HRP Trade is committed to safeguarding the privacy of our customers. Outlined in this policy we explain how we will handle your personal data under the new GDPR guidelines.

How We Gather Data

The data we store about your company has been supplied by you or a representative of your company.

It is your responsibility under GDPR guidelines to ensure any data you provide to us about a third party is given with their consent and managed in compliance with the GDPR regulations. This will be most relevant, for example, if you provide your customer’s address and contact details for delivery of goods from us.

What Data We Store

We will store some or all of the following data about you or your company:

• Email Address
• Orders Email Address

This data is held within our computer system and any paper copies sent to us are scanned and destroyed. Access to these computer systems is password protected and secured by a number of anti-hacking measures.

How we use your Data

By supplying your data to us you consent to it being used in the following ways, when appropriate:

• Process your orders, notify you of an order’s status, inform you of any problems with an order and provide updates about your deliveries.
• Contact you regarding any enquiries you’ve made.
• Advise you of any relevant changes to our services, products or company.
• Marketing purposes.
• Contacting you to ensure the data we store about you is up-to-date, accurate and relevant.
• Maintain records of your order history.

Who we may share your data with

In order for us to provide you with our services, it may be necessary for us to share your data with the following third parties:

• Our carriage providers including our couriers and Royal Mail, to deliver your order or our printed marketing materials and to provide you with information about your deliveries.
• Our appointed legal representative should the need arise or to comply with a legal obligation.
• Our professional advisers if necessary to obtain credit insurance or seek advice.
• Our payment processing partners to process payments or refunds.

We will only ever provide data about you to a third party where it is absolutely necessary for us to complete a transition raised by you.

Understand your Rights

Under Data Protection Laws you have certain rights regarding the data we may store. Some of these rights have been summarised here but we welcome you to read the relevant guidance from the regulatory authorities for a full explanation of these rights.

How we prepared for the GDPR

We already have a consistent level of data protection and security across our organisation, however it is our aim to be fully compliant with the GDPR and so the following areas have been revised:

Information Audit  - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed

Policies & Procedures  – reviewed our data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including: -

Data Protection  – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately action and document our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.

Data Retention & Erasure  – we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.

Data Breaches  – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time.

Updates to our policy

• As our work towards GDPR compliance continues we may update this policy from time to time by publishing a new version of this document to our website.
• We welcome you to check back to this page occasionally to ensure you are happy with any changes made.

Summary

The above is our summarized Privacy Policy in accordance with Data Protection Laws and the General Data Protection Regulations. For further details please read the relevant laws and guidelines from the regulatory authorities.