PRIVACY & DATA PROTECTION POLICY


Paul Bristow Associates LTD respects the privacy of all our customers and the data they store on our software platforms. We are dedicated to protect both your privacy and the security of your data by ensuring that we only collect the information from you that we require to provide the requested service and conform to the highest security standards. In doing this we work within the guidelines of the Data Protection Act 1998 and the updated General Data Protection Regulations (GDPR) 2018

This policy explains our role as both a  

  1. Data Processor – of your company data
  2. Data Controller – of your business data used on our software platform

When we collect data as a Data Processor

  • When you place an order with us either through our sales, administration or accounts staff, from our websites or by email.
  • When you register with us to receive information about promotions, subscribe to our newsletters or enter competitions.
  • When you provide us with feedback.

What data we collect as a Data Processor
The information that we collect from you in order to provide you the level of service that you require is:

  • Your staff contact names
  • Your company address
  • Your staff email addresses
  • Your phone numbers

No Credit/Debit card information is held by us as payments are collected and encrypted by a third party payment provider. The third party provider is regulated and under strict criteria and obligation to keep your personal data secure. Please email us if you require further information regarding this

What we do with the information we gather

  • Fulfil the subscriptions / purchases you have made.
  • Respond to requests we receive from you. This may be in the form of a price quotation, invoice, customer complaint, a regular newsletter, periodic product information notices or ad-hoc special offers.
  • Address experiences, both positive and negative that you may have with our products and service.
  • Learn from your experiences and understand expectations. This helps us to improve the levels of service we offer and identify the standards required to provide the highest possible levels of service. We may monitor and/or record telephone conversations to ensure consistent customer service levels and for the purpose of staff training.
  • Help save your time by eliminating the need to repeat or re-enter information when ordering online, by telephone or when visiting our websites
  • Use your information to contact you for market research purposes. We may contact you by email, phone or mail..

Controlling your personal information

Any personal information provided to or gathered by Paul Bristow Associates Ltd is controlled solely by Paul Bristow Associates and its trusted employees

You may choose to restrict the collection or use of your personal information in the following ways

:

  • if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at support@paulbristow.co.uk
  • We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
  • You may request details of personal information which we hold about you If you would like a copy of the information held on you please write to support@paulbristow.co.uk
  • If you believe that any information, we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

Who Has Access to Your Information?

  • Our staff only – your data is secure and available only to the authorised individual within Paul Bristow Associates ltd by use of unique login identification.
  • We will not disclose client information to any third party unless it is required and covered by law.

Deleting Information:

You can request to delete any information we hold on your company by contacting Paul Bristow Associates by email support@paulbristow.co.uk and asking for the information we have recorded to be removed from our records.

Our Role as Data Controller

These are our policies relating to the use of our software to create and process orders for personalised and on demand products where we act as a data processor.  

  1. We will provide a software platform to help enable you to comply with the GDPR and any other applicable data protection laws in force.
  2. We will acquire no rights or interest in the data and that you or any authorised third party store in our software
  3. We will not transfer or share the Data with any other organisation or individual without our prior written consent other than via any requested integrations with Gateway OMS to manage your order fulfilment such as shipping software
  4. Ensure that all our staff who have access to your data is subject to confidentiality obligations in respect of your data
  5. Implement appropriate technical, organisational, and practical measures to ensure that your data is secure from accidental or unlawful destruction, loss, alteration, disclosure or access
  6. Provide processes and tools to ensure you keep data only for so long as is necessary and are then able to permanently destroy all copies of the data 
  7. Provide reasonable assistance with any data protection impact assessments if relevant to the Purpose.
  8. Agree to notify you In the event that your data Is accidentally, or without our prior authorisation lost, altered, shared, disclosed or given access to. We will notify you in writing (by email) as soon as we become aware that this has happened and in any event within 24 hours. Your notification will include the information required by the Information Commissioner’s Office, set out in their breach notification form available on their website at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/personal-data-breaches/ 
  9. We agree that we will provide you with information that you reasonably request to show that our software is secure and if necessary, agree to an audit of our security compliance
  10. Our software platform uses the following secure hosting providers as sub processors for your data. UK Fast & Amazon Web Services. Further details available on request  
  11. Our responsibility under the GDPR is to ensure your data is secure and that we provide you a range of tools and services to aid your compliance