CBS Engineering and Heat Treatment Ltd
Data is collected and stored under a Contractual Basis
Data collected and stored by the Controller may include;
The Controller uses the data it collects to provide you with quotations as requested by yourselves, to inform you of completed orders and to arrange delivery / collection of goods, to despatch items ordered by you and to raise invoices, credit notes and statements of account in relation to the goods supplied. It is also used for general related communication.
Your data is only used for the purpose of fulfilling orders and maintaining your account as defined under Processing of Data and only accessed by authorised employees in the performance of their duties.
The Controller may share your Data with their accounts software provider in the event of software failure and the IT company employed by the Controller may have access to your Data in the event of a system failure. Both these entities are GDPR compliant and subject to a confidentiality agreement.
The Controller uses a factoring company in relation to its invoicing and therefore will share your Data with them. The factoring company is GDPR compliant.
The Controller will not share your data with any other individual, Company or third party unless specifically stated in writing by yourselves. The Controller does not transfer data across borders as defined by EU Data Protection Authorities or to Adequate countries.
The Controller has put appropriate security measures in place to prevent your Data from being accidentally lost, accessed, used, altered or disclosed in an unauthorised way. In addition, access to your Data is limited to only those persons who have a business need to know and they are subject to a duty of confidentiality.
The Controller has secure back-up systems in place and all data is stored remotely on a secure cloud site which is maintained and monitored by an IT company employed by the Controller. Both the cloud site and the IT company are GDPR compliant.
The Controller does not make decisions based solely on automated decision making.
You have the right to be informed of the details of Data held by the Controller and the right to access, rectify and to request erasure of Data and a right to object to the Data the Controller holds for you.
If you feel that there has been a breach of GDPR and that your Data has been inappropriately accessed or used your complaint should be addressed to the Controller in writing.