We are committed to safeguarding the privacy of your personal information alongside compliance with the European General Data Protection Regulation (“GDPR”), the UK Data Protection Bill and any future changes to data protection legislation which we would be required to comply.
The document forms part of our obligations to be open and fair with all individuals whose personal information we process and to provide details of how we process it, what we do with it and how we support your rights.
Any changes made to this policy will be posted on this page and a notification sent to our marketing database. If you are not subscribed, please check back to this page frequently to see any updates or modifications.
Please note, none of the lists or examples provided in this document are intended to be exhaustive or fully representative.
How Do We Collect Personal Information?
We collect and store personal information that:
You provide to us when enquiring about, apply for, or purchase our goods and services;
You provide to us when visiting our branches;
You provide to us when communicating with us via email, writing, telephone and live chat;
You provide to us when subscribing to marketing communications;
Is shared with us by our partners (for example, companies that introduce you to us);
Is generated through use of our products and services and;
Is collected automatically through use of our IT systems for the purpose of ensuring security, analysing trends and gathering broad demographic information.
You have the right, at any time, to ask us not to process your personal data for any purpose that we are not required to do so by law (E.g. for marketing purposes).
We may still need to collect or retain personal information we hold about you under the terms of a contract we have with you (or a business with which you are associated). If you choose not to give us this permission, it may prevent us from meeting our obligation to you.
Any data collection that is optional is made clear at the point of collection.
How Do We Use Personal information?
To perform our obligations under any contract that hold with you (or a business that you are associated with), for example:
taking steps at your request, prior to entering into a contract (e.g. for providing quotes or pro-formas);
exercising the rights of all parties as set out in a contract (e.g. arranging warranty repairs or returns);
to deliver our products and services;
to maintain accuracy of our records;
to make and manage payments and;
to collect and recover money that is owed to us.
As necessary to comply with our legal obligations, for example:
to obey laws and regulations that apply to us;
to ensure good governance, accounting and auditing of our operations;
to detect, investigate, report and seek to prevent financial crime or fraud;
to ensure the security of our IT systems and services and;
to run our business in an efficient and proper way.
For our or your legitimate interests, or those of other organisations, for example:
to verify your identity and perform credit checks;
to respond to complaints and seek to resolve them and;
to monitor emails, calls and other communications and activities in relation to a contract.
Based on your consent, for example:
to keep you informed of products and services that we feel may be of interest to you;
keep you informed of news and events that we feel may be of interest to you and;
to develop and carry out our marketing activities.
Categories of Personal information
This list shows the various kinds of personal information we use and how we group them together:
Contact details – how we contact you and deliver products and services to you (for example, names, addresses and telephone numbers).
Communications – a record of conversations we have with you (for example, emails, letters and chat logs).
Contractual & Financial – details pertaining to the products and services we provide to you (for example, sales orders, invoices, dispatch notes, proof of deliveries, job sheets, engineer reports, payments made to us, money owed to us and your credit status).
Log files and statistics – how many visitors to our website we have, how often they visit and where they originated from (for example, IP addresses, URLS of requested resources, timestamps and HTTP user agents).
Consensual – any permissions, consent or preferences that you give us including how you would like us to contact you (for example, a subscription in our marketing database).
Disclosure & Sharing
We do not sell, rent or trade any of your personal data and we only disclose personal data in the ways set out in this policy, subject to any additional agreements in place between us and you (or a business you are associated with).
We will not disclose or supply your personal data to any third party for direct marketing.
We may share your personal information:
with third parties whom process personal data on our behalf, for example the hosting providers of our IT systems;
with third parties whom process personal data on their own behalf in order to provide you with a product or service that you have procured through us, for example sub-contracted engineers and product manufacturers whom offer a direct warranty or direct delivery service;
with third parties that we have contracted with for the purposes of processing payments, conducting identity checks, conducting credit checks, debt collection and other fraud or crime prevention services;
to any regulator, external auditor or applicable body or court where we are required to do so by law, regulation or investigation, for example government bodies such as HMRC;
to establish, exercise or defend our legal rights;
to any successors in title to our business.
Smartsheets Incorporated (whose services are based in the USA);
Google Incorporated (whose services are based in the USA) and;
Microsoft Corporation (whose services are based in the USA).
The criteria used to determine how long we will keep your personal data depends on its relation to a contractual agreement with us (E.g. whether you become a customer or not).
Personal information required to fulfil the obligations of any contract you (or a business that you are associated with) holds with us will be retained for 7 years after the contract has come to an end. This is a requirement to fulfil our contractual, legal and regulatory obligations.
Personal information that does not relate to a contract (for example, enquiries, pro-formas and quotes where a sale is not made) will be retained for a maximum of 2 years.
Personal data that is stored in log files and statistics and captured by automated means will be retained for a maximum of 2 years since your last visit to our websites or use of our IT services.
We will never record any credit or debit card information in our systems. All payments you make through our websites or over the phone are processed by our third-party payments Sage Pay Europe Limited (“Sage Pay”) and are done so in line with the Payments Card Industry Data Security Standard (“PCI-DSS”).
Where any personal information is stored or transmitted, we will ensure adequate safeguards are in place to protect your data and the risk it pertains, for example:
by deploying industry standard technical measures such as encryption and/or firewalls;
Locking away paper records when not in use and;
Ensuring the secure destruction of information when no longer required.
Whilst we are committed to taking appropriate technical and organisational security measures to protect your personal data from unauthorised loss, destruction, damage and misuse, by agreeing to this policy you acknowledge that we cannot guarantee the security of your data, as the transmission of information over the internet or public communications networks (post, telephone, internet) is never completely secure.
With regards to personal data, you have the right to:
be informed about our processing of your personal data;
have your personal data corrected if it is inaccurate;
object to us processing your personal data;
restrict processing of your personal data;
have your personal data erased (“right to be forgotten”);
request access to your personal data and information about how we process it;
move, copy transfer your personal data in electronic format (“data portability”) and;
reject to automated decision making including profiling.
You have the right to complain to the Information Commissioners Office (“ICO”) if you are unhappy with the way we process your personal information.
We are registered as a data controller with the ICO with registration number TBC
We are authorised and regulated by the Financial Conduct Authority with reference number 656125.
Buzz Supplies Ltd is a Private Limited Company registered in England and Wales under company number 07096129 and our registered address is Cambridge House 27 Cambridge Park, Wanstead, London, E11 2PU.