LAMBERT & DYSON LIMITED, GDPR COMPLIANCE PRIVACY STATEMENT
The company, in the course of it’s operation collects minimal information from customers that is necessary to the fulfilment of it’s contract with them. This information is supplied by the customer in person or over the telephone or by e-mail in order for transactions to take place and this constitutes a Clear Affirmative Action of Consent by the customer for us to use this information. Customers supply the company with their name, trading name, delivery and invoice addresses, contact telephone numbers and e-mail addresses. No other personal details are required or requested.
The company does not collect payments by direct debit so never obtains any bank account details. Customer bank cheques that the company receives as payment for goods and services are stored securely until paid in and no details are copied from them other than the name of the account holder and the amount of the cheque. We do not receive images of the cheques that we pay in.
If a customer chooses to pay by debit or credit card this process is compliant with the requirements of PCIDCSS. Card details are not stored electronically or on paper other than the “merchants receipt” docket produced by the card machine. These are stored securely and shredded as soon as possible. The card machine does not work through a computer but connects directly to the telephone line. The Worldpay system is used.
Suppliers and employees bank account details are stored so that the company can make the appropriate payments for goods, services and wages. We are Required by these businesses and individuals to keep this information. Payments are made electronically by NatWest Bankline secure payment.
No data is sold, shared or transferred in any way to any third parties.
RECORDS OF COMPLIANCE.
We will retain a record of any request from a customer to access any data that we hold for them.
We will record any breach of data compliance.
Consent for us to record a customer’s details is assumed if they contact us and provide this information in order for us to supply them. With regard to the issue of invoices/statements/periodic product availability updates/news by e-mail, we enquire of each customer if they are acceptable to receiving information/correspondence in this way.
PRIVACY BY DEFAULT. Only the basic minimum data required for the company’s operations is actually processed.
Our customer data is stored in the SAGE 50 Accounts on PCs at the registered office. We do not store on or backup to The Cloud. All data processing is in-house. Back-up USB sticks are taken nightly and stored securely away from the registered office by directors.