GDPR Consent Notice
We provide a clear privacy notice wherever personal data is collected to ensure that consent is requested, and that the data subject is informed of their rights in relation to their personal data.
Our company demonstrates data subject(s) consent to the processing of his or her personal data or explicit consent for sensitive personal data by asking for permission.
Our company demonstrates data subject(s) consent is intelligible and accessible using clear and plain language.
Our company demonstrates data subject(s) are informed of their right to withdraw consent before giving consent notice in line with our agreed consent notice.
Our company demonstrates processing of data is limited to that stated in the contract, bound by the explicit consent given by the data subject.
GDPR Privacy Notice
Winyard Engineering Ltd provide Engineering manufacturing & support services, globally.
Our Data Protection Officer can be contacted directly here:
The personal data we collect and process from you is:
- Contact Name and position within your organisation including responsibilities, titles and contact information
- Company bank account details
- Services you have subscribed to or may be interested in
- Details on related IT infrastructure
The personal data we collect will be used for the following purposes:
- Ensure we can trade with your business, receive payments from and make payments to as required
- Provide marketing information on related products and services relevant to your position and business
- Provide technical support and consultancy as required
Our legal basis for processing for the personal data:
- You have given consent to the processing of your personal data for one or more specific purposes;
- Processing is necessary for the performance of a contract to which you are party too
- Processing is necessary in order to protect the vital interests of the you or your business
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
You may withdraw consent at any time by emailing email@example.com
We will not pass on your personal data to third parties without first obtaining your consent.
We will store personal data for a period of 3 years following the cease of any trading contact with you unless we are required by law to hold specific information for a longer period.
Your rights as a data subject
- The right to be informed: We will always tell individuals what data is being collected, how it’s being used, how long it will be kept and whether it will be shared with any third parties. This information must be communicated concisely and in plain language.
- The right to access: Individuals can submit subject access requests, which oblige organizations to provide a copy of any personal data concerning the individual. Organizations have a maximum of one month to produce this information, although there are exceptions for requests that are manifestly unfounded, repetitive or excessive. We cannot charge the individual for this information processing.
- The right to rectification: If the individual discovers that the information we hold on them is inaccurate or incomplete, they can request that it be updated. As with the right to access, we have one month to do this, and the same exceptions apply.
- The right to erasure (also known as ‘the right to be forgotten’): Individuals can request that we erase their data in certain circumstances, such as when the data is no longer necessary, the data was unlawfully processed, or it no longer meets the lawful ground for which it was collected. This includes instances where the individual withdraws consent.
- The right to restrict processing: Individuals can request that we limit the way we use personal data. It’s an alternative to requesting the erasure of data and might be used when the individual contests the accuracy of their personal data or when the individual no longer needs the information but the organisation requires it to establish, exercise or defend a legal claim.
- The right to data portability: Individuals are permitted to obtain and reuse their personal data for their own purposes across different services. This right only applies to personal data that an individual has provided to us by way of a contract or consent.
- The right to object: Individuals can object to the processing of personal data that is collected on the grounds of legitimate interests or the performance of a task in the interest/exercise of official authority. Organizations must stop processing information unless they can demonstrate compelling legitimate grounds for the processing that overrides the interests, rights and freedoms of the individual or if the processing is for the establishment or exercise of defense of legal claims.
- Rights related to automated decision making including profiling: The GDPR includes provisions for decisions made with no human involvement, such as profiling, which uses personal data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and individuals are permitted to challenge and request a review of the processing if they believe the rules aren’t being followed.
In the event that you wish to make a complaint about how your personal data is being processed by ourselves or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our Data Protection Officer by email to firstname.lastname@example.org
GDPR Policy statement
The Board of Directors and management of our company are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the “rights and freedoms” of individuals whom our Company collects and processes in accordance with the General Data Protection Regulation (GDPR).
Compliance with the GDPR is described by our policy and other relevant policies such as our Information Security Policy.
This policy applies to all employees of our company and outsourced suppliers. Any breach of the GDPR will be dealt with under our disciplinary policy and may also be a criminal offence, in which case the matter will be reported as soon as possible to the appropriate authorities.
Compliance & Certification
We are registered with the Information Commissioners Office.