Our GDPR & Privacy Policy

Our GDPR & Privacy Policy

Introduction & Key Stakeholders

Our Company takes our customers & Employee’s Privacy and Data very seriously. We do not share any information with 3rd party companies for any reason unless required to do so by law in accordance with the Data Protection Act.

We only collect personal Data to ensure we can process our customer’s purchases and offer the best possible service.

  • We are registered with the ICO as a Data Controller
  • Our Data Controller Administrator is Rob Hallett
  • Our Legal Bias for handling and processing Data is “Legitimate Interest”.
  • We do not store “sensitive information” but we do process card payments, at which we then destroy any details.

The Information & Personal Data we collect

Our Customers
  • Name
  • Home Address and / or Business Address
  • Personal Email Address and / or Business Email Address
  • Personal and / or Business Landline phone numbers
  • Personal and / or Business Mobile phone number
  • Purchase of our products Information
  • IP Address when Visiting our websites
  • Credit, Debit, banking card details **Please note we do not store or save these details**
Our Employee’s
  • Full Name, Home Address, Contact phone numbers landline and / or Mobile.
  • Next of Kin information for safety reasons only
  • Any medical information if disclosed by the employee
  • CV information if submitted by the employee
  • Banking details for PAYE & Tax purposes only
  • Work related documentation such as performance reviews, any disciplinary action taken, any important conversations and any relevant information disclosed by the employee
Potential Recruitment
  • Full Name, Home Address, Contact phone numbers landline and / or Mobile
  • Any medical information if disclosed by the interviewee
  • CV information if submitted by the interviewee
  • Previous work related information that the Interviewee may disclose

 The ways we collect this information

Our Customers

  • By filling out documentation in Person in one of our branches
  • Verbally, in person in one of our Branches
  • By filling out documentation and us receiving through the post
  • Verbally over a telephone conversation with us
  • Through any information the customer discloses while using our contact form on our website
  • Any Email sent direct by customers to our Info email address or named email address accounts within our business
  • Private messaging through any of our social media platforms
  • Private messaging to any of our business Mobile phones and landline answer machines
Our Employee’s
  • By filling out documentation in Person in one of our branches
  • Verbally, in person in one of our Branches
  • By filling out documentation and us receiving through the post
  • Verbally over a telephone conversation with us
  • Any Email sent direct by customers to our Info email address or named email address accounts within our business
  • Private messaging to any of our business Mobile phones and landline answer machines
  • At any personal meetings or one on one hearings
Potential Recruitment
  • Basic information passed to us through Recruitment agencies
  • Through direct Email or website contact form
  • At the interview
  • In person in a branch
  • In a telephone conversation
  • Private messaging through any of our social media platforms
  • Private messaging to any of our business Mobile phones and landline answer machines

 Why we collect this data

 Our customers
We only ever obtain, require and store customer’s data for the purpose of carrying out our business operation and offer the highest possible service to our customers.
So why do we collect it?
  • For communication direct with the customer
  • For Home deliveries of purchases
  • To process payment transactions and refunds for our products
  • To communicate any future events, promotions and offers, happening in our company ONLY
  • To help customers with queries throughout their purchase journey with us
  • To help customers with any queries after the sale of our goods
  • To help customers in an efficient timely manner
  • For legal and HMRC reasons to prove end of year accounts
Our Employee’s
We only ever obtain, require and store Employee’s data for the purpose of carrying out our business operation and offer the highest possible staff engagement and safety.
So why do we collect it?
  • For private written communication through the post
  • For safety and “care of the individual” reasons through next of kin
  • To tailor work load and job roles to the individual
  • For PAYE and Tax regulations.
  • To ensure employees are paid correctly and on time
  • To track, train, manage and improve employee’s performance

 Storing & Protecting Data

We store Personal & Business data through the ways listed below:

  • On our fully integrated protected electronic system “Intact”
  • In HR personal files locked in a cabinet with management only access
  • In Customer files locked in a cabinet with designated department only access
  • In Business operation files locked in a cabinet with management only access
  • Marketing Email addresses ONLY on an electronic database through an external company called Mail chimp.
  • In Protected Email Mail boxes within our company ONLY

We also Train all staff in the importance of Data Protection and hold all management teams accountable for the implementation of this policy.All employees have restricted access in the way of login details to secure data bases. This way we can track access and processing tasks. Every employee who leaves our company has access to any personal data “of others” taken away immediately. Any Banking or credit / Debit card details which a customer has to tell us in order to process a purchase will be immediately destroyed after the transaction has gone through. We do not store or retain any banking information unless instructed to do so by law or acting lawful authorities.

