The General Data Protection Regulation (GDPR) came into effect on 25th May, 2018.
Data Privacy Notice for Clients and Suppliers:
Data Controller - determines the purposes and means of processing personal data.
Data Processor - responsible for processing personal data on behalf of a controller.
Data subject - a living individual to whom the personal data relates.
Personal data - the GDPR relates to 'personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified from that data. e.g. name, home address and/or private e-mail address. On-line identifiers include IP addresses and cookies.
Special categories personal data - GDPR refers to sensitive personal data as 'special categories of personal data' (as explained in Article 9 of GDPR). These include genetic and/or biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Third Party - A natural or legal person, public authority, agency or body other than the data subject, who, under the direct authority of the controller or processor, are authorised to process personal data.
Who are We?
Tubular Technik Ltd (trading as 2bular Exhausts) is the Data Controller. This means we decide how your personal data is processed and for what purposes. Our contact details: 53 High Street, Laurencekirk. AB30 1EY. Our Data Protection Officer is Mr Jim Valentine, who can be contacted on 07983 431631 or by e-mailing email@example.com
Information we may collect from you:
You may give us information about you; name, address, e-mail and phone number plus Internet Protocol (IP) address used to connect your computer to the internet, by filling in the contact form on our website www.2bular.co.uk or otherwise.
Information relating to financial/credit card information in a payment transaction is dealt with by our card processor Worldpay. We do not see or deal with complete card data relating to orders placed on our website.
Lawful basis for processing your data:
There are six lawful bases for processing data. Consent, Contract, Legal obligation, Vital interests, Public task and Legitimate interests.
Our Lawful basis is for processing the legal contract of purchase of our product(s).
Your Personal Data:
Your personal data will be treated as strictly confidential. It is only shared with our credit card processor, Worldpay, when you actually buy one of our products. No other Third Party is allowed to see your data without your express permission or a demand by law enforcement authorities.
I am sometimes asked if I can put a prospective customer in touch with a previous customer to help them decide on a particular product. Permission to do this will always be sought from you beforehand.
We do not market by e-mail or phone, or any other method of contacting individuals.
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary in order to process your order and to make sure we hold adequate records in the event this information is required.
Storage of your data:
Our webhost www.shopwired.co.uk uses Amazon Web Services to store and process your data. All data is encrypted 'at rest' and 'in flight'.
Your rights and your personal data:
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data;
Request a copy of any data which we hold about you.
The right to request that we correct any personal data if it is found to be inaccurate or out of date. Your request will be actioned within one calendar month.
The right to request your personal data is erased where it is no longer necessary to retain such data.
That we provide you with your personal data and where possible, to transmit that data directly to another Data Controller (the right to data portability) where applicable.
Transfer of data abroad:
We do not transfer data outside the EEA.
Breaches of data:
If there is a breach of personal data we will inform the relevant regulatory authority within the requirement of 72 hours after we first become aware of it.