GDPR: DATA PRIVACY NOTICE FOR CLIENTS AND SUPPLIERS
4K Systems Ltd (“We”) are committed to protecting and respecting your privacy
The rules on processing of personal data are set out in the General Data Protection Regulations (the “GDPR”). The following definitions apply
Data controller – The Data Controller determines the reasons for and the processes of processing personal data.
Data processor – The Data Processor is responsible for processing the personal data on behalf of a controller.
Data subject – This is the individual or person that the data relates to
Categories of data:
Personal data – The regulations apply to ‘personal data’. This is any information relating to a person who can be directly or indirectly identified by that information. For example, name, passport number, home address or private email address.
Online identifiers may include an IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’. These special categories specifically include racial and ethnic origin, sexual orientation, medical information (including mental health), trade union membership, political opinions and religious or philosophical beliefs. In addition, genetic data, and biometric data is included where it can be processed to uniquely identify an individual.
Processing – This is any operation or set of operations which is performed on personal data or on sets of personal data, whether manual or automated. This includes collection of the data, recording, organisation, storage either manually or electronically, adaptation or alteration of the data, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available the data, alignment or combination, restriction, erasure or destruction of the data.
Third party – This means a person, public authority, agency or body other than the data subject, data controller or data processor who, under the direct authority of the data controller or data processor, are authorised to access and/or process personal data.
The purpose(s) of processing your personal data
We use your personal data for the following purposes: To arrange deliveries
- To take and process orders
- To contact you with any issues
- To keep you informed of any updates that may be relevant and useful to you
The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
- Personal data for example your name, address, mobile phone number and e-mail address
Where we have obtained your personal data from a third party this will be as our point of contact for receiving and arranging delivery of your order.
What is our legal basis for processing your personal data?
Our lawful basis for processing your general personal data:
|☐ Consent of the data subject;|
|☐ Processing necessary for the performance of a contract with the data subject or to take steps to enter into a|
|☐ Processing necessary for compliance with a legal obligation|
|☐ Processing necessary to protect the vital interests of a data subject or another person|
|☐ Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller|
|☐ Processing necessary for the purposes of the legitimate interests of the data controller or a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject|
Special categories of personal data
We do not process any data which may fall into Special Categories
Sharing your personal data
Your personal data will be treated as strictly confidential, and will be shared only as follows:
- For the purposes of processing and arranging delivery of orders
- For the process of processing orders
- For the purposes of processing payments
How long do we keep your personal data?
We keep your personal data for no longer than reasonably necessary in order to comply with the Accounting Standards of record retention (Currently 7 Years) and also, for example, to ensure that all conditions of delivery are satisfied, or that all payments have been made.
Providing us with your personal data
You are under no statutory or contractual requirement or obligation to provide us with your personal data. But failure to provide any necessary data may mean that we cannot fulfil orders or process payments that may be due to you.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you;
- The right to request that we correct or update any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary to retain such data;
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability)
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, where applicable i.e. for the purposes of direct marketing and processing for the purposes of scientific/historical research and
Transfer of Data Abroad
We do not transfer personal data outside the EEA.
Automated Decision Making
We do not use any form of automated decision making in our business.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
How to make a complaint
Should you wish to raise any complaints please in the first instance contact our Data Processor.