This policy details how we use personal data we collect about you when you use this website and our services.
The following definitions are used in this policy:
Data Controller - A Data Controller determines the purposes and means of Processing Personal Data. For the purpose of managing your account and providing goods and services Suffield Ltd would be defined as a Data Controller.
Data Processor - A Data Processor is responsible for Processing Personal Data on behalf of a Data Controller. For the purpose of sending an order direct to an End User on behalf of a Customer, Suffield Ltd would be classed as a Data Processor.
Subprocessor - A 3rd party used by a Data Processor to fulfil purchase orders placed by the Data Controller. May include but not limited to couriers or hauliers, other suppliers and distributors.
Processing - The term "processing" is very broad. It essentially means anything that is done to, or with, personal data (including collecting, storing or deleting data).
Data Subject- An identifiable natural person who can be identified, directly or indirectly, in particular by reference to data. For example, an employee, customer end user etc.
Personal Data - Any information relating to an identified or identifiable natural person (‘Data Subject’).
Customer - Any organisation who purchases goods or services directly from Suffield Ltd.
End User - Any organisation or individual who purchases goods or services from a Customer.
Legal & Regulatory Obligations
Suffield Ltd recognises the requirements of the current legislation relating to data protection & privacy and electronic communications.
EU Regulation 2016/679 General Data Protection Regulation(“GDPR”)
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). The GDPR sets out the principles for data management and the rights of the individual, while also imposing fines that can be revenue-based. The General Data Protection Regulation covers all companies that deal with data of EU citizens, so it is a critical regulation for corporate compliance officers at banks, insurers, and other financial companies. GDPR will come into effect across the EU on May 25, 2018.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
- Lawfulness, fairness and transparency - Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject.
- Purpose limitation - Personal Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation - Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accuracy - Personal Data shall be accurate and, where necessary, kept up to date.
- Storage limitation - Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data are processed.
- Integrity and confidentiality - Personal Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- Accountability - The Data Controller shall be responsible for, and be able to demonstrate compliance with the GDPR.
Please read the ICO guide to General Data Protection Regulation for more details.
Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR 2003)
The Privacy and Electronic Communications Regulations are derived from European law. They implement European Directive 2002/58/EC, also known as ‘the e-privacy Directive’.
The e-privacy Directive complements the GDPR and sets out more-specific privacy rights on electronic communications. It recognises that widespread public access to digital mobile networks and the internet opens up new possibilities for businesses and users, but also new risks to their privacy.
PECR have been amended four times. The more recent changes were made in 2015, to allow emergency text alerts and to make it easier to take action for breaches of the marketing rules; and in 2016, to require anyone making a marketing call to display their number. This guide covers the latest version of PECR, which came into effect on 16 May 2016.
PECR covers the following areas:
- Marketing by electronic means, including marketing calls, texts, emails and faxes.
- Security of public electronic communications services.
- Privacy of customers using communications networks or services as regards traffic and location data, itemised billing, line identification services (eg caller ID and call return), and directory listings.
Please read the ICO guide to Privacy and Electronic Communications Regulations for more details.
What Personal Data Do We Collect?
Suffield Ltd collect information about you when you register to use this website, place an order, request a return, or register for a trade account.
Suffield Ltd is distributor, the only Personal Data we collect about you the Customer are names and email addresses. Only email addresses where an individual can be identified are classed as personal data. For example email@example.com would not be classed as Personal Data, but firstname.lastname@example.org would be as it includes the individual's name through which the individual would be identifiable.
How We Use The Personal Data We Collect?
Personal Data is collected to manage your account, process your orders, and to provide customer services and consignment tracking.
To facilitate Processing & delivery of your order, it may be necessary to pass your contact name/address details to a Subprocessor. Such Subprocessor’s may include but not limited to couriers or hauliers, other suppliers and distributors.
In managing your account, we may send your details to, and also use information from credit reference agencies and fraud prevention agencies.
How Long Is Personal Data Retained?
Customer’s Personal Data will be kept for the term of their account with Suffield Ltd, and will be deleted on termination of their account. Personal Data can be deleted on request of the Customer prior to termination of account, for example Personal Data belonging to an employee no longer working for the Customer.
How is Your Personal Data Protected?
A range of administrative, electronic and physical security measures are used to protect Customer and End User Personal Data. These measures protect Personal Data against loss, unauthorised access or alteration without permission.
Cloud services used by Suffield Ltd for Processing Personal Data either have a Data Processing Agreement that meets the requirements of the GDPR or participate in the EU-U.S Privacy Shield Framework.
The Suffield Ltd group of companies will send you information about products, services, offers and promotions which may be of interest to you. If you no longer wish to be contacted for marketing purposes, please click on the unsubscribe button at the bottom of marketing emails.
Suffield Ltd will not share your Personal Data with 3rd parties for marketing purposes.
Email marketing campaigns may contain tracking facilities within the actual email. Subscriber activity is tracked and stored in a database for future analysis and evaluation. Such tracked activity may include; the opening of emails, forwarding of emails, the clicking of links within the email content, times, dates and frequency of activity.
This information is used to refine future email campaigns and supply the user with more relevant content based around their activity.
A cookie is a simple text file that is stored on your computer or mobile device by a website's server and only that server will be able to retrieve or read the contents of that cookie. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier and the site name and some digits and numbers. It allows a website to remember things like your preferences or what's in your shopping basket.
The Suffield Ltd website uses session cookies. Session cookies are files that are needed to store information while a customer is browsing the website, such as that items are in their shopping basket. These cookies don’t record Personal Data.
You can set your web browser to disable cookies, please visit https://www.wikihow.com/Disable-Cookies for instructions. Please be aware some website features may not function with cookies disabled. For further information about cookies please visit http://www.allaboutcookies.org/.
Data Subject Rights
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your Personal Data, please email or write to us at the following address.
College Commercial Park,