Data Privacy Notice

Metro Shipping Limited is committed to protecting your personal information, being transparent about what data we hold and giving you control over how we use it.

This website is owned and operated by Metro Shipping Limited

Metro Shipping Limited is committed to protecting your personal information, being transparent about what data we hold, and giving you control over how we use it.

This notice explains how we collect, use, share, and protect personal data when you visit our website, contact us, subscribe to communications, apply for a role, visit our premises, or otherwise interact with us. It also explains your rights and how to contact us.

Who we are and how to contact us

In this policy, "we", "us" and "our" refers to Metro Shipping Limited and/or other companies in our group (together, the “Group Companies”). For the purposes of this notice, Metro Shipping Limited acts as the primary/lead data controller and point of contact, including where it is processing personal data for and on behalf of the Group Companies. A list of Group Companies covered by this notice is available on request.

Company Name	Registered Office	Company Registration Number	ICO Registration Number
Metro Shipping Limited	2700 The Crescent, Birmingham Business Park, Birmingham B37 7YE, United Kingdom	01487078	ZA298389

You can contact us using our website contact form, by post to our registered office, or by telephone. For privacy enquiries (including requests to exercise your rights), please email: Privacy.Enquiries@metro.global

Personal data we collect

We may collect and process the following categories of personal data (depending on how you interact with us):

• Contact data – such as your name, email address, telephone number, postal address, and company details (for example, when you complete forms on our Site or contact us).
• Customer and business relationship data – such as your role, employer, business communications with us, and information needed to manage services and contracts.
• Communication data – the content of messages you send to us (for example via email or website forms) and related metadata.
• Website usage data – such as IP address, device information, browser type, pages viewed, and navigation activity (for example, collected via analytics and cookies).
• Newsletter subscription data – such as your email address and engagement metrics (for example, opens/clicks) where you subscribe to receive updates.
• Recruitment data – such as CVs, application forms, interview notes, right-to-work information, references, and (where legally permitted and relevant) background checks.
• Premises and guest Wi‑Fi data – limited device and usage information if you choose to use our guest Wi‑Fi at our premises.

Please do not provide personal data relating to other individuals unless you are authorised to do so. Where you provide information to us, you are responsible for ensuring it is accurate, complete, and up to date.

Special category data and criminal convictions dat

Some types of personal data are treated as more sensitive under data protection law, including special category data (for example information about health) and, in limited circumstances, criminal convictions and offences data. We will only process this information where it is necessary and we are legally permitted to do so.

Where relevant (for example in a recruitment or onboarding context), this may include information about your health (such as medical conditions, health and sickness records, or workplace adjustments) and, where appropriate for the role and permitted by law, information about criminal convictions or offences (for example, as part of a background check). We may receive this information from you, recruitment agencies, referees, or background check providers.

We may process special category data and/or criminal convictions data for the following purposes (as applicable):

• Recruitment and employment-related decisions – to assess suitability for a role, carry out checks where appropriate, and comply with employment law obligations.
• Equal opportunities monitoring – where we conduct monitoring and reporting, and where permitted by law.
• Workplace adjustments and accessibility – to provide appropriate adjustments during recruitment and/or employment.
• Health and safety – where necessary to protect you or others (for example, where we reasonably believe someone is at risk of harm).
• Legal claims and compliance – where needed to establish, exercise, or defend legal claims, or to comply with legal obligations.

Where we process special category data, we will ensure an appropriate lawful basis applies and that we meet an additional processing condition required for this type of data (for example, where processing is necessary for employment, social security and social protection law obligations, for reasons of substantial public interest, to protect vital interests, or to establish, exercise or defend legal claims). Where required, we will ask for your explicit consent.

How we use your personal data (purposes and lawful bases)

We use your personal data for the purposes below. Depending on the context, we rely on one or more of the following lawful bases: performance of a contract, compliance with a legal obligation, our legitimate interests (where not overridden by your rights), and consent (for example, where you opt in to marketing).

• Provide our services and operate our business (including responding to enquiries, managing customer relationships, and delivering contracted services) – usually necessary for a contract or our legitimate interests.
• Website operation, analytics, and improvement – usually our legitimate interests and/or consent where required for cookies/analytics.
• Marketing communications – where you have provided consent or where otherwise permitted by law; you can opt out at any time.
• Recruitment and onboarding – to process applications and make hiring decisions; lawful bases vary by activity and may include legitimate interests, legal obligations, and (where required) consent.
• Security, fraud prevention, and IT administration – our legitimate interests and/or compliance with legal obligations.
• Legal and regulatory compliance – compliance with legal obligations, and to establish, exercise, or defend legal claims.
• Business administration and record keeping – our legitimate interests and/or legal obligations.

