14 May 2018
Keeler Limited, as Data Controller, collects personal data from you for one or more of the following purposes:
- To provide you with information you have requested or which we think may be relevant to a subject in which you have demonstrated an interest;
- To initiate and complete commercial transactions with you, or the entity that you represent, for the sale of products and/or services;
- To fulfil a contract that we have entered into with you or with the entity you represent.
When we ask for personal data we will keep to the law, including the General Data Protection Regulations, and we will:
- Make sure you know why we need it;
- Only ask for the information we need;
- Protect it and ensure nobody has access to it who should not have access;
- Only share it with other trusted organizations in order to fulfil our obligations to you; we will not share your personal data with third parties for marketing purposes, and
- Make sure we don’t keep it for longer than is necessary.
This policy sets out the commitments above in more detail.
the body which determines the purposes and means of the processing of personal data.
means any information relating to an identified or identifiable natural person.
means the General Data Protection Regulations.
1. Data protection principles
Keeler Limited is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
2. Lawful basis
This section describes the data we collect, the retention period, the reasons we collect it and the GDPR lawful basis for processing.
- Name, address, email address, telephone number, bank account details; retained for 8 years
1. To process sales transactions / contractual performance
2. For accounting and taxation purposes / statutory obligation
3. Should a contractual dispute arise / legitimate interest
- Payment card data (account number, cardholder name, service code, expiration); shared with PCI compliant payment card companies; retained only whilst authorisation is pending
1. To fulfil purchase requests using payment cards / contractual performance
- Name, company name, address, email address, telephone number; retained for 8 years
- 1. To provide information about products and services you have requested / contractual performance
- To provide further, related information and ongoing news updates in relation to the identified area of interest / legitimate interest
- Personal contact information provided through website forms, trade shows or any other means; retained for 8 years
1. General mailing list subscription / consent
3. Data minimisation
We will ensure that personal data we request is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
We will take reasonable steps to ensure your personal data is accurate and kept up to date.
- We ensure that personal data is stored securely using modern software and, when stored on paper, in locked drawers or filing cabinets.
- We limit access to personal data to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information.
- When personal data is deleted this is done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions are in place to restore data in the event this is necessary.
6. Rights of individuals
We ensure that individuals have the following rights in relation to their personal data: right to be informed; right of access; right to rectification; right to erasure; right to restriction; right to data portability; right to object and the right to withdraw consent. We don’t use personal data to undertake automated decision making and profiling. You also have the right to lodge a complaint with the supervisory authority, the Information Commissioner’s Office (ICO).
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, we will promptly assess the risk to your rights and freedoms and if appropriate report this breach to the ICO.
8. Special category data
Some of our products store health data, which under the GDPR is particularly sensitive personal data. We ensure a valid reason under GDPR Article 9 exists for the processing of this data and we ensure it is protected.
9. Further information
Further information is available by contacting the GDPR Compliance Manager at:
Keeler Limited, Clewer Hill Road, Windsor, SL4 4AA, United Kingdom.
If you wish to remove your details from our mailing/client list or simply wish to view what data we have on you or your company, please contact us direct.