Flexiform Business Furniture Ltd / Asgard Secure Steel Storage (“Flexiform & Asgard) is committed to ensuring the privacy of its clients and takes appropriate security measures to safeguard the transfer and storage of personal data. During the course of our activities we, Flexiform Business Furniture Ltd / Asgard Secure Steel StorageLimited, will process personal data (which may be held on paper, electronically, or otherwise) about our clients. We recognise the need to treat this information in an appropriate and lawful manner, in accordance with the General Data Protection Regulations (GDPR). The purpose of this policy is to make you aware of how we will handle your personal data. What is personal data and what is the processing of personal data? Personal data refers to any recorded information we hold about you, from which the relevant personal data can be identified. It may include contact details, other personal information, photographs, and expressions of opinion about you or indications as to our intentions about you. “Processing” means doing anything with the data, such as accessing, disclosing, destroying or using the data in any way. What regulations cover the processing of your personal data? We are obliged to comply with the General Data Protection Regulations when processing any personal data. When using IT applications, personal data may be stored outside of the UK. Further information on this is available upon request. Who is our Data Protection Officer (DPO)? The nominated Directors, Nick Hewitt and James Downs assume all responsibility for ensuring that your data is protected and used appropriately. They can be contacted via the usual channels of communication, i.e. email, telephone or in writing addressed to the business at 1392 Leeds Road, Bradford, West Yorkshire, BD3 7AE. Contact by telephone on 01274 706206. How do we obtain personal data? In many situations, you will provide us with your personal data when you first engage Flexiform/Asgard as your product and service provider. The information given may include names, addresses and contact details, email addresses, company name, company registration number, bank details and v.a.t. number etc. Information we get from other sources We only obtain information from third parties if this is permitted by law or from legal public sources of information. For example, Companies House. How will we use your personal data? We use your personal data for Flexiform/Asgard to process orders/transact with you, to administer your Account, and to comply with all legal and regulatory requirements. We take all reasonable security measures in order to protect your personal data, complying with the requirements of GDPR. We may use your email address for the promotion of our services and to keep you updated on news and regulatory updates. We will not pass your data to any third party marketing companies and you can unsubscribe from this service at any point. Sharing information We will keep information about you confidential however there may be times when we are required to share your data with third parties. Your information will be disclosed to some, if not all, of the following third parties as part of our requirements to meet statutory regulations: HMRCLegal or crime prevention agencies as required by lawAnyone to whom we may transfer our right and duties under any agreement we have with you Sharing information – Home Workers To enable Flexiform to process and fulfil orders placed with them, including orders which require delivery and/or installation of products to home workers at their residential addresses, we will from time to time share home workers’ personal data, i.e. name/residential address/telephone number/email address, with our delivery partners and sub-contractors. Flexiform will take all reasonable measures to ensure that these delivery partners and sub-contractors or other third parties have the appropriate procedures in place to protect such information shared with them, including the personal data of staff involved with furniture procurement and fulfilment, and that all personal data is destroyed or erased from their systems when it is no longer required. How long do we keep this information about you? We will not keep your personal data for longer than is necessary. This means that data will be destroyed or erased from our systems when it is no longer required. More information on specific retention periods is available upon request. Your rights GDPR allows the data subject (the person to whom the data refers) certain rights in order to ensure that the data held on you is accurate and being processed in accordance with legislation. In some instances it allows for you to request the deletion of such data from our systems. You have the right to: Request access to any personal data we hold about you by making a Subject Access Request (SAR) to the Nominated Directors.Restrict the processing of your data where you contest the accuracy of the data, believe the processing of data is unlawful or object to the process of the data until you are satisfied with the legitimate grounds for us doingAsk to have inaccurate data held about you amended without undue delay.Object to processing that is likely to cause unwarranted substantial damage or distress to you or anyoneObject to any decision that significantly affects you being taken solely by a computer or other automatedRequest for data held about you to be forgotten (deleted) where it is not required to be held for legal or regulatory purposes.Move, copy or transfer your personal data easily from one IT environment to another under the right to data If you would like to instigate any of your rights, you should contact our Nominated Directors. Breaches of this policy If you consider that there has been a breach of your rights under GDPR you should raise the matter with our Nominated Directors. Any breach of the GDPR which is likely to result in a high risk to the rights and freedoms of you as an individual or any of our clients/contacts will be reported to the Information Commissioners Office (ICO) without undue delay and where feasible within 72 hours of us becoming aware of the suspected breach. For example, if a breach may result in discrimination against an individual or a loss of confidentiality this should be reported to the Nominated Directors who will then notify the ICO as appropriate. You should report any suspected breach in line with our How to report a Data Breach Policy. Policy changes This policy is subject to ongoing review in order to ensure we remain compliant with GDPR and maintain the security of your personal data. We reserve the right to update or amend this policy. Any substantial changes to the policy will be notified to you in writing.