Privacy Policy Notice for Suppliers and Customers

McDowall Air Conditioning UK ltd is committed to protecting the privacy and security of your confidential information. During the course of our business we will collect, store and process Data about our customers, suppliers.

This privacy notice describes how we collect and use confidential information about you during and after your working relationship with us, in accordance with the Data Protection Act 1998 as amended by the General Data Protection Regulations 2018 (GDPR).

It applies to all Suppliers and Customers and does not form part of any contract.

As a “data controller” we are responsible for deciding how we hold and use confidential information about your company and are required under data protection legislation to notify you of the information contained in this privacy notice.

It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing confidential information about you, so that you are aware of how and why we are using such information.

1. DATA PROTECTION PRINCIPLES

1.1       To comply with data protection legislation the confidential information we hold about you must be:

  1. Used lawfully, fairly and in a transparent way; or
  2. Collected only for valid purposes that we have explained to you and not be used in any way that is incompatible with those purposes; or
  3. Relevant to the purposes we have told you about and limited only to those purposes;
  4. Reviewed regularly to ensure accuracy;
  5. Retained only for the period agreed and subsequently destroyed unless there is another lawful purpose;
  6. Kept securely;
  7. Not transferred to people or organisations situated in countries without adequate protection.

1.2       If we collect Data directly from you we will inform you of the following:-

  1. The purpose(s) for which we intend to process that Data
  2. The types of third parties, if any, with whom we will share or to whom we will disclose that Data
  3. The means, if any, with which you can limit our use of disclosure of your Data

2. CONFIDENTIAL INFORMATION

2.1       Confidential information is any Data we hold in respect to your company that can identify the company but does not include Data where the company’s identity has been removed (anonymous data). Examples of such data can be telephone numbers, email addresses and other relevant information required for our contractual relationship.

2.2       This information will continue to be collected during our contractual relationship with you and will be securely destroyed at the end of our obligation to retain it unless there is a significant overriding reason which will then be conveyed to you.

3. FAIR AND LAWFUL PROCESSING

3.1       We will only use your confidential information as the law allows us to. Most commonly, we will use it in the following circumstances:

  1. Where we need to perform any contract we have entered with you.
  2. Where we need to comply with a statutory or legal obligation to which we are subject.
  3. Where it is necessary for the legitimate interests of either party (or those of a third party).

3.2     Data will be processed in accordance with legislation. This may include, amongst other things, a requirement for your company’s consent to the processing, for the performance of contractual relations, for compliance with our legal obligations, or for any other legitimate interest of either party to whom the data is disclosed. When processing Data, we will ensure that those requirements are met.

4. PROCESSING FOR LIMITED PURPOSES

If we collect and process Data for limited purposes we will only process Data for the specific purposes agreed with your company or for any other purposes specifically permitted by the Act. We will notify you of those purposes when we first collect the data or as soon as possible thereafter.

5. DATA SECURITY

5.1       We will process and put in place procedures and technologies to maintain the security of all Data from the point of collection to the point of destruction. Data will only be transferred or shared with a third party if they agree to comply with our procedures and policies, or if they put in place their own adequate measures.

We will maintain Data security by protecting the confidentiality, integrity and availability of the Data, defined as follows:

  1. Confidentiality means that only people who are authorised to use the data can access it.
  2. Integrity means that Data should be accurate and suitable for the purpose for which it is processed.
  3. Availability means that authorised users should be able to access the data if they need it for authorised purposes. Data will therefore be stored on our central computer system instead of individual PCs.

6. DISCLOSURE AND SHARING OF CONFIDENTIAL INFORMATION

6.1       We may share Data we hold with any member of our group (as applicable), which means any subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.

6.2       We may also disclose Data we hold to third parties:

  1. If we sell or buy any business or assets, in which case we may disclose Data we hold to the prospective seller or buyer of such business or assets.
  2. If we or substantially all of our assets are acquired by a third party, in which case Data we hold will be one of the transferred assets.
  3. We may also share Data we hold with selected third parties to enable us to carry out our contractual obligations with the Data subject.

7. DEALING WITH YOUR ACCESS REQUIREMENTS

7.1       If you wish to review your confidential information that we hold you must make a formal request in writing to a member of our company.

7.2       When receiving telephone enquiries, we will only disclose Data we hold on our systems if the following conditions are met:

  • We will check the caller’s identity to make sure that information is only given to a person who is entitled to it.
  • We will suggest that the caller put their request in writing if we are not sure about the caller’s identity and where their identity cannot be checked.

7.3   Our employees will refer a request to their line manager [or the Data Protection Compliance Manager] for assistance in difficult situations. Employees will not be bullied into disclosing personal information.

8. DATA RETENTION

8.1       We will only retain your confidential information for as long as our contractual or legal obligations require. Details of these periods are available on request. If this occurs the information retained will be held in a secured folder with access only by authorised personnel.

8.2       In some circumstances we may anonymise your confidential information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Any information we do not require will be securely destroyed.

9. IF YOU FAIL TO PROVIDE THE INFORMATION

If you fail to provide the information requested, we may not be able to perform our contractual obligation with you or we may be prevented from complying with our legal obligations. In such circumstances the contract would have to be terminated.

10. CHANGE OF PURPOSE

10.1        We will only use your confidential information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another legal and compatible purpose. If this occurs, we will notify you and explain the legal basis which allows us to do so.

10.2        Please note that we only process your confidential information without your knowledge or consent where this is required or permitted by law.

11. CHANGES TO THIS PRIVACY NOTICE

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your confidential information.

If you have any questions about this privacy notice, please contact the Office Manager.