Cookie & Privacy Policies
Winwood Products Ltd ("the Company") is the data controller for the purposes of General Data Protection (GDPR) and Data Protection Act (DPA.)
The Company is committed to protecting your privacy and we comply with General Data Protection Regulations (GDPR) and other data protection laws applicable to the United Kingdom.
Under the GDPR, there are six data protection principles that the Company must comply with. These provide that the personal information we hold about you must be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for those purposes
- Processed in a manner that ensures appropriate security of the personal data
Who this policy applies to
This policy applies to customers of and suppliers to Winwood Products Ltd, and to visitors to our corporate websites
What is personal information?
Personal information is any data relating to an individual from which that person can be directly or indirectlyidentified. This will include data such as name, address, account number, email address and email addresses.
Corporate information will also be held including company addresses, bank account details and financial information. This information can be held electronically or in paper form.
Much of the information held will be provided by you, but some may come from other sources such as credit reference agencies.
How your personal information will be used
As valued customers or suppliers we may hold and store information about your company and your employees to enable us to efficiently and effectively service your account. Using this data allows us to
- Process orders and to follow up orders not completed
- Answer queries about the orders
- To manage your account, including arranging deliveries, returns and refunds.
- Keeping historical information on transactions in order to manage rebates
- For general record keeping, accounts and insurance purposes.
- To protect and defend our rights
- To enable us to make payments to you. Where payments to us are being made by credit card, no card details will be stored on our systems
We may sometimes need to process your data to pursue our legitimate business interests, for example to prevent fraud, administrative purposes or reporting potential crimes. We may share your corporate information with credit reference agencies and other companies for use in credit decisions, for fraud prevention and to pursue debtors. We may be asked to provide details to tax, customs and excise authorities, regulators, courts or the police.
We may provide personal information to organisations such as hauliers, customers, suppliers or processors in order to process orders received from or placed with you. This information will be limited to that absolutely essential to efficiently process those orders.
Unless required by legislation or for efficient operation of our trading relationship, no information will be provided to a third party without your express consent.
We will retain your personal information only for as long as is necessary for our legitimate business interests. For accounting, tax and insurance reasons, information will be held for at least 7 years, although information may be held longer than that if there are valid legal grounds for doing so.
Security of your information
The Company has put in place measures to protect the security of your personal information. It has internal policies, procedures and controls in place to try and prevent your personal information from being accidentally lost or destroyed, altered, disclosed or used or accessed in an unauthorised way. In addition, we limit access to your personal information to those employees and other third parties who have a business need to know in order to perform their job duties and responsibilities.
Where your personal information is shared with third-party service providers, we require all third parties to take appropriate technical and organisational security measures to protect your personal information and to treat it subject to a duty of confidentiality and in accordance with data protection law. We only allow them to process your personal information for specified purposes and in accordance with our written instructions and we do not allow them to use your personal information for their own purposes. The Company also has in place procedures to deal with a suspected data security breach and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a suspected breach where we are legally required to do so.
No information is transferred outside the United Kingdom for processing. However, transmission of information by email or through the internet is not completely secure. Confidential information should be password protected. We cannot assume responsibility for such information once it leaves our systems or before it arrives in our systems.
Marketing and promotional activities
From time to time Company may undertake marketing and promotional activities in order to provide you with information on products and events that you may be interested in. You may opt out of such contact at any time by sending an email to firstname.lastname@example.org
Under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 (DPA) you have a number of rights with regard to your personal data. You have the right to:
- request access to your personal information - this is usually known as making a data subject access request and it enables you to receive a copy of the personal information we hold about you and to check that we are processing it lawfully
- request rectification of your personal information - this enables you to have any inaccurate or incomplete personal information we hold about you corrected
- request the erasure of your personal information - this enables you to ask us to delete or remove your personal information where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected
- restrict the processing of your personal information - this enables you to ask us to suspend the processing of your personal information, e.g. if you contest its accuracy and so want us to verify its accuracy
- object to the processing of your personal information - this enables you to ask us to stop processing your personal information where we are relying on the legitimate interests of the business as our legal basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground data
- portability - this gives you the right to request the transfer of your personal information to another party so that you can reuse it across different services for your own purposes
- If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
Changes to this Privacy Statement