Data Protection Privacy Notice (TRADE CUSTOMERS)
This notice explains what personal data (information) we hold about you, how we collect it, and how we use and may share information about you during our trading relations and after it ends. We are required to notify you of this information under data protection legislation.
Please ensure that you read this notice (sometimes referred to as a ‘privacy notice’) and any other similar notice we may provide to you from time to time when we collect or process personal information about you.
Who collects the information
Grass & Air Ltd (‘Company’) is a ‘data controller’ and gathers and uses certain information about you.
Data protection principles
We will comply with the data protection principles when gathering and using personal information.
Why we collect data
As part of the trading relationship, the company needs to keep and process information about you. The information we hold and process will be used to ensure we can offer the best service we can. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the time you are a customer but also after such times as the trading relationship comes to an end. This includes using information to enable us to comply with the trading T&C’s, to comply with any legal requirements, pursue the legitimate interests of the Company and protect our legal position in the event of legal proceedings. If you do not provide this data, we may be unable in some circumstances to comply with our obligations and we will tell you about the implications of that decision.
As a company pursuing the manufacture and sale of children’s clothing, we may sometimes need to process your data to pursue our legitimate business interests , for example to prevent fraud, administrative purposes or reporting potential crimes.
We may send email marketing communications to the email address provided by you, but you always have the option to remove yourself from the mailing list at any time. The content of the emails ensure you are kept up to date on key trading information, prices and offers. Your data is processed under the legal reason of ‘legitimate interests’ for this specific purpose.
About the information we collect and hold
Much of the information we hold will have been provided by you, but some may come from other internal sources such as your sales Agent or in some cases, external sources, such as credit referees.
The sort of information we hold includes your account application form and references, your signed T&C’s and any amendments, correspondence with or about you , for example letters to you about price increases or marketing support. We also need information to allow the trade relationship of selling and paying for goods, or giving credit to take place.
Where information may be held
The places in the business where we store your personal data whether it’s on internal system, with the Agents or in paper form, have all been assessed for risk and where necessary new measures put in place to increase security. This is particularly the case with our servers and other IT systems and equipment. We ensure all systems and hardware are protected to the best of our ability from cyber threats and other risks of data breach.
We do not keep any special categories of data
Other than as mentioned below, we will only disclose information about you to a third party if we are legally obliged to do so or where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our external credit insurance provider or SAGE pay for payments made.
How long we keep your information
Your personal data will be stored for no longer than is necessary for the purposes for which the personal information is processed, at which point it will be disposed of securely and all records deleted.
If in the future we intend to process your personal data for a purpose other than that which is was collected, we will provide you with information on that purpose and any other relevant information.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
If a data breach occurs, we have a procedure in place to deal with this and if it requires contacting you, we will do so and alert you to the possible risks associated with the breach.
Your rights to correct and access your information and to ask for it to be erased
Under the GDPR and the Data Protection Act 2018 (DPA) you have a number of rights with regards your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent is withdrawn.
You have the right to lodge a complaint to the Information Commissioners Office if you believe that we have not complied with the requirements of the GDPR or DPA 18 with regards your personal data.