DALES SPORTS SURFACES LTD & VERDEMAT BOWLS LTD
GENERAL DATA PROTECTION REGULATION POLICY
STANDALONE DATA AND SECURITY POLICY STATEMENT
We take the collection, holding, use of and storage of data very seriously.
We comply with and adhere to the principles of the GDPR policy and have systems in place to monitor compliance and ensure we stay up to date with regulations and their continued effectiveness:
1) Registered Data Base – Implementing all advised updates when received.
2) Independent advice from respected and knowledgeable agencies – Accountants.
3) Ongoing staff training implemented by independent agencies – Accountants.
We receive personal information directly from customer contact and from agents acting on our behalf and its processing is necessary for the purposes of the legitimate interests pursued by our business. The information is freely given, specific, informed and an unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. This information, in the first instance, generally consists of name, job title, address, telephone number and email address and is used in our internal record keeping system. It is given to enable us to understand your needs and provide you with a better service and enable us to provide information of our range of products, quotations and or samples. We may periodically send promotional correspondence about new products, special offers or other information which we think you may find interesting using the email or postal address which you have provided. From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, telephone, fax or mail. If a sale is made and an order is generated we may then go on to collect the relevant banking information. If a credit or debit card is used to pay for the goods the information is relayed verbally. We never request this sensitive information by email or in any written format. Once the card transaction has been completed any relevant information is shredded in a crosscut shredder. We annually renew our PCI compliance procedure with our service providers.
We do not sell, share, distribute or lease your personal information with any other company or third parties unless we have your permission or are required by law to do so and we are not networked to any other company. We only hold personal data for the legitimate interest of our business in relation to our customers. We will not use your personal information to send you promotional information about third parties or pass your personal information to them. All information held on office computers, laptops and mobile phones is password protected. We publish privacy information separately on our relevant website sites.
Customers have the right to opt-in or opt-out from specific communications and the right to object to their inclusion to any direct marketing at any time. A customer may request access to their information with the right to request a change of details or to be deleted from our data base at any time (subject to the government account records sale of goods regulations requiring the holding of information for seven years).
We undertake to regularly review, and where necessary, update our privacy information. We would bring any new uses of an individual’s personal data to their attention before we start the processing enabling us to comply with other aspects of the GDPR and build trust with people. If you have an issue or you wish to change, restrict or have your personal information deleted from our systems at any time please contact us by mail or by using the following email address: firstname.lastname@example.org