Website analytics

When you visit our website, we may use analytics tools (such as Google Analytics) to collect standard internet log information and details of visitor behaviour patterns. We use this information to understand how our Site is used and to improve it. We do not use analytics information to identify you, and we do not allow analytics providers to attempt to identify visitors.

Marketing and newsletter

If you sign up to our newsletter or opt in to receive marketing, we may send you updates about our services, including offers, promotions, and news. You can opt out at any time by using the unsubscribe link in our emails or by emailing Business Support Team BST@metro.global

We may use third-party providers to support communications (for example, email distribution and engagement analytics). Where a third-party provider processes personal data on our behalf, we require them to apply appropriate safeguards.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.

For more information on your right to object at any time to your personal data being used for marketing purposes, see ‘Your rights’ below.

Who we share personal data with

We may share personal data with trusted third parties where necessary for the purposes described in this notice, including:

Law enforcement, regulators, and other parties where required by law, to comply with a court order, or to establish, exercise, or defend legal claims.

Analytics and website service providers (e.g., Google Analytics) to help us understand how visitors use our Site.

IT and hosting providers who host, maintain, and support our website and systems.

Professional advisers (e.g., legal, audit, insurance) where necessary.

Recruitment service providers (such as recruitment agencies and referees) where you apply for roles with us.

International transfers

Where personal data is transferred outside the UK or the European Economic Area, we will ensure appropriate safeguards are in place (for example, adequacy regulations or standard contractual clauses) as required under applicable data protection law.

How long we keep your personal data

We keep personal data only for as long as necessary for the purposes for which it was collected, including for legal, accounting, or reporting requirements.

Recruitment: if your application is unsuccessful, we normally retain your application data for up to 6 months after the end of the recruitment process (unless a longer retention period is required or permitted by law). If your application is successful, recruitment data will be transferred to your personnel file and retained in line with the employee privacy information provided to you.

Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure.

You acknowledge that the transmission of unencrypted (or inadequately encrypted) data over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

Where you have (or choose) a password to access any part of our services, you are responsible for keeping it confidential.

We have procedures to deal with suspected personal data breaches and will notify regulators and affected individuals where we are legally required to do so.

Your rights

In this section, we have listed the rights that you have under data protection law.

Your principal rights under data protection law are:

• the right to access - you can ask for copies of your personal data;
• the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
• the right to erasure - you can ask us to erase your personal data;
• the right to restrict processing - you can ask us to restrict the processing of your personal data;
• the right to object to processing - you can object to the processing of your personal data;
• the right to data portability - you can ask that we transfer your personal data to another organisation or to you;
• the right to complain to a supervisory authority - you can complain about our processing of your personal data;
• the right to withdraw consent - to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent; and
• the right to nominate - you can submit a request, through the procedure prescribed under applicable data protection law, to nominate an individual who shall, in the event of your death or incapacity, exercise your rights with respect to Uniserve’s processing of your personal data.

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting European Data Protection Board and Information Commissioner’s Office

You may exercise any of your rights in relation to your personal data by written notice to Privacy.Enquiries@metro.global

We will endeavour to resolve any questions, concerns, complaint or grievance that you may have regarding our use of your personal data within ten working days or such other time-period as may be permitted under applicable law.

In the event we do not address your questions, concerns, complaint or grievance or in the event of a personal data breach, you have the right to complain to the UK Information Commissioner’s Office (ICO),  Data Protection Board of India (DPBI) if you are not satisfied with how we handle your personal data.

Cookies

We use cookies and similar technologies to operate our Site and (where enabled) to analyse usage. Please refer to our Cookies Policy for details of the cookies we use and how to manage your preferences.

Third-party websites

Our Site may contain links to third-party websites. If you follow a link to any of these websites, please note they have their own privacy policies, and we do not accept responsibility or liability for them. Please check their policies before submitting personal data.

Personal data of children

Our website and services are intended for individuals aged 18 and over. If we become aware that we hold personal data about a child, we will take appropriate steps to delete it.

Changes to this notice

We may update this notice from time to time by publishing a new version on our website.