Your Privacy Matters

Keeping your personal information safe and secure is our top priority.

That’s why we’re here to tell you about some changes to our privacy policy in readiness for the introduction of the new data protection law on 25th May 2018.

The changes don’t alter what we use your personal information for but make it easier for you to find out how we use and protect your information.

Your personal information is an important part of our service to you. For instance, it lets us provide our products and services to you, including managing invoicing, statements and any other financial information.

If you are happy for us to, it also lets us get in touch whenever we have offers or deals that we think might be of interest to you like our latest deals and unique offers. And we can notify you about any changes to your service.

Most crucially, we want you to know:

  • Why we process personal data
  • Legal grounds for processing personal data
  • Data privacy user rights and how to exercise them
  • How to contact Allfix Ltd about data privacy

Rest assured, your details will only be used be stored for as long as is necessary and we will not share your personal and special category data (also known as Sensitive Data with any third party.

The fact that the law is changing only builds on what we already do today – and that is to give your personal information the respect and security it deserves.

You do not need to take any action. However, if you would like to find out more, please feel free and look at our updated privacy policies using the following links:

Website Policy – http://www.allfix.co.uk/website-privacy-policy

You may also like to receive information on our latest offers, special promotional manufacturers deals or simply keep up together with the latest Allfix News.

Please use the following link http://www.allfix.co.uk/privacy-notice where you can opt in to subscribe and view our Newsletter Sign Up Privacy Notice.

Please note you can opt out any time you wish.

Finally, we also have an Offline Privacy Policy and our Company Data Protection Policy which can be requested by emailing: dataprotection@allfix.co.uk.

Allfix Limited GDPR Readiness Statement

               

The General Data Protection Regulation (GDPR) is a Regulation of the European Union and, from 25 May 2018, it applies to all organisations that collect and process the personal data of EU citizens.

As a responsible, forward-looking business, Allfix Limited recognises at senior levels the need to comply with the GDPR and ensure that effective measures are in place to protect the personal data of our customers, employees and other stakeholders, and to ensure that it is processed lawfully, fairly and transparently.

Commitment to the security of personal data extends to senior levels of the organisation and is demonstrated through the relevant policies and the provision of appropriate resources to establish and develop effective data protection and information security controls.

As part of meeting our legal obligations, we have put in place a comprehensive programme to understand and validate our use of personal data and to confirm the lawful basis of our processing.

Further to this, we can confirm that:

  • A policy is in place for the protection of personal data within Allfix Limited which has been approved by management and communicated to all employees and other relevant people
  • All employees have received awareness training regarding data protection and the GDPR
  • Everyone understands their roles in the protection of personal data, and has received training where needed
  • We have identified the personal data we process, including where special categories are involved
  • For each occasion we process personal data, we have established the lawful basis of the processing under the GDPR
  • Where we have used the lawful basis of legitimate interest, we have procedures to assess the benefits versus the impact on the data subject of the processing
  • In those cases where our processing is based on consent, we have taken steps to ensure clear, free consent has been given and is recorded.
  • We have put in place a blended approach, using privacy notices and privacy policies, to ensure that the required privacy information is provided in clear language whenever we collect personal data
  • Procedures and online user facilities are in place to promptly process and fulfil data subject access requests, such as consent withdrawal, access and rectification
  • The length of time we keep personal data for, or the way we decide this, has been defined in each area of processing, and has been minimised
  • We are keeping records of processing as required by the GDPR
  • Where we are a controller, all of our contracts with processors have been updated to comply with the requirements of the GDPR
  • Where we act as a processor, we have contractually committed to complying with the requirements of the GDPR
  • All of our employees are subject to confidentiality obligations with respect to personal data
  • Where appropriate, a data protection impact assessment approach which is line with the requirements and recommendations of the GDPR and relevant best practice, will be used
  • By default, we plan for data protection in new or changed services and systems, including minimising our use of personal data and protecting it via techniques such as pseudonymisation if applicable
  • We have tested procedures in place to fulfil our obligations in the event of a breach of personal data, both as a controller and as a processor
  • We have policies and other controls in place to provide appropriate protection of personal data, based on a careful assessment of risk
  • We have appointed a Head of Data Protection whose contact details are as follows: Mr Josh Williams, email: dataprotection@allfix.co.uk

We will continue to develop and improve our data protection policies and controls over time, guided by legal requirements and the needs and preferences of our customers and partners.