Privacy Policy

  Spedition Services Ltd (SSL)

 

Revision Number : 1

Creation Date: May 25 2018

Approved by:

Yasmin Fazal, Owner

 

1. Scope

Spedition Services Ltd (“SSL”) is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct.

Privacy and compliancy with the GDPR is extremely important to us. This policy explains what personal information we have, how we use it and how you can check and update any of your personal information. For the purposes of this Privacy Policy, “we” refers to SSL ltd.

We take the protection of your private data very seriously. Therefore, we adhere strictly to the regulations mandated by data protection laws and the GDPR. Personal data is collected solely for the purposes of obtaining contact information and to fulfil our contract with you and only to the necessary extent.

The Privacy Notice explains and describes:

  • When this Privacy Notice applies
  • The types of personal data we collect
  • How we use the personal data we collect
  • How and when we may disclose personal data that we collect
  • How we protect your personal data and keep it secure
  • What cookies are and how we use them
  • What happens when you access third-party services and content
  • Your legal choices and rights
  • The status of this Privacy Notice and any changes that are made to it
  • How to request further information
  • Our contact details

 

2. What Data Do We Collect and Why?

We collect information to help manage your account:

  • To deliver products and services relevant to you
  • To improve our products and services and help develop new ones
  • Manage our network and help us run and grow our business.

The information we have about you includes things like who you are, how you use our services, your service requirements, your account details and how you pay for your services.

This information includes:

  • Your name
  • Address details
  • Contact details
  • Company name
  • The services that you have with us
  • Payment methods, bank details and billing addresses

This personal information that is collected is provided to us on our contact forms, via e-mail correspondence, telephone, face to face meetings or listed on the order forms signed.

Only absolutely necessary information is collected and serves only to enable us to contact you and to meet our contractual obligations as a service provider.

The data is stored  in our Customer Data  and Customer SOP files . Your information is never sold to third parties. Any transfer of data to third parties occurs only if an order is issued by public or government agencies or judicial authorities or if doing so is required for the fulfilment of contractual obligations, credit protection purposes, or if your explicit consent has been given.

 

3. How We Use Your Information

We use and analyse your information to keep in touch with you as a customer and to supply and improve the products and services that we offer. We also may use your information to tell you about product or service changes and improvements, if we believe it to be of beneficial interest to you.

In particular this means using your information to:

  • Manage your account and help you to manage your account
  • Sort out payments, put orders through and despatch orders that have been placed
  • Get in touch with you (e.g if we need to advise you of any issues with a service)
  • Keep things secure and prevent crime or fraud
  • Look into and investigate any complaints or questions you may raise
  • Check whether you qualify for credit. This is so we can assess and decide whether we can give you credit and finances.
  • Recover any money you may owe us
  • Tell you if we want to change  the way a service works or an improved service if we feel it is beneficial
  • Send you information about the products and services you utilise with SSL

We keep the information in these ways because it will aid in fulfilling any obligation we have to you as a customer, complying with legal and regulatory obligations or you have given your explicit consent to process your data (you can opt out of this at any time).

 

4. How We Share Your Information

In accordance with the above purposes, it may be necessary for us to share your information with others. This may mean sharing your information with credit agencies, leasing companies, suppliers, customs, law enforcement agencies or any third party contractors. In the event that this is required any third-party provider will have their compliancy with GDPR verified and the correct agreements in place so that our security terms are adhered to.

 

5. How You Agree to Allow Us to Record Your Data?

By providing us your personal information via our contact form, email, phone or via an order form you simultaneously agree to the use of your data as provided to us.

 

6. How Do We Guarantee the Security of Your Data?

We have taken technical and organisational security measures to protect your personal data from loss, destruction, manipulation, and unauthorized access. Our employees and all third parties involved in the processing of your data are subject to the GDPR regulations and obligated to handle your data accordingly and confidentially. Our security measures undergo continual updates to comply with the latest technological developments.

 

7. Why We Keep Hold of Your Information

There are certain reasons why we may have to keep hold of your information. We keep information while you’re our customer or after, but only for as long as we need it for the purposes described above. How long we keep it depends very much on the type of information and purpose. This is reviewed regularly in accordance with our Data Retention Schedule. An example of why we may need to hold data longer than usual is we may need to sort out disagreements, stop fraud and abuse, prove that an account was held with us or follow any legal obligation we may have or to be used as police evidence.

The length we keep information may be different but it will only be kept as long as it is needed.

 

8. Your Rights

You have a number of legal rights in relation the information that we hold about you, this includes the following:

  • The right to request details of the information we have about you
  • The right to withdraw your consent to the use of your information, please note we may still be entitled to process your information if we have a legitimate reason for doing so
  • The right to rectify the information held if it is inaccurate or incomplete
  • The right to erase the information held, please note we may still be required to retain information should we be legally obliged to
  • The right to request that the processing of data is restricted
  • The right to make a complaint with the Information Commissioners Office (ICO) if you think we have infringed any of your rights

9. How Can I Find out What Data Has Been Recorded and How Can I Object?

You are welcome to contact us at any time. We would be happy to inform you immediately regarding any personal data about you that we have stored. You have the right to object at any time to the storage or use of the data. We will then delete your data in accordance with prevailing statutory requirements.

 

10. When Making a Complaint

SSL tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of SSL, SSL’s collection and use of personal information.

However, we are happy to provide any additional information or explanation needed. Any requests for this should be via our support team either by email at  privacy@spedition.co.uk, your account manager   or  to our Data Controller at  the above  mentioned  e-mail address.

When we receive a complaint from a person we make up a file containing the details and register a log of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile and publish statistics showing information like the number of complaints we receive, but not in a form which identifies anyone.

