GDPR (General Data Protection Regulation) legislation is coming into effect in May 2018.
Companies who either operate within or offer goods/services to individuals in the EU will be required to comply with GDPR.
Simply put, it means all of us need to review how we hold and use "Personally Identifiable Information" or PII and take steps to show that we are adhering to the data protection requirements. These steps apply to any data held within databases, paper-based or other storage systems.
The first step to GDPR compliance is knowing where all your "Personally Identifiable Information" data is stored.
Lawful Basis Codes
Lawful Basis Codes define the reasons you are holding data for processing. Lawful basis reasons are defined by the GDPR. They are as follows:
Consent – Processing of the data is permitted if the data subject has consented to their data being processed.
Contractual Necessity – Personal Data may be processed on the basis that such processing is necessary to enter or perform a contract with the data subject.
Compliance with Legal Obligations – Processing is permitted if it is necessary for compliance with a legal obligation.
Vital Interests – Personal data may be processed on the basis that it is necessary to protect the 'vital interests' of the data subject (primarily applies to life or death scenarios).
Public Interest – Processing is permitted if it is necessary for the performance of a task carried out that is in acting in the public interest.
Legitimate Interest – Personal Data may be processed where the controller has a legitimate interest in processing the data, providing that it does not override the rights or freedoms of the affected data subjects.
Rights of Individuals
One of the primary goals of GDPR is to empower individuals to take back control of their personal data. The legislation aims to ensure that individuals have a range of rights regarding their data, these include:
Under the GDPR Right to erasure, organisations have a duty to erase the personal data that is no longer necessary We will require a successfully validated request before erasure of data. We have provided within the customer account area a mechanism for this request. We cannot process requests just from ringing us or emailing and asking to erase data as you could have anyone's PII and be acting maliciously, for this reason, a successful logon to your account will be required to ensure you really have the right to erase that data.
What is Simply Bearings doing about the GDPR?
Simply Bearings began to dedicate internal resources to the GDPR in January 2017, over a year before the deadline. We did this because we value our customers (and their customers) rights to privacy. Compliance with and to international law and regulations are very important to us.
Here’s a condensed version of our GDPR Roadmap and our progress so far:
Thoroughly research the areas of our our business impacted by GDPR - COMPLETE
Appoint a Data Protection Officer - COMPLETE
Develop a strategy and requirements for how to address the areas of our business impacted by GDPR - COMPLETE
Perform the necessary changes/improvements to our website and ERP sytems based on the requirements - COMPLETE
Implement the required changes to our internal processes and procedures required to achieve and maintain compliance with GDPR - COMPLETE
Thoroughly test all of our changes to verify and validate compliance with GDPR - COMPLETE
Simply Bearings Ltd, a limited company incorporated in England and Wales No 05473344 (referred to as us, we, our, the company hereafter) Our registered office is: Halton House, Greenfold Way, Leigh, Greater Manchester, WN7 3XJ
Data - all information submitted to Simply Bearings Ltd via the website, email, post or telephone conversation. This definition incorporates, where applicable, the definitions provided in the Data Protection Act 1998;
Cookies - text files placed on your computer by this website when you visit certain parts of the website (for example the shopping cart function) and / or when certain features of the website are used;
GDPR - General Data Protection Regulation 2018 (https://ico.org.uk);
UK and EU Cookie Law - Privacy and Electronic Communications (EC Directive) Regulations 2003 as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (https://ico.org.uk);
User, customer, enquirer or you - any third party that accesses the website and is not either (a) employed by Simply Bearings Ltd and acting in the course of their employment or (b) engaged as a consultant or otherwise providing services to Simply Bearings Ltd and accessing the website in connection with the provision of such services.
Website(s) - the website that you are currently using (https://simplybearings.co.uk) and any sub-domains of these sites unless expressly excluded by their own terms and conditions.
For purposes of the Data Protection Act 1998, Simply Bearings Ltd is the "data controller".
We will retain any enquiry Data you submit for a period not shorter than 12 months and shall reconsider and the necessity to be kept longer based on the individual activities with us.
Unless we are obliged or permitted by law to do so, and subject to any third party disclosures specifically set out in this policy (see Third Party Websites and Services), your Data will not be disclosed to third parties.
All personal Data is stored securely in accordance with the principles of the Data Protection Act 1998. For more details on security see the clause below (Security).
Simply Bearings Ltd may, from time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. The providers of such services have access to certain personal Data provided by Users of this website.
The Data Controller appointed for Simply Bearings Ltd is Steve Makin.
Links to Other Websites
This website has links to other websites:
We have no control over such websites and are not responsible for the content of these websites
We may also disclose Data to a prospective purchaser of our business or any part of it.
In the above instances, we will take steps with the aim of ensuring your privacy is protected.
Wherever you are required to submit Data, you will be given options to restrict our use of that Data. This may include the following: use of Data for direct marketing purposes.
You have the right to ask for a copy of any of your personal Data held by Simply Bearings Ltd (referred to as a Subject Access Request), where such Data is held.
If you would like to make a Subject Access Request then please contact the GDPR data controller at Simply Bearings Ltd by use of our contact form. You will need to provide sufficient evidence that you are who you say you are before any data is released to you.
Data security is of great importance to Simply Bearings Ltd and to protect your Data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure Data collected via our website.
If password access is required for certain parts of the website, you are responsible for keeping this password confidential.
We endeavour to do our best to protect your Personal Data. However, transmission of information over the internet is not entirely secure and is done at your own risk. It is your resposibility to ensure your own systems are sucure and virus and malware free before sending such data over the internet. We cannot ensure the security of your Data transmitted to the website.
We ensure that any internal systems are password protected and that all reasonable steps have been taken to ensure the physical protection of personal data.
All Cookies used by this website are used in accordance with current UK and EU Cookie Law.
Before the website places Cookies on your computer, you will be presented with a message bar requesting your consent to set those Cookies. By giving your consent to the placing of Cookies, you are enabling Simply Bearings Ltd to provide a better experience and service to you.
You may, if you wish, disable cookie support for this website in your browser; however certain features of the website may not function fully or as intended. Please refer to your software help file for information on how to do this.
This website may place the following Cookies: Analytical/performance cookies - They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
You can choose to enable or disable Cookies in your internet browser. By default, most internet browsers accept Cookies but this can be changed.
You can choose to delete Cookies at any time; however, you may lose any information that enables you to access the website more quickly and efficiently including, but not limited to, personalisation settings.
It is recommended that you ensure that your internet browser is up-to-date and that you consult the help and guidance provided by the developer of your internet browser if you are unsure about adjusting your privacy settings.
Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy will be deemed a waiver of that, or any other, right or remedy.
This Agreement will be governed by and interpreted according to the law of England and Wales. All disputes arising under the Agreement will be subject to the exclusive jurisdiction of the English and Welsh courts.
You may contact the GDPR data controller at Simply Bearings Ltd using our contact form.