What is the purpose of this policy?
Sibcas Ltd is committed to protecting the privacy and security of your personal information. Your information is kept private and secure at all times.
This privacy notice describes how we collect and use personal information in accordance with the General Data Protection Regulation (GDPR). Whenever you give us personal data, its collection and use will be in accordance with this policy.
The kind of information we hold about you
Sibcas Ltd is a “data controller”. This means we are responsible for deciding how we hold and use personal information. Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, store, and use the following categories:
- Company name
- Address and postcode
- Contact names and job titles
- Telephone and mobile phone numbers
- Email addresses
- IP Address
How is your information collected?
We typically collect information through customer or third-party enquiries by telephone, web enquiry or email, use or view our website via your browser’s cookies, the Application for a Credit Account Form for new customers, and the Supplier Questionnaire Form for suppliers.
How will we use the information about you?
We will only use personal information when the law allows us to. Most commonly, we will use personal information in the following circumstances:
- Where we need to perform the contract we have entered into with you.
- Where we need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
Situations in which we may use your personal information, but not limited to the following:
- fulfil our obligations to you as a customer or supplier
- provide you with information about goods and services that we feel may interest you
- operate our administration and accounts services effectively
- conduct research on your thoughts / opinions on the service we provide, or have provided;
- notify you of any changes to our services
Some cookies are required to enjoy and use the full functionality of this website.
Some cookies will be saved for specific time periods, where others may last indefinitely. Your web browser should provide you with the controls to manage and delete cookies from your device, please see your web browser options.
Cookies that we use are;
- Google Analytics
- Google Adwords
Email marketing messages & subscription
We may contact you from time to time in order to provide you with information about products and services that may be of interest to you. You have the right to ask us not to process your personal data for marketing purposes.
Under the GDPR we use the consent lawful basis for anyone subscribing to our newsletter or marketing mailing list. We only collect certain data about you. Any email marketing messages we send are done so through Constant Contact, an email marketing service provider.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data such as; times, dates, I.P addresses, opens, clicks, forwards, geographic and demographic data. Such data, within its limitations will show the activity each subscriber made for that email campaign.
Any email marketing messages we send are in accordance with the GDPR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.
If you are making a job application or enquiry, you may provide us with a copy of your CV or other relevant information. We may use this information for the purpose of considering your application or inquiry. You are consenting to us sharing this information with third parties for the specific purpose of managing our recruitment activities which may store data outside the UK. Except when you explicitly request otherwise, we may keep this information on file for future reference
How long will you use information for?
We will only retain personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise personal information so that it can no longer be associated with a person. Once you are no longer a customer or supplier of the company we will retain and securely destroy personal information in accordance with applicable laws and regulations. Our retention period is currently 6 years.
We may have to share your data with third parties, including third-party service providers and other entities in the group. We require third parties to respect the security of personal data and treat it in accordance with the law. We may transfer personal information outside the EEA. If we do, you can expect a similar degree of protection in respect of your personal information.
Why might we share personal information with third parties?
We may share personal information with third parties where required by law, where it is necessary to administer the working relationship with you, or where we have another legitimate interest in doing so.
How secure is my information with third-party service providers and other entities in our group?
All our third-party service providers and other entities in the group are required to take appropriate security measures to protect personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
When might you share personal information with other entities in the group?
We may share personal information with other entities in our group as part of our regular reporting activities on company performance, in the context of a business reorganisation or group restructuring exercise, for system maintenance support and hosting of data.
Transferring information outside the EEA
We do not transfer personal information we collect to any countries outside of the EEA.
Your rights in connection with personal information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal information to another party.
You will not have to pay a fee to access your personal information, or to exercise any of the other rights. However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please contact firstname.lastname@example.org or alternatively
Data Protection Co-Ordinator
This policy was last updated October 2019.