CUSTOMER PRIVACY NOTICE
1 Legal Entities
Simply Spares and Consumables – Company Registration Number 3093252
2 Commitment to Information Security
We are providing you with this Privacy Notice in demonstration of our commitment to information security. We are registered with the Information Commissioner’s Office under reference No: A8816087
3 Information Security Management System (ISMS)
Simply Spares and Consumables operates and maintains an Information Security Management System (ISMS) in order to control its information assets and the information assets of its customers correctly. The ISMS is part of our ‘privacy by design’ approach to data management and consists of the following components:
3.1 Contractual Agreements
Simply Spares and Consumables issues the following contractual documentation, which incorporate binding information security clauses, to employees, contractors, customers and suppliers:
3.2 Policies & Protocols
Simply Spares and Consumables maintains operating policies and protocols to cover:
Monitoring of communications
Data breach reporting
Simply Spares and Consumables relevant policies and protocols help us to fully realise our commitment to lawful, fair and transparent data processing.
3.4 Guidelines & Training
Simply Spares and Consumables commits to oversee the competence of all our human resources in respect of compliance with GDPR. This includes the issue of contractual and procedural documentation, as described above, as well as the implementation of training for all relevant members of staff. Training is provided either directly by Simply Spares and Consumables or by their suppliers to enable employees and contractors to operate consistently within our ISMS.
3.5 Risk Assessment
Simply Spares and Consumables has run a GDPR audit to determine that our physical office environment, our IT systems, our personnel, our policies and our practices conform to the standards of the General Data Protection Regulation.
We are registered with the Information Commissioner’s Office and we operate a formal incident management process to identify, contain and recover from a data breach, should one occur. Our employees are trained to report any suspicion of data breach to our Data Protection Officer in line with our Data Protection Policy.
4 Your Personal Information
4.1 Why we process your personal information
In the course of transacting with us you may be required to provide personal information to include: your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media.
Your personal information may be used by us to:
Make our services and products available to you;
Process your orders;
Take payment from you or give you a refund;
Help us ensure that our customers are genuine and to prevent fraud;
Find ways to improve our services and products;
Contact you about services and products and services from us;
Help answer your questions and solve any issues you have.
4.2 Your rights
4.2.i Access and correction
You have the right to access the personal information that we hold about you in many circumstances. This is sometimes called a 'Subject Access Request'. I f we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge.
Before providing personal information to you or another person on your behalf, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your personal information.
If any of the personal information we hold about you is inaccurate or out of date, you may ask us to correct it. If you would like to exercise these rights, please contact our Data Protection Officer at [email protected]
4.2.ii Right to stop or limit our processing of your data
You have the right to object to us processing your personal information if we are not entitled to use it any more, to have your information deleted if we are keeping it too long or have its processing restricted in certain circumstances. If you would like to exercise this right, please contact our Data Protection Representative, as detailed above.
4.2.iii How long will we keep your information?
We will retain a record of your personal information only for as long as it is necessary to do so. Our objective is to provide you with a high quality and consistent service across our group. We will always retain your personal information in accordance with law and regulation.
5 Our Suppliers & Third Parties
Qualifying the compliance of suppliers and third parties is essential to establishing our own Statement of Compliance with GDPR. Should any suppliers or third parties with whom we share personal information – either as data controllers or data processors – fail to evidence conformity to the requirements of GDPR (or fail to ameliorate their non-conformity under notice) we will terminate our relationship with them.
Our current key suppliers/third party in the context of personal information data processing have documented evidence of their compliance with GDPR.
6 Physical Security
6.1 Premises Access Control
No individual can access our office environment without a key card during business hours of 8:00am to 5:30pm. Office key holders are restricted only to senior personnel with a register of key holders maintained at all times.
6.2 Server Access Control (Physical)
Server, routers and other business critical equipment is stored securely under locked cover with keypad access restricted to office key holders only.
6.3 Server Access Control (Digital)
Remote access to servers is carefully managed and monitored with enhanced security protocols in place.