1 Introduction
Coastal Building Supplies is a building material supplier. Under GDPR we are a Data Controller. This means we decide how your personal data is processed and for what purposes.
At Coastal Building Supplies we know that information relating to employment can at times be highly sensitive. We look after our clients’ data the same way we look after our own. We don’t sell personal data or make it available to any other organisation. Our Privacy Policy sets out the way in which we protect and manage your data.
We know that the data is not ours – we are merely custodians of your valuable information.
2 What do we hold data for?
We do not hold any data on Children.
2.1 As a Data Controller:
To manage our employees
For marketing and information promulgation
For managing business relationships in the provision of products and services.
We hold some information classed as special category information under GDPR Article 9. This is health and welfare related and is held to help us discharge our duty of care for employees’ wellbeing whilst employed by us.
3 How do we Process Data?
We comply with our obligations under the GDPR by:
Ensuring personal data is accurate and correcting inaccuracies discovered or notified to us
Not collecting excessive amounts of information
Only retaining information for as long as is necessary, and in accordance with our retention policy
Providing appropriate protection of data confidentiality against unauthorised access and disclosure through appropriate technical, physical, and procedural measures
4 What is the Legal Basis for Processing Data?
Marketing and information promulgation is to business customers only. We send information by email on the basis of Legitimate Interest. We do not need consent for this, but we ensure people have an easy way to opt out of any communications.
Our employee data is managed on the basis of Legitimate Interest and Contract of Employment. Processing data is required for carrying out responsibilities under Employment Law.
B2B information relating to sales and purchase is held for contractual reasons. This information is normally supplied to us when we establish a contract.
B2C information we hold relates to sales and is held for contractual reasons. This information is normally supplied to us when we establish a contract.
5 Transfer Overseas
We do not knowingly transfer personal data overseas. One of our major IT providers, Microsoft have operations within the European Union and claim to be fully GDPR compliant.
6 Data Retention
We have a Data Retention Policy which can be found with our GDPR Policy at our registered office. Retention periods are typically based around statutory and legal requirements. A small number are based on industry best practice.
7 Sharing your Personal Data
Your personal data is treated confidentially and is not sold. We do not share marketing data.
It may occasionally be necessary for us to share certain information with other providers, to ensure we fulfil our duty of care to staff. This could include, for example, occupational health. In this case, the staff member will be asked for permission to do this and the data shared will be the minimum necessary. We will seek assurance that the third-party provider is GDPR compliant.
8 Cookies
Cookies are used on our website and are categorised according to the International Chamber of Commerce. More information can be found on our website.