Privacy and GDPR Policy

GDPR (General Data Protection Regulation) legislation is coming into effect in May 2018.

Companies who either operate within or offer goods/services to individuals in the EU will be required to comply with GDPR.

Initial Process

Simply put, it means all of us need to review how we hold and use "Personally Identifiable Information" or PII and take steps to show that we are adhering to the data protection requirements. These steps apply to any data held within databases, paper-based or other storage systems.

The first step to GDPR compliance is knowing where all your "Personally Identifiable Information" data is stored.

Lawful Basis Codes

Lawful Basis Codes define the reasons you are holding data for processing. Lawful basis reasons are defined by the GDPR. They are as follows:

Consent – Processing of the data is permitted if the data subject has consented to their data being processed.

Contractual Necessity – Personal Data may be processed on the basis that such processing is necessary to enter or perform a contract with the data subject.

Compliance with Legal Obligations – Processing is permitted if it is necessary for compliance with a legal obligation.

Vital Interests – Personal data may be processed on the basis that it is necessary to protect the 'vital interests' of the data subject (primarily applies to life or death scenarios).

Public Interest – Processing is permitted if it is necessary for the performance of a task carried out that is in acting in the public interest.

Legitimate Interest – Personal Data may be processed where the controller has a legitimate interest in processing the data, providing that it does not override the rights or freedoms of the affected data subjects.

Rights of Individuals

One of the primary goals of GDPR is to empower individuals to take back control of their personal data. The legislation aims to ensure that individuals have a range of rights regarding their data, these include:

Processing Requests

Under the GDPR Right to erasure, organisations have a duty to erase the personal data that is no longer necessary We will require a successfully validated request before erasure of data. We have provided within the customer account area a mechanism for this request. We cannot process requests just from ringing us or emailing and asking to erase data as you could have anyone's PII and be acting maliciously, for this reason, a successful logon to your account will be required to ensure you really have the right to erase that data.

What is Simply Bearings doing about the GDPR?

Simply Bearings began to dedicate internal resources to the GDPR in January 2017, over a year before the deadline. We did this because we value our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.

Here’s a condensed version of our GDPR Roadmap and our progress so far:

Thoroughly research the areas of our our business impacted by GDPR - COMPLETE

Appoint a Data Protection Officer - COMPLETE

Develop a strategy and requirements for how to address the areas of our business impacted by GDPR - COMPLETE

Perform the necessary changes/improvements to our website and ERP sytems based on the requirements - COMPLETE

Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR - COMPLETE

Thoroughly test all of our changes to verify and validate compliance with GDPR - COMPLETE

Privacy Policy

This privacy policy applies to you, the User of this website and Simply Bearings Ltd, the owner and provider of this website. Simply Bearings Ltd takes the privacy of your information very seriously. This privacy policy applies to our use of any and all Data collected by us or provided by you in relation to your use of this website. Please read this privacy policy carefully.

Definitions and Interpretation

In this privacy policy, the following definitions are used:

Simply Bearings Ltd, a limited company incorporated in England and Wales No 05473344 (referred to as us, we, our, the company hereafter) Our registered office is: Halton House, Greenfold Way, Leigh, Greater Manchester, WN7 3XJ

Definitions:

Data - all information submitted to Simply Bearings Ltd via the website, email, post or telephone conversation. This definition incorporates, where applicable, the definitions provided in the Data Protection Act 1998;

Cookies - text files placed on your computer by this website when you visit certain parts of the website (for example the shopping cart function) and / or when certain features of the website are used;

GDPR - General Data Protection Regulation 2018 (https://ico.org.uk);

UK and EU Cookie Law - Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (https://ico.org.uk);

User, customer, enquirer or you - any third party that accesses the website and is not either (a) employed by Simply Bearings Ltd and acting in the course of their employment or (b) engaged as a consultant or otherwise providing services to Simply Bearings Ltd and accessing the website in connection with the provision of such services.

Website(s) - the website that you are currently using (https://simplybearings.co.uk) and any sub-domains of these sites unless expressly excluded by their own terms and conditions.

In this privacy policy, unless the context requires a different interpretation: the singular includes the plural and vice versa; references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy; a reference to a person includes firms, companies, government entities, trusts and partnerships; "including" is understood to mean "including without limitation"; reference to any statutory provision includes any modification or amendment of it; the headings and sub-headings do not form part of this privacy policy.

