1. Data protection principles
Sandland Packaging is committed to processing data in accordance with its responsibilities under the GDPR.
- Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they areprocessed
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate are erased or rectified without delay;
- data is kept for no longer than is necessary for the purposes for which the personal data are processed
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
2. Personal data and its purpose
- Personal data means any information about a customer from which they can be identified
- All data processed by ourselves will be done on one of the following lawful bases: consent, contract, legal obligation or legitimate interests.
- Where we rely on the lawful basis of legitimate interests, we ensure that we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consents or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- We will rely on legitimate interests to pass your personal data to third parties lenders, including invoice discounting providers, to enable us to borrow funds from third-party lenders, including invoice discounting providers. The type of data that would need to be processed for this purpose would be identity, contract, and financial and transaction information. Individuals have the right to access their personal data and any such requests made will be dealt us within a timely manner.
3. Data Sharing
- We may share your personal data with external third parties, including lenders and invoice discounting providers.
- We require all third parties to respect the security of your personal data and to treat it in accordance with the law. WeSave for subsection (c) below, we do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
- Third-party lenders, including invoice discounting providers, may use your data for their own purposes, specifically the purposes of providing invoice discounting and/or other facilities to us. We will only share your data for these purposes if we are satisfied that such third-party lenders will respect the security of your personal data and treat it in accordance with the law. Upon request, we shall provide you with a copy of the applicable data protection policies for any third-party lender or invoice discounter engaged by us, with whom your information may be shared.
4. Accuracy
- We shall take reasonable steps to ensure personal data is accurate
- Further steps shall be put in place to ensure personal date is kept up to date
5. Archiving and Removal
- We will only retain personal information for as long as necessary to fulfil the purposes we collected the information for
- To determine the appropriate retention period for personal data, we shall consider the nature and sensitivity of the data, as well as the potential risk of unauthorised use or disclosure of the personal data
6. Data Security
- We have appropriate measures in place to protect the security of the personal data stored
- Access to personal data shall be limited to personnel who need access and appropriate securityshall be in place to avoid unauthorised sharing of information
- Appropriate security measures are in place to prevent personal data being accidentally lost, altered or disclosed
- When personal data is deleted this will be done safely such that the data is irrecoverable
- Appropriate back-up and data recovery are in place