TBS Amwell Policy relating to EU General Data Protection Regulation (GDPR)
In light of the new EU General Data Protection Regulation (GDPR), which took effect on 25 May 2018, we would like to provide you with certain information about the personal data we hold within our systems.
The following actions are complied with when processing personal data:
- Data is processed fairly and lawfully
- Data is processed only for specified and lawful purposes
- Processed data is adequate, relevant and not excessive
- Processed data is accurate and, where necessary, kept up to date
- Data is not kept longer than necessary
- Data is processed in accordance with an individual's consent and rights
- Data is kept secure
- Data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection
Personal Data is obtained from one or more of the following:
- Visits and use of the Company websites
- Use of social media
- Use of Google Analytics
- Attendees of corporate CPD’s and webinars hosted by TBS Amwell
- Requests for information about products and services offered by TBS Amwell, and/or quotes
- Employment enquiries
- Information to facilitate the completion of an order
Lawful basis of processing data
The lawful basis of processing of data will always be determined prior to any data being processed. TBS Amwell processes personal data under one, or more, of the following lawful bases in accordance with GDPR:
- Consent – the individual has given their Consent to the processing of their personal data
- Contractual – processing of personal data is necessary for the performance of a contract to which the individual is a party, or for TBS Amwell to take pre-contractual steps at the request of the individual
- Legal Obligation – processing of personal data is necessary for compliance with any legal obligation to which TBS Amwell is subject to
Why personal data is collected
Personal data is collected by TBS Amwell to provide legitimate business services which include:
- For Marketing purposes
- For us to review and reply to your enquiry
- To meet our statutory monitoring and reporting responsibilities
- To handle and communicate orders, billings and payment, delivery of products and services
- For employment reasons.
How long personal data is stored
TBS Amwell review our retention periods for personal data on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal data on our systems for as long as is necessary for the relevant activity, or as long as required to cover any guarantee period of the products you may have purchased.
Who has access to your personal data
Only TBS Amwell and other group employees are granted access to customer data. This is ensured by the use of strict operational processes and procedures.
Relevant staff are trained on security of systems and relevant processes and procedures which are reviewed regularly for ongoing effectiveness and suitability for purpose.
Personal data provided via the Company’s portals is secured using Secure Socket Layer (SSL) server and is encrypted before being transmitted. Secure pages have a lock icon or key on the bottom of web browsers such as Microsoft Internet Explorer, information supplied by you on these webpages is securely stored and can only be accessed for the purposes for which it was provided.
All IT systems are kept in a secure Data Centre environment with appropriate access control. Internal audits are carried out on a regular basis regarding access to the secure data.
We protect your personal information by using data security technology and using tools such as firewalls and data encryption. We also require that you use a personal username and password every time you access your account online. You must not share your password with anyone else. We restrict access to personal information within our company so that only employees with a genuine need can access it.
Non-sensitive details (your email address and other requested information) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure it’s secure on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We will not sell or rent your information to and trading company outside of the group.
Third Party Service Providers working on our behalf we may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to ourselves or you on our behalf. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service.
We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party including for a merger, acquisition, or similar transaction or as part of any restructuring or reorganisation.
We may also further transfer data if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or to law enforcement. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.
How your personal data is used
- Process orders, process a request for further information, to maintain records and to provide pre and after-sales service.
- Pass to another organisation to supply/deliver products or services you have purchased and/or to provide pre or after-sales service.
- Carry out our obligations arising from any contracts entered into by you and us
- Comply with any legal requirements
- Maintaining our list of business contacts.
- Seek your views or comments on the services or products we provide
- Notify you of changes to our services
- Send you communications which you have requested and that may be of interest to you. These may include information about product updates, events, webinars and cpd events
- Process a job application
The types of data we collect
We collect certain personal data that you provide to us when you communicate with us by e-mail, phone or using the contact form on our website. The data we collect includes your name, company, e-mail address, telephone number, and country. The information is used to provide you with the requested content. The information you register in the enquiry form – name, company, e-mail address and telephone number is used to contact you and send requested information.
We collect certain personal data that you provide to us when you place an order with ourselves this can be via email, telephone or via our spares web site. The information is similar to above with sole purpose of suppling you with the goods you have ordered and recording your purchased Items.
The Policy will be reviewed from time to time to take account of changes to our operations or practices and, further, to make sure it remains appropriate to any changes in law, technology and the business environment. Any personal information held will be governed by our most current Policy.
Individuals whose personal information we hold are entitled to access their personal information, or to request that it is erased, or that any inaccurate personal information is rectified.
You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in machine readable format.
Any such request should be submitted in writing to ourselves. Individuals also have the right to complain about the use of their personal information to the Supervisory Authority, which in the UK is the Information Commissioner’s Office (www.ico.org.uk)
If you exercise any of your rights under data protection law, we will respond as quickly as possible. We will respond within one calendar month, starting from the day after we receive the request. Any requests regarding the above can be emailed to firstname.lastname@example.org or by letter to our address.