You will be aware that The General Data Protection Regulation (GDPR) standardises data protection law across all the EU countries. GDPR imposes strict new rules on controlling and processing people’s data and seeks to give people more control over how organisations use their data.
What we hold?
As a supplier/customer, we only hold personal data about you and your company that is necessary for carrying out our normal business activities. This information may include a name, address, email addresses and other work and personal contact information as provided to us by your company. In some cases, we may hold bank account or credit card details for efficient payment or receipt of monies due.
Why we need it?
We need to know your personal data in order to effectively operate our business and work with your company.
How we store it?
We may store your personal data in the following places:
- Our filing system / on paper files
- In Microsoft Office documents
- In email systems
- CRM Systems
- In third party systems such as email hosting
Our IT systems
Our IT system has been audited and staff trained on the GDPR regulations to ensure understanding and compliance. We have spoken to our email hosting company with regards to their security. They have confirmed that the data they hold on their servers is being held securely. Some data is stored on Microsoft Office 365, a system which is operated and protected by Microsoft in the USA.
What we do with it?
All personal data is processed in the UK by us and our suppliers and only in connection with our ongoing business relationship. Third parties, suppliers and others involved in our normal business dealings have access to your personal data only to perform the role they fulfil in the overall process. Our company does not transfer your data out with the European Union, unless we are exporting products to countries outside the EU, in which case, data will be shared with them as required. We only work with reputable companies and partners.
The Controller and Processor have a Data Protection regime in place to oversee the effective and secure processing of your personal data.
How long do we keep it?
We retain your personal data for as long as your Controller has a relationship with you and the data is required to support our business relationship with you. If our business relationship ends, we will retain your details for 3 years then delete them from our records.
What are your rights? (Right to be forgotten)
If at any point you believe the information we process on you is incorrect you can request to see this information and have it corrected, deleted or withdraw consent for it to be used. If you wish to raise a complaint on how your personal data is handled, you can or email email@example.com to investigate the matter.
If you are not satisfied with the response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
As you hold data for our company we expect you to do this in compliance with the GDPR and Data Protection Act 1998.
Any queries or issues relating to data will be dealt with by contacting: Paul Armitage on 0161 777 9970 or email firstname.lastname@example.org
We would be grateful if you could confirm that you have read and understood the Privacy Notice and consent to your data being processed as stated above and confirm that you will process our data within the regulations relating to the controlling and processing of data.