This privacy notice describes how the Company collect and use personal information about customers during and after the contractual relationship, in accordance with the General Data Protection Regulation (GDPR). This document also satisfies our obligations under Article 30 of the GDPR. It applies to all customers.
Data Controller Details
Name: Consort Equipment Products Limited
Address: Consort Equipment Products Limited, Thornton Industrial Estate, Milford Haven, Pembrokeshire SA73 2RT.
Telephone Number: 01646 692172
Data Protection Officer: Managing Director
Categories of Data Subjects
We may collect personal data from our customers.
Categories of Personal Data
We may collect the following categories of personal data about customers:
- Personal details including name and contact information.
- Location details.
- Details regarding buying status.
- Credit information (through an external third party).
- VAT details.
- Electronic identification data including IP address and information collected through cookies.
- Contractual details including the goods and services provided.
Source of personal data
Most of the information we obtain comes directly from customers. Some information may come from external third-party credit reference agencies or credit insurers.
Purposes of Data Processing
We collect and process personal data about customers for the following purposes:
- Maintaining and enhancing our products and services.
- Providing products and services and customer management.
- Account management.
- Complying with legal obligations.
Categories of Personal Data Recipients
We disclose personal data to the following categories of recipients:
- Auditors and professional advisors, such as lawyers and consultants.
- Federal, state, and local law enforcement officials.
- Third-party service providers, such as providers of:
– IT system management;
– Credit checks.
Data Protection Principles
We will comply with data protection law. This says that the personal information we hold must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that have been clearly explained and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told customers about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told customers about.
6. Kept securely.
Personal Data Retention Periods
Except as otherwise permitted or required by applicable law or regulation, we only retain personal data for as long as necessary to fulfil the purposes we collected it for, as required to satisfy any legal, accounting, or reporting obligations, or as necessary to resolve disputes. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of personal data, the potential risk of harm from unauthorised use or disclosure of personal data, the purposes for processing the personal data, whether we can fulfil the purposes of processing by other means, and any applicable legal requirements.
We typically retain personal data obtained from customers in hard copy for 7 years after the completion or termination of the contract. Thereafter, the information is retained electronically indefinitely in our archive system.
Technical and Organizational Security Measures
We have implemented the following technical and organizational security measures to protect personal data:
- Access control and user authentication.
- Employee training on information security.
- Written information security policies and procedures.
Duty to inform us of changes
It is important that the personal information we hold about customers is accurate and current. Please keep us informed if personal information changes during your contractual relationship with us.
Customers’ rights in connection with personal information
Under certain circumstances, by law customers have the right to:
- Request access to personal information.
- Request correction of the personal information that we hold.
- Request erasure of personal information.
- Object to processing of personal information where we are relying on a legitimate interest (or those of a third party) and there is something about the particular situation which makes the customer want to object to processing on this ground.
- Request the restriction of processing of personal information.
- Request the transfer of personal information to another party.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact the DPO in writing.
Changes to this Record of Processing Activities
We reserve the right to amend this Privacy Notice from time to time consistent with the GDPR and other applicable data protection requirements.
Last updated: 24 May 2018