General privacy statement
This Privacy Statement regulates the use of personal data by Posturite Limited (‘us’, ‘our’ or ‘we’) provided to us by you, either because (a) we request it for the supply of goods and/or services to us from you, or (b) we supply goods and/or services to you.
We are registered as a ‘data controller’ in accordance with the current data protection legislation and we have given appropriate notifications to the ICO. We process personal data in accordance with current data protection legislation. We also act as a ‘data processor’ for the purposes of our service provision to our customers and clients and we operate under the direct instructions of our clients’/customers’ own data controller. For queries on data protection matters, please contact Posturite Limited’s Data Protection Officer at Data Protection Officer, Posturite Limited, The Mill, Berwick, East Sussex, BN26 6SZ, UK or firstname.lastname@example.org.
We will not collect any personal data about you or your employees/personnel, except where it is specifically and knowingly provided, or where it is necessary for us to process or hold for the purposes of the provision of goods or services to you or your organisation that has requested supply from us and where there is a valid legal basis.
Where we store your personal data
We will process and store personal data you provide to us on our internal and external systems located exclusively within the EU. All our systems have been enabled with technical and organisational security measures and controls. We will only store your personal data for as long as necessary for us to meet contractual or legal requirements. If the personal information you give us becomes inaccurate or out of date (e.g. contact information changes) please inform us as soon as possible so we can update our records.
Use of personal data
We use personal data held about you as follows: (a) if you are a supplier of goods and/or services to us, we will:
- Hold appropriate contact information for the goods or services we procure from you
- Make inquiries in relation to your performance as a supplier
- Maintain a record of data protection impact assessments and processing records as required under data protection legislation
- Run internal reports for compliance purposes as required by us for internal audit purposes
(b) if we are the provider of goods and/or services to your organisation, we will only hold the information we are instructed to hold by your organisation.
Unless otherwise agreed with you, we will not use any of your personal data for automated decision-making or profiling.
Disclosure of your Information
We will not disclose your information to anyone outside Posturite Limited except where we are required or permitted by law.
Legal basis for processing
Data protection legislation requires that we meet certain conditions before we can use your personal data as described in this Privacy Statement. For personal data which is not ‘special category’ as defined under data protection legislation, unless otherwise notified, we rely on a condition known as ‘legitimate interests’ to process your personal data for the above specified purposes. For example, it is in our legitimate interest to process your personal data in relation to your business contact names and contact details, where it is required by us, in order to procure goods and services from you as a supplier. It is also in our interest to administer and respond to enquiries about your appointment or potential engagement with us as a supplier of goods or services. For us to meet legal obligations under applicable data protection laws, we may hold necessary information as part of our data protection impact assessments (DPIA), compliance programme and record-keeping obligations. We will ensure that we keep the amount of data collected and the extent of any processing to a minimum to meet this legitimate interest.
Where we have been contracted by you or your organisation to collect personal data including ‘special category’, our legal basis for processing is ‘in the execution of a legal contract’. We will only collect and process as instructed by you or your data controller.
Your rights in relation to your personal data: Under data protection legislation you have the following rights in relation to your personal data if you are a supplier of goods & services to us:
- The right to access your personal data by subject access request
- The right to have your personal data rectified if inaccurate/incomplete
- Subject to exceptions, the right to have data erased
- The right to object to direct marketing
- The right to not be subjected to automated decision making (including profiling) where it produces a legal effect or significant effect on you
- The right to bring a civil action if there is a breach of your data subject rights
If we are the provider of goods and/or services to you or your organisation, you or your organisation provides you with these rights.
If you are not happy with the way in which your personal data is held or processed by us, we would request that you raise a compliant with our Data Protection Officer at the contact details set out above in the first instance; however, you also have the right to complain in relation to data protection matters to the Information Commissioner Office (ICO).
Changes to this Privacy Statement
This Privacy Statement is correct as of May 2018. We reserve the right to change the statement at any time on notice.