy of the data processor:
https://www.salesforce.com/company/privacy/

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: 365 days

Cookie-Category: Functional

Google Fonts

Description of Service
This is a collection of fonts for commercial and personal use.

Processing Company
Google Ireland Limited
Gordon House, 4 Barrow St, Dublin 4, Ireland

Data Purposes
This list represents the purposes of the data collection and processing.

Providing fonts
Improvement of service

Technologies Used
This list represents all technologies this service uses to collect data.

APIs

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

IP address
Aggregated usage numbers
Font file requests
Referrer URL
CSS requests
User agent
Browser information

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The data will be deleted as soon as they are no longer needed for the processing purposes.

United States of America
Singapore
Taiwan
Chile

Data Recipients
In the following the recipients of the data collected are listed.

Alphabet Inc.
Google LLC
Google Ireland Limited

Click here to read the privacy policy of the data processor:
https://business.safety.google/privacy/?hl=en

Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en

Matterport

Description of Service
This is a 3D media platform. It lets multiple industries create, navigate, modify and share interactive 3D and virtual reality spaces.

Processing Company
Matterport Inc.
352 E. Java Dr., Sunnyvale, CA 94089, United States of America

Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company:
privacy@matterport.com

Data Purposes
This list represents the purposes of the data collection and processing.

Analytics
Functionality
Customisation
Improvement of service
Providing Service

Technologies Used
This list represents all technologies this service uses to collect data.

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Browser type
Browser version
Device information
Location information
IP address
Referrer URL
Unique device identifier
User behaviour
Content information
Exit URL
Usage patterns

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. f GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

United States of America

The data will be deleted as soon as they are no longer needed for the processing purposes.

United States of America

Data Recipients
In the following the recipients of the data collected are listed.

Matterport Inc.
Third-party Contractors
Service Providers
Processors who perform services for Matterport

Click here to read the privacy policy of the data processor:
https://matterport.com/de/node/44

Click here to read the cookie policy of the data processor:
https://matterport.com/de/cookie-policy

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: Session
Non-cookie storage: no

Cookie-Category: Essential

Amazon Web Services

Description of Service
This is a cloud computing service.

Processing Company
Amazon Web Services EMEA SARL
38 Avenue John F. Kennedy, L-1855, Luxembourg

Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company:
eu-privacy@amazon.co.uk

Data Purposes
This list represents the purposes of the data collection and processing.

Cloud computing

Technologies Used
This list represents all technologies this service uses to collect data.

Data Collected

This list represents all (personal) data that is collected by or through the use of this service.

Accessed applications
Authentication and security credential information
Browser plug-ins
Browser type
Browser version
Click path
Content interaction information
Cookie ID
Cookie information
Device information
Device type
Download errors
Downloaded content from AWS
Duration and number of simultaneous streams and downloads
E-mail address
Full URL clickstream to, through, and from AWS website (including date and time)
Geographic location
Interactions or communications with AWS
Internet service provider
IP address
Mouse movements
Network connection type
Opened emails or clicks on links in emails from AWS
Operating system information
Page interaction information
Page response times
Playback details
Streams
Telephone number
Time zone
Usage data
Views and interactions with content and ads
Visits to, interactions with, and use of AWS offerings

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. a GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The data will be deleted as soon as they are no longer needed for the processing purposes.

United States of America

Data Recipients
In the following the recipients of the data collected are listed.

Amazon Web Services Inc.
Amazon Web Services EMEA SARL

Click here to read the privacy policy of the data processor:
https://aws.amazon.com/privacy/?nc1=f_pr

Click here to read the cookie policy of the data processor:
https://aws.amazon.com/legal/cookies/

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: Session

JSDelivr

Description of Service
This is a CDN for open-source projects.

Processing Company
Volentio JSD Limited
Królewska 65A/1, 30-081 Kraków, Poland

Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company:
legal@jsdelivr.com

Data Purposes
This list represents the purposes of the data collection and processing.

Functionality
Optimisation
Customer Support
Analytics

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Usage data
IP address
Browser type
Browser version
Pages visited
Date and time of visit
Amount of time spent on a page
Unique device identifier
Diagnostic data

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. f GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The data will be deleted as soon as they are no longer needed for the processing purposes.

Data Recipients
In the following the recipients of the data collected are listed.

Volentio JSD Limited

Click here to read the privacy policy of the data processor:
https://www.jsdelivr.com/terms/privacy-policy

Usercentrics Consent Management Platform

Description of Service
This is a consent management service. Usercentrics GmbH is used on websites and apps as a processor for the purpose of consent management.

Processing Company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany

Data Protection Officer of Processing Company
Below you can find the email address of the data protection officer of the processing company:
datenschutz@usercentrics.com

Data Purposes
This list represents the purposes of the data collection and processing.

Compliance with legal obligations
Consent storage

Technologies Used
This list represents all technologies this service uses to collect data.

