Summary
This privacy policy will help you understand what happens with any Personal Data we gather from you in relation to the business you carry out with us. We recognise our obligations under data protection legislation and we are committed to keeping Personal Data safe and secure. If you have queries about this privacy policy or how we process your personal information, please contact our Shared Services Director at: Dataprotection@simpsonsmalt.co.uk
Who we are
The organisation responsible for processing your personal information is Simpsons Malt Ltd, Tweed Valley Maltings, Berwick-Upon-Tweed, TD15 2UZ. This means we are the data controller under the General Data Protection Regulation (also known as GDPR) and the Data Protection Act 2018.
What information we collect about you
In connection with our business the personal information we may collect from you includes:
- Your trading name, name, e-mail, phone number, address and trading status
- VAT Number
- Trade references
- Bank Account details – for payments
- Photo ID – for verifying certain fertiliser purchases
- Technical details when you visit our website, such as IP address, browser information, site visit usage information.
How we collect information about you
We collect information about you in the following ways:
- Information you provide to us on a trading account application form
- Information you provide to us on contracts and orders
- Information you provide on Contact Us forms on our websites
- Information collected when you visit our websites
- E-mail address when you subscribe for our newsletter
- Photo-Id when you place a relevant fertiliser order via the web portal or e-mail.
- Updates received from you in order to maintain your trading account, such as address changes, bank account detail changes
Security of your information
We have put in place policies, procedures and technologies to maintain the security of all Personal Data from the point of collection to the point of destruction including procedures to deal with a security breach. We will ensure your Personal Data is only accessible by those who need to see your data for their specific role. We will only transfer Personal Data to a third party if that third party agrees to comply with those policies and procedures, or if they put in place adequate measures themselves.
How we use your information and the legal basis for processing
We process information about you to provide services and products and to manage the business efficiently. The legal basis for processing your information is usually that the processing is necessary to enable performance of your contract. The table below expands on this:
Type of personal information | Reason for processing this information | Legal basis for processing | Retention |
Trading Name, name, e-mail, phone number, address and trading status. | To register you as a new customer and/or supplier | Performance of a contract with you | 3 years after account closure |
Trade references | To register you as a new customer and/or supplier | Performance of a contract with you | On account setup |
Contact Details and address information | To process and deliver your order including:
(a) Manage payments, fees and charges (b) Collect and recover money owed to us To manage our relationship with you which will include notifying you about changes to our trading terms or privacy policy |
(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us) (c) Necessary to comply with a legal obligation |
3 years after account closure |
Contact Details and address information | To provide you with marketing information relating to our products and services
To provide you with marketing information from selected third-party services that are aligned to the existing services we provide to you |
Your consent in agreeing to receive marketing in this way when signing up to our contract with you | Until you unsubscribe |
Bank details | To process and deliver your order including:
(a) Manage payments, fees and charges |
(a) Performance of a contract with you
|
One month after account closure |
e-mail address | To send you regular newsletters that you have subscribed to receive | Necessary for our legitimate interests (to keep you up to date with news, products and services) | Until you unsubscribe |
Photo-ID | In order to sell certain types of fertiliser, we are required to hold a valid Photo-ID on file for 18 months. | (a) Legal requirement under the Control of Poisons and Explosives Precursors Regulations 2023.
(b) Performance of a contract with you. |
18 months from an initial relevant order. |
IP address, browser information, site usage information | To provide you with website services relevant to your contract.
To provide you with information about other products and services we offer. As part of our efforts to make our websites safe and secure To measure the effectiveness of any advertising we may serve to you |
Necessary for our legitimate interests (to keep you up to date with news, products and services and to allow us to improve our websites) | 12 months after website visit |
Name and address provided on contact us forms on website | To respond to your requests. | Necessary for our legitimate interests (to keep you up to date with news, products and services) | 3 years after account closure |
Who we share your personal information with
Colleagues in our business who provide products and services to you. All colleagues are trained in data protection and understand the need to keep your information confidential.
Where relevant we may also share your information with the following categories of third parties:
- Mailchimp for newsletter subscription (if you subscribe)
- Aligned third party product and service providers
- Financial institutions that you ask us to provide your account information to
- Government agencies, departments and regulatory bodies where we are legally obliged to
- Our customers, where you are providing goods to us, so that we can demonstrate provenance of raw materials. This will generally be outlined in your contract to provide those goods.
If your Personal Data is provided to any third parties, you are entitled to request details of the recipients of your Personal Data or the categories of recipients of your Personal Data.
Processing your information outside of the EAA
We (or one of our third-parties) may transfer your personal data outside of the European Economic Area (EEA).
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
If you choose not to give your personal information
We may need to collect certain personal information so we can perform our contract with you.
If you choose not to give us this personal information, it may in certain limited circumstances delay or prevent us from providing products or services you have asked for. In some circumstances, it could mean we cannot offer provide those products or services. We will always tell you at the time we try to collect such Personal Data, if your refusal to provide that data may impact on our ability to provide products or services to you.
How we keep your data accurate
We will keep the Personal Data we store about you accurate and up to date. We will take every reasonable step to erase or rectify inaccurate data without delay. Please tell us if your personal details change or if you become aware of any inaccuracies in the Personal Data we hold about you. We will also contact you if we become aware of any event which is likely to result in a change to your Personal Data.
Your rights
Under GDPR legislation you have the following rights about your personal information:
- To obtain access to, and copies of, the personal information we hold about you via the Data Subject Access Request process that can be found on our website.
- To have Personal Data rectified if inaccurate.
- To have any incomplete Personal Data completed.
- To have Personal Data erased (which does not contravene any legislation or your contract with us)
Please note that these rights may be limited by the legislation and we may be entitled to refuse requests where exceptions apply. You can find out more about your rights from the Information Commissioners Office at www.ico.org.uk.
Should you wish to exercise any of your rights, please contact our Business Information & Technology Director using the contact details below.
How to complain
We encourage you to contact us with any concerns or suggestions to improve our policies and procedures using the details below. You also have the right to make a complaint to the Information Commissioner’s Office at any time at www.ico.org.uk.
How to contact us
If you want further information about our privacy policy, would like to exercise your data protection rights, want to raise a complaint or suggest an improvement or just require further information, please contact us in any of the following ways:
- E-mail: dataprotection@simpsonsmalt.co.uk
- Telephone: 01289 330033
- In writing to: Business Information & Technology Director, Simpsons Malt, Tweed Valley Maltings, Berwick-Upon-Tweed, TD15 2UZ
Changes to this privacy notice
We keep this privacy policy under regular review and will publish updated versions on our website. This version was last updated on 28 September 2023.