Our GDPR & Privacy Policy
Our Company takes our customers & Employee’s Privacy and Data very seriously. We do not share any information with 3rd party companies for any reason unless required to do so by law in accordance with the Data Protection Act.
We only collect personal Data to ensure we can process our customer’s purchases and offer the best possible service.
- We are registered with the ICO as a Data Controller
- Our Data Controller Administrator is Rob Hallett
- Our Legal Bias for handling and processing Data is “Legitimate Interest”
- We do not store “sensitive information” but we do process card payments, at which we then destroy any details.
The Information & Personal Data we collect
Our Customers
- Name
- Home Address and / or Business Address
- Personal Email Address and / or Business Email Address
- Personal and / or Business Landline phone numbers
- Personal and / or Business Mobile phone number
- Purchase of our products Information
- IP Address when Visiting our websites
- Credit, Debit, banking card details **Please note we do not store or save these details**
Our Employee’s
- Full Name, Home Address, Contact phone numbers landline and / or Mobile.
- Next of Kin information for safety reasons only
- Any medical information if disclosed by the employee
- CV information if submitted by the employee
- Banking details for PAYE & Tax purposes only
- Work related documentation such as performance reviews, any disciplinary action taken, any important conversations and any relevant information disclosed by the employee
Potential Recruitment
- Full Name, Home Address, Contact phone numbers landline and / or Mobile.
- Any medical information if disclosed by the interviewee
- CV information if submitted by the interviewee
- Previous work related information that the Interviewee may disclose
The ways we collect this information
Our Customers
- By filling out documentation in Person in one of our branches
- Verbally, in person in one of our Branches
- By filling out documentation and us receiving through the post
- Verbally over a telephone conversation with us
- Through any information the customer discloses while using our contact form on our website
- Any Email sent direct by customers to our Info email address or named email address accounts within our business
- Private messaging through any of our social media platforms
- Private messaging to any of our business Mobile phones and landline answer machines
- By filling out documentation in Person in one of our branches
- Verbally, in person in one of our Branches
- By filling out documentation and us receiving through the post
- Verbally over a telephone conversation with us
- Any Email sent direct by customers to our Info email address or named email address accounts within our business
- Private messaging to any of our business Mobile phones and landline answer machines
- At any personal meetings or one on one hearings
- Basic information passed to us through Recruitment agencies
- Through direct Email or website contact form
- At the interview
- In person in a branch
- In a telephone conversation
- Private messaging through any of our social media platforms
- Private messaging to any of our business Mobile phones and landline answer machines
Why we collect this data
- For communication direct with the customer
- For Home deliveries of purchases
- To process payment transactions and refunds for our products
- To communicate any future events, promotions and offers, happening in our company ONLY
- To help customers with queries throughout their purchase journey with us
- To help customers with any queries after the sale of our goods
- To help customers in an efficient timely manner
- For legal and HMRC reasons to prove end of year accounts
- For private written communication through the post
- For safety and “care of the individual” reasons through next of kin
- To tailor work load and job roles to the individual
- For PAYE and Tax regulations.
- To ensure employees are paid correctly and on time
- To track, train, manage and improve employee’s performance
Storing & Protecting Data
- On our fully integrated protected electronic system “Intact”
- In HR personal files locked in a cabinet with management only access
- In Customer files locked in a cabinet with designated department only access
- In Business operation files locked in a cabinet with management only access
- Marketing Email addresses ONLY on an electronic database through an external company called Mail chimp.
- In Protected Email Mail boxes within our company ONLY
- IT services and support maintenance experts
- Home Delivery Sub contracted Drivers
- Installations and Sub contracted Fitters
- Our suppliers we trade with
- Mail chimp for maintenance purposes on Email Addresses ONLY
- To ask for what exact data Tec Supplies Group Limited holds for the individual. The company then has a right by law to disclose & publish that information to the individual in an efficient timely manner.
- The right for all the individuals Personal Data to be deleted and removed from the business. This can be requested at any time but may have implications to the service or non-service the individual will now get as a result of their personal Data being deleted.
- To ask for the source at which this Personal Data was collected, how it has been processed and how long the company intends to store and / or use the information for.
Gaining Consent from Customers & Employee’s
New & Existing Direct Marketing Campaigns
Any Email Addresses we hold from previous direct marketing campaigns will be contacted to gain consent before any more Marketing Emails are sent. If the existing Customers fail to give their consent or fail to contact us at all, the company will then delete and remove all of that individuals personal data. Exceptions to this will be for legal reasons stated in the GDPR Law.
We do not gain consent for any other Personal Data because we have legitimate interest in it. This means we need certain personal data to operate our services and business. We only obtain, Process and store personal data to ensure a smooth customer experience. Once again we never share this information.
Our Commitment and Regulations if a Data Breach takes place
- Contact the ICO to inform them of a breach within 72 hours and follow their guidance
- Contact the relevant people and stake holders depending on the nature and location of the breach.
- Take every action possible to “lock down” all other personal data
- Communicate to our customers and employee’s if we believe their data has been compromised within 72 hours. We will also give our customers & employee’s key actions to take to mitigate any personal data risk.
- New employee’s and existing employees must sign to say they fully understand the role they play in Data Protection.
- All new and existing Employee’s will be sent an information sheet detailing their rights as employee’s on the new Data protection laws
- All new account customers must be given a GDPR information form along with all the normal account information documents.
- Direct Marketing Emails must be to “consented” customers & Employee’s only. Consent must be gained first through the mail chimp consent form.
- We try to minimise “paper” personal data. If we have to have paper personal data then it’s locked a way out of public and employee sight.
- No personal Data should will ever be left on show anywhere on the sales floor or anywhere other customers can access.
- Any Personal Data no longer required will be shredded at the earliest opportunity.
- If the team suspect a Data Protection Breach they inform a line manager immediately
- Any Banking or card details we are given, we destroy immediately after the transaction has been processed