We are committed to protecting your personal information and have developed this Privacy, Data & GDPR Policy to cover the rights of any individual or company whose personal data we have access to.
We collect and use certain personal information when you make an enquiry or place an order. We will use this information to provide the products or services requested.
We may collect, store and use the following kinds of personal information:
We store this information on our computer system, servers, cloud-based servers and in emails as well as paper files.
We will only use your personal information for legitimate business purposes including establishing, administering and supplying an order. For example, we may need to:
If you believe we are processing or storing your personal data you have certain rights under the General Data Protection Regulation (GDPR). Subject to any restrictions in the Data Access section below you can ask us for the following:
You have the right to not be subject to automated decision making and we must provide the data in a common, machine readable format (eg. PDF).
You can request to see the personal information that we hold about you. To do so, please contact our Data Protection Offer in writing at the address below.
We will not charge you for a copy of your data and we will respond to your request within 1 month.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access.
Your right to access the personal information that we hold about you is not absolute. In the event that we cannot provide you with access to your personal information, we will endeavour to inform you of the reasons why, subject to any legal or regulatory restrictions
We will hold your personal information for a maximum of 7 years, unless instructed by you. After 7 years, we may, instead of destroying or erasing your personal information, make it anonymous so that it cannot be associated with you.
There are some legal and regulatory requirements which govern how long we should retain your personal data. Outside of these we endeavour to retain your personal information only for as long as we believe is necessary to fulfil the purposes for which the personal information we collected (including meeting any legal, accounting or other reporting requirements or obligations).
We will never sell your personal data to another organisation.
When we have a legitimate business reason to do so, we may share your personal information with selected third parties including our employees and internal dealer network to assist us with establishing, administering or terminating our supplier relationship with you.
Some of these selected third parties may be based outside of the European Economic Area (EEA) in countries that do not have the same standards of protection for personal information as the UK. We will always use every reasonable effort to ensure sufficient protections are in place to safeguard your personal information.
When permitted or required by law or regulatory requirement we may disclose your personal information without your knowledge or consent (eg. supply of data to HMRC).
We will take all reasonable technical and organisational precautions to protect your personal information from loss, unauthorised access, copying, use, modification or disclosure.
We have procedures in place to deal with a suspected data security breach and will notify the Information Commissioner’s Office (ICO) and you of any suspected breach where legally required to do so.
We use 256-bit SSL encryption on our website where sensitive personal and financial information is processed and stored.
Ourselves and any payment processing gateway we may use, are Payment Card Industry Data Security Standard (PCI DSS) compliant, and our certification is available upon request.
We make all our staff aware of this Privacy & Data Policy as part of their basic training. If we ask a staff member to use sensitive personal information as part of their job description, they must complete and pass a GDPR assessment.
If you have any questions about this Privacy & Data Policy or concerns about data protection, you can direct issues to the Data Protection Officer using the contact information below.
We will endeavour to answer your questions or concerns within 72 hours and advise you of any steps taken to address the issues raised. If our response is unsatisfactory, or you believe we have not complied with your data protection rights you may make a written submission to the Information Commissioner’s Office (ICO).