Sensopolis Ltd. collects and processes personal data relating to its customers and suppliers to manage the initial and ongoing relationship and is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information does the organisation collect?
The organisation collects and processes a range of information about you.
- your name, address and contact details, including email address and telephone number Company registration and VAT / EORI number
- the terms and conditions of your relationship with us;
- details of your present and previous trading history with us and other third parties
- information about your tariff charges and previous credit history with the organisation
- details of your bank account where payments are made electronically to or from Sensopolis.
- information about your solvency and credit history
- information about your Company address and place of business either here in the UK or outside of the UK where appropriate including and possible delivery locations
- information about your previous civil judgements
- details of the frequency and nature of trade with Sensopolis for marketing purposes and providing revised and updated quotations and compliance information including but not limited to MSDS information
- for certain applications, information about credit risk and suitability to trade
The organisation may collect this information in a variety of ways. For example, data might be collected through “know your client” documentation and credit application forms, obtained from your directors personal information where we have requested this to be compliant with the Criminal Finance Act 2017, this includes passport or other identity documents, such as your driving licence; from correspondence with you; or through interviews, meetings or other assessments, Companies House and HMRC.
The organisation may seek information from third parties such as Credit Risk Assessors Bank or trade references and Companies House
Data will be stored in a range of different places, including in your client file, in Sensopolis Ltd.’s management systems and in other IT systems (including the organisation's email and back office system).
Why does the organisation process personal data?
The organisation needs to process data to enter into a trading or service contract with you and to meet its obligations under that contract. For example, it needs to process your data to provide you with an accurate forecasts as to costings delivery dates, quotations, POD’s, Safety information and emails relating to contractual agreements
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check your identity and address to ensure Anti Money Laundering and Financial Sanctions obligations have been met.
In other cases, the organisation has a legitimate interest in processing personal data before, during and after the end of the relationship. Processing client data allows the organisation to
- ensure compliance and regulatory obligations are being met
- maintain accurate and up-to-date records and contact details
- ensure effective business administration;
- provide information on request to our providers in the course of your business with Sensopolis Ltd, and the ongoing relationship;
We may process your data, especially your email address, to contact you for Marketing purposes. For example if we are launching a new product, or amending our prices which we think may interest you. We will obtain your consent to contact you for marketing at the beginning of our relationship via our e mail marketing and research tools within out IT system
You will be able to withdraw your consent at any time throughout the relationship by contacting the data controller (in this case the company email email@example.com).
Who has access to data?
Your information may be shared internally, with staff if access to the data is necessary for performance of their roles (for example to provide proof of payment or similar communications).
The organisation shares your data with third parties in order to process applications as part of a service to which you have consented for example to deliver your order. The organisation may also share your data with third parties in the context of a sale of some or all of its business. In those circumstances the data will be subject to confidentiality arrangements.
The organisation may transfer your data to countries outside the European Economic Area in the event that your order is supplied from a location outside the EEA, the shipper is located outside the EEA or a financial instrument (e.g. a letter of credit) is processed outside the EEA.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has the following policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its employees in the performance of their duties.
- Data Security Risk, our Compliance team routinely perform Data Privacy Impact Assessments on both business activities and product functions
- Data Breach, rigorous procedures are in place to detect, investigate and if necessary report possible data breaches.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data depending on the type of service we undertake on your behalf and will be limited to six years duration from the last contract undertaken on your behalf or direct contact initiated by yourselves
Data obtained which does not proceed to a contractual obligation on either parties behalf will be retained for 1 year then will be archived.
All credit history with your organisation will be kept for a maximum period of ten years
Data obtained which then proceeds to a continuous trading relationship lasting 5 years or more will be retained indefinitely or as long as are obliged to retain this information to comply with our legal obligations and so as to be able to provide documentary evidence to HMRC in the event of an investigation of your organisation.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request (called a subject access request);
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing (however, please note the data retention requirement for the HMRC); and
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal ground for processing.
If you would like to exercise any of these rights, please contact the Sensopolis Ltd either by email at firstname.lastname@example.org or by mail at: Legal Department, Sensopolis Ltd, Orchard House, 29 The Hamlet, South Normanton, Derbyshire DE55 2JA, England.
If you believe that the organisation has not complied with your data protection rights, you can complain to the Information Commissioner.
What if you do not provide personal data?
In order for us to provide you with our products and services and make suitable recommendations to you we will need to obtain and retain your data. If you are unable to do this then we will not be able to provide suitable products and services or work on your behalf and therefore we will not be able to enter into a client relationship with you. As such by accepting our privacy notice without objection being raised you are effectively “opting In “ for us to effectively control and process the data we use by consent.
For example with regard to goods supplied and deliveries made, if the relevant information is not disclosed fully then the work undertaken on your behalf such as product suppliers, delivery address’s and times would make the contract impossible to perform.