The term ‘company’ refers to us, Stubbings Bros Ltd
The term ‘individual’ refers to anyone the company holds personal data on, including prospects, customers, suppliers and staff.
The company is committed to preserving the privacy of individuals and to comply with the GDPR (General Data Protection Regulation).
The key areas for responsibility are:
3. Personal Data Updating
The company will ensure that any personal data collected is within the boundaries of what is required for business, legal and accounting use.
This personal data may be used for communications, business, accounting and legal reasons.
Data is regularly reviewed and updated to help ensure it is accurate and up to date.
When personal data is no longer required, it will be deleted and disposed of.
Personal data will not be given to 3rd parties unless it is for legitimate business reasons, legal reasons or specific consent has been given.
4. Personal Data Security
When personal data is stored electronically:
When personal data is stored on paper:
If any breach of data is discovered, then the individuals it relates to will be informed within 72 hours.
5. Personal Data Access
Individuals who have personal data held are entitled to know what personal data the company holds about them. This is known as a Subject access request.
When a Subject access request is made:
If an individual feels that any personal data is missing or inaccurate then they should inform the company so it may be updated.
Individuals are also entitled to know the company is meeting its data privacy obligations. This information is detailed in this Privacy Notice.
6. Right to be Forgotten
An individual has the right to their personal information being forgotten.
When an individual requests to be forgotten, then personal data concerning them will be deleted, with the exception of details that are required for Business or Legal reasons.
The identity of the individual must be verified before deleting information.
If you wish to change the way we contact you, please click here
7. Conditions to Communicate
Communications may be made at various times by the company to individuals by Email, Mail, Phone or Text.
If an individual requests not to be contacted, then the data will be updated to show this and that individual will be excluded from any communication except from ones required for legal, business or contractual reasons.
Communications are made under GDPR Article 6, Part 1, Condition: B (If entering into a contract with someone and you need to use their data in order to fulfil that contract), or Condition: F (processing is necessary for the legitimate interests of the company, so long as such interests are not overridden by the interests or rights and freedoms of the individual). When Condition: F is used, the comparison of the company interests versus those of the individuals is referred to as the “Balancing test”. This test is documented by the Data Controller to show that the test was carried out. Because these conditions are adhered to, specific consent from individuals is not required.
8. Privacy Notice updates
This document may be updated as necessary to reflect best practice in data management, security and control and to ensure continuing compliance with current GDPR.
In case of any queries or questions in relation to this policy please contact the company’s Data Controller.
Updated 1st July 2023.