1. Overview

SAFS’s privacy policy sets out what personal data we hold, how we use it and under what circumstances, if any, we will share it with third parties.  SAFS abides by, and is compliant with, the General Data Protection Regulation (herein referred to as “GDPR”) which came into effect on 25th May 2018 and replaced the 1998 Data Protection Act. SAFS is committed to keeping personal information of the “data subject” secure and confidential.

2. Definitions

Personal Data - any information relating to an identifiable person who can be directly or indirectly identified. Accordingly, our privacy policy excludes data that relates to business or company data that is already in the public domain:

Data Subject – the individual for who we hold personal data

Data Controller – the individual or organisation that controls the purposes and means of processing personal data

Data Processor – the individual or organisation responsible for processing personal data      

SAFS Staff – includes individuals directly employed by the company or contracted to work for SAFS who are required to adhere to the company’s privacy policy and standard operating procedure on data protection

3. The data Controller is:

Windmill Community Centre
Messenger Road, Smethwick
West Midlands, B66 3DX
United Kingdom
Telephone: 01215 582198
Email: [email protected]

4. Responsibilities for processing data

SAFS adheres to the requirement in Article 5(1) requiring that personal data shall be:   

  1. processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);

  2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);

  3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

  4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

  5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);

  6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

5. Purposes and Legal basis for processing personal data

SAFS will primarily hold, process and store personal data for the following purposes:  

  1. Contract - whereby processing is necessary in order to fulfil the ‘Controllers’ order for the customer and/or because we have been asked to take specific steps before entering into a contract which may include undertaking financial checks, passing on details to a manufacturer or supplier.

  2. Legitimate Interest - whereby it is in the interest of the end user that we retain the ‘Customers’ data for the purpose of contacting them if a product or supplied part we have provided under the contract or before entering a contract (i.e. sample), is issued with a product recall or safety issue.

  3. Consent - where data is used for purposes other than those described in a) to b) above then SAFS will obtain consent as the legal basis for processing personal data. These circumstances may include, but are not limited to:

  • following up on enquiries made

  • keeping customers informed of products, services, activities and events

  • passing on enquiries to the local supplier of our products and services e.g. third party agents and distributors

  • requesting testimonials either directly or via our 3rd party marketing agency

6. How we use your data and how it is shared

SAFS treats all personal data as private and confidential and will not reveal personal details or information concerning specific orders to non SAFS staff except for those circumstances outlined in section 5a – 5b and in 5c above, for which specific consent will be obtained.

Accordingly, SAFS will only hold, store, process and share personal data for the following reasons:

  • to provide quotations in response to enquiries     

  • to process and despatch orders e.g. with Royal Mail and couriers  

  • to carry out regulatory checks

  • to prevent and detect crime

  • to undertake internal company statistical analysis

Personal data will only be shared for one of the following reasons:

  • where a person requests SAFS to reveal the information and authorises us to do so

  • where an individual gives specific consent to the data being shared

  • where we are required or permitted to do so by law

  • when it is required by law enforcement or fraud prevention

7. What data is collected or may be collected, how it is collected and how long is it stored

The data collected by SAFS will be adequate, relevant and limited to what is necessary to the purpose for which it is obtained.  It will be retained for no longer than is necessary to fulfil legal and/or contractual obligations.

8. Data Subject rights

Under the GDPR data subjects have the following rights regarding data held by SAFS Ltd:

  • the right to access and restrict the personal data held and processed

  • the right to request rectification of any erroneous data held or to update any data held

  • the right to data portability

  • the right to complain about processing carried out

  • the right to be forgotten

You may exercise your rights of access, rectification, objection and deletion by contacting us by email at [email protected] or by post at the address stated above, mentioning your full name and address and attaching a copy of your ID, either driving license or passport (photo can be obscured).  We are obliged to provide data held by us within 1 calendar month of the request and free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.

9. Business to Business Marketing

Though the GDPR is also applicable to business to business marketing where personal data is concerned, under the Privacy and Electronic Communications Regulations (PECR) consent is not necessarily required for electronic marketing. For business to business marketing where SAFS considers that data is being used proportionately, has minimal privacy impact and organisations would not be surprised to receive information from us as it is in their interest to be kept informed about relevant products, SAFS may send e-mails on the grounds of legitimate interests. This only applies to corporate bodies (companies, limited liability partnerships and government bodies) as sole traders and partnerships are treated as individuals. Similarly SAFS may call registered business numbers that have not previously objected to receiving calls. Businesses have the option to opt out of communications from SAFS at any point using the contact details in 8. above.

10. Miscellaneous

We reserve the right to change, modify, add or remove this Privacy Policy or parts of it at any time.  We will provide you with a copy of our Privacy Policy when this is done. The last date of modifications will always be mentioned at the end of this Privacy Policy.

If you have any questions or concerns regarding this Privacy Policy please do not hesitate to contact us by email at [email protected] or by post at the above address.