A clear view on how we use your personal data
It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights.
What kind of personal data do we collect?
In order to provide the best possible products and services to our customer’s we need to process certain information. Kerrs Bakery only ask for details that will genuinely help us to deliver these products and services, such as your name, job role, and contact details; including but not limited to: Telephone number, email address, first and last name and in some instances your home address details. Where Kerrs Bakery are required by you to process payments for goods and services by way of debit or credit card we will also process these details, but only for this purpose.
We collect a minimum amount of data from our suppliers to ensure that we can easily process transactions. Kerrs Bakery will collect contact details for the main contact and any associate contacts within the business that assist us in processing any number of transactions. We also need other information such as your bank details so that we can pay for the services you provide (if this is part of the contractual arrangements between us).
How do we collect your personal data?
We collect customer data directly from you.
We collect supplier data directly from you.
How do we use your personal data?
There are two main reasons for using your personal details. Firstly, details will be used to help Kerrs Bakery process ongoing requests that you have made of us, i.e. raising a quote or processing an order, through to delivery of that.
The main reasons for storing and processing your personal data is to ensure that we can complete the contractual arrangements between us and comply with any legal and binding requirements.
If you send us an application form, your CV or contact us with personal information for employment purposes, we may store that information for 6 months. We do not share your information with any third parties and would only contact you within that 6 month period should a suitable post arise.
How do we safeguard your personal data?
We care about protecting your information. That’s why we put in place appropriate measures that are designed to prevent unauthorised access to, and misuse of, your personal data.
Those processes include but are not limited to; encrypted server access, Laptop devices are encrypted, all antivirus and gateway security settings are up to date and monitored.
How long do we keep your personal data for?
Data stored and processed in our Sales Order Management system. If we have not had meaningful contact with you for a period of seven years, we will remove your personal data from our systems unless we believe another processing requirement, such as legal or contractual regulation requires us to retain it.
How can you access, amend or take back the personal data that you have given to us?
If we are holding or using your personal information, you may change your mind at any time by writing to the Data Protection Officer, Kerrs Bakery, 14 Meadow Road, Motherwell, North Lanarkshire, ML1 1QB or emailing us at firstname.lastname@example.org. We will process the removal of your personal information within 10 days, sometimes sooner. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
Right to object
If we are using your data because we deem it necessary for our legitimate interests to do so, and you do not agree, you have the right to object. We will respond to your request within 30 days (although we may be allowed to extend this period in certain cases). Generally, we will only disagree with you if certain limited conditions apply.
Right to erase
In certain situations, you have the right to request us to “erase” your personal data. We will respond to your request within a maximum of 30 days and will only disagree with you if certain limited conditions apply. If we do agree to your request, we will remove your data. We will assume that you would prefer us to keep a note of your name on our system as a person who would prefer not to be contacted by Kerrs Bakery. as this will ensure that we can minimise the future risk of your data being resubmitted and used in the future. If you would prefer that this is not the case please let us know.
Our legal basis for processing your data
Article 6(1)(f) of the GDPR states that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
We think it reasonable that if you have communicated with us in the past or we have had meaningful contact with you within the past 5 years that there is legitimate interest that you will continue to benefit from our continued communication.
We want to provide potential customers with the opportunity to hear about our products and services and request additional information. We therefore deem it that if you operate in a sector that regularly benefits from our products and services and your information has been made available in the public domain that we can contact you to advise you of our products and services. We will have an upfront and honest approach to this and provide you with the opportunity to opt out of any further communications from us. Personal details may be used to for administrative purposes including invoicing.
We store and process the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within legitimate interests.
Article 6(1)(b) gives us lawful basis for processing personal data where; “processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract”
In this context, a contract does not have to be a formal signed document, or even written down, as long as there is an agreement which meets the requirements of contract law. Broadly speaking, this means that the terms have been offered and accepted, you both intend them to be legally binding, and there is an element of exchange (usually an exchange of goods or services for money, but this can be anything of value).
Where we and you have entered in a contractual agreement to deliver products and services we will process the appropriate and required information in order to do so. i.e. address details of the company.