In this Policy, there are words and phrases that have a specific meaning or that we are using in a special way.
“personal data” any information about an identifiable living human being.
“process” we “process” your personal data when we do anything with it, which might include: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it.
“special category data” personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.
This policy describes how we will collect and use personal data about you.
We process information about:
“Prospects” – potential customers or referrers;
“Customers” – who have bought goods or services from us;
“Suppliers”, “Associates” – suppliers or potential suppliers of goods or services to us;
Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again we know what you asked before, what you were sent, and what you told us.
Typically, we are collecting name, contact details, how we came across you, and background information from you or published by you on social media or freely accessible on the internet, on why you might be interested in our products or services or a relevant contact for our business.
If we email you individually using our own email system, or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will retain the details of that enquiry and our response for a fixed period of 2 years.
We do not routinely keep special category data. To the extent we hold this, it was supplied or made publicly available by you.
Once you buy something from us, we will collect information from you at the point of sale.
This will include the information we collect from Prospects (above). We collect your email address, phone number and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.
We process your data to support the delivery the goods and services you have bought. We keep records of the goods/services provided to you, and information you give us, so we can support you when needed and advise you of any additional services you may need.
If you pay us by BACS or direct transfer, we know only what the bank tells us, which is usually the name of the person who paid us and how much and the reference number.
We will refer any enquiry from you to them, as they are the ‘data controller’ responsible for dealing with your query. But we will support that by providing relevant information to our customer for passing to you.
We collect information on potential and actual suppliers and associates. This is mostly provided by you, but we do add to it the same kind of data we use for Prospects (see above).
If you become a supplier or associate we keep a copy of the contract between us and your bank details so we can pay you.
We also keep a record of invoices/payments for accounting purposes.
We keep a record of the work you undertook for us/our clients along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.
This information is all needed to manage our customer relationships and our supply chain.
We do not sell or exchange your personal data with organisations who may want to sell you something or use your data for research or other purposes. However, we may disclose personal information to any member of our group including our holding company and its other subsidiaries.
Personal information may be disclosed to third parties where there is a legal requirement to disclose information and where we sell any or all of our business and/ or its assets to a third party.
We keep a list of the software platforms we use to run our business. If you would like a list of all the platforms we use, please email us at email@example.com
We have an outsourced support team for our own business which may include Web Designers, IT support, Accounting and more.
They have limited access to your data, where the service they provide to us means they need it.
For example, if our IT support wants to check the functionality of a laptop or back up, they may need temporary access to information that may include something about you.
For example, if we invoice you, our Accountant needs to process the information in the invoice.
Your information/advice is held in the strictest confidence. Our team are all contracted to strict confidentiality clauses.
Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our customer records, to email, to accounting.
This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere.
We have picked mainstream suppliers with appropriate security standards.
Your information will be kept for a retention period of 2 years.
We need to keep customer information long enough to satisfy HMRC and our insurers. We keep information on prospective customers long enough to make our sales enquiry system effective.
You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.
If you feel for some reason we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.
Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our services.
If you want to know what information we have about you (if any) email us at firstname.lastname@example.org and provide us your name, email address(es) and we will happily do a search and let you know what information we hold on you and how we are using it/have used it.
You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a customer, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.
If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at email@example.com
If we can’t sort it out, the relevant supervisory authority for us is the Information Commissioner for the UK. You can contact them here.