The Premier Group (Coventry) Ltd is committed to ensuring the privacy and security of your personal information.
We ask for you to read this policy carefully as it contains crucial information on who we are, what personal information we collect, how and why we collect, store, use and share this, along with how to contact us if you wish to make a data request or what to do if need to make a complaint. In particular, we advise you take extra care when reading the section concerning ‘your rights’ (section 11) as it is vital these are understood.
If you have any questions, please don’t hesitate to contact us (our contact details are listed in section 12).
Section 1: Introduction
In this policy, whenever you see the words ‘Premier’, ‘we’, ‘us’ or ‘our’ then this refers to The Premier Group (Coventry) Ltd.
‘Personal information’ means any information relating to you from which you can be personally identified either directly or indirectly. However, this does not include information of which there is no way to link it to you.
As the ‘Controller’ of personal information we are responsible for how this data is managed and are bound by the provisions of the General Data Protection Regulation (GDPR). The GDPR applies to all companies that process the personal information of EU citizens and as such this outlines our obligations to you and also lists your rights in respect of how we process your personal data.
In accordance with our legal responsibilities as a ‘controller’ of your personal information we will ensure that any personal information we hold about you:
- Is collected only for a legitimate purpose
- Is used only for the legitimate purpose we have informed you of and not in any way that is incompatible with this
- Is used fairly, lawfully and in a transparent way
- Is kept securely
- Is accurate and current
- Is kept only for as long as is strictly necessary for legitimate purpose we have informed you about
- Is kept in accordance with your rights (listed in section 11).
Section 2: What information is collected by us?
When you make an enquiry about our goods or services, or whilst we provide you with our goods and services, or you provide us with goods or services, we collect some or all of the following information, this information will vary depending on your relationship with us:
- Your name and job title
- Your contact details
- Demographic information such as your postcode or preferences
- Your accounting details
- Your purchase/supply history
- Any information that may be relevant in assisting us to supply you with our goods and services
- Any information required for you to provide goods or services to us.
Section 4: Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Section 5: Do we collect information from other sources?
We may also obtain additional personal information from other sources such information publicly available on the internet, social media channels or any other third party.
Section 6: What we do with your personal information?
The GDPR dictates that we must always have a lawful basis for using our personal information. Accordingly, we may store your personal information for a number of legitimate reasons, such as for the necessary performance of our contract with you, because it is in the legitimate interests of our business to use it, or because you have consented to the use of your personal data.
We may use your personal data for one of the following purposes:
- To respond to customer or supplier enquiries
- If required to do so by contract
- To communicate with you throughout the time we provide our goods and services to you
- To communicate with you throughout the time you provide your goods and services to us
- For necessary day-today management of your customer or supplier account (such as the payment and creation of invoices)
- To provide ongoing pre and aftersales support in relation to your customer or supplier account (such as in relation to any queries or payments)
- To assist us in providing a faster and more efficient service
- For internal record keeping/ audit purposes, or as required by law.
Section 7: Where do we store your personal data?
We are committed to ensuring that your information is secure. To prevent unauthorised access or disclosure, we have put in place suitable physical, technical and managerial procedures to safeguard and secure the information we collect online.
- Any hard-copy personal information is kept securely in lockable filing cabinets on-site
- Any electronic personal information is secured by a specialist IT company, all internal PCS are password protected and files have restricted access only for authorised personnel. All of our back-up our servers are located securely within the UK and have AES256 bit encryption
Section 8: How we keep your electronic personal information secure
Our IT services are contracted to a specialist IT company, PC Doctors Ltd.
They have put WatchGuard firewall appliances into place between the internal network and the external cisco router. This device has the latest firmware and is updated within 14 days of new version releases, and has licensed features as listed below:
- Application Control – Allow, block, or restrict applications, including specific sub-functions within applications
- Gateway Antivirus – Scans all major protocols to prevent malware
- Intrusion Prevention Service – Examines network behaviour to identify and block malicious traffic
- Reputation Enabled Defence – Traffic to URLs with a bad reputation are immediately blocked
- SpamBlocker – Blocks nearly 100 percent of unwanted and dangerous emails
- WebBlocker – Protect users from risky content by blocking malicious websites.
All the servers are backed up internally to secure encrypted storage devices, and also to secure encrypted online data storage hosted in the UK. All encryption is AES 256bit.
Section 9: Do we share your personal data?
The security of your personal data is of upmost importance to us. Accordingly, we will not share, trade or sell any of your personal information with any third parties. However, there are limited circumstances where we may be required to share your information:
- We will share your personal information with law enforcement or other necessary authorities if required to do so by law or by court
- We may be required to share your personal information with selected approved suppliers or partners in order to fulfil any orders or arrange any necessary third-party services
- Personal data will only be shared with other companies within our group for payroll and accounts purposes, this is necessary as such functions are controlled from our Group Head Office at Brindley Road North.
Section 10: How long do you keep my personal data?
We will keep your personal data only for as long as is strictly necessary for the purpose in which it was acquired; after this data shall be safely destroyed.
- Existing customer purchasing history is kept for a statutory period of 6 years
- After we no longer provide any services to you, we will generally retain your personal information for 6 years before it is destroyed.
Section 11: Your Rights
Under the provisions of the GDPR you have numerous rights that are available to you free of charge:
- The right to access your personal information and other supplementary information. This includes a copy of your personal data, the purpose of processing your data, the categories of data being processed and details of third parties or categories of third party who will receive your data
- The right to fair processing. This means that you are given clear information on any processing that is to occur and that this is presented in a ‘concise, transparent, intelligible and easily accessible form’
- The right to rectification. Essentially you have the right to rectify any inaccuracies in your personal data
- The right to be forgotten. You have the right to request any personal information be erased if you withdraw your consent or if there are issues with any other underlying legal justifications for processing
- The right of data portability. This means you have the right to receive copies of your personal information in a useful, structured, machine-readable electronic format
- The right to object to processing of your personal information for direct marketing purposes. You will just need to to communicate that you have withdrawn your consent
- The right to object to certain types of data processing, such as if you contest the processing is unlawful the accuracy is contested
- The right to claim compensation caused to you for any breach of data protection laws
- The right to object to decisions being made on an automated basis.
For additional information pertaining to the rights listed , including the conditions in which they may apply, please visit Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
Section 12: How to contact us
Please send any questions, data access requests, or complaints to: [email protected] or post them to:
The Data Protection Compliance Manager
The Premier Group (Coventry) Ltd
Brindley Road North
Bayton Road Industrial Estate
Coventry, CV7 9EP.
We will endeavour to respond to any requests, questions or complaints without undue delay; in any case within 30 days upon receipt of your request (unless certain specific circumstances apply; if this is the case the data controller shall inform you of any such extension within 30 days).
Data access requests are generally undertaken free of charge, although a reasonable fee based on administrative costs may be charged if additional copies of information is required.
Please be aware that if data access requests are made we may, if reasonable, require proof of identity.
Section 13: How to make a complaint
We endeavour to successfully resolve any query or concern you raise about our use of your information.
Please also be informed the provisions of the GDPR also provide you with the right to lodge a complaint with the relevant supervisory authority in the European Union (or European Economic Area) state where you work, live or where any alleged infringement of data protection laws has occurred.
The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Section 14: Review of this policy
The Premier Group will regularly review this Policy and will communicate any changes by updating this page. We recommend you check this page from time to time to ensure that you are in agreement with any changes.
This policy is effective from 25/05/2018.