We are aware of our obligations under the General Data Protection Regulation (GDPR) and are committed to processing personal data securely and transparently.
This privacy notice sets out, in line with GDPR, the types of data that we collect and hold. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to our current customers and suppliers, our former customers and suppliers and our prospective customers and suppliers.
We have separate privacy notices for:
The Company is a data controller, meaning that it determines the processes to be used when using your personal data.
Our contact details are as follows:
In relation to personal data, we will:
We hold and process the personal details, including their name, address, email address and phone numbers of:
Data relating to our current, former and prospective customers and suppliers is collected:
Personal data is kept within the Company’s IT systems.
The law on data protection allows us to process your data for certain reasons only:
All of the processing carried out by us falls into one of these permitted reasons. Generally, we will rely on the first three reasons set out above to process your data.
For example, we need to collect and process the personal data of customers and suppliers in order to perform the contract that we are party to with them and to maintain accurate accounting records in order to carry out our legally required duties.
We also collect data so that we can carry out activities which are in the legitimate interests of the Company. We have set these out below:
We know that we must process special categories of data in accordance with more stringent guidelines, however we do not and will not process special category data relating to our customers or suppliers.
Special categories of data are data relating to:
One of the reasons for processing your data is to allow us to carry out our duties in line with a contract that exists between us. If you do not provide us with the data needed to do this, we may be unable to perform those duties.
Data may be shared with colleagues within the Company where it is necessary for them to undertake their duties.
We may share data with:
We may also share data for other reasons to comply with a legal obligation upon us.
We are aware of the requirement to ensure data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such.
Where we share data with third parties, we provide written instructions to them to ensure that data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of data.
In line with data protection principles, we only keep your data for as long as we need it for. Retention periods can vary depending on why we need your data and are set out in our Data Retention Schedule which is available from email@example.com
We do not make decisions on the basis of automated decision making (e.g. where a decision is taken using an electronic system without human involvement).
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so such as contractual obligations.
If you wish to exercise any of the rights explained above, please contact firstname.lastname@example.org.
Making a Complaint
The supervisory authority in the UK for data protection matters is the Information Commissioner (ICO). If you think your data protection rights have been breached in any way by us, you are able to make a complaint to the ICO.
The Company is not required to appoint a Data Protection Officer. All correspondence in relation to GDPR is to be addressed to email@example.com