1.0 Our core beliefs regarding user privacy and data protection
User privacy and data protection are human rights
We have a duty of care to the people within our data
We will never sell, rent or otherwise distribute or make public your personal information
2.0 Relevant legislation
Along with our business internal and online computer systems, this website / system is designed to comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU General Data Protection Regulation 2018 (GDPR)
This systems compliance with the above legislation, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 9.0) for clarification.
3.0 Personal information that this system stores and why we collect it
This website collects and uses personal information for the following reasons:
3.1 Accessing the UK Vending System
When logging into the system some information will be stored in the systems database. Each login will store your User ID, your computer’s IP address and the date and time you accessed the system. This information is only used to identify your access if required and is not passed to any third party data processors.
3.2 System Use (UK Vending Employees)
For all users of the UK Vending System we store the following personal identifiable information.
- Name
- Email Address
- Current IP Address of your computer / mobile device.
This data may also be accessed by our third party data processors as detailed in Section 6.0 below.
3.2 System Use (UK Vending Clients)
For all clients of UK Vending Ltd whose details are stored within the online system following personal identifiable information may be stored.
- Name
- Email Address
- Mobile Phone Number & Phone Number
- Current IP Address of your computer / mobile device.
This data may also be accessed by our third party data processors as detailed in Section 6.0 below.
We will use your information for the purposes of day to day business with yourselves enabling us to offer our leading customer service. This includes processing your orders for our products and notifying of their despatch to you, new products, service schedules and any information regarding your account / products purchased from us.
All sales and marketing communications with yourselves are optional and can be opted into our out of at anytime either by your control panel which is located at https://www.ukvending.co.uk/store/accountlogin.aspx or by contacting our Data Protection Offices (section 9.0)
4.0 How we store your personal information
As detailed in sections 3.1 and 3.2 above, access the UK Vending system or are employed by UK Vending Ltd, some personal information will be stored within the system’s database. This data is currently stored in a non-identifiable fashion, other than the single table used to store this data.
In the near future we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual.
Pseudonymisation is a recent requirement of the GDPR which many web applications are currently working to fully implement. We are committed to implementing it on this system as soon as we are able to.
5.0 About this system’s server
This system is hosted by Rapid Switch Ltd within two UK data centres located in Maidenhead and Nottingham.
Some of the data centre’s more notable security features are as follows:
3m rota-spike security fence and perimeter anti ram barriers
Blast proof anti-intruder shielded external windows and doors
Proximity access locks on all external and internal doors
Interlocked man-trap doors with biometric iris scanners to gain access into data floors
Server cabinets have locked doors (no open racks)
Perimeter and internal IP CCTV system monitored 24×7
24×7 on-site security guards with static and mobile patrols
All on-site personnel are security vetted to BS7858 standard
Only authorised security cleared staff are allowed into the facility
Full details of United Hosting’s data centre can be found here.
6.0 Our third party data processors
We use a number of third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the legislation set out in section 2.0.
7.0 Data Breaches
We will report any unlawful data breach of this system’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
8.0 Data Controller
The data controller of this system is: UK Vending Ltd with company number: 00952912
Whose registered office is:
Fort Bridgewood,
Maidstone Road,
Rochester,
Kent,
ME1 3DQ
9.0 Data Protection Officer
Martin Button,
UK Vending Ltd
Telephone: 01634 304444
Email: gdpr@ukvending.co.uk
10.0 Changes to our privacy policy
This privacy policy may change inline with legislation or industry developments. We will not explicitly inform our clients or system users of these changes. Instead, we recommend that you check this page occasionally for any changes. Specific changes and updates are mentioned in the change log below.
10.1 Change log
15/04/2018
Privacy policy instigated