Privacy policy - PMP Supplies

PMP Supplies Privacy Policy and GDPR

This privacy policy sets out how PMP Supplies uses and protects any information that you give PMP Supplies when you use this website.

PMP Supplies is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

PMP Supplies may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 01/07/2017.

What we collect

We may collect the following information:

· name

· contact information including email address

· demographic information such as address, postcode

· other information relevant to customer offers

What we do with the information we gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

· Internal record keeping.

· We may use the information to improve our products and services.

· We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling your personal information

You may choose to restrict the collection or use of your personal information in the following ways:

· whenever you are asked to fill in a form on the website, look for the box that you can click to indicate that you do not want the information to be used by anybody for direct marketing purposes

· if you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at [email address]

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.

You may request details of personal information which we hold about you under the Data Protection Act 1998. A small fee will be payable. If you would like a copy of the information held on you please write to [address].

If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect.

GDPR

May 2018

Data Processing Agreement 1&1 Internet Limited

Preamble

This Agreement specifies the data protection obligations of the contractual parties arising from the defined processing activities in which personal data belonging to Controller is processed by 1&1in compliance with the General Data Protection Regulations (“GDPR”).

“Controller” shall have the same meaning as set out in article 4(7) of the GDPR.

"Personal data" shall have the same meaning as set out in article 4(1) of the GDPR.

“Processing” shall have the same meaning as set out in article 4(2) of the GDPR.

“Processor” shall have the same meaning as set out in article 4(8) of the GDPR.

1. Duration of the Processing on Behalf of the Controller

The term of this Agreement shall continue for the duration of the provision of the services.

2. Area of Application and Responsibility

2.1 In the provision of the services, Controller may choose to hold Controller’s customer personal data (“personal data”) at Controller’s own risk, on the platforms and data centres of 1&1. The only processing activities that may be performed by 1&1 are the storage of such personal data and any backups in order to provide continuity of service and disaster recovery. Such backups are merely for the aforementioned purpose and shall not be available to Controller. 2.2 Controller shall be solely responsible for compliance with the legal provisions of applicable data protection laws, in relation to such personal data, in particular the lawfulness of the data processing ("Controller" as defined under the GDPR).

3. Obligations of the Provider

3.1 To the extent that 1&1 shall be considered a processor of Controller’s customer personal data.

3.2 Any additional processing of personal data shall only be in accordance with instruction from Controller, unless an exception applies as defined in the GDPR. 1&1 shall promptly inform Controller if it believes that an instruction of Controller violates applicable laws. In such cases, 1&1 reserves the right to refuse Controller’s instructions.

3.3 1&1 shall implement technical and organisational measures to protect Controller’s customer data and to ensure the confidentiality, integrity, availability and capacity of the systems and services. 1&1 shall be obliged, in accordance with the GDPR, to implement a procedure for regularly reviewing the technical and organisational measures designed to ensure the security of the processing.

3.4 1&1 reserves the right to alter the agreed security measures, provided that any such amendment ensures that the agreed level of protection shall not be materially diminished.

3.5 1&1 agrees to reasonably assist Controller in respect of any requests and claims in accordance with the GDPR.

3.6 1&1 shall ensure that employees, subcontractors and affiliates who may be involved in the processing of Controller's data shall act in accordance with this Agreement.

3.7 1&1 shall inform Controller promptly if 1&1 becomes aware of any breaches which affect Controller's personal data.

3.8 1&1 shall, once notified in writing, inform Controller of any request for disclosure of personal data by authorities, unless expressly prohibited under applicable laws.

3.9 Controller may contact the Data Protection Officer by sending an email to: privacynotice@1and1.co.uk.

3.10 At termination of services, all customer data, personal or otherwise, shall be deleted (including the pseudonymisation of data) within an appropriate time, in accordance with applicable laws.

3.11 In the event of a claim against Controller regarding any of the rights defined under the GDPR, 1&1 shall provide reasonable assistance to the Controller to avert any such claim.

4. Obligations of Controller

4.1 Controller shall inform 1&1 of any issues with respect to data protection laws promptly.

4.2 Controller acknowledges that 1&1 shall ensure reasonable security and organisational measures to protect their personal data. Controller shall also agree to undertake similar security measures to ensure the protection of their personal data hosted on the 1&1 platforms and data centres.

4.3 In the event of a claim against Controller regarding any of the rights defined under the GDPR, this Agreement shall apply accordingly.

4.4 Controller acknowledges and agrees that 1&1 has no knowledge of the retained personal data or how such personal data shall be utilised and therefore, no awareness of how such personal data shall be processed, other than as stated in clause 2.1 above.

4.5 It is Controller’s duty to ensure that appropriate backups are retained in relation to the personal data described in this Agreement.

5. Requests from Data Subjects

In the event 1&1 receives a request for correction, deletion or information, 1&1 shall refer such requests to Controller, provided that Controller may be identified. 1&1 shall provide reasonable assistance to Controller. 1&1 shall not be liable in the event the request not be answered at all, not be answered correctly or not answered promptly by Controller.

6. Subcontractors (Additional Processors)

6.1 1&1 may require subcontractors for maintenance, management of the data centre structure, telecommunication services and for provision of the services.

6.2 A list of the subcontractor companies currently in use, including place of business, shall be available to Controller in the control panel.

6.3 In the event 1&1 uses subcontractors, it is 1&1's responsibility to transfer its data protection obligations from this Agreement to the subcontractor. 1&1 retains full responsibility for the subcontractors in respect of this Agreement.

7. Notification Obligations, Amendments and Jurisdiction

7.1 In the event the personal data of Controller is located within the 1&1 data centres and suffers the risk of seizure by insolvency proceedings, law enforcement of any other such event, 1&1 shall notify Controller promptly, if permissible by law. 1&1 shall promptly inform all entities involved in the matter that the ownership and control of the data lies exclusively with Controller, as defined in the GDPR.

7.2 Changes or additions to this Agreement may be amended at any time.

7.3 Should any conflicts arise, the provisions of this Agreement shall take precedence over the provisions of any other agreement or terms. Should any clause of this Agreement be found invalid, this shall not affect the validity of the rest of this Agreement.

7.4 The laws of England and Wales shall apply.

7.5 This Agreement supersedes all previous agreements or terms in relation to this subject.

8. Liability and Compensation for Damage

Controller and 1&1 may be liable for claims in accordance with the provisions of the GDPR.

9. Miscellaneous

This Agreement shall be in conjunction with 1&1’s general Terms and Conditions.