Fair Processing Notice (Customers/Suppliers)
On 25th May 2018, the New General Data Protection Regulations (GDPR) will legally take effect. As a business which holds personal data relating to your company, we are legally obliged to inform you of what data we hold for you and we will/will not use it.
Gemcom Ltd will be what is known as the ‘Controller’ of the personal data you provide to us. Gemcom Ltd company registration number is 5263274 and our registered address is: 66-68 Margaret Street, London, W1W 8SR.
Why we need it
We need to know your basic personal data to enable us to fulfil our contractual obligation to you as Customer and Suppliers. We will not collect any personal data from you we do not need to provide and oversee this service to you.
What we do with it
We use data relating to your business to facilitate trading with you and your company and for general correspondence with your staff on a regular basis.
Gemcom Ltd will not sell on this information to a 3rd party.
Gemcom Ltd may pass on your details to a 3rd party in order to fulfil your contractual requirements.
What we need
Unless otherwise agreed with you, we will only collect basic personal data about you, which does not include any special categories or personal information about you (often known as ‘sensitive personal data’).
This information, however, includes;
- Company Name
- Company Address
- Company Contacts (Sales/Accounts/Management etc)
- Various telephone and fax numbers as supplied by you
- Various email addresses as supplied by you
- VAT Number or EU equivalent
- Bank Account Details
Where we keep it
We hold Company information within our accounting system (Sage), our Trading/Logistics platform (BlueBERI) and or Email/Communication system (Outlook). Information about your company is backed up and stored on a server for security and loss prevention purposes. Information is also backed up in the cloud via Depositit (GDPR compliant). We are the only party who can access this.
How long we keep it
We will only use and store information for so long as it is required for the purpose it was collected for. How long information will be stored depends on the information in question and what it is being used for.
We will generally keep your personal data for a minimum of 7 years (from last contract date), after which time it will be destroyed if it is no longer required for the lawful purpose(s) for which it was obtained.
What are your rights
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
- the right to have inaccurate data rectified
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.
Any questions regarding this notice should be sent to our Data Lead (Edward Klein, firstname.lastname@example.org).