We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant does not want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ and ‘need to share’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

When we take enforcement action against someone, we may publish the identity of the defendant in our Annual Report or elsewhere. Usually we do not, identify any complainants unless the details have already been made public.

 

11. Cookies and Other Tracking Technologies

We collect information about your usage and activity on our websites using certain technologies, such as cookies, and other technologies. Third parties may also view, edit, or set their own cookies although there are very few. We and our third-party service providers, and/or partners may also place web beacons for such third parties. The use of these technologies by such third parties is subject to their own privacy policies and is not covered by this Policy, except as required by law.

12. Changes to this Policy

The privacy notice is regularly reviewed and updated. Updates are applied as required by applicable law.

 

13. Links to Other Websites

This privacy notice does not cover the links within our website linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

 

14. Whom Should I Contact?

Please refer all of your complaints, questions or requests concerning personal data to our  previous  stated  e-mail address :  privacy@spedition.co.uk

GDPR Commitment & Information towards Customers

 

 

Spedition Services Ltd  (“SSL”) is committed to conducting its business in accordance with all applicable Data Protection laws and regulations and in line with the highest standards of ethical conduct.

 

Possible questions SSL you might have related to our approach to GDPR.

 

Questions and answers

 

1. What personal data has SSL been instructed to process for you?

Please refer to your contract for this information, which will describe any activity carried out by SSL. The personal data that you provide to us will depend on the service that you have with SSL. You will be aware of the personal data you have provided to SSL. Please note that SSL is also a data controller and has responsibility and accountability in respect of personal data processed as part of your service.

 

2. Does SSL have a Privacy Policy which explains how data is used and for what purposes?

Yes, our Privacy Policy is posted on our Website ( www.spedition.co.uk )

 

3. What Information Policies does SSL have in place to protect and manage personal data?

See above. Compliance with policies is audited internally.

 

4. Does SSL conduct Privacy Impact Assessments?

Yes. Impact assessments are completed using the ICO’s recommended DPIA template.

 

5. Does SSL use sub-contractors?

Yes.

Given the nature of our business and   responsibilities,   our organisation relies on sub-contractors to provide our services, or certain aspects of it, to you. All sub-contractors are required to comply with our Information and Security policies. They are subject to our terms of use agreement which reflect (as a minimum) our obligations under data protection laws.

6. Does SSL transfer data outside of the EEA?

Where we transfer your information to companies outside the EEA, we will make sure it’s protected in a manner that is consistent with how personal data will be protected by us. This can be done in a number of different ways for instance:

  • The country that we send the data to might be approved by the European Commission
  • The recipient company might have signed up a contract obliging them to protect your information
  • The recipient is located outside  the  EEA  and is a certified member of the EU-US Privacy Shield scheme. In all cases however, we will ensure that any transfer of personal data is compliant with data protection law

 

7. Does SSL have a system in place to deal with managing individual customer data rights?

Yes.  As a data controller we have a process in place providing customers the right to access data held, a right to object, a right to prevent, a right to rectification and a right to claim.

 

8. Does SSL provide training to SSL staff on data protection?

Yes. We require SSL employees to complete mandatory training. We also carry out bespoke training for certain teams throughout the organisation.

 

9. Who is responsible for data protection compliance within SSL? 

Our Board of Directors as well as our Data Controller   regulate data protection compliance within SSL. Every employee is responsible for data protection in our organisation. Specifically, our Board of Directors and Data Controller have authority to assess the use of personal data throughout the organisation.

 

Security

 

10. What procedures have been established, documented and implemented by SSL to respond to a major incident or crisis?

Any type of incident which is suspected to have adverse implications for service, in terms of availability, integrity or breach of confidentiality will be managed using SSL’s defined incident management processes. All processes and procedures are documented and these are reviewed on a regular basis.

 

11. Does SSL have appropriate technical and organisational security   measures in place to protect the security of data in its possession?

SSL applies appropriate and robust protective security measures which are designed to ensure the integrity of the SSL estate whilst not impeding the day to day operation of the business. Physical security policies and standards meet the requirements of the physical security controls. In essence physical security protects assets, people, physical and intellectual infrastructure by ensuring that only authorised people with a business requirement have access to a particular facility and contained within that facility.

What measures do SSL have in place to guard against un-authorised or unlawful processing of personal data and accidental loss, destruction and damage?

All SSL employees are provided with security, business-principles and data protection training, proving understanding. This mandatory training requirement has to be re-taken at periodic time intervals. Such training, in line with our security policies and supporting ISO standards, will refer to access (both physical and logical) being provided on a need to have, need to know basis. SSL will ensure regular technical back-ups of the system to enable a full restore to the point of the last backup.

 

12. Are there systems and controls in place to ensure that access to personal data is on a need to know basis (e.g. access controls?) Do access rights cease when staff/subcontractors no longer require it to do their job?

Access to systems and information is provided on a need to have and need to know basis and is routinely reviewed. We also have a robust joiners/ leavers process whereby accesses are provided and revoked in a timely manner, with the process focusing on both systems access and physical access and assets. All users have their own user identity and password and advice is provided on password management. Passwords should be changed on a regular basis, kept secure and never shared. System logs are kept for access to systems and these can be reviewed in the case of an incident.

 

13. What are your standards for data retention and destruction of confidential data?

Data is retained in line with SSL’s Data Retention Policy. When required, confidential data in paper format that is held within SSL buildings is either shredded using on-site shredders (cross cut) or shredded using a mobile shredding service. Electronic media such as CD and tapes are destroyed via the mobile shredding process. Hard-drives go through a secure destruction service where servers are purged using approved software.

 

 

Need for more or specific information ?

 

For further information regarding the data that SSL hold or any related specific information, please contact either your account manager, or our support team on privacy@spedition.co.uk