The organisation collects and processes personal data relating to its customers and suppliers to manage the initial and ongoing relationship. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The organisation collects and processes a range of information about you.
• Your name, address and contact details, including email address and telephone number Company registration and VAT (where applicable) number
• The terms and conditions of your relationship with us
• Details of your present and previous trading history with us and other related third parties (for example transport or courier companies used to make deliveries for you)
• Information about your tariff charges and previous credit history with the organisation
• Details of your bank account where payments are made electronically to the organisation
• Information about your solvency and credit history
• Information about your Company address and place of business either here in the UK or outside of the UK where appropriate
• Information about your previous civil judgements
• Details of the frequency of trade with the organisation for marketing purposes
• For certain applications, information about credit risk and suitability to trade
• Any statutory requirements such as Material Safety Data Sheets for products supplied or purchased.
• For online transactions, we require a credit card number, expiry date plus any security details that the credit card processor may need.
The organisation may collect this information in a variety of ways. For example, data might be collected through “know-your-client” documentation and credit application forms, obtained from your Directors’ personal information where we have requested this to be compliant with the Criminal Finance Act 2017, this includes passport or other identity documents, such as your driving licence; from correspondence with you; or through interviews, meetings or other assessments, Companies House and HMRC.
The organisation may seek information from third parties such as Credit Risk Assessors, Bank or Trade references and Companies House
Data will be stored in a range of different places, including in your client file, in the organisation's operations management systems and in other IT systems (including the organisation's email and back office system).
Why does the organisation process personal data?
The organisation needs to process data to enter into a trading or service contract with you and to meet its obligations under that contract. For example, it needs to process your data to provide you with an accurate forecast as to costings delivery dates, charging rate changes, PODs, MSDS, technical data and emails relating to contractual agreements
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check your identity and address to ensure Anti-Money-Laundering and Financial Sanctions obligations have been met.
In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the relationship. Processing client data allows the organisation to
• Ensure compliance and regulatory obligations are being met
• Maintain accurate and up-to-date records and contact details
• Ensure effective business administration
• Provide information on request to product providers in the course of your application and ongoing relationship.
We may process your data, especially your email address, to contact you for marketing purposes. For example, if we are holding an event or discount rates that we think may interest you.
We may use aggregate information and statistics for the purposes of monitoring website usage in order to help us develop the website and our services and may provide such aggregate information to third parties. These statistics will not include information that can be used to identify any individual.
From time to time we may provide your information to our customer service agencies for research and analysis purposes so that we can monitor and improve the facility we provide. We may contact you by post or e-mail to ask you for your feedback and comments on our services.
You are able to withdraw your consent at any time throughout the relationship by contacting the data controller (email@example.com).
Who has access to data?
Your information may be shared internally, with staff, if access to the data is necessary for performance of their roles.
The organisation shares your data with third parties in order to process applications as part of a service to which you have consented. The organisation may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The organisation will not transfer your data to countries outside the European Economic Area.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has the following policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
• Data Security Risk Assessment Policy
• Data Breach Plan
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data depending on the type of service we undertake on your behalf and will be limited to six years duration from the last contract undertaken on your behalf or direct contact initiated by yourselves
Data obtained which does not proceed to a contractual obligation on either parties behalf will be retained for 1 year then will be archived.
All credit history with your organisation will be kept for a maximum period of ten years.
Data obtained which then proceeds to a continuous trading relationship lasting 5 years or more will be retained indefinitely so as to be able to provide documentary evidence to HMRC in the event of an investigation of your organisation.
As a data subject, you have a number of rights. You can:
• Access and obtain a copy of your data on request (called a subject access request);
• Require the organisation to change incorrect or incomplete data;
• Require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing; and
• Object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact Nicky Galley at firstname.lastname@example.org.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
In order for us to provide you with our service and make suitable recommendations to you we will need to obtain and retain your data. If you are unable to do this then we will not be able to provide suitable service and work on your behalf and therefore we will not be able to enter into a client relationship with you. As such by accepting our privacy notice without objection being raised you are effectively “Opting In” for us to effectively control and process the data we use by consent.
For example, with regard to deliveries, if the relevant information is not disclosed fully then the work undertaken on your behalf such as delivery addresses and times would make the contract impossible to perform.