The privacy notice will provide you with all the information, but in summary:
We hold your contact details in order to perform a contract (to supply you with goods or services e.g. training courses). We think it’s expected and justified that we would send you a new catalogue, update you with special offers and new products by mail, email or phone. However, should you disagree with this, just let us know and we will not provide this service. We hold a copy of your certificates and Photo ID’s to enable us to carry out stewardship on the products we sell and if you buy Aluminium Phosphide or Magnesium Phosphide from us we have a legal obligation to keep a Class 1 Poisons book.
We do have to pass your details to a restricted number of 3rd party trusted companies. To help deliver your order we need to pass over your delivery and contact details to our carriers so they can continue to deliver your goods quickly and efficiently. To help us keep you up-to-date with new products and special offers by email, we use a 3rd party companies to organise e-shots and organise mailings, e.g. post you our new catalogues.
For our current customers and potential customers, we will offer a clear opt out option on every communication we send in the post and email, and on any forms you fill out on our website. If you would prefer not to receive a marketing telephone call from us, please let us know.
If you would like to find more about the GDPR please see the Information Commissioners website www.ico.org.uk.
If you have any questions or queries, Louise is the data protection officer at Killgerm and can be contacted on 01924 268511 or email email@example.com.
Facts you need to know about GDPR
- The General Data Protection Regulation(GDPR) replaces the Data Protection Directive and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy. It will become effective on May 25, 2018.
- The GDPR applies not only to organisations who process data in the EU, but also any organisation that offers goods or services to, or monitors the behaviour of people inside the EU. GDPR applies even if the processing takes place outside of the EU.
- The GDPR applies to information that directly or indirectly could identify an individual. This includes information, such as names, addresses, phone numbers, date of birth, as well as IP addresses, cookie identifiers, device information, advertising identifiers, financial information, geo-location information, social media information, consumer preferences, etc.
- “personal data” shall mean any information relating to an identified or identifiable natural person (‘DataSubject’); an identifiable person is one who can be identified, directly or indirectly.
What are the lawful bases for processing?
The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)