 Processing and Sharing Data

Customers and Employee’s personal Data will never be shared or sold with any other person or business outside of Tec Group Supplies Limited. The only exception to this is for legal reasons laid out in the GDPR Law.
We only process Personal data for the intention of its purpose. E.g. Smoother service for our customers and a safer work environment for our employee’s.
There may be times where people or organisations outside of our company may indirectly access some personal data held. Any associates or 3rd party where this happens all provide services to us and they are explicitly contracted to fully follow this Policy at all times.
Some examples of indirect access
  • IT services and support maintenance experts
  • Home Delivery Sub contracted Drivers
  • Installations and Sub contracted Fitters
  • Our suppliers we trade with
  • Mail chimp for maintenance purposes on Email Addresses ONLY
Once again the above list will only have data for the purpose it’s meant for e.g. to deliver goods or regular maintenance on systems.

Website & Social media Platforms

Our Website is for Attraction and information only. We do not store cookies on your computer or device. We do obtain your IP address but this is only for statistical purposes with no personal Data collected. We do not process payments through our website or social media platforms. If a customer contacts us through direct messaging or any contact form we will respond to answer their questions but will we not advertise to them without consent. We do not share or sell any personal data to any other company or 3rd party. Our website has our full privacy policy published.
On our Tec Supplies website we do have a subscription form. Customers will be fully consenting when they enter their Email address. News, Offers and events will then be sent to them. Customers can unsubscribe or ask for any of their data protection rights to be processed at any time following the instructions in the next heading below.

Customers & Employee rights

Customers and employees have the following rights for request:

  • To ask for what exact data Tec Supplies Group Limited holds for the individual. The company then has a right by law to disclose & publish that information to the individual in an efficient timely manner.
  • The right for all the individuals Personal Data to be deleted and removed from the business. This can be requested at any time but may have implications to the service or non-service the individual will now get as a result of their personal Data being deleted.
  • To ask for the source at which this Personal Data was collected, how it has been processed and how long the company intends to store and / or use the information for.
If any customers or employee’s wish to excerpt their rights they must do in Writing to the Data Controller at the following address. Tec Supplies Group Limited, Bridge House, Hall Road, Heybridge CM9 4NF.

 Gaining Consent from Customers & Employee’s

New & Existing Direct Marketing Campaigns

Any Email Addresses we hold from previous direct marketing campaigns will be contacted to gain consent before any more Marketing Emails are sent. If the existing Customers fail to give their consent or fail to contact us at all, the company will then delete and remove all of that individuals personal data. Exceptions to this will be for legal reasons stated in the GDPR Law.
We do not gain consent for any other Personal Data because we have legitimate interest in it. This means we need certain personal data to operate our services and business. We only obtain, Process and store personal data to ensure a smooth customer experience. Once again we never share this information.

 Our Commitment and Regulations if a Data Breach takes place

If we believe our Systems, Data Base, Locked files or any other location of Personal Data has been breached we will take the following action:

  • Contact the ICO to inform them of a breach within 72 hours and follow their guidance
  • Contact the relevant people and stake holders depending on the nature and location of the breach.
  • Take every action possible to “lock down” all other personal data
  • Communicate to our customers and employee’s if we believe their data has been compromised within 72 hours. We will also give our customers & employee’s key actions to take to mitigate any personal data risk.

 Actions & Guidelines for our Managers and Employee’s

  • New employee’s and existing employees must sign to say they fully understand the role they play in Data Protection.
  • All new and existing Employee’s will be sent an information sheet detailing their rights as employee’s on the new Data protection laws
  • All new account customers must be given a GDPR information form along with all the normal account information documents.
  • Direct Marketing Emails must be to “consented” customers & Employee’s only. Consent must be gained first through the mail chimp consent form.
  • We try to minimise “paper” personal data. If we have to have paper personal data then it’s locked a way out of public and employee sight.
  • No personal Data should will ever be left on show anywhere on the sales floor or anywhere other customers can access.
  • Any Personal Data no longer required will be shredded at the earliest opportunity.
  • If the team suspect a Data Protection Breach they inform a line manager immediately
  • Any Banking or card details we are given, we destroy immediately after the transaction has been processed
If you would like any other information about our Privacy and Data Protection Policy please contact us on 01621 878488 or Email us info@tec-lifestyle.com