Data Subject – the individual for who we hold personal data
Data Controller – the individual or organisation that controls the purposes and means of processing personal data
Data Processor – the individual or organisation responsible for processing personal data
3. The data Controller is:
Windmill Community Centre
Messenger Road, Smethwick
West Midlands, B66 3DX
Telephone: 01215 582198
Email: [email protected]
4. Responsibilities for processing data
SAFS adheres to the requirement in Article 5(1) requiring that personal data shall be:
processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’);
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).
5. Purposes and Legal basis for processing personal data
SAFS will primarily hold, process and store personal data for the following purposes:
Contract - whereby processing is necessary in order to fulfil the ‘Controllers’ order for the customer and/or because we have been asked to take specific steps before entering into a contract which may include undertaking financial checks, passing on details to a manufacturer or supplier.
Legitimate Interest - whereby it is in the interest of the end user that we retain the ‘Customers’ data for the purpose of contacting them if a product or supplied part we have provided under the contract or before entering a contract (i.e. sample), is issued with a product recall or safety issue.
Consent - where data is used for purposes other than those described in a) to b) above then SAFS will obtain consent as the legal basis for processing personal data. These circumstances may include, but are not limited to:
following up on enquiries made
keeping customers informed of products, services, activities and events
passing on enquiries to the local supplier of our products and services e.g. third party agents and distributors
requesting testimonials either directly or via our 3rd party marketing agency
6. How we use your data and how it is shared
SAFS treats all personal data as private and confidential and will not reveal personal details or information concerning specific orders to non SAFS staff except for those circumstances outlined in section 5a – 5b and in 5c above, for which specific consent will be obtained.
Accordingly, SAFS will only hold, store, process and share personal data for the following reasons:
to provide quotations in response to enquiries
to process and despatch orders e.g. with Royal Mail and couriers
to carry out regulatory checks
to prevent and detect crime
to undertake internal company statistical analysis
Personal data will only be shared for one of the following reasons:
where a person requests SAFS to reveal the information and authorises us to do so
where an individual gives specific consent to the data being shared
where we are required or permitted to do so by law
when it is required by law enforcement or fraud prevention
7. What data is collected or may be collected, how it is collected and how long is it stored
The data collected by SAFS will be adequate, relevant and limited to what is necessary to the purpose for which it is obtained. It will be retained for no longer than is necessary to fulfil legal and/or contractual obligations.
8. Data Subject rights
Under the GDPR data subjects have the following rights regarding data held by SAFS Ltd:
the right to access and restrict the personal data held and processed
the right to request rectification of any erroneous data held or to update any data held
the right to data portability
the right to complain about processing carried out
the right to be forgotten
You may exercise your rights of access, rectification, objection and deletion by contacting us by email at [email protected] or by post at the address stated above, mentioning your full name and address and attaching a copy of your ID, either driving license or passport (photo can be obscured). We are obliged to provide data held by us within 1 calendar month of the request and free of charge. However, we have the right to refuse or charge for requests that are manifestly unfounded or excessive and repetitive.
9. Business to Business Marketing
Though the GDPR is also applicable to business to business marketing where personal data is concerned, under the Privacy and Electronic Communications Regulations (PECR) consent is not necessarily required for electronic marketing. For business to business marketing where SAFS considers that data is being used proportionately, has minimal privacy impact and organisations would not be surprised to receive information from us as it is in their interest to be kept informed about relevant products, SAFS may send e-mails on the grounds of legitimate interests. This only applies to corporate bodies (companies, limited liability partnerships and government bodies) as sole traders and partnerships are treated as individuals. Similarly SAFS may call registered business numbers that have not previously objected to receiving calls. Businesses have the option to opt out of communications from SAFS at any point using the contact details in 8. above.