Charles Saunders Ltd (Trading as Charles Saunders Food Service) is a Data Controller and Data Processor of any personal data you supply. Charles Saunders takes data privacy and security of our customers very seriously and were committed to ensuring we comply with data security standards.
Your Personal data what is it?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
How will we process your personal data?
Charles Saunders complies with its obligations under GDPR by keeping personal data up to date;
- by storing, disposing / destroying of it securely;
- by not collecting or retaining excessive amounts of data;
- by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data;
- by completing information audits.
When you provide us with personal data to provide or receive a service, to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent. For all marketing communications, users will have to opt-in to receive communication from us, this includes event invites, promotions and newsletters. We will continue to provide an option to opt out of communication at the footer area of every marketing email we send. If you opt out your personal user data will be removed from all systems.
We use your personal data for the following purposes;
- To process customer and supplier accounts
- To operate the company’s web site and deliver the services that individuals / companies have requested
- To inform individuals of news, events, activities or services that the company are running
- To manage our employees and contractors
- To maintain our own accounts and records
- Our processing also includes the use of CCTV systems for the prevention of crime
Please note, our website, www.charles-saunders.com, does not store any personal details. Any personal data submitted on web forms are sent to our sales team and your details are stored on a secure password protected
With cookies we store the following information:
- your IP address or proxy server IP address’;
- the domain name you requested;
- the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- the date and time of your visit to the website;
- the length of your session;
- the pages which you have accessed;
- the number of times you access our site within any month;
- the file URL you look at and information relating to it;
- the website which referred you to our Sites; and
- the operating system which your computer uses.
Charles Saunders undertake an information audit to identify and record what personal data is held and how it is processed. Your personal data will be treated as confidential, and will be shared only with employees of Charles Saunders Ltd. We will only share your data with third parties with your prior consent. We will only retain personal data for as long as necessary for the fulfilment of those purposes.
If for any reason you would like to request access to the data we have on you as an individual, we will ensure we meet the regulations of allowing access to this data with in a timely manner of the request being made. Access requests should be made in writing and sent to firstname.lastname@example.org.
Right to Rectification
Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
Any requests for personal data rectification should be sent to email@example.com. All requests will be dealt with within one month of receipt. Charles Saunders will take reasonable steps to satisfy that the data is accurate and to rectify the data if necessary.
Right to be forgotten
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Please put your request in writing, which will be dealt with within one month of the receipt of the request.
Individuals have the right to have their personal data erased if:
- the personal data is no longer necessary for the purpose which it was originally collected or processed for;
- we are relying on consent as your lawful basis for holding the data, and you withdraw their consent;
- we are relying on legitimate interests as your basis for processing, you object to the processing of their data, and there is no overriding legitimate interest to continue this processing;
- we are processing the personal data for direct marketing purposes and you object to that processing;
- we have to do it to comply with a legal obligation
Charles Saunders will comply with all requests to remove / delete personal data in accordance with GDPR and associated legislation.
In the circumstance your data has been shared with other organisations, Charles Saunders will instruct these third parties that your personal data requires erasure, unless this proves impossible or involves disproportionate effort, you will be informed without undue delay if there any issues with erasing your personal data.
The right to erasure does not apply if processing is necessary for one of the following reasons:
- to exercise the right of freedom of expression and information;
- to comply with a legal obligation;
- for the performance of a task carried out in the public interest or in the exercise of official authority;
- for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
- for the establishment, exercise or defence of legal claims.
Charles Saunders will instruct you within one month of the receipt of your request if we refuse to comply with a request for erasure and the reasons we are unable to take action.
Data breach notification
If we become aware that site security has been compromised as a result of external activity (including but not limited to external security attacks) we shall take reasonable measures which we deem appropriate. This includes but is not limited to internal investigation and reporting, and notification to and cooperation with law enforcement authorities. All affected users will be notified of this infringement within no more than 72 hours following discovery.
If you wish to raise a complaint on how we have handled your personal data, you can contact the Data Protection Officer by emailing firstname.lastname@example.org, who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).
Charles Saunders will regularly review and where necessary update our privacy information. If we plan to use personal data for a new purpose, we will update our privacy information accordingly and communicate the changes to individuals before starting any new processing.