CBS Engineering & Heat Treatment Ltd take the protection of your data seriously and have complied with the new GDPR regulations in producing a Privacy Notice for your information.

Data Controller:

CBS Engineering and Heat Treatment Ltd

Legal Basis of collecting and storing Data:

Data is collected and stored under a Contractual Basis

What Data is being Processed:

Data collected and stored by the Controller may include;

  • Your Company name & address
  • Land line and Mobile telephone and Fax numbers
  • Name of contacts and their position within your Company
  • Email addresses of employees of your Company
  • Bank Details
Purpose of the Processing of the Data:

The Controller uses the data it collects to provide you with quotations as requested by yourselves, to inform you of completed orders and to arrange delivery / collection of goods, to despatch items ordered by you and to raise invoices, credit notes and statements of account in relation to the goods supplied. It is also used for general related communication.

Sharing of Data:

Your data is only used for the purpose of fulfilling orders and maintaining your account as defined under Processing of Data and only accessed by authorised employees in the performance of their duties.

The Controller may share your Data with their accounts software provider in the event of software failure and the IT company employed by the Controller may have access to your Data in the event of a system failure. Both these entities are GDPR compliant and subject to a confidentiality agreement.

The Controller uses a factoring company in relation to its invoicing and therefore will share your Data with them. The factoring company is GDPR compliant.

The Controller will not share your data with any other individual, Company or third party unless specifically stated in writing by yourselves. The Controller does not transfer data across borders as defined by EU Data Protection Authorities or to Adequate countries.

Storage of Data:

The Controller has put appropriate security measures in place to prevent your Data from being accidentally lost, accessed, used, altered or disclosed in an unauthorised way. In addition, access to your Data is limited to only those persons who have a business need to know and they are subject to a duty of confidentiality.

The Controller has secure back-up systems in place and all data is stored remotely on a secure cloud site which is maintained and monitored by an IT company employed by the Controller. Both the cloud site and the IT company are GDPR compliant.

Automated Decision Making:

The Controller does not make decisions based solely on automated decision making.

Rights under GDPR:

You have the right to be informed of the details of Data held by the Controller and the right to access, rectify and to request erasure of Data and a right to object to the Data the Controller holds for you.

Complaints of Breach of GDPR:

If you feel that there has been a breach of GDPR and that your Data has been inappropriately accessed or used your complaint should be addressed to the Controller in writing.

Contact details of the Compliance Manager:

Denise Cranston


Click here to download our privacy notice

    How can we help?

    Please complete the form below for a call back.