Last Modified – May 2018
We are dedicated to ensuring that all information stored about clients and individuals
are kept as secure as possible at all times and stored in accordance to the General
Data Protection Regulations 2018.
Our policy is to respect the privacy of clients and individuals and to maintain
compliance with the General Data Protection Regulations (GDPR). Personal data
related to client and individuals will be protected.
We have obligations imposed on us by the General Data Protection Regulation
(GDPR) to ensure that all information about individuals is collected and used fairly,
stored safely and securely, and not disclosed to any third party unlawfully. We must
ensure that our policies are written in a clear, plain way that everyone will
This policy outlines the information we collect and how we use it.
Individuals have various rights under the legislation including a right to:
be told the nature of the information we hold and any parties to whom this
may be disclosed.
prevent processing likely to cause damage or distress.
prevent processing for purposes of direct marketing.
be informed about the mechanics of any automated decision taking process
that will significantly affect them.
not have significant decisions that will affect them taken solely by automated
take action to rectify, block, erase or destroy inaccurate data.
sue for compensation if they suffer damage by any contravention of the
request that the Office of the Information Commissioner assess whether any
provision of the Act has been contravened.
We will only process personal data in accordance with individuals’ rights.
This policy outlines the information we collect and how we use it.
Data Protection Officer:
Our Data Protection Officer is Amanda, For further information, subject access requests or
complaints please contact 01788524562
In order to comply with our obligations, we undertake to adhere to the GDPR
1) Process personal data fairly, lawfully and transparently
We will make all reasonable efforts to ensure that individuals who are the focus of
the personal data (data subjects) are informed of the purposes of the processing,
any disclosures to third parties that are envisaged; given an indication of the period
for which the data will be kept, and any other information which may be relevant.
2) Data collected for a specified and legitimate purpose
We will ensure that the reason for which it collected the data originally is the only
reason for which it processes those data, unless the individual is informed of any
additional processing before it takes place.
3) Ensure that the data is adequate, relevant and not excessive in relation to
the purpose for which it is processed
We will not seek to collect any personal data which is not strictly necessary for the
purpose for which it was obtained. Forms for collecting data will always be drafted
with this mind. If any irrelevant data are given by individuals, they will be destroyed
4) Keep personal data accurate and, where necessary, up to date.
We will review and update all data on a regular basis. It is the responsibility of the
individuals giving their personal data to ensure that this is accurate, and each
individual should notify us if, for example, a change in circumstances mean that the
data needs to be updated. It is the responsibility of the company to ensure that any
notification regarding the change is noted and acted on.
5) Only keep personal data for as long as is necessary
We undertake not to retain personal data for longer than is necessary to ensure
compliance with the legislation, and any other statutory requirements. This means
we will undertake a regular review of the information held and implement a weeding
6) Put appropriate technical and organisational measures in place against
unauthorised or unlawful processing of personal data, and against accidental
loss or destruction of data.
The Data Protection Officer is responsible for ensuring that any personal data which
is held is kept securely and not disclosed to any unauthorised third parties.
We will ensure that all personal data is accessible only to those who have a valid
reason for using it.
We will have in place appropriate security measures:
keeping all personal data in a lockable cabinet with key-controlled access.
password protecting personal data held electronically.
ensuring that PC screens are not left unattended without a password
protected screen-saver being used.
In addition, we will put in place appropriate measures for the deletion of personal
data - manual records will be shredded or disposed of as ‘confidential waste’ Hard
drives of redundant PCs will be wiped clean before disposal or if that is not possible,
The information you provide us:
When you make an enquiry via our website, your personal data (name, telephone
number and email address) will be emailed to our designated team.
Your query will be answered and your details only added to our customer database if
you decide to place an order with us. Your details will be securely deleted if you do
not take your enquiry further.
Placing an order
When you place an order with us we will ask you to provide us with the following
Business name, address and contact number and email address, bank details (direct
debit only), company number and VAT number.
This information will be added to our password protected customer database (SAP
Business One), which is accessible by authorised staff members.
This information is required for legitimate interests, in order for us to fulfill your order
at your request.
Information Security and Retention:
Only authorised employees of the company will have access to personal data.
We have authentication systems in place and all employees, workers and sub-
contractors have their own logins and passwords. All passwords are changed
We review our security regularly and take all necessary cyber precautions.
Your data will remain on our system for a period of 6 years in order to comply with
our legal obligations.
We do not pass your data onto any third party.
Transparency and Choice:
You may at any time contact us and ask what information we hold on you.
You may ask us to update this information if it is incorrect, which we will strive to do
as quickly as possible.
You have the right to be forgotten and may at any time request that we delete your
data, please be aware that this request may be refused due to legal requirements.
Our policy may change as necessary to reflect best practice in data management,
security and control and to ensure compliance with any changes or amendments to
the GDPR and other relevant legislation.
We regularly review this policy to ensure that it complies with current legislation.