The General Data Protection Regulation (GDPR) is effective from the 25th of May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU. The success of our Company builds on the trust that our customers, suppliers and third parties have in our ability to deliver premium quality products. This includes our ability to apply a high level of data protection and security in relation to personal data that our customers, suppliers and third parties entrust to us.
Within this statement we wanted to highlight to our customers, suppliers and third parties the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.
In the effective delivery of our services, we accept that we handle personal data of our customers, suppliers and third parties which is fundamental to the delivery of our services and we commit to complying with GDPR which requires us to process personal data using the following principles:-
We will hold date such as your company name, trading address and associated delivery addresses (where applicable), your customers’ address and contact information (where applicable), your telephone number, mobile number, fax number and email details for your company and the associated named trade contacts and your bank account details (for suppliers).
These details will be held on our main IT system and in paper format. The IT system is protected by firewall and anti-virus software. All appropriate measures are taken to ensure the security and integrity of the data, both physical and digital.
The data will be used to fulfil our contractual agreement with you and provide you with our products, which includes:-
It may be necessary to share this data with other companies (such as carrier companies) in order to provide products to you or your customer. However, we will do everything within our powers to ensure that they are compliant with GDPR regulations.
For security purposes we have a legitimate interest as a Data Controller in the processing of the personal data of our visitors accessing our sites. Our visitors are required to register personal data (Visitor Personal Data) at the entrance. Visitor Personal Data is processed in compliance with the applicable GDPR principles. Amongst other things, this means that Visitor Personal Data shall not be kept longer than strictly necessary for security compliance purposes or as required by local law. The Company continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access. In demonstration of this, we have processes compliant with the following standards:-
Under the GDPR we must notify any data breach to the controller without undue delay. The Company therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller. We would provide the controller with:-
We will only retain your Personal Data, and that which belongs to individuals connected with your business, for as long as is necessary to fulfil our contract with you or for the purposes of satisfying a legal, accounting or regulatory requirement. We would retain this data for the entire period that you are a customer or have a business relationship with us.
Under the GDPR there are significant enhancements to the rights that individuals enjoy with regards their personal data. The Company can work with customers and third parties, for whom we hold or process personal data, in order to determine how best to facilitate:-