Website Privacy and Cookies Policy

We operate this Privacy and Cookies Policy because we are committed to safeguarding the privacy of those using our website and the confidentiality of any information that we collect about you.

This Privacy and Cookies Policy sets out how we will use personal data that we may obtain from you. It applies whenever you submit your personal data to us in accordance with section 3. This website is not intended for children and we do not knowingly collect personal data relating to children.

If we change any of the terms of our Privacy and Cookies Policy, we will post the revised policy on our website behind the “Privacy and Cookies Policy” link at the bottom of each page.

We are committed to ensuring that all personal data we hold is treated properly and in accordance with applicable data protection legislation. In accordance with data protection legislation, we are required to explain to you how we will treat any personal data which we collect from or about you.

Sgsco is made up of different legal entities, details of which can be found here. This Privacy and Cookies Policy is issued on behalf of sgsco so when we mention sgsco, “we”, “us” or “our” in this Privacy Policy, we are referring to the relevant sgsco company responsible for processing your personal data. SGS Packaging Europe Limited is the data controller in respect of any personal data which is processed by any of our offices located in the European Economic Area (“EEA”).

The Data Compliance Officer for SGS Packaging Europe Limited is Richard Jones and he can be contacted by emailing or by writing to SGS Bridgehead, Orchid Road, Bridgehead Business Park, Hessle, Hull, HU13 0DH, United Kingdom.

You may give us information about you:

  • When you contact us by any means (including via the website, over the phone, by email or by post) with enquiries, complaints etc.
  • When you purchase any products or services from us
  • When you engage with us on social media
  • When you choose to complete any surveys or research we send you
  • When you comment on or review any of our products or services
  • When you fill in any online forms
  • When you send in your CV or a job application form

If you provide us with personal data about someone else you are responsible for ensuring that you comply with your obligations under data protection legislation in respect of such disclosure and you warrant to us that: (i) you have obtained the relevant individual’s consent or that such disclosure is otherwise permitted by law;; and (ii) you have provided the individual with the required notices under data protection legislation.

The personal data we may collect, use, store and transfer about you includes the following:

  • Name, username or similar identifier (such as social media handle), title and job title (“Identity Data”)
  • Work contact details, employer organisation, address, billing address, email address and telephone number(s) (“Contact Data”)
  • Bank account and payment card details (“Financial Data”)
  • Details of your interactions with us, including interactions through our website, by telephone, email, in person and through social media (“Transaction Data”). For example, information regarding your order and logs of any requests, comments or complaints you make; and
  • Your preferences in receiving marketing from us and your communication preferences (“Marketing Data”)

We may also automatically collect data about you such as internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-ˇin types and versions, operating system and platform and other technology on the devices you use to access our website (“Technical Data”) as you interact with our website. We collect Technical data by using cookies and other similar technologies. Please refer to section 11 for further information regarding the cookies used on our website.

We have set out below a description of how and why we may use personal data you give us and (in respect personal data which is processed by any of our offices located in the European Union) which of the legal bases we rely on to do so.

Purpose/ActivityType of DataLawful basis for processing
To process any orders, you make including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(a) Identity Data
(b) Contact Data
(c) Financial Data
(d) Transaction Data
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
To respond to an enquiry made by you (whether via the website, over the phone, by email, social media or by post). We may also keep a record of our communications with you to inform any future communication we have with you and to demonstrate how we communicated with you throughout(a) Identity Data
(b) Contact Data
(c) Transaction Data
Necessary for our legitimate interests (to respond to your enquiry and provide you with the information requested regarding our products and services)
To provide customer service and support activities(a) Identity Data
(b) Contact Data
(c) Transaction Data
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to manage our relationship with you and ensure we are offering the best customer experience)
To provide you with marketing information regarding our products and services(a) Identity Data
(b) Contact Data
(c) Marketing Data
(a) Consent
(b) Legitimate Interests (where legally permitted to do so in order to promote our products and services)
If you decide that you do not wish to receive any marketing communications from us, please see section 7 below
To contact you to see if you would like to take part in customer research or complete a survey (such messages will not contain any promotional content and do not require prior consent)(a) Identity Data
(b) Contact Data
Necessary for our legitimate interests (to study how customers use our products and services and to grow our business)
To send communications required by law or which are necessary to inform you about our changes to the products and services we provide you. For example, updates to this Privacy Policy(a) Identity Data
(b) Contact data
Necessary to comply with a legal obligation
To administer and protect our business and our website from fraud and other illegal activities (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)(a) Identity Data
(b) Contact Data
(c) Financial Data
(d) Technical Data
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To use data analytics to improve our website, customer relationships and experiencesTechnical DataNecessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To consider you for a vacancy(a) Identity Data
(b) Contract Data
(c) Information contained within your CV and application form
Legitimate interests (to run and improve our business)

If we require your information for the purposes of performing a contract with you and you fail to provide this information, or if the information you provide is not accurate, we may not be able to perform the contract we have or are trying to enter into with you.

You warrant that any information you supply to us is accurate and up to date, that you will inform us if any such information requires updating.

 We will not sell any of your personal data to any third party.

We may share personal data about you:

  • With third parties, including other sgsco companies, who are directly involved in dealing with any request or enquiry made or order placed by you
  • With service providers acting as processors who provide IT and system administration services
  • Where such disclosure is required by law
  • With third parties who are providing us with professional advice
  • Where the disclosure is in connection with any criminal investigation, legal proceedings or prospective legal proceedings where permitted by law
  • Where the disclosure is in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk)
  • Where we are required to enforce our terms and conditions; or
  • Where we have stated or informed you otherwise (e.g. in this policy or on our website)

We will not pass on your information to any third party for the purpose of marketing.

