Charles Saunders Ltd (Trading as Charles Saunders Food Service) is a Data Controller and Data Processor of any personal data you supply. Charles Saunders takes data privacy and security of our customers very seriously and were committed to ensuring we comply with data security standards.
Charles Saunders will regularly review and where necessary update our privacy information. If we plan to use personal data for a new purpose, we will update our privacy information accordingly and communicate the changes to individuals before starting any new processing.
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Charles Saunders complies with its obligations under GDPR by keeping personal data up to date;
When you provide us with personal data to provide or receive a service, to complete a transaction, place an order, arrange for a delivery or return a purchase, we imply that you consent to our collecting it and using it for that specific reason only. If we ask for your personal information for a secondary reason, like marketing, we will ask you directly for your expressed consent. For all marketing communications, users will have to opt-in to receive communication from us, this includes event invites, promotions and newsletters. We will continue to provide an option to opt out of communication at the footer area of every marketing email we send. If you opt out your personal user data will be removed from all systems.
We use your personal data for the following purposes;
Please note, our website, www.charles-saunders.com, does not store any personal details. Any personal data submitted on web forms are sent to our sales team and your details are stored on a secure password protected database.
With cookies we store the following information:
Charles Saunders undertake an information audit to identify and record what personal data is held and how it is processed. Your personal data will be treated as confidential, and will be shared only with employees of Charles Saunders Ltd. We will only share your data with third parties with your prior consent. We will only retain personal data for as long as necessary for the fulfilment of those purposes.
If for any reason you would like to request access to the data we have on you as an individual, we will ensure we meet the regulations of allowing access to this data with in a timely manner of the request being made. Access requests should be made in writing and sent to email@example.com.
Under Article 16 of the GDPR individuals have the right to have inaccurate personal data rectified. An individual may also be able to have incomplete personal data completed – although this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.
Any requests for personal data rectification should be sent to firstname.lastname@example.org. All requests will be dealt with within one month of receipt. Charles Saunders will take reasonable steps to satisfy that the data is accurate and to rectify the data if necessary.
Under Article 17 of the GDPR individuals have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Please put your request in writing, which will be dealt with within one month of the receipt of the request.
Individuals have the right to have their personal data erased if:
Charles Saunders will comply with all requests to remove / delete personal data in accordance with GDPR and associated legislation.
In the circumstance your data has been shared with other organisations, Charles Saunders will instruct these third parties that your personal data requires erasure, unless this proves impossible or involves disproportionate effort, you will be informed without undue delay if there any issues with erasing your personal data.
The right to erasure does not apply if processing is necessary for one of the following reasons:
Charles Saunders will instruct you within one month of the receipt of your request if we refuse to comply with a request for erasure and the reasons we are unable to take action.
If we become aware that site security has been compromised as a result of external activity (including but not limited to external security attacks) we shall take reasonable measures which we deem appropriate. This includes but is not limited to internal investigation and reporting, and notification to and cooperation with law enforcement authorities. All affected users will be notified of this infringement within no more than 72 hours following discovery.
If you wish to raise a complaint on how we have handled your personal data, you can contact the Data Protection Officer by emailing email@example.com, who will investigate the matter.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner’s Office (ICO).