North East Vending will operate as a Data Controller regarding any Personal Identifiable Information (PII) we gather from you.
This policy sets out the following;
- The type of Data we collect
- How we use your Personal Data
- When, and How we share that Data
- How we protect your Personal Data
- Your rights and choices regarding your Data
- Legal basis for processing Data
Types of Data
In order to carry out work on your behalf we may need the following information;
- Your Company Name and Address
- Information regarding your business
We use this Data in order to;
- Carry out contracted work set out in our letters of engagement
- Provide vending services to your business
Sharing Your Data
In order to carry out contracted work we may share your Data with other service providers in order to increase our efficiency and productivity. All service providers have been checked for GDPR compliance and none of our service providers have been given permission to share or otherwise process your Data. Although your Data may be hosted with one or more of these services providers no Data Processing is carried out by them at any time. We only share information where required by law or with carefully selected contractors and specialists to help us provide our services. We only share Data with other companies who are GDPR compliant. We are careful to minimise such sharing.
We may also share your personal Data if:
- The Law or a public authority says we must share that Data
- If we need to share personal Data in order to establish or defend our legal rights, this includes providing personal Data to others for the purposes of preventing fraud and reducing credit risk to any other successors in title to our business
Legal basis for processing your Data:
Your Data will only be processed by North East Vending in order to carry out vending services as contracted by you the client. These services are explained in our letters of engagement and quotations.
How we protect your Data:
- We use computer safeguards such as firewalls and Data encryption and we enforce physical access controls to our building and files to keep this Data safe. We only authorise access to your Data for employees who need it in order to carry out their job responsibilities.
- We protect your Data in transit by using Secure Sockets Layer (SSL) or other encryption technologies unless specifically asked by you, the client, to do otherwise.
- We enforce physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of your information. We may, on occasion, ask for proof of identity before sharing your personal Data with you.
Whilst we take appropriate technical and procedural measures to safeguard your personal Data please be aware that we cannot guarantee the security of any personal Data that you transfer over the internet to us.
Your Data will not be transferred to, or stored at any destination outside the European Economic Area (EEA). If this ever becomes the case then we will inform you and we will put in place appropriate protections and safeguards to ensure your Data is adequately protected.
Your Rights and Choices
You have the right to see the personal Data we hold about you under the GDPR, this is called a Subject Access Request. If you wish to see this Data then please inform us in writing or via our email address which is firstname.lastname@example.org.
Please inform us if you believe any of the Data we hold regarding you is inaccurate and we will update accordingly.
You also have the right to ask us to delete all personal Data we hold about you. Again please submit this request via email.