Local storage
Pixel

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Opt-in and opt-out data
Referrer URL
User agent
User settings
Consent ID
Time of consent
Consent type
Template version
Banner language
IP address
Geographic location

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. c GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

European Union

The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.

Data Recipients
In the following the recipients of the data collected are listed.

Usercentrics GmbH

Click here to read the privacy policy of the data processor:
https://usercentrics.com/privacy-policy/

Stored Information
This service uses different means of storing information on a user’s device as listed below.

ucString
This holds the ControllerID and SettingsID, the language, settings version and services with their consent history.
Type: web
Domain: usercentrics.com
ucData
This holds information about the Google Consent Mode.
Type: web

gstatic.com

Description of Service
This is a domain used by Google to off-load static content to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user.

Processing Company
Alphabet Inc.
1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America

Data Purposes
This list represents the purposes of the data collection and processing.

Increasing network performance
Reducing bandwidth usage

Technologies Used
This list represents all technologies this service uses to collect data.

JavaScript

Data Collected
This list represents all (personal) data that is collected by or through the use of this service.

Images
CSS

Legal Basis
In the following the required legal basis for the processing of data is listed.

Art. 6 para. 1 s. 1 lit. f GDPR

Location of Processing
This is the primary location where the collected data is being processed. If the data is also processed in other countries, you are informed separately.

United States of America

Requests for CSS assets are cached for 1 day, font files are cached for one year. Some information is retained until removed by the user, some expires after a specific period of time, some is retained until the user's Google Account is deleted.

United States of America
China
Taiwan
Singapore

Data Recipients
In the following the recipients of the data collected are listed.

Alphabet Inc.
Google LLC
Google Ireland Limited

Click here to read the privacy policy of the data processor:
http://www.google.com/intl/de/policies/privacy/

Click here to read the cookie policy of the data processor:
https://policies.google.com/technologies/cookies?hl=en

Click here to opt out from this processor across all domains:
https://safety.google/privacy/privacy-controls/

Storage Information
Below you can see the longest potential duration for storage on a device, as set when using any method of storage.

Maximum age of cookie storage: Session

8. Disclosures of your personal data

We may share personal data with: (i) service providers acting on our behalf (e.g., hosting, IT, security, analytics, customer support, logistics, payment processing); (ii) professional advisers; (iii) group companies where relevant; (iv) public authorities where required; and (v) prospective buyers or investors as part of a business transaction. We require recipients to protect your data and only process it according to our instructions and applicable law.

9. International transfers

If we transfer personal data outside the UK, we ensure appropriate safeguards such as adequacy regulations or standard contractual clauses (SCCs) approved under UK GDPR, supplemented where necessary by transfer risk assessments and additional measures. You can contact us for copies of relevant safeguards (with redactions where necessary).

10. How long we keep your data

We retain personal data only for as long as necessary for the purposes described above, including to satisfy legal, accounting or reporting requirements. Typical retention periods include:

Customer, contract and order records: up to 7 years after the end of the contract or last interaction, unless longer is required by law.
Marketing contacts: until you unsubscribe or object, and for a short period thereafter to record your preference.
Technical logs and analytics: typically 6–24 months, depending on necessity and configuration.

Where specific statutory retention periods apply (e.g., tax and accounting), we will comply with those requirements.

11. Your rights under UK GDPR

You have the following rights, subject to conditions and exemptions:

Access: to obtain confirmation whether we process your personal data and to receive a copy.
Rectification: to have inaccurate or incomplete data corrected.
Erasure: to request deletion of your data, for example where it is no longer needed or consent is withdrawn.
Restriction: to limit our processing in certain circumstances.
Data portability: to receive your data in a structured, commonly used and machine-readable format and to transmit it to another controller where feasible.
Object: to object to processing based on our legitimate interests and to direct marketing, including profiling for such marketing.
Withdraw consent: where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your rights, please contact us using the details in Section 1. We may need to verify your identity before responding. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO): www.ico.org.uk, Tel: +44 303 123 1113.

12. Children's data

Our website and services are not directed to children. We do not knowingly collect personal data about children. If you believe a child has provided us with personal data, please contact us so we can delete it where appropriate.

13. How we protect your data

We implement appropriate technical and organisational measures to protect personal data, considering the state of the art, costs, and the nature, scope, context and purposes of processing, as well as risks. Measures include access controls, encryption in transit, secure development practices, and staff training. No system is completely secure; if we become aware of a breach impacting your data, we will act in accordance with our legal obligations.

14. Automated decision-making

We do not carry out decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects about you. If this changes, we will inform you and explain the logic involved and the significance and envisaged consequences for you, as required by UK GDPR.

15. Third-party links

Our website may contain links to third-party sites and services. We are not responsible for their privacy practices. We encourage you to read the privacy notices of every site you visit.

16. Changes to this notice

We may update this notice from time to time. We will post the latest version on this page and indicate the date of the most recent update. Significant changes may be notified by email or website notice where appropriate.

Version: 1.0 | Last updated: 25 November 2025