Data controller: Joanne Goff
The company collects and processes personal data relating its customers to manage the business relationship. The company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the company collect?
The company collects and processes a range of information about you. This includes:
Your name, address and contact details, including email address and telephone number.
The terms and conditions of your contract with us;
Details of your previous orders and requirements.
Historical information on annual spending with the company.
Details of payment terms and payment history.
The company may collect this information in a variety of ways. For example, data might be collected through face to face meetings, email communication and telephone conversations. Information will also be collected from our historical records.
In some cases, the company may collect personal data about you from third parties, such as trade associations.
Data will be stored in a range of different places, including in your file and in other IT systems (including the company’s email system).
Why does the company process personal data?
The company needs to process data to enter into a business relationship with you and to meet its obligations under our terms of business. For example, it needs to process your data in order to process an order and to invoice you for payment.
In some cases, the company needs to process data to ensure that it is complying with its legal obligations. For example, it is required to make all financial transactions available for auditing purposes and to comply with VAT regulations.
In other cases, the company has a legitimate interest in processing personal data before, during and after the end of the business relationship. Processing customer data allows the company to:
Inform the customer of forthcoming offers and promotions.
Maintain accurate and up-to-date customer contact details.
Operate and keep a record of business transactions and volume of spend.
Operate and keep a record of customer specific requirements and buying patterns.
Ensure effective general customer service and business administration;
Respond to and defend against legal claims.
Maintain and promote equality and diversity in the workplace.
Some special categories of personal data, such as information about health or medical conditions, are processed to carry out employment law obligations (such as those in relation to customers with disabilities).
Who has access to data?
Your information may be shared internally, including with members of the Sales, Administration and Finance team if access to the data is necessary for performance of their roles.
The company shares your data with third parties in order to meet our legislative financial obligations. The company may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The company also shares your data with third parties that process data on its behalf this will be courier companies and sub contract suppliers.
The company will not transfer your data to countries outside the European Economic Area.
How does the company protect data?
The company takes the security of your data seriously. The company has internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
Where the company engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the company keep data?
The company will hold your personal data for the duration of our business relationship. The periods for which your data is held after the end of employment are 7 years, for all records relating to financial transactions.
As a data subject, you have a number of rights. You can:
Access and obtain a copy of your data on request;
Require the company to change incorrect or incomplete data;
Require the company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
Object to the processing of your data where the company is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Joanne Goff, HR Manager, firstname.lastname@example.org
If you believe that the company has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
You have some obligations under our business contract to provide the company with data. In particular, you are required to supply us with accurate and current contact details. Failing to provide the data may mean that you are unable to exercise your statutory rights.
Certain information, such as contact details, has to be provided to enable the company to enter a business contract. If you do not provide other information, this will hinder the company’s ability to administer the rights and obligations arising as a result of the business relationship efficiently.
We do not use automated decision-making in relation to our customers.