GDPR Compliance Statement
The General Data Protection Regulation (GDPR) is effective from the 25th of May 2018. The GDPR aims to strengthen the security and protection of personal data in the EU. The success of our Company builds on the trust that our customers, suppliers and third parties have in our ability to deliver premium quality products. This includes our ability to apply a high level of data protection and security in relation to personal data that our customers, suppliers and third parties entrust to us.
Purpose of this Statement
Within this statement we wanted to highlight to our customers, suppliers and third parties the measures we have put in place to ensure compliance with the GDPR where we hold or process personal data on your behalf.
Processing of Customer Personal Data
In the effective delivery of our services, we accept that we handle personal data of our customers, suppliers and third parties which is fundamental to the delivery of our services and we commit to complying with GDPR which requires us to process personal data using the following principles:-
- It will be used lawfully and fairly;
- It’s use, storage and removal will be transparent;
- It will be collected for valid purposes that have been clearly explained to you and not used for other purposes, unknown to you;
- It will be accurate and kept up to date;
- It will be kept securely;
- It will only be kept for as long as is necessary.
We will hold date such as your company name, trading address and associated delivery addresses (where applicable), your customers’ address and contact information (where applicable), your telephone number, mobile number, fax number and email details for your company and the associated named trade contacts and your bank account details (for suppliers).
These details will be held on our main IT system and in paper format. The IT system is protected by firewall and anti-virus software. All appropriate measures are taken to ensure the security and integrity of the data, both physical and digital.
The data will be used to fulfil our contractual agreement with you and provide you with our products, which includes:-
- To contact you in order to provide your company with requested information;
- Complete your purchase order and deliver our products to you or a nominated customer, according to our contractual agreement;
- To enable us to issue relevant paperwork in support of completing purchase orders and securing payment (ie; delivery notes, invoices, credit notes and statements);
- Inform and update you of any changes in our terms and conditions;
- To facilitate ordering from our suppliers and to make payment to suppliers.
It may be necessary to share this data with other companies (such as carrier companies) in order to provide products to you or your customer. However, we will do everything within our powers to ensure that they are compliant with GDPR regulations.
Data protection and security
For security purposes we have a legitimate interest as a Data Controller in the processing of the personal data of our visitors accessing our sites. Our visitors are required to register personal data (Visitor Personal Data) at the entrance. Visitor Personal Data is processed in compliance with the applicable GDPR principles. Amongst other things, this means that Visitor Personal Data shall not be kept longer than strictly necessary for security compliance purposes or as required by local law. The Company continually seeks to ensure the confidentiality, integrity and availability of the personal data we store or process. We maintain appropriate technical and organisational security measures to protect personal data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access. In demonstration of this, we have processes compliant with the following standards:-
ISO 9001:2015 certification for Quality Management Systems
Under the GDPR we must notify any data breach to the controller without undue delay. The Company therefore has processes and procedures in place for identifying, reviewing and promptly reporting data breaches to the relevant controller. We would provide the controller with:-
- A description of the nature of the breach;
- Contact details of the responsible data protection officer or any other contact person;
- Likely consequences of the breach;
- Proposed and imposed measures that were taken to limit harmful effects.
We will only retain your Personal Data, and that which belongs to individuals connected with your business, for as long as is necessary to fulfil our contract with you or for the purposes of satisfying a legal, accounting or regulatory requirement. We would retain this data for the entire period that you are a customer or have a business relationship with us.
Data Subject Rights
Under the GDPR there are significant enhancements to the rights that individuals enjoy with regards their personal data. The Company can work with customers and third parties, for whom we hold or process personal data, in order to determine how best to facilitate:-
- Handling Data Subject Access Requests;
- Rectification of personal data;
- The application of retention periods and the secure erasure/destruction of personal data;
- Responding to data portability requests in a structured, commonly used and machine-readable format.