The scope of this Privacy Policy

This privacy policy applies only to the actions of Simply Bearings Ltd and Users with respect to this website. It does not extend to any websites that can be accessed from this website including, but not limited to, any links we may provide to social media websites.

Data Collected

We may collect the following Data, which includes personal Data, from you: Name, Contact Information such as email addresses and telephone numbers in each case, in accordance with this privacy policy.

Our Use of Data

For purposes of the Data Protection Act 1998, Simply Bearings Ltd is the "data controller".

We will retain any enquiry Data you submit for a period not shorter than 12 months and shall reconsider and the necessity to be kept longer based on the individual activities with us.

Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy (see Third Party Websites and Services), your Data will not be disclosed to third parties.

All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see the clause below (Security).

Any or all of the above Data may be required by us from time to time in order to provide you with the best possible service and experience when using our website. Specifically, Data may be used by us for the following reasons: internal record keeping, processing enquiries, compliance with the Inland Revenue for record keeping etc, in each case, in accordance with this privacy policy.

Third Party Websites and Services

Simply Bearings Ltd may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. The providers of such services have access to certain personal Data provided by Users of this website.

Any Data used by such parties is used only to the extent required by them to perform the services that we request. Any use for other purposes is strictly prohibited. Furthermore, any Data that is processed by third parties will be processed within the terms of this privacy policy and in accordance with the Data Protection Act 1998.

The Data Controller appointed for Simply Bearings Ltd is Steve Makin.

Links to Other Websites

This website has links to other websites:

We have no control over such websites and are not responsible for the content of these websites

This privacy policy does not extend to your use of such websites

You are advised to read the privacy policy or statement of other websites prior to using them.

Changes of Business Ownership and or Control

Simply Bearings Ltd may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of Simply Bearings Ltd. Data provided by Users will, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this privacy policy, be permitted to use the Data for the purposes for which it was originally supplied to us.

We may also disclose Data to a prospective purchaser of our business or any part of it.

In the above instances, we will take steps with the aim of ensuring your privacy is protected.

Controlling use of Your Data

Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following: use of Data for direct marketing purposes.

The functionality of the website

To use all features and functions available on the website, you may be required to submit certain Data. You may restrict your internet browser's use of Cookies. For more information see the clause below (Cookies) however in doing so you may restrict your ability to buy from our website.

Accessing your Own Data

You have the right to ask for a copy of any of your personal Data held by Simply Bearings Ltd (referred to as a Subject Access Request), where such Data is held.

If you would like to make a Subject Access Request then please contact the GDPR data controller at Simply Bearings Ltd by use of our contact form. You will need to provide sufficient evidence that you are who you say you are before any data is released to you.

Security

Data security is of great importance to Simply Bearings Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via our website.

If password access is required for certain parts of the website, you are responsible for keeping this password confidential.

We endeavour to do our best to protect your Personal Data. However, transmission of information over the internet is not entirely secure and is done at your own risk. It is your resposibility to ensure your own systems are sucure and virus and malware free before sending such data over the internet. We cannot ensure the security of your Data transmitted to the website.

We ensure that any internal systems are password protected and that all reasonable steps have been taken to ensure the physical protection of personal data.

Cookies

This website uses Cookies. Simply Bearings Ltd has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.

All Cookies used by this website are used in accordance with current UK and EU Cookie Law.

Before the website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Simply Bearings Ltd to provide a better experience and service to you.

You may, if you wish, disable cookie support for this website in your browser; however certain features of the website may not function fully or as intended. Please refer to your software help file for information on how to do this.

This website may place the following Cookies: Analytical/performance cookies - They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Flag cookies - They allow us to recognise if we've notified you about our cookie and privacy policy.

You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed.

You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the website more quickly and efficiently including, but not limited to, personalisation settings.

It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.

General

You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe your rights will not be affected.

If any court or competent authority finds that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this privacy policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.

This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.

Changes to this Privacy Policy

Simply Bearings Ltd reserves the right to change this privacy policy as we may deem necessary from time to time or as may be required by law. Any changes will be immediately posted on the website and you are deemed to have accepted the terms of the privacy policy on your first use of the website following the alterations.

You may contact the GDPR data controller at Simply Bearings Ltd using our contact form.