May 16, 2018

Privacy Policy

Data Protection & Privacy Policy

To comply with EU legislation covering data protection and privacy, the below policy outlines the data that Fispak Ltd processes, the reasons for processing it, and the rights of the data subject with regards to viewing, editing and deleting information held.

Our Systems:

To operate and run effectively, we collect and hold information about customers, suppliers and employees.

For customers and suppliers, we hold personal information like names, contact information (email addresses and phone numbers), position, and in some cases further CRM information or bank details.

This information is only using for account management, and the processing of orders and payments. We do not share your data with any other company.

To comply with all relevant Employment and Health & Safety legislation, we hold personal data of past and present employees. The information initially held is what is asked on the GF107 New Start Form, along with a copy of the employee’s CV.

After that, further information may be retained, such as details of any training completed, details of any Health & Safety incidents an employee may be have been involved in and any medical information covering any absences due to illnesses.

For full details of the GDPR policy relating to employees, please refer to the employee handbook.

We may store personal data in the following places:
• Our filing system / on paper files
• In Microsoft Office documents
• In email systems
• CRM Systems
• In third party systems such as email hosting

All our electronic data is protected by firewalls, along with password security, and access is limited by user profiles.

Our Website

Fispak uses cookies on www.fispak.com. By using the website, you consent to the use of cookies. If you do not consent, you must disable cookies or refrain from using the site.

Our Cookies Policy explains what cookies are, how we use cookies, what third parties we may partner with may use cookies on the service, your choices regarding cookies and further information about cookies.

What are cookies

Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the service or a third-party to recognize you and make your next visit easier and the website more useful to you.

How we use cookies

When you use and access the service, we may place several cookies in your web browser.
We use cookies for the following purposes: to enable certain functions of the website, to provide analytics, to store your preferences, to enable advertisements delivery, including behavioural advertising.

We use both session and persistent cookies on the website and we use different types of cookies:

Essential cookies

We may use essential cookies to authenticate users.

Third-party cookies

We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

What are your choices regarding cookies

If you’d like to delete cookies or instruct your web browser to delete or refuse cookies, please visit the help pages of your web browser.

Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.

 

Access to your personal information

The GDPR legislation introduces ‘right of access’ for individuals, where customers, suppliers, and employees have the right to request:

  • Confirmation that their data is being processed;
  • Access to their personal data; and
  • Other supplementary information (where relevant).

If a request is made, either in person, electronically, or by phone, Fispak undertakes to ensure all data will be provided within 30 days from the request.

Data Erasure:

The GDPR legislation ensures an individuals’ ‘right to be forgotten’.

If a request is made, Fispak ensures the request will, where possible, be carried out within 30 days. If it is not possible to erase specific data, for example, due to legal obligations for it to be held for a certain time, Fispak ensures the individual will be informed without delay.

Data Breach:

A “personal data breach” under the GDPR is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by the company”.

In the event of a breach, Fispak undertakes to notify the relevant authorities within 72 hours of the breach taking place and implement countermeasures to mitigate any consequences and prevent further breaches.

Where necessary, the data subjects in question will also be notified.

Information Requests:

You are entitled to view, amend, or delete the personal information that we hold. Email any requests to security@fispak.com.