Privacy Policy
1. INTRODUCTION
1.1 In order for MD Business Supplies to be able to provide you with your office supplies, MD Business Supplies processes personal data relating to its customers.
1.2 This privacy policy sets out important information about our data processing activities; it supersedes earlier versions of this policy. We encourage you to take the time to read the contents of this privacy policy so you can better understand what personal data we process, why we process it, what happens to your personal data and what rights you have in relation to it. It applies to the processing of personal data in relation to services provided by MD Business Supplies including the operation of our website https://www.mdbusinesssupplies.co.uk/.
2. WHO HOLDS YOUR INFORMATION?
2.1 When we refer to " MD Business Supplies ", "us", "we" or "our" we mean MD Business Supplies (company number: 9889523) of 27 Rock Lane, Melling, Liverpool, Merseyside, L31 1EN.
2.2 MD Business Supplies is the Controller of your personal data.
3. THE INFORMATION WE COLLECT ABOUT YOU
3.1 When we refer to "personal data" we mean information about an individual from which that person can be identified.
3.2 We process the following personal data about you:
3.2.1 Personal contact details such as name, address, contact telephone numbers and email address, age, gender, lifestyle information and other information provided at the time of registering on our Website via the Registration Pages ("Personal Contact Details").
3.2.2 Technology information such as your IP address, operating system and browser type, your login data, time zone settings and location and other technology on the devices you use to access our Website ("Technology Information").
3.2.3 Transaction information which includes details of transactions you carry out through our Website and the fulfilment of your orders ("Transaction Information").
3.2.4 Billing data such as credit card and debit card numbers and expiration dates ("Payment Information").
3.2.5 Information you provide in credit application forms and credit limits ("Credit Application Information").
3.3 As well as personal data, there are "special categories of personal data" which is information about an individual's race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not process any special categories of personal data about you and we do not collect any personal data about criminal convictions or offences.
3.4 We may process statistical data about your browsing activities and use of our Website. This is aggregated data, and it is not usually classified as personal data because it does not reveal your identity to us. If we link aggregated data to your personal information it will be treated as personal data in line with this privacy policy.
3.5 Our services and our Website are not intended for use by children, and we do not knowingly process personal data relating to children.
4. HOW WE COLLECT YOUR INFORMATION
4.1 We collect information about you from different sources including:
4.1.1 Directly from you:
4.1.1.1 When you submit information to us through our Website (for example by filling in forms on our Website or indicating that you would like to join our mailing list).
4.1.1.2 When you correspond with us by post, phone, email, through social media or otherwise.
4.1.2 From a third party:
4.1.2.1 From the provider of our website platform: Office Power Limited, a company registered in England under company number 08068760, with registered office at Unit 4, Perrywood Business Park,Honeycrock Lane,Redhill, RH1 5DZ (Office Power). We act as agent for Office Power in relation to some contracts with customers, and it supplies the website platform for us to provide our products and services to you. Office Power is usually a Processor of your personal data, but may be a Controller where it delivers services directly to you and in relation to the analytics cookies we use on our Website. You can read their privacy policy here: https://www.mdbusinesssupplies.co.uk/help/topic/PrivacyPolicy.
