General Data Protection Regulation (GDPR) 2018
On 25th May 2018 the new General Data Protection Regulation (GDPR) will come into force. Big Blue Rocket Ltd, hold personal data on our customers, suppliers and third parties to provide our services. Any information we hold which is not relevant will be deleted in a secure and appropriate manner.
We will only collect, store and process personal information acquired which is relevant to the service we provide.
This document details the personal data that we may retain, process and share with others relating to your business and your employees. We are committed to ensuring all information held is secure, accurate and relevant.
To prevent unauthorised access or disclosure of this data we have implemented suitable physical, electronic and managerial procedures to safeguard and secure all the personal data we hold.
Types of personal information collected for customers & suppliers:
During negotiations/conversations/communications with us, such as discussing prices, terms and for the term that you are a customer and/or supplier, we may process personal information about your company, your employees and other individuals whose personal information has been provided to us.
The types of personal information we may process include:
Identification data, not limited to: name(s), gender and Company registration numbers
Contact details, not limited to: home/business addresses, telephone and email addresses
Customers Employee details, not limited to: job title/position and office location
Supplier Employee details, not limited to: job title/position and office location
Background information, not limited to: Business type and Company principles.
Financial information, not limited to: Banking details, Tax information, Credit reference checks.
We do not require and do not access or store any sensitive personal data relating to you as an individual, your business or your employees.
Purposes for processing personal information – our legal bases for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. However, we will normally collect personal information from our customers and suppliers only where we have your consent to do so or where we need the personal information to perform a contract with you. We have policies, systems and controls in place to strive to ensure your data is not lost, accidentally destroyed, misused or disclosed and is not accessed without authorisation and only accessed, used or shared for specific legal purposes.
If you require further information concerning the legal basis on which we collect and use your or your company and employee personal information, please contact us at the address at the bottom of this letter.
We store and use this personal information when it is necessary for the provision of our services, in line with the purposes agreed upon between you, our customer and supplier businesses and their employees and us.
We may use personal information where it is considered necessary to comply with the law under judicial authorisation or in response to lawful requests by public authorities – example: for enforcement purposes. Legitimate interest – we may also gather, store and use personal information when it is necessary for other legitimate purposes, such as to assist us to conduct our business more effectively and efficiently, for example general IT security management and marketing services.
Who we share personal information with:
We will only allow access to personal information to those who require such access to perform their tasks such as: delivery of goods, making a claim for damaged goods etc.; this is completed on a ‘need to know’ basis with appropriate security measures in place. This is done in accordance with the applicable data privacy law.
Transfer of personal information abroad:
We may need to transfer personal information to other countries outside of the UK – example: delivery details including your contact, your company or your employee contact details.
Data retention periods:
Personal information on you, your company and your employees will be retained for the length of time you are a customer and/or supplier of Big Blue Rocket Ltd and for six years thereafter, as required by applicable law.
Data privacy rights are available under applicable data protection law:
Access, correct, update or deletion request of personal information
Object to processing of personal information, or request to restrict processing of personal information or request portability of personal information.
If we have gathered, stored and used personal information using your consent, this can be withdrawn by you at any time, However, withdrawing consent will not affect the lawfulness of any processing we conducted prior to withdrawal, nor will it affect processing of personal information conducted in reliance on lawful bases other than consent.
To withdraw your consent, please do so in writing and address it to the Data Controller at the following address:
Big Blue Rocket Ltd
Unit 12, Keynes House
You have the right to complain to a data protection authority about our gathering, storing or use of personal information. Please contact the Information Commissioner’s Office. Website address is https://ico.org.uk/