Privacy Notice for Clients, Suppliers and Service Providers
Fullers and its employees need to obtain process and store information from our customers in order to conduct our day to day business. The information we hold will be used to perform the daily professional business processes and effectively, safely and lawfully manage the relationship between the company and its customers.
1 What is the purpose of this document?
This privacy notice describes how we collect and use personal information about you during and after your relationship with us.
1.1 Fullers is a “data controller”. This means that the Company is responsible for deciding how it holds and uses personal information about you, and for explaining this clearly to you.
1.2 This notice applies to all clients, suppliers and service providers to our business.
2 What personal information are we collecting?
2.1 For clients, suppliers and service providers we will collect, store and use the following categories of personal information:
3 What other information we will hold?
3.1 Contractual, transactional & service data.
4 Particularly sensitive personal information?
4.1 The Company does not process special categories of information relating to race, ethnicity, political opinions, religious and philosophical beliefs, biometric data or sexual orientation.
5 How are we collecting your personal information?
5.1 All of the information we hold will have been provided by you.
5.2 We may only buy data from external credit rating agencies.
6 What are the legal bases for us to use your personal information?
6.1 We will only use your personal information when the law allows us to do so. Most commonly, we will use your personal information in the following circumstances:
6.2 We will also use your personal information in the following situations, which are likely to be rare:
6.3 Some of the above grounds for processing your personal information will overlap, and there may be several grounds which justify our use of this information.
7 Will we share your personal information?
7.1 Other than as mentioned below, we will only disclose information about you to third parties if we are legally obliged to do so; to facilitate the smooth running of or business; or, where we need to comply with our contractual duties to you, for instance we may need to pass on certain information to our insurance providers.
7.2 We may share your data with third-party service providers (including contractors and designated agents), and other businesses that provide certain services on our behalf. The following activities are carried out by third-party service providers: IT support, accounting services and invoicing services.
7.3 All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes.
8 Your duty to inform us of changes
8.1 It is important that the personal information we hold about you is accurate and current. Please keep us informed if any of your personal information changes during your relationship with us. (See “Identity and contact details of the data controller and Information Security Officer” below).
9 Change of purpose
9.1 We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
9.2 Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
10 Where will we store your personal information?
10.1 Any personal information that you submit to us will be held on secure servers, based within the European Economic Area (EEA).
11 Data Security
11.1 We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
12 How long will we use your personal information for?
12.1 We will keep your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
13 Your rights in relation to our processing of your personal information
13.1 You have the right to be informed about what we are doing with your personal information. This transparency notice sets out how we use it. If we change what we are doing we will provide you with an updated version of this notice.
13.2 You have the right to object to the processing of your personal information.
13.3 You have the right to request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
13.4 If the personal information we hold about you is incorrect or out of date you can ask us to correct it.
13.5 You have the right to ask us to delete the information that we hold about you where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you ask us to delete your personal information we will not be able to provide our services to you.
13.6 You have the right to ask us to restrict how we use your personal information for a period of time if you claim that it is inaccurate and we want to verify the position, or if our processing is unlawful but you do not want us to erase your personal information, or for some other limited circumstances. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it. If you ask us to restrict our use of your personal information, we may not be able to provide you with our services, or utilise yours.
14 Identity and contact details of the data controller and Information Security Officer
14.1 Fullers is the controller and processor of data for the purposes of the DPA 18 and GDPR.
14.2 If you have any concerns as to how your data is processed, you can contact:
14.2.1 Richard Falconer, Information Security Officer on 01753 519000 or
14.2.3 You can write to the Company using the address of; Fullers Holdings Ltd, 126 Fairlie Road, Slough, Berkshire, SL1 4PY