4.1.2.2 From credit reference agencies (Callcredit, Equifax and Experian).
4.1.2.3 Publicly available sources such as Companies House and the Electoral Register.
4.1.2.4 From providers of payment services.
4.1.2.5 Analytics Providers (such as Google Analytics and Google Adwords).
4.1.3 From your device when you access our Website.
5. HOW WE USE YOUR INFORMATION
5.1 There are a number of reasons why we process your personal data, including:
Purpose | Types of Data | Lawful Basis for Processing |
To contact you | Personal Contact Details
| Performance of a contract, or the potential performance of a contract, with you Necessary for our legitimate interests (for running our business, to keep our records updated, to recover debts due to us and to provide you with the services you have requested) Necessary to comply with our legal obligations |
To manage our relationship with you For example:
| Personal Contact Details Transaction Information Technology Information Payment Information Credit Application Information | Performance of a contract, or the potential performance of a contract, with you Necessary for our legitimate interests (for running our business, to respond to any questions or complaints, to keep our records updated and to provide you with the services you have requested) Necessary to comply with our legal obligations |
To provide you with support | Personal Contact Details Transaction Information Technology Information | Performance of a contract, or the potential performance of a contract, with you |
Delivering relevant advertisements and to make suggestions, recommendations and provide information to you about goods or services that may be of interest to you | Personal Contact Details Transaction Information Technology Information
| Necessary for our legitimate interests (to develop and grow our business, to study how customers use our Website and services, to inform our marketing strategy) Consent in relation to direct marketing communications and our deployment of non-essential cookies |
To administer and protect our business and our website (for example, troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) | Personal Contact Details Technology Information Transaction Information Payment Information
| Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with our legal obligation |
To comply with requirements imposed by law or any court order (for example, to verify your identity and to prevent or detect fraud) | Personal Contact Details Technology Information Transaction Information Payment Information Credit Application Information
| Necessary to comply with our legal obligations |
5.2 Where we need to process your personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you. This means that we may not be able to provide you with the information or services you require. We will let you know if this is the case at the time.
5.3 We may process your personal data for a different purpose than that listed above and without your consent where it is necessary for us to comply with our legal obligations.
Marketing Communications
5.4 We may process your personal data for marketing purposes to keep you up to date with the latest products, services and promotions we have to offer. You may receive marketing communications from us if you have signed up to receive our newsletters, purchased products or services from us, or registered to any promotions we offer, and in each case you have not opted-out of receiving those communications.
5.5 If you no longer want to receive marketing communications from us, you can contact us at any time using the contact details below or by following the unsubscribe links in our marketing communications. If you opt-out of receiving marketing communications we may still process your personal data in order to fulfil contracts with you and in accordance with our legal, accounting and regulatory obligations.
5.6 We will get your express opt-in consent before we share your personal data outside of our company for marketing purposes.
Cookies
5.7 Our Website may automatically collect data about how you use our services in order to help us improve future functionality. This may include personal data.
5.8 Office Power supplies our Website platform and it acts as Controller in relation to the information gathered from analytics cookies used on our Website. We also are a Controller of this information. For more information about Office Power see paragraph 4.1.2.1.
5.9 Please read our cookie policy to get further information about the cookies we use. You can find it at https://www.mdbusinesssupplies.co.uk/help/topic/PrivacyAndCookies.
6. WHO WE SHARE YOUR INFORMATION WITH
6.1 We use your personal data for the purposes set out above. This might mean that we have to share your personal data with third parties including:
6.1.1 Office Power (the provider of our Website platform and for whom we act as agent, see paragraph 4.1.2.1 above).
6.1.2 Credit reference agencies and banks that perform credit checks in order to determine your credit worthiness when you apply to open a credit facility with us. You can read more about credit checks below.
6.1.3 Service providers who act as processors on our behalf in order to provide services, such as IT and administrative support.
6.1.4 Banks and payment providers in order to facilitate processing of payments and enable transactions to be complete.
These third parties are all based inside of the EEA.
6.1.5 If our business is sold or integrated with another business your details may be disclosed to our advisors and any prospective purchasers and their advisors and will be passed on to the new owners of the business. These third parties may be based outside of the EEA.
Credit Checks
6.2 If you apply to open a credit facility with us, we or Office Power usually conduct a credit check to help us to determine whether or not to grant you a credit facility. These credit checks are carried out by credit reference agencies, and we provide your personal data to them in order to perform these checks. In turn, they provide Office Power and us with information about you so we can assess your creditworthiness.
6.3 When credit reference agencies perform a credit search a footprint is left on your credit file which may be seen by other lenders. We use the results of credit checks to determine whether or not to grant you a credit facility.
6.4 Credit searches are a form of automated decision-making. Individuals have certain rights over automated decision-making. You can ask that we do not make decisions that have a legal or significant effect on you using solely automated means, and you can object to an automated decision and ask someone intervenes to review it.
6.5 We may use Callcredit, Equifax and Experian to perform credit searches. You can find out more about the credit reference agencies we use by looking at their websites.
7. HOW WE KEEP YOUR INFORMATION UP TO DATE AND SECURE
7.1 If any of the information that you have provided to us changes, for example if you change your email address or other contact details or if you wish to cancel your registration with us, please let us know by sending an email using this link sales@mdbusinesssupplies.co.uk or writing to us at the address below.
