Our Data Protection Policy
We value the trust you place in us by giving us your data. We will always use your data in a way that is fair and worthy of that trust. That means letting you know what information we collect and why, how we use it and who to contact if you have any concerns. We will also do everything we can to protect the data we hold about you.
We adhere strictly to the Principles of Data Protection, as set out in the General Data Protection Regulation (GDPR). This includes the obtaining, holding, using or disclosing of such data and covers computerised records, as well as manual filing systems and card indexes.
We will hold the minimum data necessary. All such data is confidential and will be treated with due care.
We have proper safeguards to protect all data we hold. It will be kept safe from unauthorised access, accidental loss or destruction.
All data we hold will be obtained for a specified and lawful purpose, and processed fairly and lawfully in accordance with your rights.
We will hold your data for up to seven years for financial, legal and regulatory compliance.
We will not transfer your data to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.
How we collect data
We will collect data through phone, email, face-to-face contact and via our new customer form.
How we use your data
We will use your data on the grounds of Legitimate Interest ie where we believe there is benefit to both us and you.
Usage will include communicating with you via email, phone, post and SMS to provide:
requests for orders
to process your orders
updates and information about orders
new product and company announcements
to email or post you our regular newsletter
In order for our business to operate, we will use data we collect for clients and supplier companies for the following purposes:
financial and accounting procedures, including, but not limited to, quoting, raising purchase orders, sending statements, discussing payments and invoicing
human resource matters.
Your right to be informed
We will email you to inform you that we hold information about you, with a link to our Data Protection Policy. We will inform you of any update to this policy via email.
How we store your data
We will only store data on our approved secure environments, which are GDPR compliant, including:
Order management platform
Secure website servers
Email service provider
Data stored on local PCs and other devices will be protected with a strong password and encrypted.
Data will be removed from local PCs and other devices, and any memory sticks or cloud storage platforms, as soon as it is no longer required.
All hard copies will be kept in a locked cabinet or drawer and put away when not in use.
How to access your data
You have the right to request access to the data we hold on you.
Please provide two forms of identification from the following to prove the data relates to you:
Utility bill (from last 3 months)
Current vehicle registration document
Bank statement (from last 3 months)
Within one month of receiving your request, we will contact you with details of how you can access your data. Please contact email@example.com
Correcting your data
If you notice any errors in your data, you have the right to request that your record is updated. We will respond within one month.
Please contact firstname.lastname@example.org If you object to us holding your data or want to restrict its usage
You have the right to opt out of all data usage or to restrict what we can do with your data. We will respond within one month. Please contact email@example.com
Having your data erased
You have the right to request all information about you is erased from our systems.
Although we respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. We will review your request and tell you what data we can remove. We will do our best to respond within one month. Please contact firstname.lastname@example.org
Transferring your data
When transferring your data, either internally or externally to clients or partners, we will ensure that the recipient is authorised to receive the data.
If we are transferring the data via email, we will take the following steps:
If possible, we will de-personalise the information before transfer. This may not be possible with some items of data.
The data will be encrypted and protected with a strong password.
The password will be sent separately from the email, either by telephone or instant messaging platform.
The email will be deleted from the inbox/sent items folder and the deleted items folder as soon as the dataset has been exported.
We will log the date, time, recipient, filename, format, method of transfer and classification of the data in the transference log. We will also obtain a read receipt..
Reporting a potential data breach
If we suspect a data breach of any kind, we will report it to the Information Commissioner’s Office immediately. If you suspect a data breach, which you believe may have involved us and the information we hold on you, please email email@example.com with the subject 'Data Breach' and we will respond within 72 hours.
Our appointed Data Controller (the individual within our organisation who ensures our data policies and processes are followed and enforced) is:
Katherine Manning who can be reached at: firstname.lastname@example.org
The GDPR in the UK is governed by the ICO. Please visit www.ico.org.uk for more information.
Our website only uses essential cookies, no other cookie data is used or collected.