Drayson & Sons (Timber Merchants) Ltd ("we" or "us").
WHAT INFORMATION DO WE COLLECT ABOUT YOU?
We will collect information about you when you open an account, place an order for products, request further information from us or if you wish to contact our office. The type of information we may collect includes your name, postal address, e-mail address and telephone numbers so that we can contact you accordingly and financial data.
Separate terms and conditions may apply when you open an account, so please make sure that you read these at the relevant time.
HOW DO WE USE THE INFORMATION WE COLLECT ABOUT YOU?
• To process your order or manage your account (if applicable).
• To deliver your orders.
• For record keeping purposes.
• For collecting and making payments.
HOW WE DECIDE HOW LONG TO RETAIN YOUR DATA
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements..
OUR LAWFUL BASES FOR PROCESSING YOUR DATA
We will use your personal information in the following circumstances:
• To perform the contract we have entered into with you
• To comply with any statutory or other legal obligations that we have
• Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests
• In other cases, we may seek your consent to processing your data.
DISCLOSING YOUR DATA
We never make your personal details available to third parties. However, we may use other companies to provide services to you on our behalf. These services may include but are not limited to answering your questions about products or services, sending postal mail and e-mails and analysing data. We will only provide those companies with the information they need to deliver the service we have engaged them for and they are prohibited from using that information for any other purpose.
We may have to disclose your information by law or because a court or the police or other law enforcement agency has asked us for it.
HOW IS YOUR INFORMATION PROTECTED?
We take protection of your information seriously and have appropriate physical and technological security measures in place to keep it safe. Internally, we restrict access to personal information. Only employees who need the information in order to do their jobs have access to it. We never transfer your data outside of the UK.
You have the right to:
• Request a copy of your personal data. If you do so, we must comply within one month
• Request correction of your personal data if it is incorrect
• Request erasure of your personal data (but whether we can do this depends upon our lawful basis for continuing to hold it)
• Object to us processing your personal data where we are relying on a legitimate interest for processing. This includes a right to object where we are processing your personal data for direct marketing purposes.
If you believe we have not complied with your rights and we have been unable to resolve your complaint, you can apply to the Information Commissioner. www.ico.org.uk
DATA PROTECTION ACT
Drayson & Sons fully support the requirements of the Data Protection Act and is committed to the protection of personal data belonging to our suppliers, customers and colleagues. We have both an internal Data Protection Policy and external website Privacy Policies in place which reflect the requirements of the DPA. We conduct regular audits to ensure our compliance.
We are aware of our obligations under the General Data Protection Regulations (GDPR) and have adopted a proactive approach to the implementation of the new legislation. This includes reviewing existing and where appropriate developing and implementing new policies and procedures to ensure personal data is collected, stored and disposed of in a manner compliant with the requirements of the GDPR.