7.2 Once we have received your personal data we will use reasonable and necessary procedures and security features to try and prevent unauthorised access. For example, we limit who can access your personal data to those individuals and third parties who need to know it and who are subject to a duty of confidentiality. If we become aware of a data breach we will notify the Information Commissioner's Office. If we believe the data breach is serious, we may notify you in accordance with our legal requirements.
7.3 Our website may include links to third party websites, plug-ins or applications that allow third parties to collect or share your personal data. We have no control over the processing activities of these third party websites, and so when you leave our website, please read the privacy notice of every website you visit.
Transfers outside of the European Economic Area (EEA)
7.4 We do not usually transfer your personal data outside of the EEA.
7.5 Some of our external third parties may be based outside of the EEA so their processing of your personal data will involve a transfer of data outside of the EEA.
7.6 If we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
7.6.1 We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
7.6.2 We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
7.6.3 Where we use providers based in the USA we may transfer your data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the USA.
8. HOW LONG WE KEEP YOUR INFORMATION FOR
8.1 We only hold your personal data for as long as is necessary in order to comply with the purposes for which we collected it.
8.2 When we are determining the appropriate retention periods for your personal data, we take into consideration a number of factors including what personal data we are processing, the risk of harm from any unauthorised disclosure, why we are processing your personal data and whether we can achieve this outcome by other means without having to process it.
8.3 We sometimes need to hold your personal data for longer in order to comply with our legal, accounting and regulatory obligations.
8.4 Sometimes we remove identifying information from your personal data so it is anonymised. When we do this, the information can no longer be associated with you and so we can process it indefinitely without further notice to you. In certain circumstances you may be able to ask to delete this data.
9. YOUR RIGHTS
9.1 Under data protection laws you have the following rights:
9.1.1 to ask us for details of the personal data we hold and process about you (this is usually called a subject access request);
9.1.2 to ask that any inaccurate information we hold about you is corrected;
9.1.3 to ask that we delete personal data we hold about you (this applies only in certain circumstances);
9.1.4 to ask that we stop using your personal data for certain purposes;
9.1.5 to ask that we do not make decisions about you that produces legal or other significant effects on you using completely automated means;
9.1.6 to withdraw your consent; and
9.1.7 to ask that we give you the personal data we hold about you, or (where technically feasible) that we give this personal data to a third party chosen by you, in a commonly-used machine-readable format.
9.2 To exercise any of the rights above please contact us using the details in this privacy policy. If you do so, please provide us with as much information as you can about the request you want to make in order to help us respond as soon as we can. You might need to provide us with proof of identity (for example a passport or driving licence) before we can fully respond, as we need to be sure we are giving the correct personal data to the correct individual.
9.3 Please be aware that the above rights are not available to everyone all the time. Some are subject to exemptions, and so we may not always be able, or required, to comply with your request to exercise these rights. You can read more about the rights that you have on the ICO website: https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
9.4 We usually respond to data protection requests within one month, but it can take longer if your request is particularly complex or if you have made a number of requests. You will not usually have to pay a fee to exercise the rights above, but we reserve the right to charge a fee if your request is clearly unfounded, repetitive or excessive; alternatively, we may refuse to comply with your request.
9.5 We may need to process your personal data in order for us to respond to your request.
10. WHO CAN YOU CONTACT ABOUT OUR PROCESSING ACTIVITIES?
10.1 We work hard to ensure that we process personal data in compliance with data protection laws. We know that sometimes you might want to ask questions about our processing activities and so please contact us at sales@mdbusinesssupplies.co.uk or write to MD Business Supplies at 27 Rock Lane, Melling, Liverpool, Merseyside, L31 1EN.
10.2 If you would like to contact Office Power about their use of your personal data, please send an email using privacy@officepower.net or write to: Data Protection Officer at Unit 4, Perrywood Business Park,Honeycrock Lane,Redhill, RH1 5DZ.
10.3 If you are not happy with how your personal data is processed by us, you have the right to complain to the supervisory authority that oversees data protection compliance. In the UK this is the Information Commissioner's Office www.ico.org.uk
10.4 We last updated this privacy policy on 25 May 2018, make sure you regularly check back as we do update it from time to time to try and keep it as accurate as we can.