Data Protection Policy (GDPR Compliant)

Aim and scope of policy

This policy applies to the processing of personal data in manual and electronic records kept by the Company. It also covers the Company’s response to any data breach and other rights under the General Data Protection Regulation.

“Personal data” is information that directly or indirectly uniquely identifies an individual, for example a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Introduction

Interex (the Company) makes a commitment to ensure that personal data is processed in line with GDPR and domestic laws. Where third parties process data on behalf of the Company, the Company will ensure that the third party takes such measures in order to maintain the Company’s commitment to protecting data.

Types of data held

We obtain personal information when individuals use our website, over the phone or in person, for example, when contacting about products and services, make a purchase, create an online account, or if register to receive one of our email newsletters.

Without limitation, any of the following Data may be collected by this Website from time to time:

• name and title
• delivery address
• credit or debit card number and the card's expiry date
• contact information such as email addresses and telephone numbers
• IP address (automatically collected)
• web browser type and version (automatically collected)
• operating system (automatically collected)
• a list of URLs starting with a referring site, your activity on this Website, and the site you exit to (automatically collected)

  Data protection principles

All personal data obtained and held by the Company will:

• be processed fairly, lawfully and in a transparent manner
• be collected for specific, explicit, and legitimate purposes
• be adequate, relevant and limited to what is necessary for the purposes of processing
• be kept accurate and up to date
• not be kept for longer than is necessary for its given purpose
• be processed in a manner that ensures appropriate security
• comply with the GDPR procedures for international transfer of personal data.

In addition, personal data will be processed in recognition of an individuals’ data protection rights, as follows:

• the right to be informed
• the right of access
• the right for any inaccuracies to be corrected (rectification)
• the right to have information deleted (erasure)
• the right to restrict the processing of the data
• the right to portability
• the right to object to the inclusion of any information
• the right to regulate any automated decision-making and profiling of personal data.

Procedures

The Company has taken the following steps to protect the personal data of relevant individuals, which it holds or to which it has access:

• it appoints or employs employees with specific responsibilities for the protection, processing and control of data
• it provides its employees with data protection information and training
• it can account for all personal data it holds, where it comes from, who it is shared with and also who it might be shared with
• it carries out risk assessments as part of its reviewing activities to identify any vulnerabilities in its personal data handling and processing, and to take measures to reduce the risks of mishandling and potential breaches of data security.
• it recognises the importance of seeking individuals’ consent for obtaining, recording, using, sharing, storing and retaining their personal data, and regularly reviews its procedures for doing so. The Company understands that consent must be freely given, specific, informed and unambiguous. The Company will seek consent on a specific and individual basis where appropriate.
• it has the appropriate mechanisms for detecting, reporting and investigating suspected or actual personal data breaches, including security breaches.

Cookies

• Our site uses Cookies. These are designed to enable you to add products to your basket which are remembered next time you visit.
• Cookies can be turned off in your browser and options or settings menu in your browser will contain information about how to do this.
• Please be aware that restricting cookies may impact on the functionality of our Website.

Access to data

Relevant individuals have a right to be informed whether the Company processes personal data relating to them and to access the data that the Company holds about them.

• The Company will not charge for the supply of data unless the request is manifestly unfounded, excessive or repetitive.
• The Company will respond to a request without delay. Access to data will be provided, subject to legally permitted exemptions, within one month as a maximum. This may be extended by a further two months where requests are complex or numerous.

Data disclosures

The Company does not sell, trade or rent your personal information to other parties.

The Company may employ third parties or individuals to undertake certain functions on the Company’s behalf such as a courier delivering goods, analysis of data or processing credit card payments. Any companies and individuals who have access to any such personal information are not permitted to use this information for any other purposes and they are required to process any such data in accordance with the General Data Protection Regulation (GDPR).

In some limited circumstances the Company may be legally required to disclose certain personal if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

These kinds of disclosures will only be made when strictly necessary for the purpose.

Data security

The Company has put in place suitable physical, electronic and managerial procedures adopts procedures designed to maintain the security of data when it is stored and transported.

International data transfers

The Company does not transfer personal data to any recipients outside of the EEA.

Records

The Company keeps records of its processing activities including the purpose for the processing and retention periods. These records will be kept up to date so that they reflect current processing activities.

Contact

To contact Interex about anything to do with personal data and data protection, including to make a subject access request, please contact the Company’s Data Protection Nominee, Julie Jenkins, Finance Manager, at:

Email: julie@interex.co.uk
Telephone:+44 (0)1449 721700
Address: Interex, Interex House, Maitland Road, Lion Barn Ind. Est., Needham Market, Suffolk IP6 8NS, UK

Changes to This Privacy Policy

Interex reserves the right to change this Policy from time to time should the Company’s business change in a way that affects personal data protection or as may be required by law. Any changes will be immediately posted on this Policy page. You are deemed to have accepted the terms of the Policy on your first use of the Website. following the alterations.