We, Euro Stone Ltd are dedicated to ensuring the privacy of your information is taken seriously making it our priority to ensure that your personal data is processed lawfully, fairly and in a transparent manner.
Please note, your information will not be disclosed to anyone, other than as set out in this policy. We are required to notify you of this information under the General Data Protection Regulation.
1. Who We Are
Euro Stone Ltd collects, uses and is responsible for certain personal information about you. When we do so, we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
In this privacy notice, references to “we” or “us” means EUROS STEEL LTD
2. Data Protection Principles
We will comply with the data protection principles when gathering and using personal information, as set out in our GDPR data protection policy.
3. The Personal Information We Collect And Use
a) Personal information you provide to us
We collect the following personal information that you provide to us:
Contact names (purchasing department, accounts, credit control)
No of years trading
Company registration number
Name of directors/owners of the business
Some examples of when we collect this information include:
When making enquiries
When making purchases
When registering for an account
General correspondence we have with you
When making payments or requesting refunds
When receiving account statements/invoices
b) Personal information provided by third parties
We may receive information about you from other sources. This information may include:
Credit application form
We will add this information to the information we hold about you for the following purposes:
To check creditworthiness
To check for possible fraudulent activity
To confirm the customer trading status
c) Personal information you provide about third parties
If you give us information about another person, you confirm that the other person has appointed you to act on their behalf and agreed that you:
Shall consent on their behalf to the processing of their personal data
Shall receive any data protection notices on their behalf
Shall consent on their behalf to the transfer of their personal data abroad
4. Do We Need A Lawful Basis To Collect And Process Your Personal Data?
Yes. All companies must have a legitimate reason for collecting and processing your data. GDPR refers to this as the ‘lawful basis for processing’ and sets out six different types of lawful basis.
In our case the main lawful bases allowing us to collect and process your data are contractual, legal obligation or legitimate interest.
5. How We Use Your Personal Information
Please note, we only collect information which is required for a specified primary purpose. This information may be transferred or disclosed to persons acting on your behalf, e.g. company employees, payment recipients and account nominees in order to:
Provide a services
Process your order
Deal with your transaction issues
Collect any money owed
Internal operation requirements (e.g. audit, credit & risk management)
Manage your account
Perform credit checks
In general manage our relationship with you
6. Who We Share Your Personal Information With
We do not share your personal data with anyone unless necessary. Only authorised staff, along with authorised suppliers. Other parties may have different procedures and safeguards in place when handling your data.
We may share the following categories of personal data:
This personal information may be shared with the following categories of recipients:
This data sharing enables us to perform our duties. We will share personal information with law enforcement or other Government authorities if required by applicable law. We will not share your personal information with any other third party.
7. Where Your Personal Information May Be Held
Information may be held at our offices and those of our group companies, and third party agencies, service providers, representatives and agents as described above.
We have security measures in place to seek to ensure that there is appropriate security for information we hold.
8. What Rights Do You Have?
Right to request a copy of your information
You can request a copy of your information that we hold (this is known as a subject access request). If you would like a copy, please, email or write to us (using the contact details below) let us have proof of your identity and address (a copy of your driving licence and a letter from your employer in their letterhead), and let us know the information you want a copy of, including any account or reference numbers, if you have them.
Right to correct any mistakes in your information
You can request us to correct any mistakes in your information that we hold. If you would like to do this, please: Email or write to us advising us with enough information to identify you (e.g. account number, name of business) and advising us of the information that is incorrect and what it should be replaced with.
Right to ask us to stop contacting you
You may ask us to stop contacting you. If you would like to do this, please: Email, or write to us with a proof of your identity and address, and advise us of what method of contact you are not happy with, if you are unhappy with certain ways of contacting you only (for example, you may be happy for us to contact you by email but not by telephone).
9. Keeping Your Personal Information Secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business requirement. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
Our computer network is password protected and secured using role-based permissions, which means only staff with the correct authorisation can view and process client data. Remote access to our computer network is solely permitted through a system of multi-factor authentication. Our network is set up with firewalls, providing antivirus and intrusion protection.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. Disposal Of Hardware And Other Storage Media Containing Personal Data
We treat the disposal of all hardware and storage media with the utmost care, ensuring it is dealt with securely and responsibly. All devices are wiped clean before being disposed of or destroyed.
11. How Long Your Personal Information Will Be Kept
We will hold your personal data for so long as you remain a customer of Euros Steel Ltd and thereafter for the period we are required to retain this information by applicable UK tax law (currently 6 years).
12. How To Complain
We hope that we can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was published on 22nd May 2018 and last updated on 22nd May 2018. We may change this privacy notice from time to time, and when we do we will inform you.