We may also disclose your personal data to third parties in the event that we sell or buy any business or assets (in which case we may disclose your personal data to the prospective seller or buyer of such business or assets) or if we or substantially all of our assets are acquired by a third party, in which case personal data held by us about our clients and subscribers will be one of the transferred assets.

You can ask that marketing information is no longer sent to you by emailing us at, or by writing to us at sgsco, 626 West Main Street, Suite 500 Louisville, KY 40202, USA. It may take up to 14 working days to remove you from our marketing lists.

We will take all reasonable steps to protect your personal data. However, the Internet is global, and no data transmitted via the Internet can be guaranteed by us to be completely secure during transmission. We cannot guarantee the security of any data that you disclose online, and we will not be responsible for any breach of security unless this is due to our negligence or wilful default.

Sgsco is a global organisation. Our global headquarters is located in the State of Kentucky, North America. Our website is hosted in Louisville, North America. Any international data transfers will be in accordance with applicable data protection law and this Privacy and Cookies Policy.

Whenever we transfer personal data to countries outside of the European Economic Area in the course of sharing information as set out above, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is in place:

  • The transfer is to a third party located in a country that has been deemed to provide an adequate level of protection for personal data by the European Commission
  • The transfer is subject to use of a contract approved by the European Commission which gives personal data the same protection it has in Europe
  • The transfer is to a third party based in the US which is part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US

In the absence of an adequacy decision in respect of the relevant country, or appropriate safeguards as detailed above, we will not transfer your personal data outside of the EEA unless we have a lawful basis for doing so (for example, because you have explicitly consented to the proposed transfer).

If we are sending marketing materials to you by any means, you may ask us to stop sending such marketing materials at any time. Please see section 7 above for further information on how to do this.

You have a legal right to see a copy of the personal data that we keep about you, subject to certain exemptions. Requests for such information should be made by email to Richard Jones, Data Compliance Officer at eu-ˇ

In some circumstances you may also have a right to:

  • Rectify or erase any personal data we hold about you
  • Restrict our processing of your personal data
  • Object to us processing your personal data (for example, where we are processing your personal data based on our legitimate interests, you can ask us to stop processing your personal data. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data)
  • Data portability in respect of your personal data

In accordance with applicable data protection legislation, we follow security procedures when we process your personal data. We may therefore request proof of your identity before disclosing certain information to you or acting on any requests pursuant to this section 9.

Please contact us at the above address if you have any reason to believe that information we hold about you is inaccurate.

We only retain your personal data for as long as we need it for the purpose for which is was collected. Whilst taking in to consideration our legal obligations, we will on an ongoing basis: review the length of time we retain your personal data;; consider the purpose or purposes for which we hold your personal data for in deciding whether (and for how long) to retain it;; securely delete your personal data if it is no longer needed for such purpose or purposes;; and update, archive or securely delete your personal data if it goes out of date. For further information on how long we retain your personal data please contact Richard Jones, Data Compliance Officer at

Our website uses “cookies” to ensure you receive the best possible visitor experience. Cookies are small files which are sent by a web server to an individual’s computer which are then stored on that computer’s hard drive. A cookie contains text and is like an identification card which can only be translated by the server it originated from.

Cookies cannot tell us information such as your email address, which we can only collect where you tell us, for example if you submit an enquiry to us.

Our website uses the following cookies for the following purposes:

Cookie NameCookie Description
_gaUsed to distinguish users.
_gidUsed to distinguish users.
_gatUsed to throttle request rate.
_unamEnables sharing of content across various social networks. It counts clicks and shares of a page.
wp_Contain (encrypted) data related to Wordpress-­specific authentication or settings.
_gaUsed to distinguish users.
_gitUsed to distinguish users.
_gatUsed to throttle request rate.
wp_Contain (encrypted) data related to Wordpress-­specific authentication or settings.

Most internet browsers allow you to prevent cookies being stored on your computer. Alternatively, you may be able to configure your browser to accept all cookies or to notify you when a cookie is offered by our server. You may also be able to delete all cookies currently stored on your web browser.

Therefore, unless you change your browser settings you will automatically accept cookies from our website.

We may also collect information about where you are on the Internet (e.g. the URL you came from, IP address, and domain types and .com), your browser type, the country where your computer is located, the pages of our website that were viewed during your visit and any search terms that you entered on our website. We will use this information to administer our website, for internal operations (including troubleshooting, data analysis, testing, research, statistical and survey purposes) and as part of our efforts to keep our website safe and secure.

For further information about cookies and how they are used, please visit

Our website contains links to other websites which are outside our control and are not covered by this Privacy and Cookies Policy. If you access other websites using the links provided, the operators of those websites may collect personal data from you which will be used in accordance with their respective privacy policies which you should read. We are not liable for the practices of such third-party website operators in respect of your personal data.

You acknowledge that any information that you post using our social media facilities will be viewable by anybody who visits those websites and that such information is also subject to the relevant provider’s privacy policy. You are advised to consult each such privacy policy to see how they will use your data.

You have the right to lodge a complaint with your local data protection authority if you have any concerns with regard to the way in which we process your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority so please contact us in the first instance. You can contact us by emailing us at or by writing to Richard Jones, Data Compliance Officer, SGS Bridgehead, Orchid Road, Bridgehead Business Park, Hessle, Hull, HU13 0DH, United Kingdom.