POSTEROUTE CUSTOMER PRIVACY NOTICE
During normal business activities, Posteroute collects stores and processes our customer’s personal information. We recognise our responsibilities to protect this data and embrace the current data protection legislation (GDPR).
This document is intended to inform you,in an easy to read manner, what information we collect, why we collect it and what we do with it. It also explains important rights that you have to access and control personal data,held in our systems, relating to you as an individual.
Our full Data Protection Policy can be read here.
What Information we collect
When placing orders, or opening an account with us we collect Identifying information from you such as your name, addresses, telephone numbers, email addresses and financial information in connection with a transaction.
You may also provide us with other information through web forms, by updating or adding information to your account, telephone conversations, or when you otherwise communicate with us regarding our products & services.
When accessing our websites our systems may be configured to collect limited computer and connection information such as browser type, statistics on your page views, traffic to and from our sites, referral URL and your IP address.
Why do we collect it?
It is our policy to only collect the information that we need to fulfil our contractual obligations to you as a customer and allows us to provide you with the best possible experience in dealing with us.
It will normally be self-evident to you that you are passing us data when (say) you request a quotation, open an account with us or place an order.
How we store the information
Your data is held electronically at our premises, behind our own firewalls, on our own secure servers. We only use external data centres for our email.
Only highly secure, encrypted enterprise level services such as Amazon Web Services are used for the storage and transmission of email.
We follow all applicable regulations and accepted standards for storage, protection and transmission of the personal data we collect, including the use of encryption methods wherever appropriate.
What we do with the information
We primarily use your information to satisfy your requirements. Most commonly this would be responding to a request for a quotation and delivering a product or service.
If you are a business customer (and the PECR regulations permit), we may also send you notice of specific promotions and business updates that we consider may be of interest to you. These emails always contain a clear opt out link, through which you can add your email address to our email exclusion list.
Who we share the information with
We only pass data to suppliers who maintain strict GDPR compliance and with whom we have specific GDPR compliant Processing Agreements in place which prohibit them using, sharing or retaining your personal data for any purpose other than they have been specifically contracted to by us.
Retention and Destruction
We retain personal data only for as long as necessaryin order to:
- Provide the services you have requested from us.
- Facilitate a high standard of after sales customer support.
- Satisfy requirements mandated by law, contract or similar obligations applicable to our business operations including the requirement to maintain adequate and accurate business and financial records.
- Preserve, resolve, defend or enforce our legal/contractual rights.
We make a clear distinction between live data, normally accessible through our operational interfaces, and archived data which is not accessed easily and held only for specific legal or contractual compliance reasons. It is our policy to keep both classifications of personal data held to the minimum.
Your Right to know what personal data we hold for you
If you wish to know what personal data we hold on you, you should contact our Data Protection Officer, Ian McDonnell at email@example.com. All personal data requests will normally be
answered within 28 days. Please note it will be necessary for us to verify your identity before we can release this information to you.
We will be happy to provide you the details we hold on you and how your data has been processed in an easily readable electronic format with confirmation of the legal basis under which it is being held and associated retention policy.
Personal Data Deletion Requests
We respect your “right to be forgotten” and will respond appropriately and promptly to all data deletion requests.
In the event that it is necessary for us to continue to hold your data to meet statutory compliance requirements we will explain the basis of this clearly to you and work with you to achieve, (say through archiving, minimising or anonymising your live data where possible), a satisfactory outcome.
If you have concerns or are not happy with how we process your personal data please email our Data Protection Officer, Ian McDonnell at firstname.lastname@example.org who will be pleased to investigate your concerns and respond appropriately.