Privacy Policy
N.B.M. Timber Products Limited is committed to protecting the privacy and security of your confidential information.
This Privacy Policy describes how the company collects and uses confidential information about you during and after your working relationship with us, in accordance with the requirements of the EU Directive General Data Protection Regulation.
It applies to all customers and suppliers.
Who are we?
N.B.M. Timber Products Limited is an independent manufacturer of industrial timber products based in Hull, East Yorkshire. Our Company Registration Number is 00327516.
N.B.M. Timber Products Limited is a “Data Controller” which means we are responsible for deciding how we hold and use confidential information about you. Current data protection legislation requires us to notify you of the information contained in this privacy notice.
This notice applies to past and present suppliers and customers. It does not form part of any contract to provide services and we may update this notice at any time.
Personal Data we may collect and why?
Personal data is any information which identifies you personally whether directly (e.g. your name) or indirectly (e.g. information about your use of our services or products).
We may collect the following data about you:
- Contact details such as your name, position, email address and telephone number so that we can contact you in response to an enquiry you make via our web-site or in relation to the goods and services we have agreed to provide you;
- Correspondence: we may collect any additional personal data you may provide us if you contact us by letter, email, telephone or fax via our web-site or by any other means;
- Transaction details: we or our third party providers will collect information relating to transactions you carry out through our web-site and for the purposes of fulfilling your orders.
This information may continue to be collected during our contractual relationship with you and will be securely destroyed at the end of our obligation to retain it unless there is a significant overriding reason which will be conveyed to you.
There may also be certain more sensitive confidential data which requires a higher level of protection. We will collect, store and use the following categories of confidential information about you:
- Bank Account details for payment purposes and any relevant tax status information as may be appropriate
- Customer data provided by you.
The collection of information will continue throughout the period you work for or with us.
Data protection principles.
To comply with data protection law, the confidential information we hold about you must be, accurate and kept up to date; used lawfully, fairly and transparently; collected only for valid purposes that have been clearly explained to you; kept securely and only for the period we have told you about.
Fair and Legal Processing:
We will only use your confidential information when the law allows us to. Data protection law requires us to only process your personal data if we satisfy one or more legal grounds. These are set out in data protection law and we rely on a number of different grounds for the processing we carry out. These are as follows:
Consent – we process your personal data after obtaining your consent for the purposes of sending you marketing information about our products and services.
We may also use information which is necessary for the performance of a contract and which allows us to comply with our legal obligations.
It is necessary for us to process your basic contact details, payment details and information about the business you represent for the performance of the trading terms between us so that we can provide you with the products or services you require; provide and improve on customer support and notify you of any changes to our products or services.
Disclosure and sharing of confidential information:
We may share data we hold with any member of our group (as applicable), which means any holding company or subsidiary as defined by the U.K. Companies Act 2006.
We may also disclose data we hold to third parties:
- If we sell or buy any business assets, in which case we may disclose data we hold to the prospective buyer or seller of such business or assets
- If we or substantially all our assets are acquired by a third party, in which case data we hold may be one of the transferred assets
- We may also share data we hold with selected third parties to enable us to carry out our contractual obligations with the data subject.
In addition we may disclose your personal data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to protect the rights, property or safety of our business, our customers or any others. This includes, in specific cases, exchanging information with other organisations for the purposes of fraud protection.
In some cases, the personal data we collect from you may be transferred outside the European Economic Area (EEA) where the laws are not as strict as within the EEA. We are required by data protection law to ensure that where we, or our “processors”, transfer your personal data outside the EEA, it is treated securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this policy.
Failure to provide information:
If you fail to provide the information requested, we may not be able to perform our contractual obligations with you or we may be prevented from complying with our legal obligations – for example to ensure the Health and Safety of our employees. We would have to terminate our contract, should such conditions exist.
Change of Purpose:
We will only use your confidential information for the purposes for which it has been collected, unless we reasonably consider that we need to use it for another legal and compatible purpose. In such instances, we will notify you and explain the legal basis which allows us to do this.
Data Security:
We have appropriate security measures in place to ensure your confidential information is not accidentally lost, used or accessed in any unauthorised way. In addition, we limit the access to your confidential information to those employees, agents, contractors and other third parties who have a business need to know. These persons will only process your confidential information on our instructions and they are subject to a duty of confidentiality. We will notify you of any security breach where we are legally obliged to do so.
How long we keep your personal data for:
We retain your personal data for no longer than is necessary for the purpose or purposes for which it was provided. What this means in practice will vary between different types of data. When determining the relevant retention periods, we consider the following factors:
- Potential or actual disputes
- The legal obligations applicable to retain data for a certain period of time
- Statute of limitations under applicable law
- Any specific guidelines issued by relevant authorities.
Your Duty to inform us of any changes:
It is important that the confidential information we hold about you is accurate and up to date. Please provide us with any updated confidential information during our working relationship.
Your Access Requirements:
If you wish to review the confidential information we hold about you, you must make a formal request, in writing, to a member of our organisation. If we receive a telephone enquiry, we will only disclose data we hold on our systems if the following conditions are met:
- We will check the caller’s identity to make sure that information is only given to someone who is entitled to it
- We will ask the caller to put the request in writing as detailed above if we are uncertain of the caller’s identity, or where their identity cannot be verified.
If you wish to review, verify, correct or request removal of your confidential information, or if you object to the processing of it, or request that we transfer a copy of your confidential information to a third party, please contact the Data Compliance Officer formally in writing.
Before disclosure we may require specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This is a further security measure to ensure that confidential information is not disclosed to any person who has no right to receive it.
It should be noted that we may charge a reasonable administration fee for this work. Alternatively, we may refuse to comply with the request if we consider it excessive or inappropriate.
Data Compliance Officer:
The Data Compliance Officer oversees compliance with this policy. If you have any questions or queries about this privacy notice or how we handle your confidential information, please write to the Managing Director who is the person responsible for this position within our company. You have the right to make a complaint at any time to the Information Commissioner’s Office which is the U.K.’s supervisory authority for data protection issues provided you have initially made a formal request to us.
Links to other Web-sites:
Our web-site may contain links to other websites of interest. However, once you have left our site, you should note that we do not exercise any control over that other website. You should exercise caution and look at the privacy statement applicable to the website in question.
Changes to this Privacy Notice:
We reserve the right to update this policy at any time should the need or situation arise either from a legal requirement or some other change of circumstances.