Data Protection Office: John Halstead: Tel: 01484 425374
All Broadbents staff have been made aware of the new General Data Protection Regulation (GDPR)
Why we hold and process information
This notice sets out how we hold and process information about you. We process personal information about our customers to provide support for equipment we have sold, rented or repaired. Relevant information may include personal, employment and financial details.
Source of personal information
We receive most of your personal information directly from you, but we may seek additional information directly from the consumer credit company’s, for example Experian.
Sharing information with others
We may need to share with others personal information we process. Depending on the circumstances, we may share information with tax authorities, credit companies and equipment manufacturers.
Why we use your personal information
To enable us to do some of or all the following where applicable and in support of you being our customer: -
register / confirm guarantee information with manufacturers, third party insurer
obtain service support from manufacturer or service agent
obtain a credit score for rental hire or credit agreements
We hold names of individual customers, marital status, current and previous address, telephone number, email address, date of birth, employment details, purchase history, payment information, credit score.
Data retention period
We retain data for as long as we have a commercial relationship with you and the data is required in support of that relationship. If our commercial relationship ends, we may continue to retain your details to support manufacturers recall programs and our legal obligations.
All our electronic data is password protected. All our desktop computers are protected by antivirus software.
All individuals have the following rights under data protection laws the right to: -
be informed about the processing of your personal information
have your personal information corrected if it is inaccurate
have incomplete personal information completed
object to processing of your personal information
restrict processing of your personal information
have your personal information deleted
request access to your personal information and obtain details about how we process, move, copy or transfer your personal information
withdraw consent to processing your personal information
not to be subject to automated decision-making including profiling
complain to the Information Commissioner’s Office which enforces data protection laws:
Subject access requests
In most cases we will not charge for complying with a request. We will comply within one month. We will only charge for requests that are manifestly unfounded or excessive. In the unlikely event that we refuse a request we will inform you of the reasons why, your right to complain to the supervisory authority and your right to a judicial remedy. We will do this within one month.
Lawful basis for processing personal data
We hold and process personal data to provide support of equipment you have purchased, hired or had repaired by us. We are satisfied that there is no other reasonable way to achieve that purpose.
Should there be a breach of our data we will investigate and assess if this is likely to result in a risk to the rights and freedoms of individuals – if for example it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. If necessary, we will inform those individuals without undue delay and the relevant supervisory authorities within 72 hours of becoming aware of the breach. A record will be kept of any data breach reported, regardless of whether notification is required.
Data protection by design and data protection impact assessments
We do not use automated processes to make decisions about you and to profile you. We are satisfied that our current data processing is unlikely to result in a substantial risk to individuals. If future data protection impact assessments indicate a substantial risk, we will contact the Information Commissioner’s Office to seek its opinion as to whether the processing operation complies with the GDPR.
Broadbents operates solely in the United Kingdom and does not have any involvement with any organisation outside the European Union.
Sometimes we need your consent to use your personal information (for example to provide a credit reference). We won’t always need consent to use personal information (for example if we need it to meet a statutory requirement). Where you have given us consent you have the right to withdraw it at any time.