top of page

Our Data Protection Policy

​

We value the trust you place in us by giving us your data. We will always use your data in a way that is fair and worthy of that trust. That means letting you know what information we collect and why, how we use it and who to contact if you have any concerns. We will also do everything we can to protect the data we hold about you.

​

General principles

​

We adhere strictly to the Principles of Data Protection, as set out in the General Data Protection Regulation (GDPR). This includes the obtaining, holding, using or disclosing of such data and covers computerised records, as well as manual filing systems and card indexes.

We will hold the minimum data necessary. All such data is confidential and will be treated with due care.

We have proper safeguards to protect all data we hold. It will be kept safe from unauthorised access, accidental loss or destruction.

​

All data we hold will be obtained for a specified and lawful purpose, and processed fairly and lawfully in accordance with your rights.

​

We will hold your data for up to seven years for financial, legal and regulatory compliance.

We will not transfer your data to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

 

How we collect data

​

We will collect data through phone, email, face-to-face contact and via our new customer form.

​

How we use your data

​

We will use your data on the grounds of Legitimate Interest ie where we believe there is benefit to both us and you.

​

Usage will include communicating with you via email, phone, post and SMS to provide:

  • requests for orders

  • to process your orders

  • updates and information about orders

  • new product and company announcements

  • to email or post you our regular newsletter

  • ​

In order for our business to operate, we will use data we collect for clients and supplier companies for the following purposes:

  • financial and accounting procedures, including, but not limited to, quoting, raising purchase orders, sending statements, discussing payments and invoicing

  • credit checking

  • contractual matters

  • human resource matters.

 

Your right to be informed

​

We will email you to inform you that we hold information about you, with a link to our Data Protection Policy. We will inform you of any update to this policy via email.

​

How we store your data

​

We will only store data on our approved secure environments, which are GDPR compliant, including:

  • Order management platform

  • Accounting software

  • Secure website servers

  • Email service provider

  • Email software

  • Data stored on local PCs and other devices will be protected with a strong password and encrypted.

  • Data will be removed from local PCs and other devices, and any memory sticks or cloud storage platforms, as soon as it is no longer required.

  • All hard copies will be kept in a locked cabinet or drawer and put away when not in use.

​

How to access your data

​

You have the right to request access to the data we hold on you.

Please provide two forms of identification from the following to prove the data relates to you:

  • Passport

  • Driving licence

  • Birth certificate

  • Utility bill (from last 3 months)

  • Current vehicle registration document

  • Bank statement (from last 3 months)

 

Within one month of receiving your request, we will contact you with details of how you can access your data. Please contact data@suffolkmeadow.co.uk

​

Correcting your data

​

If you notice any errors in your data, you have the right to request that your record is updated. We will respond within one month.

 

Please contact info@suffolkmeadow.com If you object to us holding your data or want to restrict its usage

 

You have the right to opt out of all data usage or to restrict what we can do with your data. We will respond within one month. Please contact info@suffolkmeadow.com

​

Having your data erased

​

You have the right to request all information about you is erased from our systems.

Although we respect your wish to remove all data we hold, there is a level of data we may need to retain for legal, accounting and compliance reasons. We will review your request and tell you what data we can remove. We will do our best to respond within one month. Please contact info@suffolkmeadow.com

 

Transferring your data

​

When transferring your data, either internally or externally to clients or partners, we will ensure that the recipient is authorised to receive the data.

If we are transferring the data via email, we will take the following steps:

  • If possible, we will de-personalise the information before transfer. This may not be possible with some items of data.

  • The data will be encrypted and protected with a strong password.

  • The password will be sent separately from the email, either by telephone or instant messaging platform.

  • The email will be deleted from the inbox/sent items folder and the deleted items folder as soon as the dataset has been exported.

  • We will log the date, time, recipient, filename, format, method of transfer and classification of the data in the transference log. We will also obtain a read receipt..

 

Reporting a potential data breach

​

If we suspect a data breach of any kind, we will report it to the Information Commissioner’s Office immediately. If you suspect a data breach, which you believe may have involved us and the information we hold on you, please email info@suffolkmeadow.com with the subject 'Data Breach' and we will respond within 72 hours.

 

Data accountability

​

Our appointed Data Controller (the individual within our organisation who ensures our data policies and processes are followed and enforced) is:

Katherine Manning who can be reached at: info@suffolkmeadow.com

 

The GDPR in the UK is governed by the ICO. Please visit www.ico.org.uk for more information.

​

Cookie Policy

​

Our website only uses essential cookies, no other cookie data is used or collected. 

bottom of page