EVER SO CLEAN SUPPLIES LTD (ESC) – PRIVACY NOTICE
PURPOSE OF THIS NOTICE
This notice sets out how we collect, use and protect your personal information, in accordance with the General Data Protection Regulations (GDPR), the Data Protection Act 2018 and any other UK data protection laws, as amended or updated.
‘Personal Information’ means data that relates to an individual who can be identified from that information or together with other information which is held by or is likely to be held by the company. Whilst the GDPR does not cover information that identifies an organisation, it does cover personal and sensitive information relating to individuals within it (e.g. directors, beneficial owners or other controlling officials).
Ever So Clean Supplies Ltd, is a supplier of Cleaning Products & Chemicals, PPE, First Aid and Corporate Work Wear. We are registered in England & Wales as a limited company under number: 04602451 and our registered office is at 22a Oxford Road, Pen Mill Trading Estate, Yeovil, Somerset BA21 5HR.
WHAT INFORMATION WE MAY HOLD ABOUT YOU
Data is only obtained, processed or stored when we have met the lawfulness of the processing requirements of the GDPR. We may collect the following information to effectively and compliantly carry out everyday business transactions:
Name and job title.
Addresses including all site locations.
Contact details including email address, mobile and landline phone numbers.
Financial information including bank details and credit/debit card details (although we do not retain complete card payment information).
Other information relevant to purchases, surveys and promotions.
HOW THE INFORMATION IS COLLECTED
Most of the personal information we hold about you is that which we collect directly from you. Personal data can be collected in one or more of the following ways:
When you communicate through email, phone or website.
When you apply to open an account.
When you register to receive information from us.
Each time you purchase our products or services.
WHAT WE DO WITH THE INFORMATION WE HOLD ABOUT YOU
We may process your personal information for purposes necessary for the performance of our contract with you or your employer and to comply with our legal obligations, in particular to:
Process payments and assess financial risks by carrying out credit reference checks, etc.
Fulfil our obligations owed to a relevant regulator, tax authority or revenue service as is necessary for compliance with our legal and regularity obligations.
Send communications about new products, services, company news and promotions or other information which we think you may find interesting using the email which you may have provided.
We will not pass personal information to third parties for marketing, sales or any other commercial purposes without your prior explicit consent. We only share personal data where we are required to do so by law, where it is necessary to fulfil our statutory obligations and in limited circumstances with certain third parties acting on our behalf in order to provide a service you have requested from us.
We undertake to share only information which is relevant and necessary for the provision of the relevant service. People we share your information with are obliged to keep your details securely and use them only to fulfil your request.
In limited and necessary circumstances, your information may be transferred outside of the EEA or to an international organisation to comply with our legal or contractual requirements.
If it is necessary to transfer personal information outside of the EEA, we will make sure that it is protected in the same way as if it was being used in the EEA and we will use one of these safeguards:
Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA
Put in place a contract with the recipient that means they must protect it to the same standards as the EEA.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by emailing: firstname.lastname@example.org or by calling 01935 421582
The GDPR defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data”.
This includes breaches that are the result of both accidental and deliberate causes. Personal data breaches can include:
Access by an unauthorised third party.
Deliberate or accidental action (or inaction) by a controller or processor.
Sending personal data to an incorrect recipient.
Computing devices containing personal data being lost or stolen.
Alteration of personal data without permission.
Loss of availability of personal data.
If there is a data breach which leads to the loss of highly sensitive data and poses a risk to that data, we will notify the relevant Information Commissioner Office within 72 hours of first becoming aware of that breach. The data subject will also be notified.
HOW LONG DO WE KEEP PERSONAL INFORMATION
We will retain your personal data for as long as is necessary to allow us to carry out our business or where appropriate as required to be kept by law, regularity requirements or in connection with any anticipated litigation.
Under the GDPR and the Data Protection Act (DPA) 2018 you have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
You have the right to obtain access to and copies of personal information we hold about you which you have provided to us, including for the purpose of you transmitting that data to another data controller. We will provide this information at the earliest opportunity, but at a maximum 30 days from the date the request was received.
Deliberate or accidental action (or inaction) by a controller or processor. Where the provision of information is complex or subject to a valid delay, the period may be extended by two further months where necessary and you will be kept informed throughout the retrieval process of the reasons for the delay.
You have the right to require us to update and amend personal information we hold about you which you have provided to us.
You have the right to request us not to send you marketing communication.
You have the right to request us to erase all your personal information (the right to be forgotten).
We have ensured that exercising your right to the above is as clear and straightforward as possible, and can be done so by stating your request in writing to:
- The Data Controller
Ever So Clean Supplies Ltd
22a Oxford Road
Pen Mill Trading Estate
Or by email to email@example.com
If you no longer wish to receive marketing information from us, this can be done by contacting the data controller above.
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exceptions apply. If, for any reason, we are unable to act in response to a request for erasure, we always provide a written explanation to the reasons why.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner and you can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk