To comply with EU legislation covering data protection and privacy, the below policy outlines the data that Fispak Ltd processes, the reasons for processing it, and the rights of the data subject with regards to viewing, editing and deleting information held.
To operate and run effectively, we collect and hold information about customers, suppliers and employees.
For customers and suppliers, we hold personal information like names, contact information (email addresses and phone numbers), position, and in some cases further CRM information or bank details.
This information is only using for account management, and the processing of orders and payments. We do not share your data with any other company.
To comply with all relevant Employment and Health & Safety legislation, we hold personal data of past and present employees. The information initially held is what is asked on the GF107 New Start Form, along with a copy of the employee’s CV.
After that, further information may be retained, such as details of any training completed, details of any Health & Safety incidents an employee may be have been involved in and any medical information covering any absences due to illnesses.
For full details of the GDPR policy relating to employees, please refer to the employee handbook.
We may store personal data in the following places:
• Our filing system / on paper files
• In Microsoft Office documents
• In email systems
• CRM Systems
• In third party systems such as email hosting
All our electronic data is protected by firewalls, along with password security, and access is limited by user profiles.
What are cookies
Cookies are small pieces of text sent to your web browser by a website you visit. A cookie file is stored in your web browser and allows the service or a third-party to recognize you and make your next visit easier and the website more useful to you.
When you use and access the service, we may place several cookies in your web browser.
We use both session and persistent cookies on the website and we use different types of cookies:
We may use essential cookies to authenticate users.
We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
What are your choices regarding cookies
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
Access to your personal information
The GDPR legislation introduces ‘right of access’ for individuals, where customers, suppliers, and employees have the right to request:
- Confirmation that their data is being processed;
- Access to their personal data; and
- Other supplementary information (where relevant).
If a request is made, either in person, electronically, or by phone, Fispak undertakes to ensure all data will be provided within 30 days from the request.
The GDPR legislation ensures an individuals’ ‘right to be forgotten’.
If a request is made, Fispak ensures the request will, where possible, be carried out within 30 days. If it is not possible to erase specific data, for example, due to legal obligations for it to be held for a certain time, Fispak ensures the individual will be informed without delay.
A “personal data breach” under the GDPR is defined as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed by the company”.
In the event of a breach, Fispak undertakes to notify the relevant authorities within 72 hours of the breach taking place and implement countermeasures to mitigate any consequences and prevent further breaches.
Where necessary, the data subjects in question will also be notified.
You are entitled to view, amend, or delete the personal information that we hold. Email any requests to firstname.lastname@example.org.