If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, using the contact information available on our website. We will promptly correct any information found to be incorrect.
Blue Box Socks (Blue Box Disposables GB Ltd) may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 6/04/2015.
What we do with the information we gather
We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:· Internal record keeping. · We may use the information to improve our products and services. · We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to Blue Box Disposables GB Ltd
Ready Steady Store, Wheatley Hall Retail Park, Wheatley Hall Road, Doncaster, South Yorkshire, DN2 4PE
GDPR POLICY 2018
Blue Box Disposables GB Ltd (T/A Blue Box Socks) understands the importance of ensuring and maintaining the security and safety of any personal data that we may handle however minimal this may be.
Policies, procedures, controls and measures have been devised to ensure current and continued compliance with GDPR.
We analyse the impact of personal data on our systems and ensure that we protect this information at all times.
Blue Box Disposables GB Ltd (BBGB) mainly sells ‘Busines to Business’, with little need of keeping personal data. Although, some information is acquired to carry out the day to day running of the business. We may also, be legally required to collect and use some types of personal information to meet legal requirements.
Information we keep, can include (but is not limited to), name, address, email address, telephone number, IP address, bank details.
in accordance with the GDPR, we are committed to collecting, storing, processing, protecting and destroying all information in accordance with the GDPR legislation.
This policy is to ensure that BBGB meets and continues to meet its statutory, legal, and regulatory requirements under the GDPR legislation and to ensure that all personal and business data is secure, safe and processed in compliance with GDPR whilst being used, stored or shared by our company.
Principles of GDPR
BBGB agrees to abide by the principles set out within the GDPR legislation. GDPR necessitates that all personal data shall be:
- Processed in a way that ensures appropriate security of the personal data;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Processed lawfully, fairly and in a transparent manner in relation to individuals (lawfulness, transparency and fairness);
- Collected for specific and legitimate purposes and not processed further in a manner that is incompatible with those purposes;
- Accurate and updated regularly;
- Kept for no longer than is necessary for the purposes for which the personal data is processed;
The GDPR legislation states that a named person (in our case, the Director of BBGB) shall be responsible for and be able to demonstrate compliance with GDPR. It requires both the company to document and record their processing activities to show how they comply with the GDPR.
LAWFUL PROCESSING CONDITIONS
BBGB will not process any personal data unless one of the following conditions is met:
- Public Task - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority, authorised by the Director of BBGB;
- Performance of a Legal Obligation - processing is necessary for compliance with a legal obligation to which the Director of BBGB is subject;
- Legitimate Interests - processing is necessary for the purposes of legitimate interests pursued by the Director of BBGB or by a third party.
- Consent - the data subject has given consent to the processing of his or her personal data for one or more specified purposes;
- Performance of a contract - processing is necessary for the performance of a contract to which the data is required;
- Vital Interests - processing is necessary in order protect the vital interests of the data subject or of another natural person;
When our processing activities rely on the data subjects’ consent, we will ensure that we will collect their consent in accordance with the GDPR. Under GDPR, consent must be:
Freely given - the data subject must have a genuine choice and where there is an imbalance of power between the data controller and the data subject, for example employer and employee, consent cannot be considered freely given;
Specific - the data controller must explain its purpose(s) for the processing of the personal data so that the data subject can consent to the purpose(s) specifically;
Informed - the data subject must be given all necessary details of the processing activity so that they can comprehend how the processing may affect them;
An unambiguous indication - the data subject’s statement or clear affirmative action must leave no doubt as to their intention to give consent;
A clear affirmative action - the consent is given on an opt-in basis, for example, an unticked box which the data subject can then tick themselves.
Where BBGB relies on consent for the processing of personal data, we will also ensure that the data subject can withdraw their consent as easily as they managed to give it and where their consent is withdrawn, we will respect their wishes.
DATA SUBJECT RIGHTS
Data subjects have the following rights under GDPR:
- The right to object to processing.
- The right to access;
- The right to erasure (also known as the “right to be forgotten”);
- The right to be informed;
- The right to rectification;
- The right to restriction of processing;
- The right to data portability;
Under GDPR legislation, an individual also has “the right not to be subject to a decision based solely on automated decision making, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her”.
BBGB has updated its Privacy Notice to include our GDPR policy which will appear on the company’s website and was notified to all email addresses held on our accounts system upon its release. This will cover its policy with regard to any personal information gathered in the performance of the contract between the company and the data subject.
DATA SUBJECT ACCESS REQUESTS (SAR’S)
BBGB recognises and will allow a data subjects’ right to access any personal data we hold or process about that individual. We will supply a data subject with their personal data within one month of receiving their request and this will be provided free of charge, unless continual and persistent requests are made.
In accordance with the storage limitation principle, BBGB will not keep an individual’s personal data for longer than necessary.
BBGB will not share personal data with anyone unless it is a requirement in order to fulfil a contract between us and the data subject (for instance, a credit card processing company) or unless requested by a legal authority.
POLICY REVIEW AND CONTACT DETAILS
Changes to the company’s Privacy Notice or this policy may be made from time to time and it is recommended that you view our website for the latest versions. Should you have any questions on either of these policies you may contact us at: firstname.lastname@example.org
ISSUE DATE: June 2018